last executing test programs: 3m47.01507864s ago: executing program 32 (id=271): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r2}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) close(r0) 3m42.916971713s ago: executing program 33 (id=323): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000e8f4fbff000000004000001d8500000007000000440000002a00000095"], &(0x7f0000001240)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{}, &(0x7f0000000400), &(0x7f00000004c0)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000001200)={0x0, 0xffffff1e, 0xffffffff, 0x4, 0x16, "001bf100eeff0000a2c2000100000000002000"}) r1 = syz_open_pts(r0, 0x101) r2 = dup3(r1, r0, 0x0) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000100)={0x4, &(0x7f00000000c0)=[{0x5e7, 0x7, 0x4, 0x10000}, {0x1ff, 0x3, 0x2, 0x6}, {0x6, 0x8, 0x81, 0x29480}, {0x42, 0x3, 0x5, 0xffff07eb}]}) write$UHID_INPUT(r2, &(0x7f00000001c0)={0xa, {"08c39ee52f329f1698b1c4865f8b540a5eee9f496a0809c3d20325867b6edda88489ab4c09fe0a7f1e8640aa8e344f412df0d69475a5d6570e21f31fac7dfb4aa7ade0e851582d5c1abdd809580cb34c9e48576b1c73ed76023256fca058ada3db47d86cc75b33cf762b67fe61f152618c49a40858f68794a4fc484ab73ccd254ba3d147f5feddaf91dacc238c0a8096f79597ca1e6da781fcf37a0141a335c6a7577d2d53c6e552a7be208381bb31d1d3e0e92ea651655217535734b286d3f19780a4c720075a36a734151f8c00e651cb3a6bbe30e3f6aee48750436da6471e965e81f38134674fcb697108fb7345010bb8fa15fba9b33355d7858327171ab9c68f6c21b2ffbff4eb061dab80bc77a4a7769e7ff73bcd98790e09415bfc5978cf5af45c3ec9ef9c1a39f766c59d59590281038dbcb765580ba2b3f141d5bbfc40910a0894cd1f22d2a8b6d4e4778debef99438b54d44b4b7568de2777431a5b2f3e8d1a45a60a468f5e33e8ef534f803dfb6798c270f52edf031ecd996bb78c4e92961c63c079676d77412ebc6074e5f235417785e7a14b14ce7626b015071c154cc2bf8f4499b93293e9997c23df4c7a1498cf12414fb31eb873728e4f613b540d22e7ca718f18da5b82ed24995e4309c3af4a2e1097465bf09728082d09e71ea365522035eb9772b8e072f8454777ee304dacd59d3eb9f933f151fa14f8c38eadbeba04810a2dea7a66824f09235c13a45f07870210d0d310ce3ae6284577bd4e65f32700f6723727926cb52e4f27776a1dab0f6668327ab5cf1893879a635261f2e0d9923ccecbf5b80f10a8275c1515f47930d614e787f14c105d3a4f8faf8e7f738cf4eae4fc39ef3db3cb87794ace87f7239b69dc4ab4e5ae57cdfbd309e847d99600ef14b51faead01e8ade57d24270bc13a1787896096eeacb8ab1c93d31d93cfb244bb09ecfecf336362a5656db7df327cbb9aeb898f8af229c7bb9452805f2b4510c5df86b6d564e01f000000167ade5205331523a6392af2bea9e6db0ba5480cbf1b202714233289c4017cb66e83c0c8b6e88bedb922162d0ceecf6c5da173bbefe6781ab7720d2be6cca378db650c69d4228141ae190922fbbaddb86c7f0fe138b704e8305b3bcc7910b2280d96d71dafdbfa876b0013fc4de586f85d9ee077b6349becbdca8bd989a51c4c76ed8a8cc691a65078e0272a62edec8236a779f0cbffeda49dcdccd4def7064e0d77ae5a8c64f3057b4a3a0d4457d33f2bc6c112378315411baa4bb126fe540d750491fc58fbb66911ef82bce5ed76872dbcd8e05dea2f3f347a653aa39ab5d75e71671bfeb924e71476134dbf91e3f287fd853cc34bf81e717edd41aa04b6fbeb43cf2074f0c8fe5350401b6cff801c147a3b58b972aa5652629a9fd8b1df2852708ce958d4e9974ec4383aa5da4e3f75fdc85981e97b75863546f67a8703673b6fe2c26f0e9eeb8c45c26f673adac55fa5d69b82ae7d032fd3b26866047e8c029b90a62794a89c11398944b398b4177b2dcc5a743c16d4a5333b1e30af678d3db8df849c1753db067a6f94bab00c0dd3c7e94a8675924c89bda98ac09e10bcdf83f5114b9b466c413477a5cdc48c857230798934bcc1f0eb3a2d2944b139e459af32e515785f46ed4e97cdcb23c7e4dc7c4f91b5b5ca5228344aeb6652fffaf31325c7429bc70a5f6beaaa98ef190dffdeccc94bd814b3edfdd48243bf34291076ab5438ee00e924a827d5b453df42d24144fe1a45bb6c84fcbb2143d0a561c1e867c1279bdf0a47061ea77a84f36c720aff785f0db10eda84c767b5f3874f9455c0f026735ded32f0403ef7dbcf97d2233d59c670114ddf89314ba74fc248bcbdbf43c24e46304e229b3cf583aa410f4dfd119152495da8737518ee2a05a8ca1f004be3c551408f2e4013e444b63bf2bb26ddeae505642dffcc989ee241c48741181b506e22fdc4530319522780c74bf786852dc66ebbb51f8ecbb1e35de09ef7afe589bb8a31c5d63477db5d5e7174694ea04cfa98057d39127a4e5eedb4897a491c6693acd0a036abf846f3b6f3006e5e5fd586f29a4a8a31abbccf732e4f1b88187a72d669c16302657e9cbbeb9322662e111edc7771526400b6123d0f8207bcaa38bee07043e36e223d418ac948d65e7acfe72cc3fdcf03a3e43ecfec8ae489ddba09126709c5c7968829e3504de8a5010c9372de09476a7b96b04d7aed2486d8f89f21f075321abe350024abe00a81f87df3dc372fc3206496776c26b6958243070bda4cace3e358da5d39a3945765c2ba4b002b06efd416af66f3343f218ed84550ea83f02f9a5c3fc677ea60987aa25f0406d6154081cfdc074814a2465accdfa102858f5a52c9eae293c56ddcaf8f6926d3dd0ccb51a30c960d6b7e473038ebd3702b5106f6bc040efdfd7169fd3f2dc42ff23de26a239e13b74278729fd7e843b38a35c55fd50181ac13a9cbbbfd8feb36afaeb1993349c0ac5a0c44ffd92919dfe272b0f8ed7df7198cd299715f021109a58dced4753d3c7ddd6e9ea01596f18b2fe7000000004ccfca57aed5b5cebdff65de480a56bd53f4c7f83ddef00d7c9686311d1fce76f320bb3222a11db30ba6ed31535d8fda61e694478ca9935d72719b8d6b9be88ae3df30b60ee251b919b4d1734b994c62accdf855488b351738331b462eccf27efdc5577d7a5548579dc90d227a42ac010f33a720dc3cf0a63454f8b07c775287495761a058ec1e28e6aaf8057241f4ef8b5de56e279355bb66630c4ddf35e7c2cfff26a4241b1df0379d2a1e9f959e46d3843f89844ead50aff44640fcbc4a1edb033afff7cc9e57c4f8d31900764233e11fa4c28e547788c1b00de4268df692ba3415a9ad90fa712f9618f5ecff57da32809380eeff040cd3b23f508614c72b303cec3bcd732708303b166193366a062b9cea536f28478c387e626744c6a611a8e7162d274efccc84eee8eb31d3310c86752777dd5b5ffe234e895c54909f19a4aabcf3c15b90c02170409e314fd90e766ec4ba93c8ec6321237a980ad3c32fb2fab69e57541ea7f5427a85c2c57d40f9ebe9de5572f46a4713fb28e0af42d0adef3e29195aa41a3ba318181512eebfadffede4e35ff7f975928edc5d4d9f2d931fb44b30e1df55e66c52e1648e9cdaf71221b57c6a6b087428ccc57ade5b1531341cba2be452b426c434c70fd8c493337d4995cbd76ea1dd545226e3eb59d5f94ffb5352f87a4a66cd7c5e88322404fd397c46e198646a9c819d0eb1f10e54d8a3ea912f1cb134ff1095aa7325287f6ea9af8c13b67d6abcbb70dbc06838ecb33e45b60f6cb832c3e72d1401770f66bd02f35a2d007815ab676099e31f5102000000c0e83d5e7107c8dc5830c9cddb9781185b94d7f2814c5058ba3ac54c268741c5728f4997a9628602c2a36090162379f3f37c47619b3e7c7397a5913b7060b51e0c7f7226ff1135444f866f89a4b74136cbd3acb7178bd63183b3fd9cd19fdeb6fcc6341910ad4605da76a9af4bfb8b75fcd666f8188902b380ae560d9aa04f8f9b0ac5c109d1824a470726e06a49d955f8f71c8a86081e75b13f62600deb941da181eaff544cd559c467d8dae432debd22e7a7b3e1ad731a5b9470f5f60423dda061ff899c07c79f3da34f38e1d8182d6ee0c36c602945509167be440382a8a8a759b20e41638fd57152029b190b5701d30a86f579e2d0cc53a2f809ca9bd3aba1eb2772a7acc35c4d983afa83a9baea35c0ed4931234719636cf8f5fe1884bde6cebbdf23bd62b1ebf0a5cb78c27295349bd7d5cf28c4ee4689497238fd3aa71a417914e6892667a56bd69dc2e5882cfb67df71494e9a9199e025892e4e7435f727636cd988cc7563d28db5133f649849c5b3973a3428de10ad39d96146b22acc50f50eee5a038876452b960686892de40efe30081ccdaa2bf64af78d5988026e529b36c62a21378ac42d220d0dd878010178e374e6dbb2b61206066d04e729ed03c6fd9a4e00547fe9304aec0925d85a0acd07fdc5d48c1a1cff656916f5d25952327792255e0d606a32517781cc3d737ec753eb95b5b5b95dabd8946907ab54cc85d05b475e2e5486c6fc070417198d3a50910e2949d20d3fa68fd327934cff5171224942b8f18d88947763a7c710d09c4b269bdf2d3e715329917fb70728a4a0530999b755ba8fc04deabf4bc4bcffc4d62d491538c65078122bf2c263ae0020af67cfc9cf19e5b929e086af281fb43d5504d728935c5cfac136eb81703d50fddb39a5a713b2914c6acd9b2d07819cf7bba495ac5734fe423e611d309b80eeafcf9053d51b0ab3c29d5ca5eb8861ffc1ebc4d53f361b8991baecb52860c15202f979e34054fcde869d018103ccd6d914a70f1840fc6aaf426beec975ddb980b19b0f4cc2ca393c0b9e6ebe5e7d1c9fc1ef7a1c91378f0b73262993fb80667ecf62bac3c47cbd002ae1b87b8dc3ec99d5c987765d778868eb55022cc3bed14b8f934a584bcc98fa0b4f6e6982ab8d8a2bb49f9074ef429dd7b8db332a96ccec6983a97be7c8634c02e7937ffc8d613b83aa375886bf40a87ec062090382f874bf2c8e5fbb58ac18a46c4d9e85af3ca21bdacb7755f49776b0eb3972ff682c84beb07d74cbe2764e378253e72128991b73d2730704a5448280e8a0fd8cc87d4cddcffbfe5525ae3d2304877a3988e33c8e12bf77793e753f25840e9af2ce56bdb999fc62623a2298b4244534f662eb398a2577c72f6cfd5174697dcee151d4f3a7293b11de3889c43744da4165aca4e4a1e926d37ae4d7471584a06f3641f2037a74a58c2397a594f29d142d59f91bb57e24e1a3f30f68c626033cc34895c1b16d62e3a375c3e09f5dbd9338cd3a500643143cd404b57019c648c3ec31d696233fe16efc3c4c84aca0830ca8b9fbf1144b98d82f41e4cf67631c74cdcf8d9c8b8556b876ff1592683ccac0b47a26cb3a2cb1b917f433bb54e0b53deae9ac4b1cd0594c1fa0e6744e7ed88fdac60901e3da989f3b0d7c12b140cc576fa1b0e8e705321d37c303691aafc9fed9c3dc419078d0925ead56455ea5f3cd57941e410c1c14c2e8972d7cca44fcaca1f64fc817f4a41b6d9fb237fed159cb09e788ae560726537f49cb64b9f60915d402e0931355c55ad792cde758548b1af54b196e414046d4af3579a6c30ceac3d68bbfd2adef309c064e759a9f0dd69d682a3880b8ff27b69abffaa45ee7e65d8f1f6e40c188f6249fdf72220b4c87243217ba0292b9e9b67ebeda4fb83406216a4d765812bafeff34cc57f7d2cd1608282079c076055b9cabffe5fa491b970291bc2672540ccc15ed877d7dbe3ef683724c715ace770905e48c2dc6a44e1fc095773676d070eac00ee3834b07590cba7093f56b678313870471c81599d34c53fc03ec6c913d8ba3f604ace8da12d2025cbb5000bc062f4db65a6feacaf3915206d1c15ce7e78c17dc2ea32cb57d6fab0a22d487c77118e75016006f812541ec8180a321287a2d57248d4ee4a19706a19d802c70e250c3b0fc400a0b5cdc06537d2f55fd5300be4eeeaab8cc481a84b6a5e17d8c47ec92fe40710d4ec3530a94ca16710ade2ec7562398106e0ddbb6c8af6412166afd99d45d29a3a967e58decd0d6fc5bebb98d639b5606efd358a43d635d50f0ccb8472197da604994e7fb700243d5f7e45700", 0x1000}}, 0xffffff5c) 3m37.638429924s ago: executing program 34 (id=397): bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB], 0x50) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0xff07, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = open(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) r4 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r10, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r10}}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) 3m12.067830737s ago: executing program 38 (id=774): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) 2m42.292599095s ago: executing program 39 (id=1384): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r0, 0x0, 0x800000000000000}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) syz_clone(0x20000100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) msync(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x2) 2m40.575524512s ago: executing program 8 (id=1432): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, r1}, 0x18) dup(0xffffffffffffffff) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e) 2m40.559557251s ago: executing program 8 (id=1433): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000001e40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a505000000007751e841cca555077e3a159110193dd2ff1fa7c3205bfedbe9d8f3bd23cd78a07e32fe0231368b2264f9c504b2f1f65515b2e1a38d522be18bd10a48b043ccc42673d06d7535f7866925d86751dfced1fd8accae669e173a659c1cfd6587d47578f4c35235138d5521f9453559c35da860e8efbcbfb42c30d294a55e1c46680bee88956f2b3599f455c7a3a49a01010000009f2f0517e4ca0e1803a20000000013d4e21b3336f1ae0796f23526ec0fd97f7325eac34c4dfafe7cc03b0864009d2e7d7ff6ff72ba8972b122b09789d99b3d0524f39d5ae913b2d22eb2c09244ba5dbe9180950f76f7049db5cb19d7962fed44e00f39ed8c13a11fa798de504e2865cd81f2b77fdd76c677f812d249c8130b018d4300000020000000db3947c85c3a9027ce9e856fa8b7fb05000000000000593d60abc9b3e67d127e56f3d3759dcfeb820634fd4d419efaefc74305b2bea2000600000051fcf5d62205561b6efaad206335a309f7b9e01446a6285f4665a7fe3cda2349f8bf400100000000000000f435f28fbeda75cf971f54a9698cf3270f420ee83f2d9babe7b922401639ce3c4ff0850a8e078374909413f3fbd3ced3285252dc81a46ef7ce29484dc6b6adfd7a4db730fc594609654d97836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ec9d840f3914909187b6b0776952be71b0417d33d3ab25493418ba0fbacf768e07c1a939d31f606085b9e3efc93b0f58d5ec37494d9d10d76e603129e9a726579ac7d672cacd581b7ca77b3610b7403930fd42051d4b7443e5b49c000000000000007d6173050027791c9c1e04ad3711a66da2254a6f911b1469c62a6e1e3f9c1715c009a58e6eadac8f61b45853673df72dc813f7454ae22d79ac48034282f03040889500000000179dcf66d93907cedd49e0c5752f755849953957143a0335d2f62acbf18b251ce63b29fe177745448ccc925770fac12cf9e291200df6bb669d5a57dd74df817ef2f8698f710c359afe73947afebdf5536e4db8b0231d0cbc798766ec60586f14b44775bc9d250e4515cb83275d3b495fa90000e69a68b47ac4595463e1442d88e0606a060000cc914fae896ab129ccdf8792a8435972c8391d132a2fcbd40e865d62cc7c4200000000000000000000000000000800002a77fbbccfdb1ab3d8434905f09726b8145ea99c7640faab578dc98a6134df0a10a54ce7e7ddbb709a27d977d1f91ab9ee940700009594c9a50961b7fcc56d82584dc8254df7c411fa61353a6897c4f3b9f6f2ab47adb29aefecce96c94f360e129c9f2af569c794b68b2ead404bcdd4aa9cb6a128e1ad45fd4030e1e69adf4986b7860f3122d59c079f0f9a1732f691590f45512aec4ed2413f66cac7dd022301741c576dea82005b166d6c3b9ed0c297ac197a92188a618745e78dca0b3c62f1601243089d9c687563382b0b88a7d80fd7bf7fae8a690f52db1464d29b1b926414cd35705c89662c585e32c881d917b74f027674dbc017499ba15a2e2900000000000000000000000000007b593ecbdd162fee9f239a3c615b3e9a3fb0af254bdd247a5a5abdbc0123c950eec0f1800b295be71418dd65de15e11beef9630499c70fce74135a7c7c8e818b79b85ff65d59d89492d7a663d3f25651e252ab49d358eac853ffe182ee37a5db085a072647719cb8604ba2e0b80af3f1867bd8fb6afca671437e0a5a9d5a088436739262d894986882ec0fb419a377ef47f4920a5de6d8de0d3090b4cb6b773e825442d351f980eed0d997a4d98a51220c41b145e2186546c646128a3e69f52fcad83a026def90b9eb55f4a0a2251bbae428c6c017b5a47f1580831a7ce232857e6aa9e777e99da1a3ad03fdc93fa7ed96228deac5e3bce983971041297a6ba18783a2edc7e3901cc891035872c61e7ea375b0902be0c5cc7fdef968ba1ca17ce5e11f2f384cd28c1194f56d3cf074e8ba4e60e84dc2f352c3cd170581aee0c93ca8ceff84cda40325d340759e79e5c4bcec227e37f7ec2193c78877fb319ec1f2d4dcf1d46a15cde1d6cecce6ecdb0c0a3413394d51341a7b3606ad8c29b6dbf6be3265b528c3208de35161bfe19678df43a45b314e5a0f8754cfaf4f9d3fdf9c8f7b7c296bf2e632d25ba8ee6369b362a8e4c9dff176d482d32249c93680a04f6464f184acfd0376662fee9e1031e569248db9bc724cdd97976a4d7c5c5172d1383fa1e442f68a14b747a9f2597bf115dd0111fe8ba3584a43176f33bd39a408f8648b19839bba9cc47624ea19e46dbbdf0faf591bcdc8613828a0c5a40c04ae34bbf4a0e27828b0c7cb9d7a7455db030425a4bd69cf6dcb4b1d066f8ef4ea1c710e05819df82d5cc94ace6b41c2de37a2eaf24f24b3d9a7dd4d197d51407be3e90000000000000000dbc0b0d6e11ccb71437ebea7ad01d5b93a7a0561e4a1b3fa1aa9c75f3aaec4ace1b6201a3e007b657be62df59133b4d8f0f145d9fc954cc7792077268bf0977e2a699722ce3dbb97248b8a8a771dd0f7d9c97e6587524a44fd6d49330ccbc39ca277b84f7f0a39759ef0b42388bd69fe341a925e8cdc5d7b2d6ddb7331a081bd0672bf4d02255de095a179e51bf5492d4e89c3cbad59db725c0dd7e35cbd9887175286a37d7621a361eb830cc5b842b11b5d040ccceb254d6a0c9c43718d0816bb2465928e236101b8cd46b5ef9cb930378a9249cbb41bcde9bb78d71c512153d2f1d765b56d2e5ef3e3d34975787646630051074c9706747fda873ccfdb394fc269c8cfadc0a52c3402f392a38052f859ab"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000240)='kmem_cache_free\x00', r3}, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000280), r2) getsockname$packet(r2, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="4400000010000104001007fb5c360dff9fe30000", @ANYRES32=r4, @ANYBLOB="0100000000000000240012000c000100627269646765000e140002000800070005"], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x8100, r4, 0x1, 0x0, 0x6, @dev}, 0x14) 2m40.438527644s ago: executing program 8 (id=1436): prctl$PR_SET_NAME(0xf, &(0x7f0000000300)='w\xde\xa3\x05\xff\a\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x86\xe8\\\xc0\x89\av\x9f\xd6\xd1\x98<\xc8\x18E/\x8c\x1a\xe3\xbd0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x400000000000000) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) 2m23.283783447s ago: executing program 1 (id=1857): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd885000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) close_range(r1, 0xffffffffffffffff, 0x400000000000000) 2m23.252170238s ago: executing program 1 (id=1858): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3000000"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x18, 0x140f, 0x1, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x8, 0x45, 'mad\x00'}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x1004) 2m23.251607588s ago: executing program 1 (id=1859): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = creat(0x0, 0xecf86c37d53048ec) fchown(r1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x14, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r2}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000100), 0x2, 0x50e, &(0x7f0000000f40)="$eJzs3U9sI1cZAPBvJsnau02bLfQAqNClFBa0WjvxtquqF8qpQqgSokcO25B4oyh2HMVOacIeskfuSFTiBCeOiAMSB6SeuCNxAE5cygGpwArUIHEwmrGdOn+8sbaxnca/n/TkN/Nsf+/FmvesL/K8AKbWjYjYj4grEfF2RCx0zyfdEq93Sva8jx49WDl49GAliXb7rX8meXt2Lvpek3mq+57FiPjeGxE/SI4F/WNEc3dvY7lWq253T5Vb9a1yc3fv9np9ea26Vt2sVO4u3V189c4rlXMb6wv1X394NSJ+99svfvCH/W/8KOvWfLetfxznqTP0ucM4mdmI+M4ogk3ATHc8V57kxU/0Is5TGhGfiYgX8+t/IWbyT/Ooox/TN8fYOwBgFNrthWgv9B8DAJddmufAkrTUzQXMR5qWSp0c3nNxLa01mq1b9xs7m6udXNn1mEvvr9eqi91c4fWYS+6vz1aX8nrvuFatHDu+ExHPRsRPClfz49JKo7Y6yS8+ADDFnjq2/v+n0Fn/AYBLrvhxtTDJfgAA41OcdAcAgLGz/gPA9LH+A8D0sf4DwPSx/gPA9LH+A8BU+e6bb2alfdC9//XqO7s7G413bq9Wmxul+s5KaaWxvVVaazTW8nv21M96v1qjsbX0cuy8W25Vm61yc3fvXr2xs9m6l9/X+151biyjAgAe59kX3v9zEhH7r13NS/Td7//Mtfr5UfcOGKV00h0AJmZm0h0AJubkbl/AtJCPB/q26H3Yd7p4onLce0O9fWrfULh4bn7+E+T/gU81+X+YXk+W//ddHi4D+X+YXu12Ys9/AJgycvwwzYabAfr//7/Y7jsY7v//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcCnN5yVJS929wOcjTUuliKcj4nrMJffXa9XFiHgmIv5UmCtkx0tD7xoCAFxM6d+TiMjKzYWX5o+3Xin8t5A/RsQPf/bWT99dbrW2lyKuJP86PN96r3u+Mon+AwBn6a3TvXW856NHD1Z6ZZz9+fBbnc1Fs7gH3dJpmY3Z/LGY5xqu/TvpHndk31dmziH+/sOI+Nxp40/y3Mj17s6nx+NnsZ8ea/z0SPw0b+s8Zn+Lzx62/OUcegXT4f1s/nn9tOsvjRv54+nXfzGfoT653vx3cGL+Sw/nv5kB89+NYWO8/PtvnzjZXui0PYz4wmzEQe/N++afXvxkQPyXhoz/1+e/9OKgtvbPI27GaeNPjsQqt+pb5ebu3u31+vJada26WancXbq7+OqdVyrlPEdd7mWqT/rHa7eeGRQ/G/+1AfGLZ4z/q0OO/xf/e/v7X35M/K9/5fTP/7nHxM/WxK8NGX/52m+Kg9qy+KtHx99d1s7+/G8NGf+Dv+2tDvlUAGAMmrt7G8u1WnV71JV09CHyShKxP/g5vzrfoIVf/viNMY1rlJW4GN1QuUiVSc9MwKh9fNFPuicAAAAAAAAAAAAAAMAgI/nx0EZEbPtlAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKP3/wAAAP//NjvUFA==") r3 = open(&(0x7f0000000180)='./bus\x00', 0x4a37e, 0x4) r4 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r5, &(0x7f0000000580)=[{&(0x7f00000005c0)=""/102399, 0x18fff}], 0x1, 0xfffffff8, 0x0) ftruncate(r4, 0x2008002) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00'}) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8088e3ad122bc192, 0x4002011, r3, 0x1000000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x20, 0x4000, 0x10000) 2m23.008218041s ago: executing program 1 (id=1860): mkdir(&(0x7f0000000540)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000700), &(0x7f00000000c0), 0xff, r2}, 0x38) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = dup(r1) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r5}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x10, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 2m22.902784983s ago: executing program 1 (id=1863): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000006cc18c1d8daaaa566c11a7ae9ea0f8039ccf9af8e10a39b71fdc16ae8fbc2a4d1e88d33582643fdcc5036d368127f7912b019a1f271227a3cf48345a56a334ff8efc5a6869f116083a3bf1207deaa19aed2921b4ea", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0xee01}}, './file0\x00'}) ioctl$PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000c80)={0x3, &(0x7f0000000a00)=[{0x1, 0x8, 0x48, 0xfffffff8}, {0xb, 0x5, 0x6, 0x9}, {0x7, 0x80, 0xfd}]}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), 0x0) unshare(0x60600) cachestat(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = msgget$private(0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000fcffffff18110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000100850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) msgctl$IPC_SET(r3, 0x1, &(0x7f0000258f88)={{0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x18}}) 2m22.902354063s ago: executing program 41 (id=1863): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000006cc18c1d8daaaa566c11a7ae9ea0f8039ccf9af8e10a39b71fdc16ae8fbc2a4d1e88d33582643fdcc5036d368127f7912b019a1f271227a3cf48345a56a334ff8efc5a6869f116083a3bf1207deaa19aed2921b4ea", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0xee01}}, './file0\x00'}) ioctl$PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000c80)={0x3, &(0x7f0000000a00)=[{0x1, 0x8, 0x48, 0xfffffff8}, {0xb, 0x5, 0x6, 0x9}, {0x7, 0x80, 0xfd}]}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), 0x0) unshare(0x60600) cachestat(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = msgget$private(0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000fcffffff18110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000100850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) msgctl$IPC_SET(r3, 0x1, &(0x7f0000258f88)={{0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x18}}) 2m22.507926429s ago: executing program 3 (id=1868): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000880)='+}[@\x00') socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r3}, &(0x7f0000000000), &(0x7f00000005c0)=r4}, 0x20) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r6, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x400000000000000) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) 2m22.39888071s ago: executing program 3 (id=1872): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) dup(0xffffffffffffffff) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e) 2m22.323135232s ago: executing program 3 (id=1873): mkdir(&(0x7f0000000540)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000700), &(0x7f00000000c0), 0xff, r2}, 0x38) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = dup(r1) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r5}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x10, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 2m22.250785703s ago: executing program 3 (id=1875): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = creat(0x0, 0xecf86c37d53048ec) fchown(r1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x14, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r2}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000100), 0x2, 0x50e, &(0x7f0000000f40)="$eJzs3U9sI1cZAPBvJsnau02bLfQAqNClFBa0WjvxtquqF8qpQqgSokcO25B4oyh2HMVOacIeskfuSFTiBCeOiAMSB6SeuCNxAE5cygGpwArUIHEwmrGdOn+8sbaxnca/n/TkN/Nsf+/FmvesL/K8AKbWjYjYj4grEfF2RCx0zyfdEq93Sva8jx49WDl49GAliXb7rX8meXt2Lvpek3mq+57FiPjeGxE/SI4F/WNEc3dvY7lWq253T5Vb9a1yc3fv9np9ea26Vt2sVO4u3V189c4rlXMb6wv1X394NSJ+99svfvCH/W/8KOvWfLetfxznqTP0ucM4mdmI+M4ogk3ATHc8V57kxU/0Is5TGhGfiYgX8+t/IWbyT/Ooox/TN8fYOwBgFNrthWgv9B8DAJddmufAkrTUzQXMR5qWSp0c3nNxLa01mq1b9xs7m6udXNn1mEvvr9eqi91c4fWYS+6vz1aX8nrvuFatHDu+ExHPRsRPClfz49JKo7Y6yS8+ADDFnjq2/v+n0Fn/AYBLrvhxtTDJfgAA41OcdAcAgLGz/gPA9LH+A8D0sf4DwPSx/gPA9LH+A8BU+e6bb2alfdC9//XqO7s7G413bq9Wmxul+s5KaaWxvVVaazTW8nv21M96v1qjsbX0cuy8W25Vm61yc3fvXr2xs9m6l9/X+151biyjAgAe59kX3v9zEhH7r13NS/Td7//Mtfr5UfcOGKV00h0AJmZm0h0AJubkbl/AtJCPB/q26H3Yd7p4onLce0O9fWrfULh4bn7+E+T/gU81+X+YXk+W//ddHi4D+X+YXu12Ys9/AJgycvwwzYabAfr//7/Y7jsY7v//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcCnN5yVJS929wOcjTUuliKcj4nrMJffXa9XFiHgmIv5UmCtkx0tD7xoCAFxM6d+TiMjKzYWX5o+3Xin8t5A/RsQPf/bWT99dbrW2lyKuJP86PN96r3u+Mon+AwBn6a3TvXW856NHD1Z6ZZz9+fBbnc1Fs7gH3dJpmY3Z/LGY5xqu/TvpHndk31dmziH+/sOI+Nxp40/y3Mj17s6nx+NnsZ8ea/z0SPw0b+s8Zn+Lzx62/OUcegXT4f1s/nn9tOsvjRv54+nXfzGfoT653vx3cGL+Sw/nv5kB89+NYWO8/PtvnzjZXui0PYz4wmzEQe/N++afXvxkQPyXhoz/1+e/9OKgtvbPI27GaeNPjsQqt+pb5ebu3u31+vJada26WancXbq7+OqdVyrlPEdd7mWqT/rHa7eeGRQ/G/+1AfGLZ4z/q0OO/xf/e/v7X35M/K9/5fTP/7nHxM/WxK8NGX/52m+Kg9qy+KtHx99d1s7+/G8NGf+Dv+2tDvlUAGAMmrt7G8u1WnV71JV09CHyShKxP/g5vzrfoIVf/viNMY1rlJW4GN1QuUiVSc9MwKh9fNFPuicAAAAAAAAAAAAAAMAgI/nx0EZEbPtlAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKP3/wAAAP//NjvUFA==") r3 = open(&(0x7f0000000180)='./bus\x00', 0x4a37e, 0x4) r4 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r5, &(0x7f0000000580)=[{&(0x7f00000005c0)=""/102399, 0x18fff}], 0x1, 0xfffffff8, 0x0) ftruncate(r4, 0x2008002) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00'}) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8088e3ad122bc192, 0x4002011, r3, 0x1000000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x20, 0x4000, 0x10000) 2m22.085156306s ago: executing program 3 (id=1878): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10) r1 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r1]) 2m21.76400581s ago: executing program 3 (id=1887): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = creat(0x0, 0xecf86c37d53048ec) fchown(r1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x14, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r2}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000100), 0x2, 