last executing test programs: 13.992449798s ago: executing program 3 (id=5997): openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x8a000, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet(0x2, 0x2, 0xffff) shutdown(r1, 0x0) recvmmsg(r1, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe4, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = syz_io_uring_setup(0x72c2, &(0x7f0000000380), &(0x7f0000000100), &(0x7f0000000000)) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r2, @ANYRES32, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r7}, 0x10) clock_adjtime(0x0, &(0x7f0000000340)={0xfff, 0x7, 0x9, 0xd4bb, 0xe, 0x9, 0x2, 0xea5f, 0x8, 0x3a, 0x1, 0x400, 0x214, 0x4, 0xb, 0x4, 0x1, 0xc44, 0x3e, 0x800000000, 0x0, 0x7, 0x1, 0x0, 0x3, 0x8000000000000000}) io_uring_enter(r5, 0x0, 0xbd6d, 0x9, 0x0, 0x0) r8 = syz_clone(0x28208000, 0x0, 0x9, 0x0, 0x0, 0x0) r9 = syz_pidfd_open(r8, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r9, 0x6612) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r11 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f00000005c0)=ANY=[@ANYRESOCT=r4], 0x0, 0x26}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae2acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a3053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456391cffdef93e29f10f4a11f0cfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d984ecb91e6683a5f522d536e2f3c43b89823659d1945258fc668950e5aacfffffffffffffff7f7a266c90e64efc8d8f730867202a9ee94e6a00"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, 0x0, r11, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000}, 0x6d) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000100)='kmem_cache_free\x00', r10}, 0xe) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000540)={[{@grpid}, {@journal_async_commit}]}, 0x4, 0x4ec, &(0x7f0000001d40)="$eJzs3c9vVMcdAPDvW3uxMQuGlkNbtYVSWlohFtuAheihcGlVIaSqqKcewLUXy/KaRf5BsMPBHHOPFKSckj8htxwiccoht5yS3HIhh0gkQYlwpBw2em8f9mJ7sRNsL3g/H+n5vZlZ9juzy8zsG1hPAB3raEQsRsSeiLgeEf15fpIfcbFxpI978vju6NLju6NJ1OtXv06y8jQvmv5Mal/+nL0R8Z9/Rvw/WRt3Zn5hcqRarUzn6dOzU7dOz8wvnJoo5DlDw4PDA+fPnBvasrYemXrv0T8mLv/3g/d/9/Djxb++nlar9Mb+rKy5HVup0fRilJryuiPi8nYEa5Pu/O8Pr560t/0iIo5l/b8/urJ3EwDYzer1/qj3N6cBgN0uvf8vRVIo52sBpSgUyuXGGt7h6CtUazOzJ/trczfHIlvDOhjFwo2JamUgXys8GMUkTQ9m1yvpoVXpMxFxKCLe7NmbpcujtepYOz/4AEAH27dq/v+upzH/AwC7XG+7KwAA7DjzPwB0HvM/AHSenzD/+3YgAOwS7v8BoPOY/wGg82w4/9/bmXoAADvi31eupEd9Kf/912O35+f+Vrp9aqwyM1memhstJ7XpW+XxWm28WimP1usbPV+1Vrs1eHY5OTO/cG2qNndz9trE1Mh45VqluM3tAQA2dujIg8+SiFi8sDc7omkvB3M17G6FdlcAaJuudlcAaBvf54HOtYl7fMsAsMuts0XvM1r+F6H7Nn+FV9WJX1v/h05l/R86189b///7ltcD2HnW/6Fz1euJPf8BoMNY4wde6N//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEOVsiMplLO9wBfTn4VyOWJ/RByMYnJjoloZiIgDEfFpT7EnTQ+2u9IAwAsqfJnk+3+d6D9eWl26J/m+JztHxGtvX33rzsjs7PRgmv/Ncv7s/Tx/aE87GgAANLu4NqsxT+fnphv5J4/vjj49drKKjy41NhdN4y7lR6OkO7qzc28UI6Lv2yRPN6SfV7q2IP7ivYj41Ur77zRFKGVrII2dT1fHT2Pv34b4K6//6viFZ+IXsrL0XMxei19uQV2g0zy41Bgn876XdrG8/xXiaHZev//3ZiPUi3s6/i2tGf8Ky+Nf15r4Sdbnjy6nn1+TR2c//NeazHp/o+xexG+614ufLMdPWoy/xzfZxs9/+/tjrcrq70SciPXjN0xlw+zTsfbUxNTIeGW8cnNoaHhweOD8mXNDp7M16sbPj9aL8dWFkwdaxU/b39cifm+L9n+S1+5Pm2z/uz9c/98fnhP/L39c//0/3CJ+Kp0T/7zJ+CN9F1tu353GH2vR/o3e/5ObjP/wi4WxTT4UANgBM/MLkyPVamV6g4v0s+ZGj3Hxal7EYsRLUA0XL9VFu0cmYLutdPp21wQAAAAAAAAAAAAAAGhlZn5hsie29+tE7W4jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9ePAQAA//+kMMxg") syz_mount_image$vfat(&(0x7f0000000ac0), &(0x7f0000000b00)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) r12 = open(&(0x7f0000000300)='.\x00', 0x800, 0x17d) symlinkat(&(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r12, &(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') open(&(0x7f0000000300)='.