0x50e, &(0x7f0000000f40)="$eJzs3U9sI1cZAPBvJsnau02bLfQAqNClFBa0WjvxtquqF8qpQqgSokcO25B4oyh2HMVOacIeskfuSFTiBCeOiAMSB6SeuCNxAE5cygGpwArUIHEwmrGdOn+8sbaxnca/n/TkN/Nsf+/FmvesL/K8AKbWjYjYj4grEfF2RCx0zyfdEq93Sva8jx49WDl49GAliXb7rX8meXt2Lvpek3mq+57FiPjeGxE/SI4F/WNEc3dvY7lWq253T5Vb9a1yc3fv9np9ea26Vt2sVO4u3V189c4rlXMb6wv1X394NSJ+99svfvCH/W/8KOvWfLetfxznqTP0ucM4mdmI+M4ogk3ATHc8V57kxU/0Is5TGhGfiYgX8+t/IWbyT/Ooox/TN8fYOwBgFNrthWgv9B8DAJddmufAkrTUzQXMR5qWSp0c3nNxLa01mq1b9xs7m6udXNn1mEvvr9eqi91c4fWYS+6vz1aX8nrvuFatHDu+ExHPRsRPClfz49JKo7Y6yS8+ADDFnjq2/v+n0Fn/AYBLrvhxtTDJfgAA41OcdAcAgLGz/gPA9LH+A8D0sf4DwPSx/gPA9LH+A8BU+e6bb2alfdC9//XqO7s7G413bq9Wmxul+s5KaaWxvVVaazTW8nv21M96v1qjsbX0cuy8W25Vm61yc3fvXr2xs9m6l9/X+151biyjAgAe59kX3v9zEhH7r13NS/Td7//Mtfr5UfcOGKV00h0AJmZm0h0AJubkbl/AtJCPB/q26H3Yd7p4onLce0O9fWrfULh4bn7+E+T/gU81+X+YXk+W//ddHi4D+X+YXu12Ys9/AJgycvwwzYabAfr//7/Y7jsY7v//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcCnN5yVJS929wOcjTUuliKcj4nrMJffXa9XFiHgmIv5UmCtkx0tD7xoCAFxM6d+TiMjKzYWX5o+3Xin8t5A/RsQPf/bWT99dbrW2lyKuJP86PN96r3u+Mon+AwBn6a3TvXW856NHD1Z6ZZz9+fBbnc1Fs7gH3dJpmY3Z/LGY5xqu/TvpHndk31dmziH+/sOI+Nxp40/y3Mj17s6nx+NnsZ8ea/z0SPw0b+s8Zn+Lzx62/OUcegXT4f1s/nn9tOsvjRv54+nXfzGfoT653vx3cGL+Sw/nv5kB89+NYWO8/PtvnzjZXui0PYz4wmzEQe/N++afXvxkQPyXhoz/1+e/9OKgtvbPI27GaeNPjsQqt+pb5ebu3u31+vJada26WancXbq7+OqdVyrlPEdd7mWqT/rHa7eeGRQ/G/+1AfGLZ4z/q0OO/xf/e/v7X35M/K9/5fTP/7nHxM/WxK8NGX/52m+Kg9qy+KtHx99d1s7+/G8NGf+Dv+2tDvlUAGAMmrt7G8u1WnV71JV09CHyShKxP/g5vzrfoIVf/viNMY1rlJW4GN1QuUiVSc9MwKh9fNFPuicAAAAAAAAAAAAAAMAgI/nx0EZEbPtlAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKP3/wAAAP//NjvUFA==") r3 = open(&(0x7f0000000180)='./bus\x00', 0x4a37e, 0x4) r4 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r5, &(0x7f0000000580)=[{&(0x7f00000005c0)=""/102399, 0x18fff}], 0x1, 0xfffffff8, 0x0) ftruncate(r4, 0x2008002) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00'}) r6 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fallocate(r6, 0x20, 0x4000, 0x10000) 2m21.746957731s ago: executing program 42 (id=1887): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = creat(0x0, 0xecf86c37d53048ec) fchown(r1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x14, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r2}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000100), 0x2, 0x50e, &(0x7f0000000f40)="$eJzs3U9sI1cZAPBvJsnau02bLfQAqNClFBa0WjvxtquqF8qpQqgSokcO25B4oyh2HMVOacIeskfuSFTiBCeOiAMSB6SeuCNxAE5cygGpwArUIHEwmrGdOn+8sbaxnca/n/TkN/Nsf+/FmvesL/K8AKbWjYjYj4grEfF2RCx0zyfdEq93Sva8jx49WDl49GAliXb7rX8meXt2Lvpek3mq+57FiPjeGxE/SI4F/WNEc3dvY7lWq253T5Vb9a1yc3fv9np9ea26Vt2sVO4u3V189c4rlXMb6wv1X394NSJ+99svfvCH/W/8KOvWfLetfxznqTP0ucM4mdmI+M4ogk3ATHc8V57kxU/0Is5TGhGfiYgX8+t/IWbyT/Ooox/TN8fYOwBgFNrthWgv9B8DAJddmufAkrTUzQXMR5qWSp0c3nNxLa01mq1b9xs7m6udXNn1mEvvr9eqi91c4fWYS+6vz1aX8nrvuFatHDu+ExHPRsRPClfz49JKo7Y6yS8+ADDFnjq2/v+n0Fn/AYBLrvhxtTDJfgAA41OcdAcAgLGz/gPA9LH+A8D0sf4DwPSx/gPA9LH+A8BU+e6bb2alfdC9//XqO7s7G413bq9Wmxul+s5KaaWxvVVaazTW8nv21M96v1qjsbX0cuy8W25Vm61yc3fvXr2xs9m6l9/X+151biyjAgAe59kX3v9zEhH7r13NS/Td7//Mtfr5UfcOGKV00h0AJmZm0h0AJubkbl/AtJCPB/q26H3Yd7p4onLce0O9fWrfULh4bn7+E+T/gU81+X+YXk+W//ddHi4D+X+YXu12Ys9/AJgycvwwzYabAfr//7/Y7jsY7v//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcCnN5yVJS929wOcjTUuliKcj4nrMJffXa9XFiHgmIv5UmCtkx0tD7xoCAFxM6d+TiMjKzYWX5o+3Xin8t5A/RsQPf/bWT99dbrW2lyKuJP86PN96r3u+Mon+AwBn6a3TvXW856NHD1Z6ZZz9+fBbnc1Fs7gH3dJpmY3Z/LGY5xqu/TvpHndk31dmziH+/sOI+Nxp40/y3Mj17s6nx+NnsZ8ea/z0SPw0b+s8Zn+Lzx62/OUcegXT4f1s/nn9tOsvjRv54+nXfzGfoT653vx3cGL+Sw/nv5kB89+NYWO8/PtvnzjZXui0PYz4wmzEQe/N++afXvxkQPyXhoz/1+e/9OKgtvbPI27GaeNPjsQqt+pb5ebu3u31+vJada26WancXbq7+OqdVyrlPEdd7mWqT/rHa7eeGRQ/G/+1AfGLZ4z/q0OO/xf/e/v7X35M/K9/5fTP/7nHxM/WxK8NGX/52m+Kg9qy+KtHx99d1s7+/G8NGf+Dv+2tDvlUAGAMmrt7G8u1WnV71JV09CHyShKxP/g5vzrfoIVf/viNMY1rlJW4GN1QuUiVSc9MwKh9fNFPuicAAAAAAAAAAAAAAMAgI/nx0EZEbPtlAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKP3/wAAAP//NjvUFA==") r3 = open(&(0x7f0000000180)='./bus\x00', 0x4a37e, 0x4) r4 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r5, &(0x7f0000000580)=[{&(0x7f00000005c0)=""/102399, 0x18fff}], 0x1, 0xfffffff8, 0x0) ftruncate(r4, 0x2008002) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00'}) r6 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fallocate(r6, 0x20, 0x4000, 0x10000) 2m9.43111093s ago: executing program 2 (id=2203): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffc4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8}]}}]}, 0x38}}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x30, 0x2, {{0x4, 0x10000, 0x0, 0xffffffff}, [@TCA_NETEM_RATE={0x14, 0xd}]}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20004815}, 0x0) 2m9.394636891s ago: executing program 2 (id=2205): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000001000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x10) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x4e23, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, 0x32) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 2m9.373684891s ago: executing program 2 (id=2206): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) dup(0xffffffffffffffff) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0x7f, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72", 0x0, 0x8, 0x60000000}, 0x50) 2m9.315102762s ago: executing program 2 (id=2208): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = creat(0x0, 0xecf86c37d53048ec) fchown(r1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x14, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r2}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000100), 0x2, 0x50e, &(0x7f0000000f40)="$eJzs3U9sI1cZAPBvJsnau02bLfQAqNClFBa0WjvxtquqF8qpQqgSokcO25B4oyh2HMVOacIeskfuSFTiBCeOiAMSB6SeuCNxAE5cygGpwArUIHEwmrGdOn+8sbaxnca/n/TkN/Nsf+/FmvesL/K8AKbWjYjYj4grEfF2RCx0zyfdEq93Sva8jx49WDl49GAliXb7rX8meXt2Lvpek3mq+57FiPjeGxE/SI4F/WNEc3dvY7lWq253T5Vb9a1yc3fv9np9ea26Vt2sVO4u3V189c4rlXMb6wv1X394NSJ+99svfvCH/W/8KOvWfLetfxznqTP0ucM4mdmI+M4ogk3ATHc8V57kxU/0Is5TGhGfiYgX8+t/IWbyT/Ooox/TN8fYOwBgFNrthWgv9B8DAJddmufAkrTUzQXMR5qWSp0c3nNxLa01mq1b9xs7m6udXNn1mEvvr9eqi91c4fWYS+6vz1aX8nrvuFatHDu+ExHPRsRPClfz49JKo7Y6yS8+ADDFnjq2/v+n0Fn/AYBLrvhxtTDJfgAA41OcdAcAgLGz/gPA9LH+A8D0sf4DwPSx/gPA9LH+A8BU+e6bb2alfdC9//XqO7s7G413bq9Wmxul+s5KaaWxvVVaazTW8nv21M96v1qjsbX0cuy8W25Vm61yc3fvXr2xs9m6l9/X+151biyjAgAe59kX3v9zEhH7r13NS/Td7//Mtfr5UfcOGKV00h0AJmZm0h0AJubkbl/AtJCPB/q26H3Yd7p4onLce0O9fWrfULh4bn7+E+T/gU81+X+YXk+W//ddHi4D+X+YXu12Ys9/AJgycvwwzYabAfr//7/Y7jsY7v//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcCnN5yVJS929wOcjTUuliKcj4nrMJffXa9XFiHgmIv5UmCtkx0tD7xoCAFxM6d+TiMjKzYWX5o+3Xin8t5A/RsQPf/bWT99dbrW2lyKuJP86PN96r3u+Mon+AwBn6a3TvXW856NHD1Z6ZZz9+fBbnc1Fs7gH3dJpmY3Z/LGY5xqu/TvpHndk31dmziH+/sOI+Nxp40/y3Mj17s6nx+NnsZ8ea/z0SPw0b+s8Zn+Lzx62/OUcegXT4f1s/nn9tOsvjRv54+nXfzGfoT653vx3cGL+Sw/nv5kB89+NYWO8/PtvnzjZXui0PYz4wmzEQe/N++afXvxkQPyXhoz/1+e/9OKgtvbPI27GaeNPjsQqt+pb5ebu3u31+vJada26WancXbq7+OqdVyrlPEdd7mWqT/rHa7eeGRQ/G/+1AfGLZ4z/q0OO/xf/e/v7X35M/K9/5fTP/7nHxM/WxK8NGX/52m+Kg9qy+KtHx99d1s7+/G8NGf+Dv+2tDvlUAGAMmrt7G8u1WnV71JV09CHyShKxP/g5vzrfoIVf/viNMY1rlJW4GN1QuUiVSc9MwKh9fNFPuicAAAAAAAAAAAAAAMAgI/nx0EZEbPtlAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKP3/wAAAP//NjvUFA==") r3 = open(&(0x7f0000000180)='./bus\x00', 0x4a37e, 0x4) r4 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r5, &(0x7f0000000580)=[{&(0x7f00000005c0)=""/102399, 0x18fff}], 0x1, 0xfffffff8, 0x0) ftruncate(r4, 0x2008002) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00'}) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8088e3ad122bc192, 0x4002011, r3, 0x1000000) r6 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x74, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fallocate(r6, 0x20, 0x4000, 0x10000) 2m8.962250347s ago: executing program 2 (id=2209): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r2}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0xa, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) 2m8.80113921s ago: executing program 2 (id=2213): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x18, 0x140f, 0x1, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x8, 0x45, 'mad\x00'}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x1004) 2m8.80081077s ago: executing program 43 (id=2213): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x18, 0x140f, 0x1, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x8, 0x45, 'mad\x00'}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x1004) 1m28.745512495s ago: executing program 7 (id=3289): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000340)={{0x80, 0xfc}, 'port0\x00', 0x100, 0x60004, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2}) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000740)={{0x84, 0x80}, 'port0\x00', 0x25, 0x60041, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2, 0x9}) r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r1, 0xc0a85352, &(0x7f0000000200)={{0x80, 0x4}, 'port1\x00', 0x89, 0x0, 0x0, 0xfffffeff, 0x0, 0x0, 0x200000, 0x0, 0x4875c99660ff2b28}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x3, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000), &(0x7f0000000100)=@udp=r4}, 0x20) close_range(r2, 0xffffffffffffffff, 0x0) 1m28.729188886s ago: executing program 7 (id=3290): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) r4 = socket$pppl2tp(0x18, 0x1, 0x1) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xa5d4}, 0x4c58, 0x0, 0x0, 0x1, 0x8, 0x2, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000200), r6) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="64000000020605000a0000000000000000000000100003006269746d61703a706f72740005000400000000000900020073797a3000000000050005000000000005000100060000001c0007800800084000000020060004400000000006000540"], 0x64}, 0x1, 0x0, 0x0, 0x40800}, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x0, @dev}, 0x2}}, 0x2e) sendmsg$L2TP_CMD_SESSION_GET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)={0x30, r3, 0x3, 0x0, 0x0, {0x7}, [@L2TP_ATTR_IFNAME={0x14}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x7}]}, 0x30}}, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10) r9 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r9, 0x0, 0xb, &(0x7f00000000c0)=0x7, 0x4) sendto$inet(r9, 0x0, 0x0, 0x40004, &(0x7f0000000000)={0x2, 0x4e20}, 0x10) getpeername$tipc(r9, &(0x7f0000000040), &(0x7f0000000080)=0x10) recvfrom$inet6(r9, 0x0, 0x0, 0x12020, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000003780)={&(0x7f00000037c0)=@newtaction={0x10fc, 0x30, 0x12f, 0x4000, 0xfffffffe, {}, [{0x10e8, 0x1, [@m_skbmod={0x10e4, 0x8, 0x0, 0x0, {{0xb}, {0xb8, 0x2, 0x0, 0x1, [@TCA_SKBMOD_SMAC={0xa, 0x4, @random="c10540b8c70d"}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x10}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x8686, 0x2ee6, 0x10000000, 0x6, 0x248d}, 0xd}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @remote}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x8}, @TCA_SKBMOD_DMAC={0xa, 0x3, @broadcast}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x6, 0x400, 0x8, 0x3}, 0x10}}, @TCA_SKBMOD_SMAC={0xa, 0x4, @remote}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x8354}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x5, 0x4, 0x3, 0x9, 0x10000000}, 0xb}}]}, {0x1004, 0x6, "dc8e0a5e0e8af58964b84f4026107c472c5e3a98d1c578d2f80ab5d472f6c4a65dd138ee2eecf742a8e658c3aa3199827a793c409b48e14f8bef8d3a2e68b46d01a03777e72f437562ebce883860d7d3e42f8c8643ddc85a710fe524e01dde1a5d4244ac2176cfa54399687bf11fd009789da45e91e74fc09d9b9ff7add0157f0f87cf99777f87614502bcb2f592fc1ed0c4a8be7e89a37ed6d57b5eb0e74237660cb62e6e4e4acfc7f8ee66ab2c924ff3c7d8321b833e7bb3674c920a3baacc2ee655987ed59bf5f339b0211e4426e08bbf03fe939f9d8aabf739f9b99507b3c18f010f066e3103899e561032426d9cd8bb82abff90be028729667b99dfebf985be256c827476241b1ab04ab3f24e61ca3f5b544e3844af2b612de3ea577a4bd4d21356234f7e1945860116a638b0da99df147bd7653345eb8f64ed380a26a04e6d7cd274657f5dad43df6c590352c1ee213cd9d3be0e92cc31a0a2aeda39143d48ca34c79d39e57925a3fc7b1b8cbcdcafe825894ccbe0d8594476eb5f02b433a66e7b0515f595b368972897ec58b981be59c40d5ee433d9514b1c13e8ab6be5475f18031a70f106d88c5f29af420363ebe589772c2c63a868e010d9e9cefcb702d9a640ac36414a4b9e41fc41706e3cefec955046e28a6eb03115e1caf7873a00f604992b15be784a61fb9faf761709f4777936064623bb8d7f067db394f2adef995363e70eba32bb02bc28753f2fcc1a5f0f8e000cee95250ab56d30273598d6bb734194d637d8bc707a8ae45a85de8d42e79f99a3c961236cef0c323be60d80338ae36b44bab7d76c9e69a889055c390f045a11795d56bf01970074952f50f87f4a64c947734b1c72c6b22b21667377e09bf9406f31ef2ef916f33fc1ea8e149d1612808f73c6301cefa885e27c2e6fe609c4e665818441a3c5914c5a5a59b93541f451d4461fa8d9847debbb8f9b71cda2f6cb74e201ecfd6c7c07caa046a797070046d16ffc11e3d22fa9f2479a5c616a8e906cd3dce9434b1211c17ff60c896315d8a7288d2b6327a8dee9c74ce2bf758e3da9eb94f4a911e3e1e7dd24bf22e6c880d60d1ba9f42b33100387b98622b4d6a163c1217f4d0cf8d3416d1521b3dde42af50028464729f99311b2f59cd44e13df1f822f11b62a0f92981c15df9d4955d09c2d68b8349e3179ce13a28f2b331aa16ecce41e53067e55a20ec481a69179d0369578070ab4894fd55f6fab4dce83a87972d478005d1e2d76f63886ce03eb7759b5b8f145a04ea3195acaa290757b45c67b022a1e54f9ce2630eaaa425b6f434313c564adfcc9e40e487c969209ff03e3a178bf4a885eb7fff8d765a5953f2fb1ee07a4e8788709c4a64f2ecd2153cb26a9c84087cf32325d26ed08d866808325203b7411da386bcb423e4fd197c2f90c8179d848770f544ace0eacfbc28ffe2eafc42054d3c126e54ac809499912f4e37f75fcb9cd15010dbb8a922c62600de3ad0dc0c1494e68417e5d02b70423c7b464b1595b29f4f11b4bb3eca16e79289e97cd900d55da86a9a1108d59d3509bf458bae8bfb252c56b7c033be38f1a295ca087e6da7c7bbd846e292391359185bfccbb82bd77e5b1856e362a1f8e635ae0512f44f28b4178b355837b6d6e9c8f41bbd824e051d38a8a26dafd2c73e0c0007e536ec988fd82d4826af9af9c6ce8a19ad3c7fbae705e135e41fbe0f7d346762fbdea86fdb3801d7270b8019fd5af61a11d01bbdcb749f452baec45dfa2e33eedd9e52f2f5414af8c95d4129c4de605a961df39a32693c525fb7390c6e897402b29525cc562cae4e540dc4ff28e03e12f9bc18dd0db8bc62bf1601049e0e364df9059cfe9770749a717ebfdbbf2cde0bf96500bd35b0fe8378be666ccdccbef418f14810407ddb8682e72612fab2214328c76a2f037c163cd603373215326a81001ae13f2c2554d250225efba317dea7e20d5f3d24fbc2b9a90dd01755f8786e71202acb60af6637a0a0a78326d82dc1063e56f021dda95c83520c4c33f39bca9740cc312cba19e2db6063047154f8de59da67547dd9f919804118a286da27e19a2dd7b85fd46be83098eca639f4db94ba7be48a42a2a7656f93fbbed162f64199262a10980d1a3bef44a61c125695f4117f73928fe7a459936d72f81e091faca0d0fdb038734db41bb8e7d8fcacc38b8ea73dbba7d62c3bc4ae6728f213ff2e9d4843915da9f31155abf816415078d2d201828011cd52d37afef527e3f18ed1c33a82b443e265226865d7d28c6e94d6919d78b905851acc7142a35f02ed9d2d853e04964161d0c2cd7a9cd861636a51e0dbb7c29f3cf10d7b82f8850c7142af83ee11f413b913b889c48e1253d13eb37416d2ba0a725421767ac78f25a0b1aa9a0703b4989c67ba5558ef3145e3391769233be15d8371ea1689a954b7071ef15cc7723f005620dbbbb95461cae2c6e399c5f54613683b4f4ad281d2dbd809fe8909a49891ddd80f9d167ad577c58ea3d3e73b474930bf87ebc21be428226e7b2afe17f36abd2fdaf92e6749b6a812bcd9109be4c629b921d3d9b8551d641fbf6a371718f3a9ad534744c85483e83e10fea8f61f15fcef1ec029f9e244854f4661250477c15cb61c30bc18c9f6544c14ffb6d4c51d7044b4e9a172366bf061476bc769dee5b3c36eca4631cc3f40f096e9ae1b124efdd49fd8ce7f3ad6a7b163677dca5f3313d7628c3b5ea7b1da8d4c1484ab47a5123c8c66f0215bef12c557a4bc272337e608e718ac9db24146f3ea61f4361720bec93dcd9c9b0473b07439225a625816b265c20c75854c6c85af010eabf4a72ad30fc9d98bc0ba5a33414803b48165f589afdbfff265a8baf9a9002ceff9d6664b2a6b51a962aec9038025f4a01857f163138af84ec68d3910f0b855925285dd53c6a02c01d0fe13ee89acdab0d8ebc92201e9cac07ff259e908ca2b4eb159bb9b1f1cf742f399c77a39d73728c99e1c3038de6376461c38da7950c5e4b7945f75a64979b3b426c305f0fcf5fd771d386b34507dd17a7ee32f8bfffea97311a501ff881d216f33e03e6f8def2d3f68cc321f2a3bc0d4c08b5f7a8364ea0ddc1c85e742617153429930bc4086a738ef3a1a4494f23ec2bdba73e966f52d753cb842a28a29bbfba0afee747918769a7778f17196b86a64fc77ee026504ea1cf19507bfe14504fa81bdbf3532ff109018603e8b999e679e148b98f6b55ee67e9be859bb1656b7718b596c94431730948262de058fb440eab892021af949208175eb634d3a1491a37d8458124d7fc7c152ebfe3f725980739bd0dad22362dff6fc43f4715ccc4c935bca63d791c3dfe7533793aabc3362186b5f462e1dce726012decbb814908f5a7e3e9755945eede822417f50af77e0fd7acee5c2da1d91e23d46f19d083a263697d2f2dee62715b266cb526546dcd575e32c2e4f6e36e54c5555ab50ef5435b31955daa5ebb86961df28d29227fe7a4b4996e555bc076b6c565f8edf2e3664752ebe2bcb453e5f0c5af08bb16cc06b883ae1a0855e172398d9754d814a5537954b94294179e2cf4940056c7a3c1ca3acbc6c3afb59b79a68353a9ccae289cfb38d2750e0ab718619a671e130c3b2e479c2d24d5706375d47b5313c1bc31c5f456e79164b4d43ab78a828413559af99de1003336910e9747efc35ebb8190e2a4adddf2212d5e7f435fc75e3d0714f21e54e457373f471bda64d9e520efc55a610e17edf6c12bde6da6175f246b063570c938f2f5fab26a173b586182f8cb148df01595882ad8af67dab6f48eb57d8ba188070ebbd0a34e86f7e01da6f5c89c07f3d6d55f58686f08358958e89c4559a41fbf3cf2b7bc07ffdc144df1c1bdbb2a10e5f87e25bb97e78a4c193df4d0fb0d3585e3a1bc9fea170a16cf013de8e3f9f6869513e748b569c551b9477cd1b39f8209b1ebca653e0ab55d5fcaedbbd6ff645ed288b81f0f079925f7f31cd215c7d7e0110c7e5c8f6c2c1f9146b5a8fbe8529a146c66f7cd1c4c0b6a2c2c42d714bbd4c8b7b5037609d0dbfe8228a5eaa2b8bcf38665831799cef3ab1755670ac4ec666c5d771cc56801e46210a2738c0bd4ebae9b68b350640092b93d1c33d405eb2f399d8b5434f5cb5d4c33c6b4206d490fba16cdf72f8045fb3b59a790d24d4bfec3b7bf57d81e2b1afe0a5a7946c05e2f4487d80da1c3ba711ac86a2bea22bce839b63b3f8f70362245da31a43b008708349638a59b8924f40a57e93fcd92d7fe41261ffed9bbbbfa66eac19633648b64b2d2042dfa1183c03c236e0b40422bb86a8cf6559c7bbf2007c73dbf2ce534dfb30fa651fc5bfc4286814ad55f8b98d3b42d482ed6d56d9112ead7821968b2b99cc55f634c551c34dba813bc617e976ca2694ed9315bb4a1e47fd17fbc2bcefe68df55e2f70b0a27a2a243f3e0b6687c6ca822de299bec77bf5a3ff162429762757615907d60cf20f76f4cd1ba2838f8c01effde87ccb81353766ee1282aed7c93ed72c50bbe784f71a1cebf52026d7d454c25653f1e43a4b7bce98a347f2b3d20f1153e9b37e68a57051e4d989ba4b66684cef4e8069d9f910a8ec48df93aaadefae219ac35889547b0e1671504397afe2e49a2bcd6e185760222fdcdbea86c876bfecf65b472b0881b674c38bb6b9920837652b4f1f2a06732ec0a1233180118c3f4665ed1041808a30c96644ba471d26bccad51d86f4934483f05ff70719151d9e9e016612187cf06bad2904eed965b5864497a576beb351891f6b657052d7f89b10342f6ac6de96051841f3e3480e9334593ecad6869f1905d1af244153b0424c832e6c3c0e36bdb2c55b83922a86ef3d3a4fdaa806167ad1848ba0dc24c642715ccfbd3d8233f7fb945f6e4feb53448f1e8cfdc9977d19947b9620bbe6103aacf3dfe0d11eebb0c23f34e21e6989b980ddba79c1c499bfa79ab586c865251ce371f58e89857ddad3d62ca782873476a4e160f7793d4c90d6401d45e13f490cb25782201d21cde1e93f54b18bc6b2447c2d6ed91ce70bbe395ad0d97eab020f89117166e620d69d15dd72dce1b52b8540283d794f349f239484797eb54d8070a10673676cc7aa11e870d98d76fb2b770d7c39cd25c8771919ded371cb3a0695f865f5bfe18a80fa324d139e21070b976df4d7f0217b43526207e69531ee88f8f8441efe8f0efeb3c66bda68b17c9694d529f075455d3cd425e45bd6bf3bf6dcd5720f919de5b0a7a6a79c6517965b5b2004627af75bca211fe7571c4e266948a2ae8f4d9033c19158c276fcb872a0a2688f9d8ea85d148fbfd8636e5835c0eb0298b3b77bd13b9e7cb34d39065477150acbfec11fcecce4c8e668cb7f5bc60b92f5ad488c7047697ccb70342db5841b631649765a589d9c8a8c7757655dd5c39865d0ed41c2676da302e49b14e5034efec791eb40df417f795ebd06779fa4c9a6eafb95f2a3afad3a15d4cd165530750accd3e18fb427dc41b55cb4043f71db63f3d770e83e4a3d8ddd6a9a2b5d423dfb13a514e9f7fdafbad360551e42933addd3d1f841a205741bc84ca0ec5f1535c3cd6195f3225372a41662d171c69a2522e690129db25d98814ef94aa024e18d217d278650514749b7120d1cc7ef9ee67b6433dd41d5e1df4951db4a645cc9ad91e16955d43f5cd77307e6c84068c4ed3586ebc99cef0ad7550b6bf598df250e2552636bcd824c1d130854196dcca6e861da792c4343c6b8791844a8b6c290452a2ff376eff999dbd502f"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x10fc}}, 0x24000080) 1m28.623284077s ago: executing program 7 (id=3293): mkdir(&(0x7f0000000540)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, 0x0, &(0x7f00000000c0), 0xff, r0}, 0x38) 1m28.618664857s ago: executing program 7 (id=3295): syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000001100)='./file1\x00', 0x801, &(0x7f0000000140)={[{@block_validity}, {@nojournal_checksum}, {@errors_remount}, {@norecovery}, {@nojournal_checksum}, {@errors_remount}, {@init_itable_val}, {@abort}, {@grpjquota}, {@grpquota}, {@usrjquota}]}, 0x1, 0x7f0, &(0x7f00000002c0)="$eJzs3d9rXFkdAPDvnUx+tpIIolYQBgQtlE6aGlsFwYgPIlgo6JMPtmEyDTWTTMlMShOCbRHBF0HFN33psz9fxFfdhd2X3f9jaenupmW77MMyy50fySS90042yaQ/Ph+4yTn3nnvP/d5z75mT3JubAF5bhfRLLuJURPwhiZhsz08iYriZykfMtco92dospVMSjcbPPkiaZR5vbZaia53UiXbmqxHxxm8jzuSerre2vrE0X6mUGy23W+uub5y9vjy/WF4sr1yYmZ09f/E7Fy8cXqwfvbtx8sEff/ytf8598puv/Ov3byYxFyfT+Jp24jgshSi0j8lwegh3+dFhV3Zs/vPrPgrlIhqNVjJ/1DvEPqSX5lC7VU7FZAw9q33GB7lnAMBRuR3pyKyHoZ5LAICXWtL6/P/Bce8HADAond8DPN7aLHWm4/2NxGA9/GFEjLXi79zfbC3Jt+/ZjTXvg048TnbdGUkiYuoQ6i9ExF//+8u/p1PsuZ8KcJTu3I2Iq1OFXf3/UDR7uF3PLOx9gKEP57JnL3ZnCnsW6v9gcP6Xjn++mzX+y22PfyJj/DOace1+Hs+//nP3I+L+8CHUlSUd/32/69m2J13xt00NtXNfaI75hpNr1yvlc9tPuw2PpvmZVibzCZnTjz591Kv+7vHfh3/61d/S+tPvOyVy9/Oju9dZmK/PHyTmbg/vRnwtnxV/2v+PNts/6TH+vdxnHT/53u/+0mtZGn8ab2d6Ov6j1bgX8c3M9k+2y6Sp6fryjela1vOJ083TofU1u45/z8VEr/oL+Z32T6e0/s7PAoOQtv/Es+OfSrqe11yt9b3p7WvhnXuT/+9VqPv8z44/+/wfSX7eTI+0592ar9dXZyJGkp8+Pf/8zrqdfKd8Gv/pb2Rf/53+L+P8/0W6/at9Hoj8g/f/0X/8aW2Dbf+FfbX/vhMx9mRpaFelo8+KP6v9Z3et3k//1+8OHuTYAQAAAAAAAAAAAAAAAAAAAAAAAEC/chFxMpJccTudyxWLrf/h/aWYyFWqtfqZa9W1lYV0WfP9p7nOqy4nu96HOtN+H34nf35P/tsR8cWI+PPoeDNfLFUrC8cdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0nejx//9T743uKTx0HHsIAByJMR/sAPC6SfL5494FAGDQxvouWYiI8dadAgDgpdb/5z8A8Kro/fnvxgAAvKqe8/P/3j8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP26fOlSOjU+3tospfmFm+trS9WbZxfKtaXi8lqpWKqu3iguVquLlXKxVF2OfI8N3Wl9q1SrN2ZjZe3WdL1cq0/X1jeuLFfXVupXri/PL5avlIcHGBsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Ku2vrHUmKyUV9PEfOVAibH2Ng+6nf0mcjG4ug47sfR265i9KPuTmYgXYzdehER6jnfPiTtHcM6/deHrX043eqyRxshOLzE+8H4JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GXxWQAAAP//pZIfGQ==") r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='\\-,*\'', &(0x7f0000000ac0)='&\x00', 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000004b704000000000000850000000300000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000003c40)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x101c008, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x482321cb74c946b6, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000f6ff0000000000000000850000008800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000050000000920000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r5, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeb, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f0000000b00)={0x0, 0x0, 0x3, 0x0, '\x00', [{0x0, 0x8, 0x100000001, 0x4, 0x7fffffff, 0xfffffffffffffff8}, {0x2, 0x4, 0x3, 0xf, 0x1, 0xffffffff}], ['\x00', '\x00', '\x00']}) 1m28.303136422s ago: executing program 7 (id=3300): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000340)={{0x80, 0xfc}, 'port0\x00', 0x100, 0x60004, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2}) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000740)={{0x84, 0x80}, 'port0\x00', 0x25, 0x60041, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2, 0x9}) r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r1, 0xc0a85352, &(0x7f0000000200)={{0x80, 0x4}, 'port1\x00', 0x89, 0x0, 0x0, 0xfffffeff, 0x0, 0x0, 0x200000, 0x0, 0x4875c99660ff2b28}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x3, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000), &(0x7f0000000100)=@udp=r4}, 0x20) close_range(r2, 0xffffffffffffffff, 0x0) 1m27.947030358s ago: executing program 7 (id=3316): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000c40)={'filter\x00', 0x6002, 0x4, 0x3f8, 0xf0, 0x0, 0x200, 0x310, 0x310, 0x310, 0x4, 0x0, {[{{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x7, 0x1ff, 0x800000}}}, {{@arp={@remote, @remote, 0x0, 0x0, 0x0, 0x0, {@empty, {[0xff]}}, {@empty, {[0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_vlan\x00', 'nicvf0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@broadcast, @multicast2, @broadcast, 0x0, 0xffffffff}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@link_local, @local, @dev={0xac, 0x14, 0x14, 0x30}, 0xf, 0x5fa0832aa5fc72f3}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x448) 1m27.893603619s ago: executing program 44 (id=3316): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000c40)={'filter\x00', 0x6002, 0x4, 0x3f8, 0xf0, 0x0, 0x200, 0x310, 0x310, 0x310, 0x4, 0x0, {[{{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x7, 0x1ff, 0x800000}}}, {{@arp={@remote, @remote, 0x0, 0x0, 0x0, 0x0, {@empty, {[0xff]}}, {@empty, {[0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_vlan\x00', 'nicvf0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@broadcast, @multicast2, @broadcast, 0x0, 0xffffffff}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@link_local, @local, @dev={0xac, 0x14, 0x14, 0x30}, 0xf, 0x5fa0832aa5fc72f3}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x448) 18.291782678s ago: executing program 4 (id=4586): perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0x5d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80}, 0x8000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000004}, 0x0, 0x0, 0xffffffffffffffff, 0x2) prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='gtp\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000014c0)='kmem_cache_free\x00', r0}, 0x18) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) 18.1851309s ago: executing program 4 (id=4590): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x65, 0xfc, 0x5, 0x0, 0x0, 0x3, 0x8900c, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc46, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x6, 0x7ffffffc, 0x1, 0x1, 0x0, 0x0, 0x0, 0x102, 0x0, 0x3}, 0x0, 0x6, 0xffffffffffffffff, 0x2) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_DESTROY(r2, &(0x7f0000000080), 0x4) openat$binfmt_register(0xffffff9c, 0x0, 0x1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r3, 0x0, 0x9}, 0x18) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x2, 0x800000000003}, 0x1320, 0xffffffff, 0x3, 0x5, 0x8, 0x1088f109, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002380)={0x5, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5) socket$inet(0x2, 0x3, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) socket$nl_route(0x10, 0x3, 0x0) r6 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501) ioctl$USBDEVFS_SETCONFIGURATION(r6, 0x80045505, &(0x7f0000000000)=0x1) 17.728448157s ago: executing program 4 (id=4599): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB='\v\x00\x00\x00\b'], 0x48) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_mr_vif\x00') pread64(r3, &(0x7f0000000100)=""/199, 0xc7, 0x5) lseek(r3, 0x2, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000500)='kfree\x00', r2, 0x0, 0x4}, 0x18) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) clock_nanosleep(0x9, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000006000000000000000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r5}, 0x10) sendmmsg$inet(r3, &(0x7f0000001500)=[{{&(0x7f00000008c0)={0x2, 0x4e21, @rand_addr=0x64010101}, 0x10, &(0x7f0000000dc0)=[{0x0}, {0x0}, {&(0x7f0000000b80)="6a5c995373ac6191ee2a90227bf9764758d2a8e6e6627a2c2e1e8b27877de30d0f8ef8b6113647853a797462014390437ccaba433cc1c3502726b7e8c067f8ec133dda3a3f9daf4e1eac4c47d6794981a8b544cf3b0745ac8c682fbb4c", 0x5d}, {&(0x7f0000000c40)="354785111146acdea3e4689b729d3e31b816cafa012a1532a698423b3b7ba350630018eb6a7fe7ae43b5cd26435fe2a299e27bc389bf9efbe72b72f527d0195bcf80d901b08343d0741329419553962d18f55bcf364ed848b3f5d5ea3ca7b5f8da0d6ddcc4947d7747593c802f4866f0fbdc81589192afbed9e7cc2343fc65086b35b924d07a231f4494fc587f117dee75780c360083baffdc911531338db3504415ea7da6f7caf0a0d16dde8ae35482052ef5feaa5620724daaa591d6bfae7dc9baf9d2", 0xc4}, {&(0x7f0000000d40)="be1d538bd6cc2a3a41b8bdff05f44b930912a6eca75f1c7880eaedc3977f720a909814892887d4186f3b0d3ab28f9c7e81a86055351ed33e33cfef01bb543030e5b23d191646ac6790980ddcb2a222e039d51786aed8f14ae39c38cd09f8", 0x5e}], 0x5}}, {{&(0x7f0000000e80)={0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@ip_retopts={{0x48, 0x0, 0x7, {[@ra={0x94, 0x4}, @timestamp_addr={0x44, 0x34, 0x20, 0x1, 0xb, [{@multicast1, 0x4d}, {@broadcast, 0x100}, {@dev={0xac, 0x14, 0x14, 0x1b}}, {@local, 0x3ff}, {@multicast1, 0xff}, {@loopback, 0x5}]}]}}}, @ip_retopts={{0x3c, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x14, 0x8f, 0x3, 0x9, [{@private=0xa010102, 0x100}, {@multicast2, 0x3c}]}, @rr={0x7, 0x17, 0x11, [@dev={0xac, 0x14, 0x14, 0x20}, @dev={0xac, 0x14, 0x14, 0x34}, @private=0xa010102, @rand_addr=0x64010101, @remote]}]}}}, @ip_retopts={{0x80, 0x0, 0x7, {[@timestamp_addr={0x44, 0x2c, 0x79, 0x1, 0x6, [{@private=0xa010100, 0x3}, {@multicast2, 0xfa}, {@multicast2, 0x4}, {@multicast2}, {@multicast2, 0x4}]}, @rr={0x7, 0x46, 0x4b, [@loopback, @local, @remote, @dev={0xac, 0x14, 0x14, 0x2b}, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x32}]}, @timestamp={0x44, 0x28, 0x2a, 0x0, 0x6, [0x0, 0x4, 0x0, 0x9, 0x6, 0xfffffff8, 0x4, 0xe479, 0x0]}]}}}, @ip_retopts={{0xb0, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4c, 0x46, 0x3, 0x3, [{@loopback, 0x8000}, {@local, 0xa}, {@empty, 0x7fffffff}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4}, {@local, 0x11}, {@multicast1, 0x8}, {@broadcast, 0x9}, {@loopback, 0x10000}, {@remote, 0x5}]}, @cipso={0x86, 0x32, 0xfffffffffffffffd, [{0x1, 0x11, "06d0292bca31584d82382ccb681cd0"}, {0x7, 0xd, "144e0eefda59455c5e64b2"}, {0x5, 0x7, "cc983f1620"}, {0x0, 0x7, "0d6731aee9"}]}, @cipso={0x86, 0x1f, 0x3, [{0x0, 0x2}, {0x3, 0x2}, {0x5, 0xc, "7eff189344e98f849324"}, {0x0, 0x3, "8a"}, {0x5, 0x6, "7e0df79a"}]}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xf}}, @ip_ttl={{0x14, 0x0, 0x2, 0x9}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x5c}}], 0x200}}], 0x2, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x80) setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, &(0x7f0000000180)=0x4, 0x4) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x1200000, &(0x7f0000000000), 0x2, 0x57e, &(0x7f00000001c0)="$eJzs3c9rHOUbAPBnNkl/f79NoRT1IIEerNRumsQfFYTWo2ixoPe6JNNQsumW7KY0sdD2YC9epAgiFsQ/wLvH4j8gePVc0EKREvTgJTKb2XabzSabZHW37ucD077vzGSfeXfmffd5d3bZAAbWWPZPIeLFiPgiiTjctG048o1ja/utPL4xnS1JrK5+9HsSSb6usX+S/38wr7wQET9+FnGy0Bq3urQ8VyqX04W8Pl6bvzpeXVo+dXm+NJvOplcmp6bOvDE1+fZbb3atra9e+PPrD++/d+bz4ytfff/wyN0kzsWhfFtzO3bhVnNlLMby52Qkzq3bcaILwfpJ0usDYEeG8n4+EtkYcDiG8l4P/PfdjIhVYEAl+j8MqEYe0Jjbd2ke/Nx49O7aBKi1/cNr743Evvrc6MBK8szMKJvvjnYhfhbjh9/u3c2W2OJ9iJtdiAfQcOt2RJweHm4d/5J8/Nu50/U3jze3Psagvf5AL93P8p/XNsp/Ck/yn2jJf36uZ467HR+io/5feNiFMG1l+d87G+a/T4au0aG89r96zjeSXLpcTk9HxP8j4kSM7M3qm93PObPyYLXdtub8L1uy+I1cMD+Oh8N7n/2bmVKttJs2N3t0O+Klp/lvEi3j/756rrs+/82ejwsdxjiW3nu53bat29+s+xnw6ncRr2x4/p/e0Uo2vz85Xr8exhtXRas/7hz7qV387bW/+7Lzf2Dz9o8mzfdrq9uP8e2+v9J223Z6/e9JPq6X9+TrrpdqtYWJiD3JB63rJ5/+baPe2D9r/4njm49/G13/+yPikw7bf+fonba79sP5n9nW+d9+4cH7n37TLn5n5//1eulEvqaT8a/TA9zNcwcAAAAAAAD9phARhyIpFJ+UC4Vice07vEfjQKFcqdZOXqosXpmJ+ndlR2Ok0LjTfbjp8xAT+edhG/XJdfWpiDgSEV8O7a/Xi9OV8kyvGw8AAAAAAAAAAAAAAAAAAAB94mCb7/9nfh3q9dEB/zg/+Q2Da8v+341fegL6ktd/GFz6Pwwu/R8GV4f9/5ctf80deO54/YfBpf/D4NL/YXBt3P/N9gEAAAAAAAAAAAAAAAAAAAAAAAAAAGCHLpw/ny2rK49vTGf1mWtLi3OVa6dm0upccX5xujhdWbhanK1UZstpcboyv9XjlSuVqxOTsXh9vJZWa+PVpeWL85XFK7WLl+dLs+nFdORfaRUAAAAAAAAAAAAAAAAAAAA8X6pLy3OlcjldUGhbOBt9cRg7LiRbneWz+cWwoxDDm+2zfzePrNDLQg8HJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY5+8AAAD//5d3NP0=") r7 = creat(&(0x7f0000000080)='./file0/file1\x00', 0x90) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000030000000900010053797a30000000005c000000090a010400000000000000000300000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000023200011800e000100636f6e6e6c696d69740000000c0002800800014000000000140000001000010000000000000000000000000a"], 0xa4}}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r8 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0xc, 0x0, 0x0, r7}, &(0x7f0000010080), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f0000010300)=[{0x0}, {0x0}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r8, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) 17.568893019s ago: executing program 4 (id=4602): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x3000046, &(0x7f00000000c0)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@grpjquota}, {@oldalloc}, {@errors_remount}, {@orlov}, {@usrquota}, {@stripe={'stripe', 0x3d, 0x622}}]}, 0x1, 0x56c, &(0x7f0000001a00)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLqMJh1rHbhduBtvZAgiDsR7vfdy+A/4Vwx0MHQUvfCmctKTLmuTJttiUs3nA6e87zknfc+bc543z5uTkACG1kT2pxDxfER8kUQcjogk3zYa+caJjf3WHl6fzZYk1tc//C2p75fVG/+r8biDeeW5iPjps4iThe3tVldWF0rlcrqU1ydri1cmqyurpy4tlubT+fTy9MzMmddnpt96842e9fWV839+/cHdd898fnztqx/uH7mdxNk4lG9r7sczuNFcmYiJ/DkZi7NbdpzqQWO7STLoA+CpjORxPhbZGHA4RvKoB/77Po2IdWBIJeIfhlQjD2jM7XeeB/+/T1lJ/zx4Z2MCtL3/oxvvjcS++tzowFry2Mwom++O96D9rI0ff71zO1uid+9DAHR042ZEnB4d3T7+Jfn4t4MOb/qdbr16X3NlaxvGP+ifu1n+82qr/KdQj83f83Ddmv8cbBG7T6Nz/Bfu96CZtrL87+2W+e/mTavxkbz2v3rON5ZcvFROT+fZ8IkY25vVd7qfc2bt3nq7bc35X7Zk7Tdywfw47o/uffwxc6Va6Vn63OzBzYgXWua/yWb+m7Q4/9nzcb7LNo6ld15qt61z//9Z699FvNzy/D96cUt2vj85Wb8eJhtXxXZ/3Dr2c7v2B93/7Pwf2Ln/40nz/drqk7fx7b6/0nbbHut/dH/970k+qpf35OuulWq1pamIPcn729dPP3pso97YP+v/iePtx7921//+iPi4y/7fOvr9i131f0Dnf+6Jzv+TF+6998k37drvbvx7rV46ka/pZvzr9gCf5bkDAAAAAACA3aYQEYciKRQ3y4VCsbjx+Y6jcaBQrlRrJy9Wli/PRf27suMxVmjc6T7c9HmIqfzzsI369Jb6TEQciYgvR/bX68XZSnlu0J0HAAAAAAAAAAAAAAAAAACAXeJg/Tv/I5v1xvf/M7+MDO64gD7xk98wvDrGfy9+6QnYlbz+w/AS/zC8xD8ML/EPw0v8w/AS/zC8uoj/Qj+OA+g/r/8AAAAAAAAAAAAAAAAAAAAAAAAAAADQU+fPncuW9bWH12ez+tzVleWFytVTc2l1obi4PFucrSxdKc5XKvPltDhbWez0/8qVypWp6Vi+NllLq7XJ6srqhcXK8uXahUuLpfn0QjrWl14BAAAAAAAAAAAAAAAAAADAv0t1ZXWhVC6nSwoKT1UY3R2HodDjwqBHJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB45O8AAAD//8A2OIo=") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0a000000050000000200"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x20075, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000300)) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) 17.439414091s ago: executing program 4 (id=4604): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f0000000280)="96", 0x1, 0x1, &(0x7f0000000240)={0xa, 0x0, 0x0, @private2}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000000)=0x6, 0x4) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x7}}, './file0\x00'}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000000080)={0x8}) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x5, 0x0, @void, @value, @void, @value}, 0x50) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000140)={@mcast2, 0x0}, &(0x7f0000000200)=0x14) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000580)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0], 0x0, 0xa, &(0x7f0000000640)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000680), &(0x7f00000006c0), 0x8, 0x7d, 0x8, 0x8, &(0x7f0000000700)}}, 0x10) r8 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000008c0)=@generic={&(0x7f0000000880)='./file0\x00', 0x0, 0x10}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x13, 0x23, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @func={0x85, 0x0, 0x1, 0x0, 0x7}, @map_val={0x18, 0x4, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x6}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @generic={0x8, 0x1, 0x0, 0x3, 0x101}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @map_val={0x18, 0xa, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x5}, @jmp={0x5, 0x1, 0xb, 0x3, 0x1, 0x0, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000100)='GPL\x00', 0x800, 0x54, &(0x7f0000000340)=""/84, 0x40f00, 0x30, '\x00', r6, @fallback=0x1a, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x4, 0xb, 0x6, 0x2}, 0x10, r7, r8, 0x5, 0x0, &(0x7f0000000900)=[{0x5, 0x2, 0x3, 0x5}, {0x4, 0x5, 0x5, 0xc}, {0x1, 0x1, 0xb, 0x5}, {0x3, 0x1, 0x10, 0x3}, {0x0, 0x4, 0x0, 0x3}], 0x10, 0x4, @void, @value}, 0x94) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) close(0x3) writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) 17.229439565s ago: executing program 4 (id=4608): bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="10000000040000000800", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000006"], 0x48) 5.484916675s ago: executing program 9 (id=4796): perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0x5d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9}, 0x8000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000004}, 0x0, 0x0, 0xffffffffffffffff, 0x2) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) personality(0x5000007) 3.987103108s ago: executing program 9 (id=4811): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) gettid() r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x8, &(0x7f0000000040), 0x9, 0x52e, &(0x7f0000000500)="$eJzs3U9sI1cZAPBvJsnau02bLfQAqNClFBa0WjvxtlHVC+VUIVQJ6JHDNiROFMWOo9gpTdhD9sgdiZU4wYkzByQOSD1xR+IANy7lgFRgBWqKkDDy2E6cP07c3cTejX8/aeQ388b+3tvRvGd93swLYGzdiIjdiLgSEe9GxEzneNLZ4s321jrv44f3Fvce3ltMotl85x9JVt86Fj3vaXmm85n5iPj+WxE/TI4E/WNEfXtnbaFSKW92DhUb1Y1ifXvn9mp1YaW8Ul4vlebn5mdfv/Na6dz6+lL11x9djYjf/faLH/5h9xs/bjVrulPX24/z1O761H6clsmI+M5FBBuBiU5/rjzKmx/pTZynNCI+ExEvZ/f/TExkV/Oww5fpm0NsHQBwEZrNmWjO9O4DAJddmuXAkrTQyQVMR5oWCu0c3gtxLa3U6o1by7Wt9aV2rux6TKXLq5XybCdXeD2mkuXVyfJcVu7uV8qlI/t3IuL5iPhp7mq2X1isVZZG+cUHAMbYM0fm/3/n2vM/AHDJ5Q+KuVG2AwAYnvyoGwAADJ35HwDGj/kfAMaP+R8Axo/5HwDGj/kfAMbKd99+u7U19zrPv156b3trrfbe7aVyfa1Q3VosLNY2NwortdpK9sye6lmfV6nVNuZeja33i41yvVGsb+/crda21ht3s+d63y1PDaVXAMBpnn/pgz8nEbH7xtVsi57n/Z85V7940a0DLlI66gYAIzNxSt1/htgOYPiOr/YFjAv5eBhf/2s2m9Gzdm9E3N8v9TwMtO9/EXqwX/rke3Hkkw6k1g2FJ8/Nzz9G/h94qsn/w/g6Lf/fn+/ycBnI/8P4ajYTa/4DwJiR4wdO/NW+R+/v/7PNnp0HF9QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeApMZ1uSFjprgU9HmhYKEc9GxPWYSpZXK+XZiHguIv6Um8q19uciwrpBAPA0S/+WdNb/ujnzyvTR2iu5T3LZa0T86Ofv/Oz9hUZjcy7iSvLP/eONB53jpVG0HwA4S3ee7s7jXR8/vLfY3YbZno++1V5ctBV3r7O1ayZjMnvNZ7mGa/9KOvttre8rE+cQf/d+RHzupP4nWW7kemfl06PxW7GfHWr89FD8NKtrv7b+LT57Dm2BcfNBa/x586T7L40b2evJ938+G6EeX3f82zs2/qX7499En/HvxqAxXv39t48dbM606+5HfGEyYq/74T3jTzd+0if+KwPG/8uLX3q5X13zFxE346T+J4diFRvVjWJ9e+f2anVhpbxSXi+V5ufmZ1+/81qpmOWoi91M9XF/f+PWc/3it/p/rU/8/Bn9/+qA/f/lf9/9wZdPif/1r5x8/V84JX5rTvzagPEXrv0m36+uFX+pT//Puv63Boz/4V93lgY8FQAYgvr2ztpCpVLefPxC/tRz0vMIMUAhidi94BAHhdyvfvLW2SfnhtaeRyxEv6qJJ6WFl6aQezKaMUBh1CMTcNEObvpRtwQAAAAAAAAAAAAAAOhnoL8HuvppTj5eGHEXAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuMT+HwAA//99VtW2") set_mempolicy(0x4003, &(0x7f0000000200)=0x7, 0x3) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff000000850000000e000000850000000700000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0207e80702"], 0x10}}, 0x40044) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000280)={{{@in=@multicast1, @in=@loopback, 0x0, 0x54, 0x0, 0x0, 0xa, 0x80, 0x0, 0x32}, {0x2007, 0x0, 0x46a1, 0x0, 0xfffffffffffffffe, 0x2000000, 0x2}, {0x1, 0xfffffffffffffffd, 0xff}, 0x1, 0x0, 0x1}, {{@in6=@rand_addr=' \x01\x00', 0x0, 0x2b}, 0x2, @in=@broadcast, 0x3507, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0xe8) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000b80)=ANY=[@ANYRESHEX=r4, @ANYRES16=0x0, @ANYBLOB="534208ae81d02bbfb50add7dab797478f46aa46aa591be89d8af1f43a804c57c583431edb63957661dadb8323f7b0e6c9fc245dffe4f05ab3cc9d7a38966cff78d285f2818885f5f2ec1a6e4c061ef18e48277f5c7200d95f1100020d0b3ee5e635042feb59ed5ba83563667f2d57852d15a9218b8d4147a9b4c51b3dc20435f6d83bdc2"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000", @ANYRESDEC, @ANYRES64=r0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) r5 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r5, &(0x7f0000000080)={0x18, 0x0, {0x2, @local, 'bridge_slave_0\x00'}}, 0x1e) r6 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r6, &(0x7f0000000080)={0x18, 0x0, {0x4, @local, 'geneve0\x00'}}, 0x1e) close(r5) 2.740707637s ago: executing program 9 (id=4825): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = getpgid(0xffffffffffffffff) syz_open_procfs(r1, &(0x7f0000000740)='stack\x00') sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0000000000190080004000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1600000007000002088000000400000005000000283ffa", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r2, @ANYRES32=r4, @ANYRESHEX=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) r6 = creat(&(0x7f00000000c0)='./file0\x00', 0xd4) r7 = dup2(r6, r6) ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x8}) ioctl$BLKTRACESETUP(r7, 0x1276, 0x0) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0x4f, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1000, @void, @value}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10) r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100002d0001000000000000600000010100800c0000000000000000000000140001"], 0x114}], 0x1, 0x0, 0x0, 0x44010}, 0x0) r11 = socket$inet6_mptcp(0xa, 0x1, 0x106) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000001, 0x4008031, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_int(r11, 0x6, 0x5, 0x0, &(0x7f0000000040)) shutdown(r8, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r8, 0x84, 0x6c, &(0x7f0000000380)={0x0, 0x11, "bf7fa159ea60785a5fcfa8d25f2bb4a5f2"}, &(0x7f0000000400)=0xfffffffffffffc89) mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8000, 0x103) r12 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r12, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001e00050300000000000000000000000008", @ANYRES32=0x0, @ANYBLOB="ebffff0f", @ANYRES32, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x4a841}, 0x0) 2.207476985s ago: executing program 45 (id=4608): bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="10000000040000000800", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000006"], 0x48) 1.294416009s ago: executing program 9 (id=4839): perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0x5d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80}, 0x8000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000004}, 0x0, 0x0, 0xffffffffffffffff, 0x2) prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='gtp\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000014c0)='kmem_cache_free\x00', r0}, 0x18) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) 1.100942563s ago: executing program 6 (id=4842): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) mount(0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)=ANY=[@ANYBLOB="200000001714b5"], 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYBLOB='\x00'/10, @ANYRES32], 0x48) ioctl$INCFS_IOC_PERMIT_FILL(r0, 0x40046721, &(0x7f0000000400)={r0}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000060000b00000000000000000850000004100000085000000230000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0xa050, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x4, 0x5}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000780)=ANY=[@ANYBLOB="050000000000000063118600000000008510000002000000850000000500000095000000000000009500a5050000000087a45f2f52cef602ee26b815b347e4ed1026ee3b8abcd838b31a"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_mtu(r5, 0x29, 0x4d, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r4, 0x0, 0x6, 0x0, &(0x7f0000000000)='\a\x00\x00\x00\x00\x00', 0x0, 0x8005, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf, 0xa}, {0xe, 0x7}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x9, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00) 1.030994153s ago: executing program 9 (id=4843): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) mkdir(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x100) setsockopt$sock_timeval(r0, 0x1, 0x43, &(0x7f0000000040)={0x0, 0x2710}, 0x10) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001) 982.658594ms ago: executing program 9 (id=4844): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000440)={'syzkaller0\x00', 0x7101}) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xc, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000850000000700000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xaf) ioctl$TUNSETLINK(r0, 0x400454cd, 0x18) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff000000850000000e000000850000000700000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r4 = socket(0x10, 0x80002, 0x0) r5 = syz_clone(0x308000, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMUNATTACH(r4, 0x89e1, &(0x7f0000000500)={r2}) ioctl$int_in(r7, 0x5452, &(0x7f0000000040)=0x8001) fcntl$setownex(r7, 0xf, &(0x7f0000000140)={0x2, r5}) sendmmsg$unix(r6, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000008c0)='\x00', 0x1}], 0x1}}], 0x1, 0x408b1) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="00000132ae57f60014001a80100004"], 0x34}, 0x1, 0x0, 0x0, 0x4000801}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) faccessat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x5, 0x300) syz_io_uring_setup(0x3934, &(0x7f0000000100)={0x0, 0x9f39, 0x1, 0x0, 0x3db}, &(0x7f0000000180)=0x0, &(0x7f0000000200)) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x4c, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x800000000003}, 0x1, 0x5dd8, 0x0, 0x3, 0x400000, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x10c, &(0x7f0000000240)=0x1d340000, 0x0, 0x4) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000540)) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000006c0)={[{@delalloc}, {@usrjquota}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@acl}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@user_xattr}, {@bh}, {@errors_remount}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r9 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) fadvise64(r9, 0xf, 0x5, 0x2) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) r11 = getuid() mount$9p_rdma(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', &(0x7f0000000400), 0x2000001, &(0x7f0000000580)=ANY=[@ANYBLOB="7472616e733d72646d612c706f72743d3078303030303030303030303030346532322c7365636c6162656c2c7375626a5f726f6c653d2c646f6e745f61707072616973652c657569643d818ab482998a2010a53b1a776bf66a4fcb18d86c44ea8ecbb033c1f6c01e754a343d97af0bf096fb07caf6d100d4ada44c7ce13cd2857ef626be59793c9506f2019692b16925bfdc85be884ac66fd186fcc86631a78e82a4607532cce478cced2629ff91702c4cb03e57519211cdf5977d234588b1ee8788", @ANYRESDEC=r11, @ANYBLOB=',smackfsdef=\\({+o,fscontext=user_u,fscontext=root,\x00']) write$binfmt_script(r10, &(0x7f0000000040), 0x208e24b) 927.008295ms ago: executing program 5 (id=4846): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x5, 0x2, 0xfffff024}, {0x20, 0x7, 0x0, 0xa56e}, {0x6, 0x0, 0x0, 0xa1a}]}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000001280), 0x6) 913.013945ms ago: executing program 0 (id=4847): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000b800000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f00000002c0)='kmem_cache_free\x00', r0}, 0x18) r1 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x2) prctl$PR_SET_IO_FLUSHER(0x41, 0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe, 0x4008032, 0xffffffffffffffff, 0x0) write$binfmt_script(r1, &(0x7f0000000300)={'#! ', './file0'}, 0xb) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 885.888266ms ago: executing program 5 (id=4848): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x4, &(0x7f0000000080)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x56) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0e00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x12, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32=r3, @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @cgroup_sock_addr=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r4}, 0x10) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r5) r6 = socket$netlink(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)={0x14, r7, 0x1, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x24004000}, 0x24040840) sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, 0x0, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IFINDEX={0x8, 0xb, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x80000}, 0x851) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r9 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$selinux_user(r9, &(0x7f0000000080)=ANY=[@ANYBLOB='system_u:object_r:auth_cache_t root'], 0x27) 841.048607ms ago: executing program 0 (id=4849): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c3"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d70300000000000000d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df6c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8a9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2a9e99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8be1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaa072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a3ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a98838156ff00000000000000cdbf91f7582ab314be3e67b8c9459564c856339a80919ecf839560c62e69df8667b274cc53f83f2086cfd2664252471fad9081824d60741d663ee258705c364e162b84a09870acd0a19399103474444f4fa12dcbd10b40195b6088513029b60a34e4161fe48c092693eb07dc8ddcba2eac2efe30b285a877c862c73ff8a60cf73f1b17da0000000000005664181c1f28cd2880e6872bae932eaf4b0000000000007b662c0fe22cfd6d4bd7b851ae928cebeec6375b16af342e93c39d97e5d74d5a8e96c15fdcde7526b0af54b145e61b042c1e600390590a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) bpf$BPF_LINK_CREATE(0xa, &(0x7f0000000040)={r2, 