\x00', 0x0, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000680)=@generic={&(0x7f0000000580)='./file0\x00'}, 0x18) 13.877309796s ago: executing program 3 (id=6002): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000490, &(0x7f0000000000)={[{@orlov}, {@errors_remount}]}, 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==") r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r0}, 0x10) mount(0x0, &(0x7f0000001fc0)='./file0\x00', &(0x7f0000002000)='devtmpfs\x00', 0x0, &(0x7f0000002040)='dirsync') r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r3}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000000000000000200"/63], 0x0, 0x56}, 0x20) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6gretap0\x00', 0x0}) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f00000004c0)={r5, 0x3, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x0, 0xc8, 0x8, 0x6, 0x5803, 0x320, 0x2e8, 0x2e8, 0x320, 0x2e8, 0x3, 0x0, {[{{@ipv6={@remote, @mcast1, [], [], 'vlan0\x00', 'geneve1\x00'}, 0x0, 0x168, 0x198, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5df11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f35a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1, 0x2}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000b80)={0x3c, r7, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x42}}]}, 0x3c}}, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000040), r6) bpf$MAP_CREATE(0x0, 0x0, 0x0) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10010, r1, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 13.343036266s ago: executing program 3 (id=6013): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000980)='./file1\x00', 0x280809a, &(0x7f0000000f40)=ANY=[], 0xd, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg") r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) write$9p(r0, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706", 0x200) sendfile(r0, r1, 0x0, 0xe066) sendfile(r0, r1, 0x0, 0xffff) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0), 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r2}, 0x90) sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000300), 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x7c, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x5, 0x24}}}}, [@NL80211_ATTR_QOS_MAP={0x26, 0xc7, {[{0x7e, 0x1}, {0x4, 0x2}, {0x5f, 0x4}, {0x5, 0x5}, {0x1, 0x7}, {0x6, 0x7}, {0x1}, {0x7}, {0xde, 0x6}, {0x3}, {0xf7, 0x5}, {0x7, 0x6}, {0x5, 0x6}], "7b6c7d21f34cfe8c"}}, @NL80211_ATTR_QOS_MAP={0x34, 0xc7, {[{0x2, 0x3}, {0x2, 0x6}, {0x22, 0x5}, {0xff, 0x4}, {0xe, 0x3}, {0x6}, {0x27, 0x4}, {0x6, 0x6}, {0x7, 0x1}, {0x9, 0x3}, {0x4f, 0x7}, {0xfe}, {0x7, 0x7}, {0x4, 0x3}, {0x6, 0x4}, {0x6, 0x3}, {0x9, 0x3}, {0x74, 0x2}, {0xd, 0x6}, {0x2}], "9a228d4fa0422131"}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x40800}, 0x4000010) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x90) syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000680)='kmem_cache_free\x00', r3}, 0x10) r4 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r4, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000540)={'ip6_vti0\x00', &(0x7f00000004c0)={'syztnl0\x00', 0x0, 0x29, 0x9, 0x9, 0x4, 0x1, @mcast1, @local, 0x20, 0x80, 0x7fffffff, 0x2}}) connect$phonet_pipe(0xffffffffffffffff, &(0x7f0000002200), 0x10) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x800, 0x0, 0x0) 13.322874137s ago: executing program 3 (id=6014): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x0, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x84, 0x84, 0xb, [@typedef={0x10, 0x0, 0x0, 0x8, 0x5}, @union={0xc, 0x7, 0x0, 0x5, 0x1, 0x86, [{0x2, 0x3, 0x87}, {0x10, 0x2, 0x9}, {0xe, 0x2, 0x401}, {0x4, 0x4, 0x6}, {0xf, 0x3, 0x1}, {0xb, 0x4, 0x6}, {0x10, 0x4, 0x6}]}, @ptr={0x0, 0x0, 0x0, 0x2, 0x5}, @func={0xb, 0x0, 0x0, 0xc, 0x1}]}, {0x0, [0x5f, 0x61, 0x5f, 0x61, 0x0, 0x61, 0x61, 0x2e, 0x61]}}, &(0x7f0000000300)=""/157, 0xa7, 0x9d, 0xa6, 0x107}, 0x20) 13.17502061s ago: executing program 3 (id=6016): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000490, &(0x7f0000000000)={[{@orlov}, {@errors_remount}]}, 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==") r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r0}, 0x10) mount(0x0, &(0x7f0000001fc0)='./file0\x00', &(0x7f0000002000)='devtmpfs\x00', 0x0, &(0x7f0000002040)='dirsync') r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r3}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000000000000000200"/63], 0x0, 0x56}, 0x20) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6gretap0\x00', 0x0}) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f00000004c0)={r5, 0x3, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x0, 0xc8, 0x8, 0x6, 0x5803, 0x320, 0x2e8, 0x2e8, 0x320, 0x2e8, 0x3, 0x0, {[{{@ipv6={@remote, @mcast1, [], [], 'vlan0\x00', 'geneve1\x00'}, 0x0, 0x168, 0x198, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5df11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f35a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1, 0x2}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000b80)={0x3c, r7, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x42}}]}, 0x3c}}, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000040), r6) r8 = bpf$MAP_CREATE(0x0, 0x0, 0x0) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10010, r1, 0x1) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000680)={r8, &(0x7f0000000f80)="6027e24ecd5f99488e72f8b6213552c8bb5f27776b7675f53d8362752df1520700e432f24a8af381d094bf4b7696f7efca787189f08b41dea497fd3f59ed1b923c3177e4136f53a9f387a97a578b7afa3c39f652c3843faef283e527f621d2036b7b17987d30be17a008a5a296daf17d74b07bfd8a871861462184b74af9c1959659d4050826d6c157e07aeae595f9f145c626fec482d573239a66abfbc628cfb8b25694"}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 6.516010829s ago: executing program 3 (id=6150): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000490, &(0x7f0000000000)={[{@orlov}, {@errors_remount}]}, 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==") r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r0}, 0x10) mount(0x0, &(0x7f0000001fc0)='./file0\x00', &(0x7f0000002000)='devtmpfs\x00', 0x0, &(0x7f0000002040)='dirsync') r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r3}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000000000000000200"/63], 0x0, 0x56}, 0x20) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6gretap0\x00', 0x0}) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f00000004c0)={r5, 0x3, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x0, 0xc8, 0x8, 0x6, 0x5803, 0x320, 0x2e8, 0x2e8, 0x320, 0x2e8, 0x3, 0x0, {[{{@ipv6={@remote, @mcast1, [], [], 'vlan0\x00', 'geneve1\x00'}, 0x0, 0x168, 0x198, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5df11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f35a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1, 0x2}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000b80)={0x3c, r7, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x42}}]}, 0x3c}}, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000040), r6) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10010, r1, 0x1) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000680)={0xffffffffffffffff, &(0x7f0000000f80)="6027e24ecd5f99488e72f8b6213552c8bb5f27776b7675f53d8362752df1520700e432f24a8af381d094bf4b7696f7efca787189f08b41dea497fd3f59ed1b923c3177e4136f53a9f387a97a578b7afa3c39f652c3843faef283e527f621d2036b7b17987d30be17a008a5a296daf17d74b07bfd8a871861462184b74af9c1959659d4050826d6c157e07aeae595f9f145c626fec482d573239a66abfbc628cfb8b25694"}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.638847819s ago: executing program 2 (id=6219): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48) r1 = socket$caif_stream(0x25, 0x1, 0x3) setsockopt$CAIFSO_REQ_PARAM(r1, 0x29, 0x80, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r2}, 0x20) set_mempolicy(0x1, 0x0, 0x9) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000008c0)={[{@nobh}, {@noauto_da_alloc}, {@jqfmt_vfsold}, {@data_err_ignore}, {@resuid}, {@dioread_nolock}, {@usrjquota}, {@discard}, {@jqfmt_vfsv1}]}, 