0xffffffffffffffff, 0x10, 0x0, @val=@tracing={0x0, 0x8}}, 0x20) 840.775287ms ago: executing program 0 (id=4850): r0 = syz_io_uring_setup(0x10dd, &(0x7f00000000c0)={0x0, 0xa9ee, 0x400, 0x3, 0x8002ae}, &(0x7f0000000140)=0x0, &(0x7f0000000280)=0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x32, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x43, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000580)='kmem_cache_free\x00', r3}, 0x18) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x109880}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) 559.857641ms ago: executing program 5 (id=4851): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39) bpf$PROG_LOAD(0x5, &(0x7f0000001e00)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r3, {0xfff3}, {}, {0x0, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) 544.810211ms ago: executing program 6 (id=4852): rseq(&(0x7f0000000040)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x10000000001, 0x0) (async) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000000c0)=0xc) (async) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) (async) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r4}, 0x0, &(0x7f00000002c0)}, 0x20) (async) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10) (async) r6 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc3, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xa19a, 0x1000}, 0x0, 0x0, 0xffffffff, 0x9752333b9a87418, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000340)='cpu\t&0&&\t') (async) perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x9, 0x4, 0x9, 0x9, 0x0, 0x6f9a, 0x6a008, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xb, 0xfffffffffffeffff}, 0x4910, 0x4, 0x1, 0x4, 0x80000, 0x6, 0x5, 0x0, 0xe, 0x0, 0x3}, r1, 0x6, r6, 0x8) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r7, &(0x7f0000000080)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x3}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x140400c0}, 0x2000081) (async) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)=ANY=[@ANYRES32=0x0, @ANYBLOB='5\x00\x00\x00\a\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="d2"], 0x20) (async) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x1c, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8800}, 0x44048884) (async) socket$netlink(0x10, 0x3, 0x12) 502.982681ms ago: executing program 0 (id=4853): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000140), 0x111, 0xd}}, 0x20) r2 = socket$pppl2tp(0x18, 0x1, 0x1) socketpair$unix(0x1, 0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x30410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30c3a0e4, 0x1, @perf_config_ext={0x7fffffffffffffff, 0x1}, 0x11d08, 0x2, 0x3, 0x0, 0x1, 0x9, 0x20, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev}, 0x2}}, 0x2e) syz_genetlink_get_family_id$l2tp(&(0x7f0000000280), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="01002ebd700000000000140000001800018014000a006e657464657673696d30000000000000080016000500000005"], 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4}, 0x10) r5 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r5, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) 477.965292ms ago: executing program 6 (id=4854): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_to_team\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x19, r3, 0x1, 0x1, 0x6, @broadcast}, 0x14) bind$packet(r2, &(0x7f00000000c0)={0x11, 0x8, r3, 0x1, 0x4, 0x6, @random="0700ffffa1f6"}, 0x14) (fail_nth: 1) 476.677252ms ago: executing program 5 (id=4855): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x5, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x34c8, 0x0, 0xfffffffe, 0x333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r4, &(0x7f0000000240)={&(0x7f0000000000)={0x24, @short}, 0xa, &(0x7f0000000080)={0x0}}, 0x0) setsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r5, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0x1c, 0x3, 0x7, 0x201, 0x0, 0x0, {0xa}, [@NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x81) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRES16=r0], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) setfsgid(0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'dummy0\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@bridge_delneigh={0x28, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r9, 0x80, 0xa2, 0x7}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x28}}, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r10 = perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0xec, 0x7, 0x40, 0x6, 0x0, 0x0, 0x4d299, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x4, 0x2, @perf_bp={0x0, 0x4}, 0x100882, 0x7ff, 0x6, 0x0, 0xb, 0x2, 0x3ff, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x100000b, 0x12011, r10, 0x0) unshare(0x4000400) unshare(0x64000600) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRESHEX=r0, @ANYRES64=r10, @ANYRESDEC=r0, @ANYRES32=r10, @ANYRES16=r10, @ANYBLOB="0713ab840e3da3d01858e58e44eebeb51c6ec207e352e7b32f2c02b2f91498d4847f7caecd4bccc42d24a325ef4a68ff5aecfd7ccd39130885d6491f2b2580e1f817a41f70802f2aba70b796a7cfd274490000000000000000"], 0x48) 453.120222ms ago: executing program 0 (id=4856): r0 = socket$netlink(0x10, 0x3, 0xc) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, 0x0, 0x0) (async) ioctl$sock_x25_SIOCDELRT(r1, 0x890c, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_bp={0x0, 0x2}, 0xbfcb113a5f0706f, 0x1, 0x0, 0x5, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000004c0)={'ip6_vti0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x3, 0x0, 0x4e, @private2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10, 0x7, 0x2, 0x8}}) (async) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000600)={'syztnl1\x00', 0x0}) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) (async, rerun: 32) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) (rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async, rerun: 32) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) (async, rerun: 32) r7 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000180)={@loopback={0x200000000000000}, 0x800, 0x0, 0x3, 0x1}, 0x20) setsockopt$inet6_int(r7, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r7, &(0x7f0000000100)={0xa, 0x4e20, 0x3, @loopback}, 0x1c) (async) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r8}, 0x10) (async, rerun: 64) r9 = dup(r6) (rerun: 64) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r9}, 0x2c, {[], [], 0x6b}}) (async) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) (async) r10 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r10, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) (async) r11 = socket$kcm(0xa, 0x3, 0x3a) connect$inet6(r10, 0x0, 0x0) (async, rerun: 32) sendmsg$kcm(r11, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) (rerun: 32) 159.298927ms ago: executing program 6 (id=4857): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000002480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) r2 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, 0x0, 0xf00) 149.833687ms ago: executing program 6 (id=4858): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x5, 0x2, 0xfffff024}, {0x20, 0x7, 0x0, 0xa56e}, {0x6, 0x0, 0x0, 0xa1a}]}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000001280), 0x6) 128.204398ms ago: executing program 6 (id=4859): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, @perf_bp={0x0, 0x17}, 0x400, 0xffffffff, 0x6, 0x6, 0x0, 0x1, 0xfff9, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x8) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x27d, &(0x7f0000000100)) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xfc79, &(0x7f0000000140)=[{&(0x7f00000004c0)="d800000018009f064e81f744db4cb904021d0800fd02fe02e8fe50a10a001100250000000c600e41b0000900ac0008032500000016fc0b000a00ff150048035c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d31afe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffff5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a4500000000", 0xd8}], 0x1}, 0x0) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000040)={{0x1, 0x3, 0x7fffffff}}) ioctl$SNDRV_TIMER_IOCTL_INFO(r4, 0x80e85411, 0x0) r5 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0xfffffffffffffd60, {0xa, 0x0, 0x2, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000003c0)=[{0x10, 0x111, 0x5}], 0x10}, 0xfc80) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000780), 0x4, r0}, 0x38) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000080)='kfree\x00', r6}, 0x18) migrate_pages(0xffffffffffffffff, 0x3, &(0x7f00000003c0)=0x40, &(0x7f0000000400)=0x2) r7 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) dup(r7) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000000)={0xffffffffffffffff}) close(r9) r10 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r10, &(0x7f0000000900)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0xffffffff, @remote, 0x9}, 0x1c, &(0x7f0000000040)=[{&(0x7f00000002c0)="79ef34395d4c410d25e52319c6a502980fd70906f311e78ea6dce2f7034f7998430f21880804822ef849375ad4", 0x2d}], 0x1, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8581c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}], 0x1, 0x8008801) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0) 75.378308ms ago: executing program 0 (id=4860): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x3000046, &(0x7f00000000c0)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@grpjquota}, {@oldalloc}, {@errors_remount}, {@orlov}, {@usrquota}, {@stripe={'stripe', 0x3d, 0x622}}]}, 0x1, 0x56c, &(0x7f0000001a00)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLqMJh1rHbhduBtvZAgiDsR7vfdy+A/4Vwx0MHQUvfCmctKTLmuTJttiUs3nA6e87zknfc+bc543z5uTkACG1kT2pxDxfER8kUQcjogk3zYa+caJjf3WHl6fzZYk1tc//C2p75fVG/+r8biDeeW5iPjps4iThe3tVldWF0rlcrqU1ydri1cmqyurpy4tlubT+fTy9MzMmddnpt96842e9fWV839+/cHdd898fnztqx/uH7mdxNk4lG9r7sczuNFcmYiJ/DkZi7NbdpzqQWO7STLoA+CpjORxPhbZGHA4RvKoB/77Po2IdWBIJeIfhlQjD2jM7XeeB/+/T1lJ/zx4Z2MCtL3/oxvvjcS++tzowFry2Mwom++O96D9rI0ff71zO1uid+9DAHR042ZEnB4d3T7+Jfn4t4MOb/qdbr16X3NlaxvGP+ifu1n+82qr/KdQj83f83Ddmv8cbBG7T6Nz/Bfu96CZtrL87+2W+e/mTavxkbz2v3rON5ZcvFROT+fZ8IkY25vVd7qfc2bt3nq7bc35X7Zk7Tdywfw47o/uffwxc6Va6Vn63OzBzYgXWua/yWb+m7Q4/9nzcb7LNo6ld15qt61z//9Z699FvNzy/D96cUt2vj85Wb8eJhtXxXZ/3Dr2c7v2B93/7Pwf2Ln/40nz/drqk7fx7b6/0nbbHut/dH/970k+qpf35OuulWq1pamIPcn729dPP3pso97YP+v/iePtx7921//+iPi4y/7fOvr9i131f0Dnf+6Jzv+TF+6998k37drvbvx7rV46ka/pZvzr9gCf5bkDAAAAAACA3aYQEYciKRQ3y4VCsbjx+Y6jcaBQrlRrJy9Wli/PRf27suMxVmjc6T7c9HmIqfzzsI369Jb6TEQciYgvR/bX68XZSnlu0J0HAAAAAAAAAAAAAAAAAACAXeJg/Tv/I5v1xvf/M7+MDO64gD7xk98wvDrGfy9+6QnYlbz+w/AS/zC8xD8ML/EPw0v8w/AS/zC8uoj/Qj+OA+g/r/8AAAAAAAAAAAAAAAAAAAAAAAAAAADQU+fPncuW9bWH12ez+tzVleWFytVTc2l1obi4PFucrSxdKc5XKvPltDhbWez0/8qVypWp6Vi+NllLq7XJ6srqhcXK8uXahUuLpfn0QjrWl14BAAAAAAAAAAAAAAAAAADAv0t1ZXWhVC6nSwoKT1UY3R2HodDjwqBHJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB45O8AAAD//8A2OIo=") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x20075, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000300)) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) 36.493039ms ago: executing program 5 (id=4861): bpf$PROG_LOAD(0x5, 0x0, 0x67ba7194654dd6a8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@rights={{0x14, 0x1, 0x1, [r2]}}], 0x18, 0x80}, 0x0) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r4 = dup(r3) sendmsg$nl_route_sched(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@deltfilter={0x24, 0x2d, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xb}, {0xfff2, 0xd}, {0xb, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) write$P9_RLERRORu(r4, &(0x7f0000000180)={0x1d, 0x7, 0x1, {{0x10, 'kmem_cache_free\x00'}, 0x80000000}}, 0x1d) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x2200840, &(0x7f0000000140)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, 0x0, 0x358, 0x0) 0s ago: executing program 5 (id=4862): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$int_in(r0, 0x0, &(0x7f0000000080)=0x5) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/stat\x00') r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc, 0x0, 0x0, 0x6}, 0x10) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000001280)={0xffffffffffffffff, 0x1, "a90b6c", 0x4, 0x6}) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) recvmmsg(r2, 0x0, 0x0, 0x40010180, 0x0) mknodat(r1, &(0x7f0000000140)='./file0\x00', 0x8000, 0x8) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, 0x0, 0x25, 0x0, @void}, 0x10) close(0xffffffffffffffff) 0s ago: executing program 5 (id=4863): bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x2004c818) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x5}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x67, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r6}, 0x18) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r7, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) bpf$MAP_CREATE(0x0, 0x0, 0x50) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) sendmsg$inet(0xffffffffffffffff, 0x0, 0x2004c818) (async) socket(0x400000000010, 0x3, 0x0) (async) socket$unix(0x1, 0x1, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) (async) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x5}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) (async) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x67, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r6}, 0x18) (async) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) (async) socket$inet6_sctp(0xa, 0x1, 0x84) (async) sendto$inet6(r7, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) (async) kernel console output (not intermixed with test programs): 9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4ec334e169 code=0x7ffc0000 [ 239.184301][ T29] audit: type=1326 audit(2000000182.300:22004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19536 comm="syz.4.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec334e169 code=0x7ffc0000 [ 239.207874][ T29] audit: type=1326 audit(2000000182.300:22005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19536 comm="syz.4.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4ec3350087 code=0x7ffc0000 [ 239.231528][ T29] audit: type=1326 audit(2000000182.300:22006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19536 comm="syz.4.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f4ec334fffc code=0x7ffc0000 [ 239.255035][ T29] audit: type=1326 audit(2000000182.300:22007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19536 comm="syz.4.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f4ec334ff34 code=0x7ffc0000 [ 239.278783][ T1970] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 239.293702][ T1970] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 239.308036][ T1970] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 239.322982][ T1970] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 239.627290][T19570] FAULT_INJECTION: forcing a failure. [ 239.627290][T19570] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 239.640356][T19570] CPU: 1 UID: 0 PID: 19570 Comm: syz.0.4182 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(voluntary) [ 239.640375][T19570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 239.640384][T19570] Call Trace: [ 239.640389][T19570] [ 239.640394][T19570] dump_stack_lvl+0xf6/0x150 [ 239.640411][T19570] dump_stack+0x15/0x1a [ 239.640424][T19570] should_fail_ex+0x261/0x270 [ 239.640519][T19570] should_fail+0xb/0x10 [ 239.640610][T19570] should_fail_usercopy+0x1a/0x20 [ 239.640631][T19570] strncpy_from_user+0x25/0x230 [ 239.640646][T19570] ? cgroup_rstat_updated+0xa4/0x590 [ 239.640664][T19570] strncpy_from_user_nofault+0x66/0xe0 [ 239.640681][T19570] bpf_probe_read_compat_str+0xb3/0x130 [ 239.640739][T19570] bpf_prog_c1796171ffc7efef+0x3e/0x40 [ 239.640751][T19570] bpf_trace_run4+0x116/0x1e0 [ 239.640777][T19570] __traceiter_sched_switch+0x3b/0x60 [ 239.640800][T19570] __schedule+0xa63/0xb70 [ 239.640876][T19570] ? schedule+0x5f/0xd0 [ 239.640925][T19570] ? _raw_spin_lock_irqsave+0x40/0xb0 [ 239.640942][T19570] schedule+0x5f/0xd0 [ 239.640955][T19570] synchronize_rcu_expedited+0x613/0x790 [ 239.640972][T19570] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 239.641037][T19570] ? __pfx_autoremove_wake_function+0x10/0x10 [ 239.641120][T19570] synchronize_rcu+0x4a/0x320 [ 239.641136][T19570] rcu_sync_enter+0x116/0x160 [ 239.641159][T19570] percpu_down_write+0x22/0x240 [ 239.641181][T19570] register_for_each_vma+0x34/0x890 [ 239.641295][T19570] ? should_failslab+0x8f/0xb0 [ 239.641366][T19570] ? __kmalloc_cache_noprof+0x18d/0x320 [ 239.641382][T19570] ? up_write+0x35/0xf0 [ 239.641401][T19570] uprobe_register+0x5b2/0x750 [ 239.641420][T19570] bpf_uprobe_multi_link_attach+0x711/0x890 [ 239.641456][T19570] link_create+0x64b/0x680 [ 239.641473][T19570] ? selinux_bpf+0xab/0xc0 [ 239.641487][T19570] __sys_bpf+0x4fe/0x800 [ 239.641507][T19570] __x64_sys_bpf+0x43/0x50 [ 239.641599][T19570] x64_sys_call+0x23da/0x2e10 [ 239.641616][T19570] do_syscall_64+0xc9/0x1c0 [ 239.641637][T19570] ? clear_bhb_loop+0x25/0x80 [ 239.641671][T19570] ? clear_bhb_loop+0x25/0x80 [ 239.641724][T19570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.641758][T19570] RIP: 0033:0x7ffa7bc1e169 [ 239.641770][T19570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.641784][T19570] RSP: 002b:00007ffa7a287038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 239.641832][T19570] RAX: ffffffffffffffda RBX: 00007ffa7be45fa0 RCX: 00007ffa7bc1e169 [ 239.641842][T19570] RDX: 000000000000003c RSI: 00002000000005c0 RDI: 000000000000001c [ 239.641894][T19570] RBP: 00007ffa7a287090 R08: 0000000000000000 R09: 0000000000000000 [ 239.641904][T19570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 239.641914][T19570] R13: 0000000000000000 R14: 00007ffa7be45fa0 R15: 00007ffcb7c4bd18 [ 239.641931][T19570] [ 239.927482][T19570] ref_ctr_offset mismatch. inode: 0x993 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6 [ 239.937048][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 239.952740][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 240.239929][ T8230] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.366945][T19590] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.444300][T19597] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4194'. [ 240.453426][T19597] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.468344][T19597] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.519298][T19590] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.567247][T19619] program syz.0.4202 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 240.609938][T19590] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.690421][T19633] loop4: detected capacity change from 0 to 1024 [ 240.715359][T19590] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.719972][T19633] EXT4-fs: Ignoring removed bh option [ 240.746707][T19633] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 240.770778][T19633] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 240.789515][T19633] EXT4-fs (loop4): Remounting filesystem read-only [ 240.808547][T15775] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.894631][T19646] SELinux: failed to load policy [ 240.903881][T19590] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.942394][T19590] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.976655][T19590] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.016405][T19590] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.110047][T19658] program syz.6.4216 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 241.168383][T19662] program syz.6.4218 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 241.322220][T19679] usb usb6: usbfs: process 19679 (syz.6.4226) did not claim interface 0 before use [ 241.367212][T19684] program syz.9.4229 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 241.409588][T19686] ref_ctr_offset mismatch. inode: 0x94f offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6 [ 241.615356][T19709] FAULT_INJECTION: forcing a failure. [ 241.615356][T19709] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 241.628420][T19709] CPU: 0 UID: 0 PID: 19709 Comm: syz.9.4238 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(voluntary) [ 241.628448][T19709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 241.628461][T19709] Call Trace: [ 241.628544][T19709] [ 241.628550][T19709] dump_stack_lvl+0xf6/0x150 [ 241.628573][T19709] dump_stack+0x15/0x1a [ 241.628590][T19709] should_fail_ex+0x261/0x270 [ 241.628615][T19709] should_fail+0xb/0x10 [ 241.628666][T19709] should_fail_usercopy+0x1a/0x20 [ 241.628751][T19709] strncpy_from_user+0x25/0x230 [ 241.628810][T19709] ? __rcu_read_unlock+0x4e/0x70 [ 241.628838][T19709] ? cgroup_rstat_updated+0xa4/0x590 [ 241.628915][T19709] strncpy_from_user_nofault+0x66/0xe0 [ 241.628957][T19709] bpf_probe_read_compat_str+0xb3/0x130 [ 241.628983][T19709] bpf_prog_c1796171ffc7efef+0x3e/0x40 [ 241.629050][T19709] bpf_trace_run4+0x116/0x1e0 [ 241.629084][T19709] __traceiter_sched_switch+0x3b/0x60 [ 241.629128][T19709] __schedule+0xa63/0xb70 [ 241.629145][T19709] ? schedule+0x5f/0xd0 [ 241.629213][T19709] schedule+0x5f/0xd0 [ 241.629231][T19709] schedule_preempt_disabled+0x10/0x20 [ 241.629250][T19709] __mutex_lock+0x420/0xa00 [ 241.629278][T19709] __mutex_lock_slowpath+0xa/0x10 [ 241.629314][T19709] mutex_lock+0x2d/0x40 [ 241.629346][T19709] pipe_lock+0x34/0x50 [ 241.629377][T19709] do_tee+0x137/0x960 [ 241.629414][T19709] ? __fget_files+0x186/0x1c0 [ 241.629435][T19709] __se_sys_tee+0x93/0x130 [ 241.629549][T19709] __x64_sys_tee+0x55/0x70 [ 241.629580][T19709] x64_sys_call+0x28dd/0x2e10 [ 241.629602][T19709] do_syscall_64+0xc9/0x1c0 [ 241.629701][T19709] ? clear_bhb_loop+0x25/0x80 [ 241.629757][T19709] ? clear_bhb_loop+0x25/0x80 [ 241.629860][T19709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.629882][T19709] RIP: 0033:0x7f5f0c62e169 [ 241.629897][T19709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.629915][T19709] RSP: 002b:00007f5f0ac76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000114 [ 241.629931][T19709] RAX: ffffffffffffffda RBX: 00007f5f0c856080 RCX: 00007f5f0c62e169 [ 241.629943][T19709] RDX: 000000000001004e RSI: 0000000000000007 RDI: 0000000000000003 [ 241.629985][T19709] RBP: 00007f5f0ac76090 R08: 0000000000000000 R09: 0000000000000000 [ 241.629996][T19709] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 241.630006][T19709] R13: 0000000000000000 R14: 00007f5f0c856080 R15: 00007ffd88867708 [ 241.630026][T19709] [ 241.989913][T19712] loop4: detected capacity change from 0 to 1024 [ 241.997541][T19712] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities [ 242.355493][T19737] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.418093][T19737] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.462254][T19746] loop5: detected capacity change from 0 to 128 [ 242.475442][T19746] vfat: Unknown parameter 'ÿÿÿÿ' [ 242.490506][T19737] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.513623][T19750] loop9: detected capacity change from 0 to 1024 [ 242.549151][T19750] EXT4-fs: Ignoring removed oldalloc option [ 242.556047][T19750] EXT4-fs: Ignoring removed orlov option [ 242.565707][T19750] EXT4-fs (loop9): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 242.609349][T19750] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 242.622914][T19737] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.637946][T19758] xt_hashlimit: max too large, truncated to 1048576 [ 242.823133][T19767] loop4: detected capacity change from 0 to 1024 [ 242.938382][T19775] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.014081][T19777] loop5: detected capacity change from 0 to 2048 [ 243.033580][T19775] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.133884][T19777] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 243.170892][T19775] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.280455][T19788] loop4: detected capacity change from 0 to 512 [ 243.313676][T19775] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.344061][T19788] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 243.361522][T19788] ext4 filesystem being mounted at /159/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 243.419792][T19775] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.448670][T19775] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.460357][T19775] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.477924][T19775] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.527520][ T8230] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.585950][T19810] loop5: detected capacity change from 0 to 2048 [ 243.634876][T19810] Alternate GPT is invalid, using primary GPT. [ 243.641247][T19810] loop5: p2 p3 p7 [ 243.797976][T19827] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4272'. [ 243.839429][T11940] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.931337][T19860] loop5: detected capacity change from 0 to 512 [ 243.964684][T19860] EXT4-fs error (device loop5): ext4_acquire_dquot:6935: comm syz.5.4275: Failed to acquire dquot type 1 [ 243.984896][T19860] EXT4-fs (loop5): 1 truncate cleaned up [ 243.993932][T19860] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 244.025154][T19860] ext4 filesystem being mounted at /545/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 244.072643][ T2055] net_ratelimit: 30 callbacks suppressed [ 244.072658][ T2055] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 244.092629][ T2055] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 244.107073][ T2055] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 244.121491][ T2055] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 244.173003][T15775] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 244.200450][T19903] random: crng reseeded on system resumption [ 244.269795][T19905] netlink: 'syz.4.4277': attribute type 7 has an invalid length. [ 244.277695][T19905] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4277'. [ 244.295818][ T29] kauditd_printk_skb: 263 callbacks suppressed [ 244.295832][ T29] audit: type=1326 audit(2000000187.570:22269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19902 comm="syz.9.4278" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f0c62e169 code=0x0 [ 244.350493][T19907] FAULT_INJECTION: forcing a failure. [ 244.350493][T19907] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.363681][T19907] CPU: 0 UID: 0 PID: 19907 Comm: syz.4.4279 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(voluntary) [ 244.363707][T19907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 244.363725][T19907] Call Trace: [ 244.363730][T19907] [ 244.363737][T19907] dump_stack_lvl+0xf6/0x150 [ 244.363773][T19907] dump_stack+0x15/0x1a [ 244.363790][T19907] should_fail_ex+0x261/0x270 [ 244.363882][T19907] should_fail+0xb/0x10 [ 244.363905][T19907] should_fail_usercopy+0x1a/0x20 [ 244.364010][T19907] _copy_from_user+0x1c/0xa0 [ 244.364039][T19907] memdup_user+0x6b/0xd0 [ 244.364059][T19907] proc_pid_attr_write+0x15d/0x220 [ 244.364088][T19907] ? __pfx_proc_pid_attr_write+0x10/0x10 [ 244.364162][T19907] vfs_write+0x295/0x950 [ 244.364187][T19907] ? putname+0xe1/0x100 [ 244.364204][T19907] ? __fget_files+0x186/0x1c0 [ 244.364224][T19907] ksys_write+0xeb/0x1b0 [ 244.364326][T19907] __x64_sys_write+0x42/0x50 [ 244.364352][T19907] x64_sys_call+0x2a45/0x2e10 [ 244.364429][T19907] do_syscall_64+0xc9/0x1c0 [ 244.364549][T19907] ? clear_bhb_loop+0x25/0x80 [ 244.364569][T19907] ? clear_bhb_loop+0x25/0x80 [ 244.364589][T19907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.364614][T19907] RIP: 0033:0x7f4ec334e169 [ 244.364628][T19907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.364712][T19907] RSP: 002b:00007f4ec19b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 244.364730][T19907] RAX: ffffffffffffffda RBX: 00007f4ec3575fa0 RCX: 00007f4ec334e169 [ 244.364741][T19907] RDX: 000000000000000f RSI: 0000200000000280 RDI: 0000000000000005 [ 244.364754][T19907] RBP: 00007f4ec19b7090 R08: 0000000000000000 R09: 0000000000000000 [ 244.364765][T19907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.364792][T19907] R13: 0000000000000000 R14: 00007f4ec3575fa0 R15: 00007ffc219ad288 [ 244.364812][T19907] [ 244.593051][ T29] audit: type=1326 audit(2000000187.870:22270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19910 comm="syz.4.4281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec334e169 code=0x7ffc0000 [ 244.621158][ T29] audit: type=1326 audit(2000000187.900:22271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19910 comm="syz.4.4281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7f4ec334e169 code=0x7ffc0000 [ 244.646035][ T8230] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.659550][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 244.673921][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 244.688348][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 244.702723][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 244.704685][ T29] audit: type=1326 audit(2000000187.980:22272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19914 comm="syz.5.4282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 244.741481][ T29] audit: type=1326 audit(2000000187.980:22273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19914 comm="syz.5.4282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 244.765924][ T29] audit: type=1326 audit(2000000188.020:22274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19914 comm="syz.5.4282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 244.790115][ T29] audit: type=1326 audit(2000000188.020:22275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19914 comm="syz.5.4282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 244.814226][ T29] audit: type=1326 audit(2000000188.020:22276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19914 comm="syz.5.4282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 244.838338][ T29] audit: type=1326 audit(2000000188.020:22277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19914 comm="syz.5.4282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 244.861974][ T29] audit: type=1326 audit(2000000188.020:22278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19914 comm="syz.5.4282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 244.970841][T19919] loop5: detected capacity change from 0 to 1024 [ 244.977650][T19919] EXT4-fs: Ignoring removed oldalloc option [ 244.984596][T19919] EXT4-fs: Ignoring removed orlov option [ 244.990756][T19919] EXT4-fs (loop5): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 245.005645][T19919] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 245.050030][T19926] loop9: detected capacity change from 0 to 512 [ 245.057882][T19926] EXT4-fs error (device loop9): ext4_orphan_get:1416: comm syz.9.4286: bad orphan inode 15 [ 245.068783][T19926] ext4_test_bit(bit=14, block=18) = 1 [ 245.074269][T19926] is_bad_inode(inode)=0 [ 245.078427][T19926] NEXT_ORPHAN(inode)=1023 [ 245.082790][T19926] max_ino=32 [ 245.086014][T19926] i_nlink=0 [ 245.109727][T19926] EXT4-fs error (device loop9): ext4_xattr_delete_inode:2962: inode #15: comm syz.9.4286: corrupted xattr block 19: invalid header [ 245.133021][T19926] EXT4-fs warning (device loop9): ext4_evict_inode:279: xattr delete (err -117) [ 245.143993][T19926] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0009-000000000000 r/w without journal. Quota mode: none. [ 245.166222][T19926] ext4 filesystem being mounted at /463/éq‰Y’3aK supports timestamps until 2038-01-19 (0x7fffffff) [ 245.217375][T11940] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0009-000000000000. [ 245.231659][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 245.246496][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 245.328703][T19949] loop9: detected capacity change from 0 to 128 [ 245.382219][T19941] lo speed is unknown, defaulting to 1000 [ 245.414124][T19939] FAT-fs (loop9): error, invalid access to FAT (entry 0x00000100) [ 245.422099][T19939] FAT-fs (loop9): Filesystem has been set read-only [ 245.452172][T19737] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.486178][T19939] syz.9.4288: attempt to access beyond end of device [ 245.486178][T19939] loop9: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 245.514379][T19737] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.538841][T19737] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.558970][T19939] FAT-fs (loop9): error, invalid access to FAT (entry 0x00000100) [ 245.566970][T19939] FAT-fs (loop9): error, invalid access to FAT (entry 0x00000100) [ 245.594207][T19737] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.603993][T19949] FAT-fs (loop9): error, invalid access to FAT (entry 0x00000100) [ 245.635769][T19949] syz.9.4288: attempt to access beyond end of device [ 245.635769][T19949] loop9: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 245.680017][T19949] FAT-fs (loop9): error, invalid access to FAT (entry 0x00000100) [ 245.688562][T19949] FAT-fs (loop9): error, invalid access to FAT (entry 0x00000100) [ 245.707819][T19949] syz.9.4288: attempt to access beyond end of device [ 245.707819][T19949] loop9: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 245.722733][T19949] syz.9.4288: attempt to access beyond end of device [ 245.722733][T19949] loop9: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 245.736824][T19949] syz.9.4288: attempt to access beyond end of device [ 245.736824][T19949] loop9: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 245.751372][T19939] syz.9.4288: attempt to access beyond end of device [ 245.751372][T19939] loop9: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 245.769048][T19939] syz.9.4288: attempt to access beyond end of device [ 245.769048][T19939] loop9: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 245.786623][T19949] syz.9.4288: attempt to access beyond end of device [ 245.786623][T19949] loop9: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 245.819409][T19939] syz.9.4288: attempt to access beyond end of device [ 245.819409][T19939] loop9: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 245.863447][T20001] hub 1-0:1.0: USB hub found [ 245.871642][T20001] hub 1-0:1.0: 8 ports detected [ 245.889371][T20011] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4297'. [ 245.899895][T20011] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 245.981557][T20028] random: crng reseeded on system resumption [ 246.165851][T20048] tipc: Enabling of bearer rejected, already enabled [ 246.415138][T20061] SELinux: syz.0.4306 (20061) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 246.600476][ T8230] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.628329][T20067] loop4: detected capacity change from 0 to 512 [ 246.659839][T20067] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 246.728631][T20067] ext4 filesystem being mounted at /174/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 246.857371][T20075] hub 1-0:1.0: USB hub found [ 246.888255][T20075] hub 1-0:1.0: 8 ports detected [ 247.186044][T20096] tipc: Started in network mode [ 247.190974][T20096] tipc: Node identity 26b420894213, cluster identity 4711 [ 247.198781][T20096] tipc: Enabled bearer , priority 0 [ 247.269493][T20113] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4319'. [ 247.583220][T15775] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 247.966813][T20208] loop4: detected capacity change from 0 to 512 [ 248.043867][T20208] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=802c198, mo2=0002] [ 248.065077][T20208] EXT4-fs error (device loop4): ext4_iget_extra_inode:4693: inode #15: comm syz.4.4331: corrupted in-inode xattr: invalid ea_ino [ 248.173298][T20208] EXT4-fs error (device loop4): ext4_orphan_get:1395: comm syz.4.4331: couldn't read orphan inode 15 (err -117) [ 248.206646][T20208] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 248.288933][T20208] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. [ 248.302366][T20203] netlink: 4768 bytes leftover after parsing attributes in process `syz.9.4329'. [ 248.312128][ T3186] tipc: Node number set to 1688674441 [ 248.321355][T20220] loop5: detected capacity change from 0 to 512 [ 248.342963][T15775] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.352327][T20220] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 248.373653][T20220] EXT4-fs (loop5): failed to open journal device unknown-block(0,0) -6 [ 248.499451][T20229] tipc: Enabled bearer , priority 0 [ 248.521125][T20229] tipc: Disabling bearer [ 248.594647][T20232] loop9: detected capacity change from 0 to 1024 [ 248.617050][T20232] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 248.670552][T20231] EXT4-fs (loop9): shut down requested (0) [ 248.696096][T20231] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop9 ino=12 [ 248.727832][T20231] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop9 ino=12 [ 248.779740][T20231] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop9 ino=12 [ 248.793835][T20243] loop4: detected capacity change from 0 to 1024 [ 248.799523][T20231] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop9 ino=12 [ 248.820778][T20243] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities [ 248.838727][T20231] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop9 ino=12 [ 248.860779][T20231] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop9 ino=14 [ 248.883834][T20231] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop9 ino=14 [ 248.935226][T11940] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.053174][T20257] loop9: detected capacity change from 0 to 1024 [ 249.077131][T20257] EXT4-fs error (device loop9): ext4_acquire_dquot:6935: comm syz.9.4349: Failed to acquire dquot type 0 [ 249.094866][T20257] EXT4-fs error (device loop9): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 249.149215][T20257] EXT4-fs error (device loop9): ext4_do_update_inode:5211: inode #13: comm syz.9.4349: corrupted inode contents [ 249.188312][T20257] EXT4-fs error (device loop9): ext4_dirty_inode:6103: inode #13: comm syz.9.4349: mark_inode_dirty error [ 249.205937][T20257] EXT4-fs error (device loop9): ext4_do_update_inode:5211: inode #13: comm syz.9.4349: corrupted inode contents [ 249.252479][T20257] EXT4-fs error (device loop9): __ext4_ext_dirty:207: inode #13: comm syz.9.4349: mark_inode_dirty error [ 249.286847][T20257] EXT4-fs error (device loop9): ext4_do_update_inode:5211: inode #13: comm syz.9.4349: corrupted inode contents [ 249.316822][T20265] tipc: Enabling of bearer rejected, already enabled [ 249.352502][T20257] EXT4-fs error (device loop9) in ext4_orphan_del:305: Corrupt filesystem [ 249.364723][ T1587] net_ratelimit: 30 callbacks suppressed [ 249.364762][ T1587] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 249.385040][ T1587] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 249.385928][T20266] hub 1-0:1.0: USB hub found [ 249.399396][ T1587] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 249.399418][ T1587] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 249.424011][T20257] EXT4-fs error (device loop9): ext4_do_update_inode:5211: inode #13: comm syz.9.4349: corrupted inode contents [ 249.435508][T20271] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4355'. [ 249.449917][T20257] EXT4-fs error (device loop9): ext4_truncate:4255: inode #13: comm syz.9.4349: mark_inode_dirty error [ 249.466704][T20266] hub 1-0:1.0: 8 ports detected [ 249.474969][T20257] EXT4-fs error (device loop9) in ext4_process_orphan:347: Corrupt filesystem [ 249.491556][ T29] kauditd_printk_skb: 89 callbacks suppressed [ 249.491570][ T29] audit: type=1326 audit(2000000192.760:22366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20276 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 249.521375][ T29] audit: type=1326 audit(2000000192.760:22367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20276 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 249.544971][ T29] audit: type=1326 audit(2000000192.760:22368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20276 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 249.568634][ T29] audit: type=1326 audit(2000000192.760:22369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20276 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 249.592245][ T29] audit: type=1326 audit(2000000192.760:22370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20276 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 249.594763][T20279] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4358'. [ 249.615764][ T29] audit: type=1326 audit(2000000192.760:22371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20276 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 249.615797][ T29] audit: type=1326 audit(2000000192.760:22372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20276 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 249.615906][ T29] audit: type=1326 audit(2000000192.760:22373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20276 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff240dae169 code=0x7ffc0000 [ 249.619919][ T29] audit: type=1326 audit(2000000192.770:22374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20276 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff240db0087 code=0x7ffc0000 [ 249.625633][T20257] EXT4-fs (loop9): 1 truncate cleaned up [ 249.648795][ T29] audit: type=1326 audit(2000000192.770:22375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20276 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7ff240dafffc code=0x7ffc0000 [ 249.752544][T20257] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 249.780087][T20257] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.780927][T20287] SELinux: policydb version 99472130 does not match my version range 15-34 [ 249.802826][T20287] SELinux: failed to load policy [ 249.855903][T20257] loop9: detected capacity change from 0 to 512 [ 249.864479][T20257] EXT4-fs (loop9): revision level too high, forcing read-only mode [ 249.876506][T20257] EXT4-fs (loop9): orphan cleanup on readonly fs [ 249.883229][T20257] EXT4-fs error (device loop9): ext4_free_branches:1023: inode #11: comm syz.9.4349: invalid indirect mapped block 256 (level 2) [ 249.900492][T20257] EXT4-fs (loop9): 2 truncates cleaned up [ 249.906524][ T1587] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 249.921076][ T1587] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 249.935397][ T1587] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 249.935856][T20257] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 249.949721][ T1587] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 250.018597][T20257] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.053773][T20305] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4368'. [ 250.065444][T20305] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 250.084441][T20305] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 250.176803][T20316] random: crng reseeded on system resumption [ 250.249407][T20321] usb usb1: usbfs: interface 0 claimed by hub while 'syz.9.4375' sets config #1 [ 250.336588][T20327] netlink: 4768 bytes leftover after parsing attributes in process `syz.6.4377'. [ 250.429187][T20341] FAULT_INJECTION: forcing a failure. [ 250.429187][T20341] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 250.442396][T20341] CPU: 0 UID: 0 PID: 20341 Comm: syz.9.4383 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(voluntary) [ 250.442492][T20341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 250.442534][T20341] Call Trace: [ 250.442591][T20341] [ 250.442598][T20341] dump_stack_lvl+0xf6/0x150 [ 250.442623][T20341] dump_stack+0x15/0x1a [ 250.442640][T20341] should_fail_ex+0x261/0x270 [ 250.442669][T20341] should_fail+0xb/0x10 [ 250.442700][T20341] should_fail_usercopy+0x1a/0x20 [ 250.442723][T20341] _copy_from_user+0x1c/0xa0 [ 250.442754][T20341] copy_msghdr_from_user+0x54/0x2b0 [ 250.442790][T20341] ? __fget_files+0x186/0x1c0 [ 250.442844][T20341] __sys_sendmsg+0x141/0x240 [ 250.442890][T20341] __x64_sys_sendmsg+0x46/0x50 [ 250.442914][T20341] x64_sys_call+0x26f3/0x2e10 [ 250.442933][T20341] do_syscall_64+0xc9/0x1c0 [ 250.443029][T20341] ? clear_bhb_loop+0x25/0x80 [ 250.443048][T20341] ? clear_bhb_loop+0x25/0x80 [ 250.443067][T20341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.443114][T20341] RIP: 0033:0x7f5f0c62e169 [ 250.443129][T20341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.443146][T20341] RSP: 002b:00007f5f0ac97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 250.443284][T20341] RAX: ffffffffffffffda RBX: 00007f5f0c855fa0 RCX: 00007f5f0c62e169 [ 250.443297][T20341] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000006 [ 250.443309][T20341] RBP: 00007f5f0ac97090 R08: 0000000000000000 R09: 0000000000000000 [ 250.443380][T20341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.443443][T20341] R13: 0000000000000000 R14: 00007f5f0c855fa0 R15: 00007ffd88867708 [ 250.443459][T20341] [ 250.627740][T20342] loop4: detected capacity change from 0 to 1024 [ 250.639595][ T6628] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 250.653944][ T6628] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 250.697490][T20344] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4385'. [ 250.708396][T20342] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 250.732119][T20337] EXT4-fs (loop4): shut down requested (0) [ 250.741273][T20337] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 250.775254][T20354] netlink: '+}[@': attribute type 3 has an invalid length. [ 250.778718][T20337] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 250.788459][T20352] usb usb1: usbfs: interface 0 claimed by hub while 'syz.6.4386' sets config #1 [ 250.791959][T20337] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 250.810528][T20337] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 250.819836][T20337] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 250.829483][T20337] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=14 [ 250.838377][T20337] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=14 [ 250.861971][T20357] netlink: 4768 bytes leftover after parsing attributes in process `syz.9.4388'. [ 250.897261][T20359] usb usb1: usbfs: interface 0 claimed by hub while 'syz.6.4389' sets config #1 [ 250.907748][T15775] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.186554][T20390] hub 1-0:1.0: USB hub found [ 251.195868][T20383] loop4: detected capacity change from 0 to 1024 [ 251.211668][T20390] hub 1-0:1.0: 8 ports detected [ 251.233333][T20383] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 251.272649][T20383] EXT4-fs (loop4): shut down requested (0) [ 251.302109][T20383] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 251.320214][T20383] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 251.343582][T20383] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 251.352609][T20383] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 251.361403][T20383] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 251.371770][T20383] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=14 [ 251.381252][T20383] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=14 [ 251.402945][T20385] netlink: 4768 bytes leftover after parsing attributes in process `syz.6.4401'. [ 251.413465][T15775] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.429770][T20411] netlink: 4768 bytes leftover after parsing attributes in process `syz.9.4412'. [ 251.513780][T20417] usb usb1: usbfs: interface 0 claimed by hub while 'syz.9.4414' sets config #1 [ 251.627898][T20437] loop9: detected capacity change from 0 to 1024 [ 251.638271][T20437] EXT4-fs: Ignoring removed bh option [ 251.643863][T20437] EXT4-fs: inline encryption not supported [ 251.650301][T20437] ext4: Unknown parameter 'mask' [ 251.685542][T20440] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4424'. [ 251.695285][T20440] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 251.734802][T20440] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 251.930056][T20461] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(13) [ 251.936701][T20461] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 251.944883][T20461] vhci_hcd vhci_hcd.0: Device attached [ 251.956754][T20464] vhci_hcd: connection closed [ 251.957594][ T1970] vhci_hcd: stop threads [ 251.966551][ T1970] vhci_hcd: release socket [ 251.970965][ T1970] vhci_hcd: disconnect device [ 251.980007][T20470] netlink: 168 bytes leftover after parsing attributes in process `syz.0.4437'. [ 252.002343][T20445] netlink: 4768 bytes leftover after parsing attributes in process `syz.4.4426'. [ 252.024226][T20474] loop9: detected capacity change from 0 to 1024 [ 252.030910][T20474] EXT4-fs: Ignoring removed oldalloc option [ 252.036994][T20474] EXT4-fs: Ignoring removed orlov option [ 252.052083][T20474] EXT4-fs (loop9): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 252.080231][T20476] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4440'. [ 252.093683][T20474] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.131122][T11940] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.153709][T20488] loop9: detected capacity change from 0 to 512 [ 252.162388][T20488] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=802c198, mo2=0002] [ 252.170568][T20488] EXT4-fs error (device loop9): ext4_iget_extra_inode:4693: inode #15: comm syz.9.4443: corrupted in-inode xattr: invalid ea_ino [ 252.187648][T20488] EXT4-fs error (device loop9): ext4_orphan_get:1395: comm syz.9.4443: couldn't read orphan inode 15 (err -117) [ 252.200913][T20488] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 252.215787][T20491] hub 1-0:1.0: USB hub found [ 252.220475][T20491] hub 1-0:1.0: 8 ports detected [ 252.228426][T20488] EXT4-fs (loop9): re-mounted 00000000-0000-0000-0000-000000000000. [ 252.254644][T11940] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.301954][T20495] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.4447' sets config #1 [ 252.347723][T20503] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4451'. [ 252.445972][T20511] loop9: detected capacity change from 0 to 1024 [ 252.457105][T20512] loop4: detected capacity change from 0 to 1024 [ 252.464115][T20511] EXT4-fs: Ignoring removed oldalloc option [ 252.470171][T20511] EXT4-fs: Ignoring removed orlov option [ 252.477247][T20511] EXT4-fs (loop9): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 252.500356][T20501] netlink: 4768 bytes leftover after parsing attributes in process `syz.5.4450'. [ 252.503548][T20512] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 252.511230][T20511] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.531038][T20509] EXT4-fs (loop4): shut down requested (0) [ 252.542496][T20509] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 252.551582][T20509] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 252.560514][T20509] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 252.569659][T20509] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 252.569977][T11940] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.578473][T20509] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 252.596308][T20509] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=14 [ 252.605266][T20509] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=14 [ 252.650511][T15775] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.719499][T20534] loop9: detected capacity change from 0 to 1024 [ 252.726337][T20534] EXT4-fs: Ignoring removed bh option [ 252.735083][T20541] program syz.5.4465 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 252.737001][T20534] EXT4-fs: inline encryption not supported [ 252.750202][T20534] EXT4-fs: Ignoring removed i_version option [ 252.750490][T20542] loop4: detected capacity change from 0 to 1024 [ 252.760523][T20534] EXT4-fs (loop9): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 252.772429][T20542] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities [ 252.778838][T20534] EXT4-fs error (device loop9): ext4_map_blocks:675: inode #3: block 2: comm syz.9.4461: lblock 2 mapped to illegal pblock 2 (length 1) [ 252.796019][T20534] EXT4-fs error (device loop9): ext4_map_blocks:675: inode #3: block 48: comm syz.9.4461: lblock 0 mapped to illegal pblock 48 (length 1) [ 252.811492][T20534] EXT4-fs error (device loop9): ext4_acquire_dquot:6935: comm syz.9.4461: Failed to acquire dquot type 0 [ 252.823738][T20534] EXT4-fs error (device loop9) in ext4_reserve_inode_write:5899: Corrupt filesystem [ 252.833501][T20534] EXT4-fs error (device loop9): ext4_evict_inode:259: inode #11: comm syz.9.4461: mark_inode_dirty error [ 252.845630][T20534] EXT4-fs warning (device loop9): ext4_evict_inode:262: couldn't mark inode dirty (err -117) [ 252.856170][T20534] EXT4-fs (loop9): 1 orphan inode deleted [ 252.862929][T20534] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 252.875365][ T1587] EXT4-fs error (device loop9): ext4_map_blocks:675: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 252.903894][ T1587] EXT4-fs error (device loop9): ext4_release_dquot:6971: comm kworker/u8:6: Failed to release dquot type 0 [ 252.934101][T20534] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.947852][T20534] EXT4-fs error (device loop9): __ext4_get_inode_loc:4450: comm syz.9.4461: Invalid inode table block 1 in block_group 0 [ 252.968857][T20546] loop5: detected capacity change from 0 to 1024 [ 252.976226][T20546] EXT4-fs: Ignoring removed oldalloc option [ 252.986034][T20534] EXT4-fs error (device loop9) in ext4_reserve_inode_write:5899: Corrupt filesystem [ 252.996538][T20534] EXT4-fs error (device loop9): ext4_quota_off:7219: inode #3: comm syz.9.4461: mark_inode_dirty error [ 253.015782][T20546] EXT4-fs: Ignoring removed orlov option [ 253.023588][T20546] EXT4-fs (loop5): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 253.053053][T20546] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.055550][T20549] hub 1-0:1.0: USB hub found [ 253.080886][T20549] hub 1-0:1.0: 8 ports detected [ 253.104588][T20555] loop4: detected capacity change from 0 to 256 [ 253.125921][ T8230] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.138722][T20555] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 253.232705][T20553] netlink: 4768 bytes leftover after parsing attributes in process `syz.9.4468'. [ 253.436454][T20575] program syz.5.4476 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 253.518829][T20582] loop9: detected capacity change from 0 to 1024 [ 253.530632][T20579] x_tables: duplicate underflow at hook 1 [ 253.537138][T20582] EXT4-fs (loop9): couldn't mount as ext2 due to feature incompatibilities [ 253.606196][T20593] loop5: detected capacity change from 0 to 164 [ 253.618442][T20593] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 254.208261][T20606] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.4488'. [ 254.288243][T20628] random: crng reseeded on system resumption [ 254.373400][T20633] hub 1-0:1.0: USB hub found [ 254.378908][T20633] hub 1-0:1.0: 8 ports detected [ 254.473624][T20647] net_ratelimit: 51 callbacks suppressed [ 254.473639][T20647] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 32 [ 254.502950][ T29] kauditd_printk_skb: 336 callbacks suppressed [ 254.502962][ T29] audit: type=1401 audit(2000000197.770:22709): op=setxattr invalid_context=73797374656D5F753A6F626A6563745F723A667361646D5F657865635F743A7330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000261007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002E2F66696C6530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000030000002249000001000000AD04000007000000000 [ 254.569200][ T29] audit: type=1400 audit(2000000197.840:22710): avc: denied { ioctl } for pid=20646 comm="syz.5.4504" path="socket:[54165]" dev="sockfs" ino=54165 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 254.793822][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 254.808807][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 254.823710][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 254.838115][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 254.857220][T20668] loop5: detected capacity change from 0 to 1024 [ 254.923924][ T29] audit: type=1326 audit(2000000198.200:22711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20677 comm="syz.9.4514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f0c62e169 code=0x7ffc0000 [ 254.948254][ T29] audit: type=1326 audit(2000000198.200:22712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20677 comm="syz.9.4514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f0c62e169 code=0x7ffc0000 [ 254.994903][T20668] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 255.010219][T20681] loop9: detected capacity change from 0 to 164 [ 255.030109][ T29] audit: type=1326 audit(2000000198.200:22713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20677 comm="syz.9.4514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f5f0c62e169 code=0x7ffc0000 [ 255.053674][ T29] audit: type=1326 audit(2000000198.200:22714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20677 comm="syz.9.4514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f0c62e169 code=0x7ffc0000 [ 255.138835][T20668] EXT4-fs (loop5): shut down requested (0) [ 255.158434][T20681] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 255.252940][ T8230] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.363817][ T6628] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 255.378265][ T6628] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 255.392528][ T6628] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 255.406832][ T6628] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 255.474220][T20690] rdma_op ffff88813a672d80 conn xmit_rdma 0000000000000000 [ 255.654785][T20660] Set syz1 is full, maxelem 65536 reached [ 255.760492][T20701] program syz.6.4524 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 255.800018][T20702] SELinux: syz.0.4523 (20702) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 255.813758][ T29] audit: type=1326 audit(2000000199.080:22715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20703 comm="syz.6.4525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d44ce169 code=0x7ffc0000 [ 255.837403][ T29] audit: type=1326 audit(2000000199.080:22716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20703 comm="syz.6.4525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d44ce169 code=0x7ffc0000 [ 255.860995][ T29] audit: type=1326 audit(2000000199.080:22717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20703 comm="syz.6.4525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f31d44ce169 code=0x7ffc0000 [ 255.884492][ T29] audit: type=1326 audit(2000000199.080:22718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20703 comm="syz.6.4525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d44ce169 code=0x7ffc0000 [ 256.057353][T20717] random: crng reseeded on system resumption [ 256.178455][T20722] loop5: detected capacity change from 0 to 512 [ 256.197394][T20722] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=802c198, mo2=0002] [ 256.240548][T20725] loop4: detected capacity change from 0 to 512 [ 256.247587][T20727] program syz.6.4535 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 256.266741][T20722] EXT4-fs error (device loop5): ext4_iget_extra_inode:4693: inode #15: comm syz.5.4532: corrupted in-inode xattr: invalid ea_ino [ 256.285105][T20722] EXT4-fs error (device loop5): ext4_orphan_get:1395: comm syz.5.4532: couldn't read orphan inode 15 (err -117) [ 256.296662][T20725] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=802c198, mo2=0002] [ 256.297883][T20722] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 256.325356][T20725] EXT4-fs error (device loop4): ext4_iget_extra_inode:4693: inode #15: comm syz.4.4534: corrupted in-inode xattr: invalid ea_ino [ 256.342844][T20725] EXT4-fs error (device loop4): ext4_orphan_get:1395: comm syz.4.4534: couldn't read orphan inode 15 (err -117) [ 256.355293][T20725] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 256.401214][ T8230] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.410511][T20725] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. [ 256.451174][T20739] loop5: detected capacity change from 0 to 164 [ 256.462028][T15775] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.472344][T20739] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 256.506595][T20741] tipc: Enabling of bearer rejected, already enabled [ 256.679714][T20771] tipc: Enabling of bearer rejected, already enabled [ 256.698233][T20776] x_tables: duplicate underflow at hook 1 [ 256.753347][T20782] loop9: detected capacity change from 0 to 1024 [ 256.765264][T20782] EXT4-fs: Ignoring removed oldalloc option [ 256.778588][T20782] EXT4-fs: Ignoring removed orlov option [ 256.934372][T20782] EXT4-fs (loop9): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 256.999072][T20782] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 257.055389][T11940] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 257.148251][T20818] tipc: Enabling of bearer rejected, already enabled [ 257.192280][T20799] lo speed is unknown, defaulting to 1000 [ 257.204994][T20821] x_tables: duplicate underflow at hook 1 [ 257.290450][T20833] loop9: detected capacity change from 0 to 1024 [ 257.313227][T20799] chnl_net:caif_netlink_parms(): no params data found [ 257.321348][T20833] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 257.352137][T20825] EXT4-fs (loop9): shut down requested (0) [ 257.378767][T20844] loop4: detected capacity change from 0 to 512 [ 257.385672][T20844] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 257.395668][T20844] EXT4-fs (loop4): VFS: Can't find ext4 filesystem [ 257.407701][T20844] SELinux: syz.4.4578 (20844) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 257.430668][T20799] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.438714][T20799] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.453044][T20799] bridge_slave_0: entered allmulticast mode [ 257.453092][T11940] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 257.459691][T20799] bridge_slave_0: entered promiscuous mode [ 257.475677][T20799] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.483016][T20799] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.490818][T20799] bridge_slave_1: entered allmulticast mode [ 257.502155][T20799] bridge_slave_1: entered promiscuous mode [ 257.528849][T20850] tipc: Enabling of bearer rejected, already enabled [ 257.547768][T20799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 257.567357][T20799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.612453][T20799] team0: Port device team_slave_0 added [ 257.622900][T20799] team0: Port device team_slave_1 added [ 257.653593][T20870] random: crng reseeded on system resumption [ 257.689561][T20799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 257.696627][T20799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.723076][T20799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 257.735627][T20874] x_tables: duplicate underflow at hook 1 [ 257.739640][T20799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 257.748376][T20799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.774440][T20799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 257.814580][T20873] hub 1-0:1.0: USB hub found [ 257.826000][T20873] hub 1-0:1.0: 8 ports detected [ 257.839080][T20879] FAULT_INJECTION: forcing a failure. [ 257.839080][T20879] name failslab, interval 1, probability 0, space 0, times 0 [ 257.851783][T20879] CPU: 0 UID: 0 PID: 20879 Comm: syz.6.4592 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(voluntary) [ 257.851856][T20879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 257.851869][T20879] Call Trace: [ 257.851876][T20879] [ 257.851883][T20879] dump_stack_lvl+0xf6/0x150 [ 257.851908][T20879] dump_stack+0x15/0x1a [ 257.851925][T20879] should_fail_ex+0x261/0x270 [ 257.852016][T20879] should_failslab+0x8f/0xb0 [ 257.852101][T20879] kmem_cache_alloc_noprof+0x59/0x340 [ 257.852127][T20879] ? security_file_alloc+0x32/0x100 [ 257.852150][T20879] security_file_alloc+0x32/0x100 [ 257.852170][T20879] init_file+0x5e/0x1e0 [ 257.852210][T20879] alloc_empty_file+0x8e/0x200 [ 257.852229][T20879] alloc_file_pseudo+0xcb/0x160 [ 257.852250][T20879] sock_alloc_file+0x9b/0x1e0 [ 257.852278][T20879] __sys_socketpair+0x2ca/0x440 [ 257.852381][T20879] __x64_sys_socketpair+0x52/0x60 [ 257.852400][T20879] x64_sys_call+0x2230/0x2e10 [ 257.852418][T20879] do_syscall_64+0xc9/0x1c0 [ 257.852448][T20879] ? clear_bhb_loop+0x25/0x80 [ 257.852545][T20879] ? clear_bhb_loop+0x25/0x80 [ 257.852564][T20879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.852581][T20879] RIP: 0033:0x7f31d44d00ba [ 257.852595][T20879] Code: 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 35 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 257.852614][T20879] RSP: 002b:00007f31d2b36f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 257.852677][T20879] RAX: ffffffffffffffda RBX: 00007f31d46f5f00 RCX: 00007f31d44d00ba [ 257.852690][T20879] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 257.852702][T20879] RBP: 00007f31d2b37090 R08: 0000000000000000 R09: 0000000000000000 [ 257.852714][T20879] R10: 00007f31d2b36f98 R11: 0000000000000246 R12: 0000000000000003 [ 257.852726][T20879] R13: 0000000000000001 R14: 00007f31d46f5fa0 R15: 00007ffce8cb6cf8 [ 257.852747][T20879] [ 257.854483][T20799] hsr_slave_0: entered promiscuous mode [ 257.888056][T20881] __nla_validate_parse: 3 callbacks suppressed [ 257.888070][T20881] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4593'. [ 257.895144][T20799] hsr_slave_1: entered promiscuous mode [ 258.039016][T20892] 9pnet: Could not find request transport: fdoê¸ýª^‚0x0000000000000006 [ 258.064192][T20799] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 258.088629][T20799] Cannot create hsr debugfs directory [ 258.106883][T20881] 0ªX¹¦À: renamed from caif0 [ 258.128329][T20881] 0ªX¹¦À: entered allmulticast mode [ 258.141068][T20899] loop9: detected capacity change from 0 to 512 [ 258.158461][T20899] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 258.162166][T10303] block device autoloading is deprecated and will be removed. [ 258.184709][T20899] ext4 filesystem being mounted at /548/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 258.200333][T20906] loop4: detected capacity change from 0 to 1024 [ 258.228616][T20799] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.233485][T20912] program syz.0.4601 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 258.240535][T20906] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 258.288467][T15775] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.288512][T20799] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.325801][T20923] loop4: detected capacity change from 0 to 1024 [ 258.332647][T20923] EXT4-fs: Ignoring removed oldalloc option [ 258.338567][T20923] EXT4-fs: Ignoring removed orlov option [ 258.345263][T20799] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.356589][T20923] EXT4-fs (loop4): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 258.374748][T20923] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 258.403032][T20799] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.414822][T15775] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.431626][T20935] random: crng reseeded on system resumption [ 258.514119][T20944] netlink: 'syz.4.4604': attribute type 4 has an invalid length. [ 258.538740][T20799] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 258.540712][T20944] netlink: 'syz.4.4604': attribute type 4 has an invalid length. [ 258.568595][T20799] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 258.601312][T20799] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 258.614842][T20799] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 258.708165][T20969] random: crng reseeded on system resumption [ 258.758887][T20980] loop0: detected capacity change from 0 to 1024 [ 258.787120][T20980] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 258.805664][T20980] wg2: entered promiscuous mode [ 258.810539][T20980] wg2: entered allmulticast mode [ 258.833365][T20799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.857343][T20799] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.884182][ T6628] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.891244][ T6628] bridge0: port 1(bridge_slave_0) entered forwarding state [ 258.935880][ T6628] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.942961][ T6628] bridge0: port 2(bridge_slave_1) entered forwarding state [ 259.051965][T11940] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 259.122901][T10303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.154015][T21021] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4614'. [ 259.178292][T21024] program syz.0.4613 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 259.208502][T20799] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 259.268719][T21035] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 0, id = 0 [ 259.326927][T21038] x_tables: duplicate underflow at hook 1 [ 259.460674][T21056] random: crng reseeded on system resumption [ 259.557042][ T29] kauditd_printk_skb: 51 callbacks suppressed [ 259.557058][ T29] audit: type=1326 audit(2000000202.830:22770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21055 comm="syz.6.4622" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f31d44ce169 code=0x0 [ 259.595924][ T63] net_ratelimit: 29 callbacks suppressed [ 259.595938][ T63] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 259.610465][T20799] veth0_vlan: entered promiscuous mode [ 259.616566][ T63] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 259.634670][T20799] veth1_vlan: entered promiscuous mode [ 259.636744][ T63] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 259.657132][ T63] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 259.698805][T20799] veth0_macvtap: entered promiscuous mode [ 259.745223][T20799] veth1_macvtap: entered promiscuous mode [ 259.754687][T21068] program syz.9.4626 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 259.779869][T21064] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.810527][T21071] SELinux: syz.6.4624 (21071) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 259.828012][T21073] x_tables: duplicate underflow at hook 1 [ 259.830967][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.844358][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.854174][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.864630][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.874511][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.884960][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.894803][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.905329][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.915230][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.925710][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.935563][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.946017][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.955975][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.966429][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.976341][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.986833][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.996743][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.007263][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.017138][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.027573][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.037475][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.047920][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.057771][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.068273][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.078165][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.088591][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.098501][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.108938][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.120795][T20799] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 260.149530][T21064] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.182438][ T63] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 260.196785][ T63] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 260.211787][ T63] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 260.226105][ T63] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 260.269420][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.279967][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.289863][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.300294][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.310135][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.320563][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.330380][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.340882][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.350704][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.361135][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.371110][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.381554][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.391350][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.401831][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.411642][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.422148][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.431972][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.442408][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.452221][T20799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.462798][T20799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.477705][T20799] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 260.488446][T20799] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.497211][T20799] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.506013][T20799] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.514809][T20799] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.528643][T21081] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4631'. [ 260.538404][T21064] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.577797][ T29] audit: type=1400 audit(2000000203.850:22771): avc: denied { mounton } for pid=20799 comm="syz-executor" path="/root/syzkaller.1r5avN/syz-tmp" dev="sda1" ino=1978 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 260.607314][T21064] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.608434][ T29] audit: type=1400 audit(2000000203.850:22772): avc: denied { mount } for pid=20799 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 260.639341][ T29] audit: type=1400 audit(2000000203.860:22773): avc: denied { mounton } for pid=20799 comm="syz-executor" path="/root/syzkaller.1r5avN/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 260.666262][ T29] audit: type=1400 audit(2000000203.860:22774): avc: denied { mounton } for pid=20799 comm="syz-executor" path="/root/syzkaller.1r5avN/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=55929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 260.740796][T21064] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.752520][ T63] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 260.766923][ T63] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 260.781404][ T29] audit: type=1400 audit(2000000203.970:22775): avc: denied { mounton } for pid=20799 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=502 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 260.781432][ T29] audit: type=1400 audit(2000000203.970:22776): avc: denied { mount } for pid=20799 comm="syz-executor" name="/" dev="gadgetfs" ino=4043 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 260.781483][ T29] audit: type=1400 audit(2000000203.980:22777): avc: denied { write } for pid=20799 comm="syz-executor" name="cgroup.procs" dev="cgroup" ino=298 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:net_conf_t:s0" [ 260.781579][ T29] audit: type=1400 audit(2000000203.980:22778): avc: denied { open } for pid=20799 comm="syz-executor" path="/syzcgroup/cpu/syz5/cgroup.procs" dev="cgroup" ino=298 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:net_conf_t:s0" [ 260.839104][T21089] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 260.896797][T21064] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.905561][ T29] audit: type=1400 audit(2000000204.110:22779): avc: denied { write } for pid=21088 comm="syz.0.4633" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 260.925327][T21089] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 260.939421][T21064] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.960916][T21064] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.992461][T21099] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4633'. [ 261.001566][T21099] netlink: 46 bytes leftover after parsing attributes in process `syz.0.4633'. [ 261.010559][T21099] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4633'. [ 261.039200][T21101] program syz.6.4637 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 261.251401][T21114] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4642'. [ 261.284102][T21114] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 261.364922][T21114] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 261.399733][T21122] loop0: detected capacity change from 0 to 1024 [ 261.436905][T21122] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 261.460114][T21126] x_tables: duplicate underflow at hook 1 [ 261.498814][T10303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.526014][T21131] program syz.0.4648 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 261.557092][T21129] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.599418][T21134] SELinux: syz.6.4647 (21134) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 261.639438][T21129] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.665940][T21136] loop0: detected capacity change from 0 to 1024 [ 261.680505][T21136] EXT4-fs: Ignoring removed oldalloc option [ 261.689704][T21136] EXT4-fs: Ignoring removed orlov option [ 261.696949][T21136] EXT4-fs (loop0): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 261.727042][T21136] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 261.739549][T21129] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.768511][T10303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.815275][T21129] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.087503][T21154] sg_write: data in/out 122/14 bytes for SCSI command 0x0-- guessing data in; [ 262.087503][T21154] program syz.0.4656 not setting count and/or reply_len properly [ 262.189302][T21156] loop0: detected capacity change from 0 to 1024 [ 262.200737][T21156] EXT4-fs: Ignoring removed i_version option [ 262.235217][T21156] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 262.251251][T21156] FAULT_INJECTION: forcing a failure. [ 262.251251][T21156] name failslab, interval 1, probability 0, space 0, times 0 [ 262.263941][T21156] CPU: 0 UID: 0 PID: 21156 Comm: syz.0.4657 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(voluntary) [ 262.263969][T21156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 262.263980][T21156] Call Trace: [ 262.263985][T21156] [ 262.263991][T21156] dump_stack_lvl+0xf6/0x150 [ 262.264035][T21156] dump_stack+0x15/0x1a [ 262.264050][T21156] should_fail_ex+0x261/0x270 [ 262.264080][T21156] should_failslab+0x8f/0xb0 [ 262.264194][T21156] kmem_cache_alloc_noprof+0x59/0x340 [ 262.264218][T21156] ? audit_log_start+0x37f/0x6e0 [ 262.264297][T21156] audit_log_start+0x37f/0x6e0 [ 262.264316][T21156] ? kstrtouint+0x7b/0xc0 [ 262.264396][T21156] audit_seccomp+0x4b/0x130 [ 262.264423][T21156] __seccomp_filter+0x694/0x10e0 [ 262.264507][T21156] ? vfs_write+0x669/0x950 [ 262.264544][T21156] __secure_computing+0x7e/0x160 [ 262.264575][T21156] syscall_trace_enter+0xcf/0x1f0 [ 262.264608][T21156] do_syscall_64+0xaa/0x1c0 [ 262.264712][T21156] ? clear_bhb_loop+0x25/0x80 [ 262.264797][T21156] ? clear_bhb_loop+0x25/0x80 [ 262.264821][T21156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.264844][T21156] RIP: 0033:0x7ffa7bc1e169 [ 262.264877][T21156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.264967][T21156] RSP: 002b:00007ffa7a287038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 262.264986][T21156] RAX: ffffffffffffffda RBX: 00007ffa7be45fa0 RCX: 00007ffa7bc1e169 [ 262.264997][T21156] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000000 [ 262.265007][T21156] RBP: 00007ffa7a287090 R08: 0000000000000001 R09: 0000000000000000 [ 262.265017][T21156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 262.265027][T21156] R13: 0000000000000000 R14: 00007ffa7be45fa0 R15: 00007ffcb7c4bd18 [ 262.265043][T21156] [ 262.488019][T10303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.537360][T21167] loop9: detected capacity change from 0 to 1024 [ 262.553747][T21167] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 262.587552][T11940] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.651062][T21177] loop9: detected capacity change from 0 to 512 [ 262.668746][T21177] EXT4-fs (loop9): feature flags set on rev 0 fs, running e2fsck is recommended [ 262.776136][T21177] EXT4-fs error (device loop9): ext4_acquire_dquot:6935: comm syz.9.4665: Failed to acquire dquot type 0 [ 262.798682][T21177] EXT4-fs warning (device loop9): ext4_update_dynamic_rev:1132: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 262.821821][T21175] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.4664'. [ 262.837251][T21177] EXT4-fs (loop9): 1 truncate cleaned up [ 262.843480][T21177] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 262.864342][T21177] EXT4-fs error (device loop9): ext4_acquire_dquot:6935: comm syz.9.4665: Failed to acquire dquot type 0 [ 262.970547][T11940] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 263.023909][T21186] random: crng reseeded on system resumption [ 263.136460][T21191] netlink: 5364 bytes leftover after parsing attributes in process `syz.5.4669'. [ 263.185001][T21193] loop5: detected capacity change from 0 to 2048 [ 263.216674][T21197] netdevsim netdevsim9 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.237775][T21193] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 263.268790][T21205] SELinux: syz.9.4672 (21205) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 263.307294][T20799] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 263.350776][T21197] netdevsim netdevsim9 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.443759][T21197] netdevsim netdevsim9 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.509018][T21222] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4679'. [ 263.530818][T21197] netdevsim netdevsim9 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.638329][T21228] loop5: detected capacity change from 0 to 1024 [ 263.677817][T21228] EXT4-fs: Ignoring removed oldalloc option [ 263.683944][T21228] EXT4-fs: Ignoring removed orlov option [ 263.690086][T21228] EXT4-fs (loop5): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 263.731101][T21228] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 263.748961][T21197] netdevsim netdevsim9 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.782347][T21197] netdevsim netdevsim9 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.812463][T21197] netdevsim netdevsim9 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.847558][T21197] netdevsim netdevsim9 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.928915][T21241] usb usb1: usbfs: interface 0 claimed by hub while 'syz.9.4685' sets config #1 [ 263.946891][T20799] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.137180][T21256] loop9: detected capacity change from 0 to 1024 [ 264.203573][T21256] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 264.261277][T11940] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.299068][T21268] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4696'. [ 264.387891][T21129] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.400199][T21129] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.425176][T21129] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.443204][T21129] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.528991][T21281] loop5: detected capacity change from 0 to 1024 [ 264.574781][T21289] FAULT_INJECTION: forcing a failure. [ 264.574781][T21289] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 264.588097][T21289] CPU: 0 UID: 0 PID: 21289 Comm: syz.0.4705 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(voluntary) [ 264.588125][T21289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 264.588137][T21289] Call Trace: [ 264.588142][T21289] [ 264.588147][T21289] dump_stack_lvl+0xf6/0x150 [ 264.588167][T21289] dump_stack+0x15/0x1a [ 264.588183][T21289] should_fail_ex+0x261/0x270 [ 264.588298][T21289] should_fail_alloc_page+0xfd/0x110 [ 264.588333][T21289] __alloc_frozen_pages_noprof+0x11d/0x360 [ 264.588418][T21289] alloc_pages_mpol+0xb6/0x260 [ 264.588450][T21289] vma_alloc_folio_noprof+0x19c/0x300 [ 264.588548][T21289] handle_mm_fault+0xdda/0x2e80 [ 264.588608][T21289] ? mas_walk+0x204/0x320 [ 264.588633][T21289] ? __rcu_read_unlock+0x4e/0x70 [ 264.588666][T21289] exc_page_fault+0x3b9/0x6a0 [ 264.588772][T21289] asm_exc_page_fault+0x26/0x30 [ 264.588858][T21289] RIP: 0033:0x7ffa7bae0be3 [ 264.588871][T21289] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 264.588886][T21289] RSP: 002b:00007ffa7a2864a0 EFLAGS: 00010206 [ 264.588899][T21289] RAX: 0000000000002000 RBX: 00007ffa7a286540 RCX: 00007ffa71e67000 [ 264.588909][T21289] RDX: 00007ffa7a2866e0 RSI: 000000000000001f RDI: 00007ffa7a2865e0 [ 264.588920][T21289] RBP: 00000000000000cc R08: 0000000000000006 R09: 0000000000000022 [ 264.589005][T21289] R10: 0000000000000024 R11: 00007ffa7a286540 R12: 0000000000000001 [ 264.589018][T21289] R13: 00007ffa7bcbbf40 R14: 00000000000000ff R15: 00007ffa7a2865e0 [ 264.589038][T21289] [ 264.589047][T21289] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 264.721551][ T29] kauditd_printk_skb: 53 callbacks suppressed [ 264.721568][ T29] audit: type=1326 audit(2000000207.910:22825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21294 comm="syz.9.4707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f0c62e169 code=0x7ffc0000 [ 264.731050][T21289] loop0: detected capacity change from 0 to 512 [ 264.732930][ T29] audit: type=1326 audit(2000000207.910:22826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21294 comm="syz.9.4707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f0c62e169 code=0x7ffc0000 [ 264.820083][ T29] audit: type=1326 audit(2000000207.910:22827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21294 comm="syz.9.4707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f5f0c62e169 code=0x7ffc0000 [ 264.844517][ T29] audit: type=1326 audit(2000000207.910:22828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21294 comm="syz.9.4707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f0c62e169 code=0x7ffc0000 [ 264.868882][ T29] audit: type=1326 audit(2000000207.910:22829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21294 comm="syz.9.4707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f0c62e169 code=0x7ffc0000 [ 264.892522][ T29] audit: type=1326 audit(2000000207.910:22830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21294 comm="syz.9.4707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5f0c62e169 code=0x7ffc0000 [ 264.916721][ T29] audit: type=1326 audit(2000000207.910:22831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21294 comm="syz.9.4707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f0c62e169 code=0x7ffc0000 [ 264.941210][ T29] audit: type=1326 audit(2000000207.910:22832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21294 comm="syz.9.4707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f0c62e169 code=0x7ffc0000 [ 264.964933][ T29] audit: type=1326 audit(2000000207.910:22833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21294 comm="syz.9.4707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5f0c62e169 code=0x7ffc0000 [ 264.970716][T21281] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 265.012506][ T29] audit: type=1326 audit(2000000208.270:22834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21294 comm="syz.9.4707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f0c62e169 code=0x7ffc0000 [ 265.041856][ T64] net_ratelimit: 30 callbacks suppressed [ 265.042080][ T64] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 265.063017][ T64] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 265.077310][ T64] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 265.082901][T20799] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.092516][ T64] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 265.126437][T21289] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 265.139596][T21289] EXT4-fs (loop0): orphan cleanup on readonly fs [ 265.147446][T21289] EXT4-fs warning (device loop0): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 265.254670][T21309] netdevsim netdevsim9 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.289358][T21307] SELinux: failed to load policy [ 265.324289][T21289] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 265.336264][T21312] SELinux: syz.9.4711 (21312) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 265.381498][T21289] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.4705: bg 0: block 40: padding at end of block bitmap is not set [ 265.411913][T21289] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 265.449893][T21309] netdevsim netdevsim9 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.452499][T21289] EXT4-fs (loop0): 1 truncate cleaned up [ 265.466695][T21289] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 265.506116][T21303] tipc: Started in network mode [ 265.511096][T21303] tipc: Node identity d29cc1cb4a9e, cluster identity 4711 [ 265.518921][T21303] tipc: Enabled bearer , priority 0 [ 265.542703][T21311] tipc: Resetting bearer [ 265.572680][T21311] tipc: Disabling bearer [ 265.614635][T21309] netdevsim netdevsim9 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.630097][ T1970] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 265.644448][ T1970] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 265.658712][ T1970] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 265.673117][ T1970] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 265.716728][T10303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.757323][T21309] netdevsim netdevsim9 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.833711][T21335] x_tables: duplicate underflow at hook 1 [ 265.857349][T21337] netlink: 5280 bytes leftover after parsing attributes in process `syz.0.4719'. [ 265.941738][T21343] random: crng reseeded on system resumption [ 266.202589][T21368] x_tables: duplicate underflow at hook 1 [ 266.216162][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 266.233164][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 266.257633][T21370] netlink: 5280 bytes leftover after parsing attributes in process `syz.5.4731'. [ 266.352458][T21374] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4733'. [ 266.440455][T21383] program syz.5.4736 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 266.617898][T21403] netlink: 4768 bytes leftover after parsing attributes in process `syz.6.4743'. [ 266.781571][T21416] random: crng reseeded on system resumption [ 266.845228][T21413] tipc: Enabling of bearer rejected, failed to enable media [ 267.305615][T21309] netdevsim netdevsim9 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.327298][T21309] netdevsim netdevsim9 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.345775][T21309] netdevsim netdevsim9 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.357970][T21309] netdevsim netdevsim9 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.393380][T21438] netlink: 4768 bytes leftover after parsing attributes in process `syz.5.4755'. [ 267.428227][T21442] 9pnet_fd: Insufficient options for proto=fd [ 267.458102][T21442] loop5: detected capacity change from 0 to 512 [ 267.489294][T21442] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 267.533401][T21442] ext4 filesystem being mounted at /40/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 267.559856][T21442] netlink: 88 bytes leftover after parsing attributes in process `+}[@'. [ 267.659702][T21451] tipc: Enabling of bearer rejected, already enabled [ 267.684087][T21442] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 267.907040][T21469] SELinux: syz.5.4766 (21469) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 267.934351][T21466] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 268.050788][T21466] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 268.177577][T21466] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 268.324827][T21466] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 268.586748][T21466] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.637611][T21466] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.702278][T21466] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.722880][T21466] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.737523][T21494] loop0: detected capacity change from 0 to 128 [ 268.962456][T21502] loop5: detected capacity change from 0 to 1024 [ 268.982492][T21490] netlink: 4768 bytes leftover after parsing attributes in process `syz.9.4777'. [ 268.997676][T21502] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 269.086675][T21504] lo speed is unknown, defaulting to 1000 [ 269.139373][T20799] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 269.151623][T21504] chnl_net:caif_netlink_parms(): no params data found [ 269.179157][T21520] loop9: detected capacity change from 0 to 1024 [ 269.222154][T21520] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 269.286201][T21504] bridge0: port 1(bridge_slave_0) entered blocking state [ 269.293404][T21504] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.337245][T11940] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 269.347400][T21504] bridge_slave_0: entered allmulticast mode [ 269.369983][T21504] bridge_slave_0: entered promiscuous mode [ 269.418963][T21504] bridge0: port 2(bridge_slave_1) entered blocking state [ 269.426857][T21504] bridge0: port 2(bridge_slave_1) entered disabled state [ 269.438735][T21504] bridge_slave_1: entered allmulticast mode [ 269.446156][T21504] bridge_slave_1: entered promiscuous mode [ 269.498774][T21504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 269.517866][T21504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 269.552059][T21504] team0: Port device team_slave_0 added [ 269.562698][T21504] team0: Port device team_slave_1 added [ 269.593823][T21504] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 269.600801][T21504] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 269.627493][T21504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 269.692532][T21504] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 269.699513][T21504] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 269.726256][T21504] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 269.788187][T21504] hsr_slave_0: entered promiscuous mode [ 269.805322][T21504] hsr_slave_1: entered promiscuous mode [ 269.812349][T21504] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 269.819927][T21504] Cannot create hsr debugfs directory [ 269.937965][T21547] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 269.946820][T21547] FAULT_INJECTION: forcing a failure. [ 269.946820][T21547] name failslab, interval 1, probability 0, space 0, times 0 [ 269.959677][T21547] CPU: 0 UID: 0 PID: 21547 Comm: +}[@ Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(voluntary) [ 269.959728][T21547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 269.959739][T21547] Call Trace: [ 269.959745][T21547] [ 269.959753][T21547] dump_stack_lvl+0xf6/0x150 [ 269.959780][T21547] dump_stack+0x15/0x1a [ 269.959800][T21547] should_fail_ex+0x261/0x270 [ 269.959876][T21547] should_failslab+0x8f/0xb0 [ 269.959913][T21547] kmem_cache_alloc_noprof+0x59/0x340 [ 269.959955][T21547] ? alloc_empty_file+0x78/0x200 [ 269.959976][T21547] ? _raw_spin_unlock+0x26/0x50 [ 269.959995][T21547] alloc_empty_file+0x78/0x200 [ 269.960018][T21547] alloc_file_pseudo+0xcb/0x160 [ 269.960043][T21547] sock_alloc_file+0x9b/0x1e0 [ 269.960150][T21547] do_accept+0x1e6/0x3b0 [ 269.960206][T21547] __sys_accept4+0xcd/0x160 [ 269.960227][T21547] __x64_sys_accept+0x44/0x50 [ 269.960252][T21547] x64_sys_call+0x2bc1/0x2e10 [ 269.960278][T21547] do_syscall_64+0xc9/0x1c0 [ 269.960312][T21547] ? clear_bhb_loop+0x25/0x80 [ 269.960356][T21547] ? clear_bhb_loop+0x25/0x80 [ 269.960383][T21547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.960495][T21547] RIP: 0033:0x7f31d44ce169 [ 269.960513][T21547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.960588][T21547] RSP: 002b:00007f31d2b37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 269.960666][T21547] RAX: ffffffffffffffda RBX: 00007f31d46f5fa0 RCX: 00007f31d44ce169 [ 269.960678][T21547] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 269.960694][T21547] RBP: 00007f31d2b37090 R08: 0000000000000000 R09: 0000000000000000 [ 269.960725][T21547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 269.960740][T21547] R13: 0000000000000000 R14: 00007f31d46f5fa0 R15: 00007ffce8cb6cf8 [ 269.960825][T21547] [ 270.349344][T21504] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 270.361282][T21504] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 270.374426][ T1970] net_ratelimit: 30 callbacks suppressed [ 270.374442][ T1970] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 270.394494][ T1970] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 270.408852][ T1970] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 270.423161][ T1970] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 270.439872][T21504] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 270.451061][T21504] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 270.654575][T21504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 270.694605][T21504] 8021q: adding VLAN 0 to HW filter on device team0 [ 270.715310][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.722416][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 270.810629][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.817810][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 270.846973][T21504] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 270.926998][T21504] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 270.953246][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 270.967599][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 270.981886][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 270.996160][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 271.100096][T21504] veth0_vlan: entered promiscuous mode [ 271.133381][T21504] veth1_vlan: entered promiscuous mode [ 271.168568][T21504] veth0_macvtap: entered promiscuous mode [ 271.186223][T21504] veth1_macvtap: entered promiscuous mode [ 271.205336][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.215955][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.225831][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.236387][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.246279][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.256750][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.266642][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.277099][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.286928][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.297374][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.307258][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.317782][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.327654][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.338134][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.348026][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.358490][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.368324][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.378766][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.388634][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.399074][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.408962][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.419411][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.429262][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.439775][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.449666][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.460126][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.469967][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.480474][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.490313][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.500797][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.513073][T21504] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 271.532362][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.539244][ T1970] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 271.542922][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.542937][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.542952][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.542966][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.542979][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.543011][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.543026][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.543041][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.543131][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.543144][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.543159][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.543172][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.543185][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.543198][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.543213][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.543230][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.543262][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.543278][T21504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.543293][T21504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.552528][T21504] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 271.558049][ T1970] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 271.614685][T21504] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.782784][T21504] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.791539][T21504] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.800299][T21504] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.827981][T21595] hub 1-0:1.0: USB hub found [ 271.844948][T21595] hub 1-0:1.0: 8 ports detected [ 271.905363][T21598] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4781'. [ 272.006468][T21600] netlink: 460 bytes leftover after parsing attributes in process `syz.6.4812'. [ 272.076426][T21602] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4813'. [ 272.260944][T21613] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.290225][T21616] loop9: detected capacity change from 0 to 512 [ 272.299097][T21617] SELinux: syz.0.4818 (21617) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 272.343300][T21616] ext4 filesystem being mounted at /589/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 272.383411][T21620] SELinux: syz.6.4819 (21620) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 272.666864][T21628] netlink: 4768 bytes leftover after parsing attributes in process `syz.6.4820'. [ 272.689829][T21656] loop5: detected capacity change from 0 to 1024 [ 272.727184][T21656] EXT4-fs: Ignoring removed oldalloc option [ 272.739486][T21656] EXT4-fs: Ignoring removed orlov option [ 272.758032][T21656] EXT4-fs (loop5): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 273.156645][T21613] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.539279][T21708] netlink: 'syz.9.4825': attribute type 1 has an invalid length. [ 273.547738][T21708] netlink: 224 bytes leftover after parsing attributes in process `syz.9.4825'. [ 273.795879][T21720] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4830'. [ 273.906160][ T29] kauditd_printk_skb: 52 callbacks suppressed [ 273.906176][ T29] audit: type=1326 audit(2000000217.180:22886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21731 comm="syz.6.4832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d44ce169 code=0x7ffc0000 [ 273.920995][T21732] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.945137][T21732] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.951473][ T29] audit: type=1326 audit(2000000217.180:22887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21731 comm="syz.6.4832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f31d44ce169 code=0x7ffc0000 [ 273.975933][ T29] audit: type=1326 audit(2000000217.180:22888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21731 comm="syz.6.4832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d44ce169 code=0x7ffc0000 [ 273.999566][ T29] audit: type=1326 audit(2000000217.180:22889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21731 comm="syz.6.4832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f31d44ce169 code=0x7ffc0000 [ 274.023247][ T29] audit: type=1326 audit(2000000217.180:22890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21731 comm="syz.6.4832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d44ce169 code=0x7ffc0000 [ 274.047040][ T29] audit: type=1326 audit(2000000217.180:22891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21731 comm="syz.6.4832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f31d44ce169 code=0x7ffc0000 [ 274.070641][ T29] audit: type=1326 audit(2000000217.180:22892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21731 comm="syz.6.4832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d44ce169 code=0x7ffc0000 [ 274.094309][ T29] audit: type=1326 audit(2000000217.180:22893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21731 comm="syz.6.4832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f31d44ce169 code=0x7ffc0000 [ 274.117884][ T29] audit: type=1326 audit(2000000217.180:22894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21731 comm="syz.6.4832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31d44ce169 code=0x7ffc0000 [ 274.141532][ T29] audit: type=1326 audit(2000000217.180:22895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21731 comm="syz.6.4832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f31d44ce169 code=0x7ffc0000 [ 274.165915][T21732] bridge0: entered allmulticast mode [ 274.211788][T21733] bridge_slave_1: left allmulticast mode [ 274.217522][T21733] bridge_slave_1: left promiscuous mode [ 274.223198][T21733] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.263997][T21739] loop5: detected capacity change from 0 to 1024 [ 274.272557][T21733] bridge_slave_0: left allmulticast mode [ 274.278202][T21733] bridge_slave_0: left promiscuous mode [ 274.285204][T21733] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.429353][T21718] lo speed is unknown, defaulting to 1000 [ 274.438818][T21747] SELinux: syz.5.4837 (21747) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 274.467953][T21613] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.539661][T21718] chnl_net:caif_netlink_parms(): no params data found [ 274.557806][T21705] syz.9.4825 (21705) used greatest stack depth: 7104 bytes left [ 274.596826][T21613] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.643144][T21756] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4840'. [ 274.653408][T21718] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.660641][T21718] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.669438][T21718] bridge_slave_0: entered allmulticast mode [ 274.676286][T21718] bridge_slave_0: entered promiscuous mode [ 274.689099][T21613] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.693376][T21764] hub 1-0:1.0: USB hub found [ 274.697943][T21718] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.702053][T21764] hub 1-0:1.0: 8 ports detected [ 274.708952][T21718] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.721154][T21718] bridge_slave_1: entered allmulticast mode [ 274.727929][T21718] bridge_slave_1: entered promiscuous mode [ 274.755284][T21718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 274.767487][T21613] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.777680][T21718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 274.778080][T21767] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4842'. [ 274.807292][T21613] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.816553][T21718] team0: Port device team_slave_0 added [ 274.823795][T21718] team0: Port device team_slave_1 added [ 274.841244][T21613] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.881739][T21773] loop0: detected capacity change from 0 to 1024 [ 275.058065][T21767] netdevsim netdevsim6 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.066707][T21767] netdevsim netdevsim6 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.070215][T21791] SELinux: syz.5.4848 (21791) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 275.075103][T21767] netdevsim netdevsim6 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.075174][T21767] netdevsim netdevsim6 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.110327][T21767] tipc: Resetting bearer [ 275.118444][T21718] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 275.125535][T21718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.151595][T21718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 275.163441][ T3383] lo speed is unknown, defaulting to 1000 [ 275.164228][T21718] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 275.169193][ T3383] syz0: Port: 1 Link DOWN [ 275.176109][T21718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.206490][T21718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 275.233627][ T10] syz2: Port: 1 Link DOWN [ 275.259747][T21718] hsr_slave_0: entered promiscuous mode [ 275.272944][T21718] hsr_slave_1: entered promiscuous mode [ 275.279233][T21718] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 275.286855][T21718] Cannot create hsr debugfs directory [ 275.317808][T21794] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4851'. [ 275.404881][T21806] FAULT_INJECTION: forcing a failure. [ 275.404881][T21806] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 275.418715][T21806] CPU: 1 UID: 0 PID: 21806 Comm: syz.6.4854 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(voluntary) [ 275.418743][T21806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 275.418755][T21806] Call Trace: [ 275.418761][T21806] [ 275.418768][T21806] dump_stack_lvl+0xf6/0x150 [ 275.418793][T21806] dump_stack+0x15/0x1a [ 275.418877][T21806] should_fail_ex+0x261/0x270 [ 275.418906][T21806] should_fail+0xb/0x10 [ 275.418931][T21806] should_fail_usercopy+0x1a/0x20 [ 275.418975][T21806] _copy_from_user+0x1c/0xa0 [ 275.419010][T21806] move_addr_to_kernel+0x8c/0x130 [ 275.419087][T21806] __sys_bind+0xa3/0x190 [ 275.419112][T21806] __x64_sys_bind+0x41/0x50 [ 275.419134][T21806] x64_sys_call+0x1e4a/0x2e10 [ 275.419157][T21806] do_syscall_64+0xc9/0x1c0 [ 275.419188][T21806] ? clear_bhb_loop+0x25/0x80 [ 275.419217][T21806] ? clear_bhb_loop+0x25/0x80 [ 275.419277][T21806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.419353][T21806] RIP: 0033:0x7f31d44ce169 [ 275.419368][T21806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 275.419383][T21806] RSP: 002b:00007f31d2b37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 275.419398][T21806] RAX: ffffffffffffffda RBX: 00007f31d46f5fa0 RCX: 00007f31d44ce169 [ 275.419408][T21806] RDX: 0000000000000014 RSI: 00002000000000c0 RDI: 0000000000000006 [ 275.419473][T21806] RBP: 00007f31d2b37090 R08: 0000000000000000 R09: 0000000000000000 [ 275.419486][T21806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 275.419496][T21806] R13: 0000000000000000 R14: 00007f31d46f5fa0 R15: 00007ffce8cb6cf8 [ 275.419529][T21806] [ 275.618229][T21718] netdevsim netdevsim8 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.629213][T21771] loop9: detected capacity change from 0 to 1024 [ 275.639594][T21771] EXT4-fs: Ignoring removed bh option [ 275.664415][T21718] netdevsim netdevsim8 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.688879][T21771] EXT4-fs error (device loop9): ext4_mb_mark_diskspace_used:4113: comm syz.9.4844: Allocating blocks 497-513 which overlap fs metadata [ 275.725457][T21808] lo speed is unknown, defaulting to 1000 [ 275.745466][T21718] netdevsim netdevsim8 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.755578][T21836] loop0: detected capacity change from 0 to 1024 [ 275.763079][T21836] EXT4-fs: Ignoring removed oldalloc option [ 275.769145][T21836] EXT4-fs: Ignoring removed orlov option [ 275.779292][T21771] EXT4-fs (loop9): Remounting filesystem read-only [ 275.780833][T21836] EXT4-fs (loop0): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 275.798207][T21770] EXT4-fs (loop9): pa ffff8881064dd620: logic 256, phys. 385, len 8 [ 275.818704][T21718] netdevsim netdevsim8 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.833540][T21848] 9pnet_fd: p9_fd_create_unix (21848): problem connecting socket: ./file0: -111 [ 275.855381][ T8583] net_ratelimit: 30 callbacks suppressed [ 275.855396][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 275.875435][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 275.889714][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 275.904016][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 275.947254][T21855] ================================================================== [ 275.955451][T21855] BUG: KCSAN: data-race in mas_wr_store_entry / mtree_range_walk [ 275.963203][T21855] [ 275.965524][T21855] write to 0xffff8881106f7c10 of 8 bytes by task 21852 on cpu 0: [ 275.973241][T21855] mas_wr_store_entry+0x1266/0x2460 [ 275.978477][T21855] mas_store_prealloc+0x6d5/0x960 [ 275.983519][T21855] commit_merge+0x685/0x710 [ 275.988043][T21855] vma_expand+0x241/0x320 [ 275.992396][T21855] vma_merge_new_range+0x2c2/0x340 [ 275.997532][T21855] mmap_region+0x805/0x1490 [ 276.002041][T21855] do_mmap+0x9ef/0xc80 [ 276.006126][T21855] vm_mmap_pgoff+0x16d/0x2d0 [ 276.010736][T21855] ksys_mmap_pgoff+0xd0/0x340 [ 276.015436][T21855] x64_sys_call+0x1945/0x2e10 [ 276.020115][T21855] do_syscall_64+0xc9/0x1c0 [ 276.024642][T21855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.030551][T21855] [ 276.032880][T21855] read to 0xffff8881106f7c10 of 8 bytes by task 21855 on cpu 1: [ 276.040508][T21855] mtree_range_walk+0x1b3/0x460 [ 276.045378][T21855] mas_walk+0x16e/0x320 [ 276.049551][T21855] lock_vma_under_rcu+0xa7/0x340 [ 276.054512][T21855] exc_page_fault+0x150/0x6a0 [ 276.059207][T21855] asm_exc_page_fault+0x26/0x30 [ 276.064063][T21855] [ 276.066387][T21855] value changed: 0x00007f3846d65fff -> 0xffffffff8562b830 [ 276.073503][T21855] [ 276.075824][T21855] Reported by Kernel Concurrency Sanitizer on: [ 276.081996][T21855] CPU: 1 UID: 0 PID: 21855 Comm: syz.5.4863 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(voluntary) [ 276.094503][T21855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 276.104558][T21855] ================================================================== [ 276.145490][T21718] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 276.176288][T21718] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 276.185520][T21718] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 276.199189][T21718] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 276.267263][T21718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 276.282573][T21718] 8021q: adding VLAN 0 to HW filter on device team0 [ 276.292699][ T8583] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.299814][ T8583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 276.311393][ T6630] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.318502][ T6630] bridge0: port 2(bridge_slave_1) entered forwarding state [ 276.346490][T21718] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 276.356965][T21718] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 276.425091][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 276.439447][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 276.453762][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 276.468035][ T8583] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 276.484613][T21718] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 276.617418][T21718] veth0_vlan: entered promiscuous mode [ 276.631563][T21718] veth1_vlan: entered promiscuous mode [ 276.656319][T21718] veth0_macvtap: entered promiscuous mode [ 276.669114][T21718] veth1_macvtap: entered promiscuous mode [ 276.680519][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.691867][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.701846][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.712892][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.722747][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.733813][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.743716][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.754913][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.764747][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.775812][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.785644][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.796667][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.806501][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.817512][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.827334][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.838325][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.848180][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.859180][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.869037][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.880029][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.889897][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.900814][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.910637][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.921673][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.931584][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.942598][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.952446][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.963385][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.973194][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.984322][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.994153][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.003860][T21841] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 277.005410][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.018997][T21841] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 277.045003][T21718] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 277.062197][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.072691][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.083025][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.093481][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.103934][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.114424][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.124742][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.135172][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.145583][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.156101][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.166591][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.177085][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.187497][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.197987][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.208386][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.218804][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.229051][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.239498][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.249863][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.260346][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.270840][T21718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.281283][T21718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.293275][T21718] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 277.303759][T21718] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.313222][T21718] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.322115][T21718] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.330892][T21718] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.136145][T21840] net_ratelimit: 30 callbacks suppressed [ 281.136223][T21840] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 281.157005][T21840] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 281.171296][T21840] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 281.186060][T21840] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 281.712152][ T6630] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 281.726751][ T6630] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 281.741700][ T6630] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 281.755988][ T6630] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 282.272127][T21840] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 282.286596][T21840] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a