0xfc, 0x564, &(0x7f0000002bc0)="$eJzs3c9rHFUcAPDvbLL9rU2hFPUggR6s1G6axB8VPNSjaLGg97ok01Cy6ZbspjSxYHuwFy9SBBEL4h/gyYvH4j/gX1HQQpES9OAlMpvZdNPdTbbJtkm7nw9M8t7M7L757sz38WbfLhvAwBrN/hQiXo2Ib5OIwy3bhiPfOLq63/LD61PZksTKymd/J5Hk65r7J/n/g3nllYj4/euIk4X2dmuLS7PlSiWdz+tj9bkrY7XFpVOX5soz6Ux6eWJy8sw7kxPvv/du32J98/y/P3x696Mz3xxf/v6X+0duJ3E2DuXbWuPYhhutldEYzV+TYpx9bMfxPjS2myQ7fQBsyVCe58XI+oDDMZRnPfDi+yoiVoABlch/GFDNcUDz3r5P98HPjQcfrt4Atcc/vPreSOxr3BsdWE7W3Rll97sjfWg/a+O3v+7czpbo3/sQAJu6cTMiTg8Pt/d/Sd7/bd3pHvZ5vA39Hzw7d7Pxz1udxj+FtfFPdBj/HOyQu1uxef4X7vehma6y8d8HHce/a5NWI0N57aXGmK+YXLxUSbO+7eWIOBHFvVl9o/mcM8v3Vtav+XWt1Dr+y5as/eZYMD+O+8N71z96ulwvbzfupgc3I17rOP5N1s5/0uH8Z6/H+R7bOJbeeb3bts3jf7pWfo54o+P5fzSjlWw8PznWuB7GmldFu39uHfujW/s9xF/sY7htsvN/YOP4R5LW+dpat2fqPm/0077/0m7btnr970k+b5T35Ouulev1+fGIPckn7esnHj22WW/un8V/4vjG/V+n639/RHzRNeL1bh291XXXnb7+s/inn+j8P3nh3sdf/tit/d7O/9uN0ol8TS/9X68HuJ3XDgAAAAAAAHabQkQciqRQWisXCqXS6uc7jsaBQqVaq5+8WF24PB2N78qORLHQnOk+3PJ5iPH887DN+sRj9cmIOBIR3w3tb9RLU9XK9E4HDwAAAAAAAAAAAAAAAAAAALvEwYh9nb7/n/lzaKePDnjq2n66QeLDwOj+0y35ln780hOwK3XPf+BFJ/9hcMl/GFzyHwaX/IfBJf9hcMl/GFzyHwAAAAAAAAAAAAAAAAAAAAAAAAAAAPrq/Llz2bKy/PD6VFafvrq4MFu9emo6rc2W5hamSlPV+SulmWp1ppKWpqpzmz1fpVq9Mj4RC9fG6mmtPlZbXLowV124XL9waa48k15Ii88kKgAAAAAAAAAAAAAAAAAAAHi+1BaXZsuVSjqvoLClwvDuOAyFPhd2umcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEf+DwAA//9MBzmC") r4 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f000050a000/0x3000)=nil, 0x3000, 0x37fffff, 0x4000013, r4, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000472000/0x3000)=nil, 0x3000, 0x1000004, 0x10, r4, 0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000080)=@IORING_OP_SEND={0x1a, 0x10, 0x0, r4, 0x0, &(0x7f0000000280)="333fc33ad253f5fbd516ca1e0ebecb2b46ea5f1c7d91c3dceee6c5898fd8ffeb803250ce19ed5e7ad79001ab51cad54c4700cb81cd87f32e7efd26a4be0bba4970b13ff9433e644fd3bb77ac42b8156c0e176e41fc1d5c1d5f264faf41dc159b4db81e110c50aaf7fc8d3fd9cc821c169214445f44cfc814066588fe1fe221356c0e913b0e4895e3c54860a8bfb1cf9630688120845cf5506dcee4323aefad6a0819dc555740483936cab0d8c2f1d7173b7bd36a90c57293e84f2534a160fa70a849e8a4f6922207974bb3fcf2e6f5a7798b5107134ce8be746b7e0e94aca4bca5e81966eb56fa400f2f6c513064bceb906e4ece6f386395", 0xf8, 0x800, 0x1, {0x0, r6}}) fallocate(r4, 0x0, 0x0, 0x1000f4) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f000000aa80)) r7 = open(0x0, 0x141042, 0x0) fallocate(r7, 0x20, 0x0, 0x10000) ioperm(0x101, 0x5, 0xffffffffffffffff) open(&(0x7f0000000240)='./file0\x00', 0x62042, 0x0) acct(&(0x7f00000001c0)='./file0\x00') acct(0x0) r8 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) fallocate(r8, 0x0, 0x0, 0x10000) r9 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r9, 0x8983, &(0x7f0000000700)={0x6, 'veth1_to_batadv\x00', {0x1}}) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r9, 0x8982, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0) 1.527577897s ago: executing program 2 (id=6220): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) ppoll(0x0, 0x0, &(0x7f0000000580), &(0x7f00000005c0)={[0x8]}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_OPERSTATE={0x5, 0x10, 0x4}]}, 0x44}}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r2}, 0x10) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet_tcp_int(r4, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r4, &(0x7f0000000240)={0x2, 0x0, @dev}, 0x10) sendto$inet(r4, &(0x7f00000001c0)="e1", 0x1, 0x0, 0x0, 0x0) splice(r4, 0x0, r3, 0x0, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) r7 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r9) lsetxattr$system_posix_acl(0x0, &(0x7f0000000080)='system.posix_acl_default\x00', 0x0, 0x1c, 0x0) r10 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r10, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x4001, 0x8000000, 0x240, 0x0, 0x720d, 0x148, 0x0, 0x148, 0x1a8, 0x240, 0x240, 0x1a8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@loopback, @empty, 0x0, 0x0, 'wlan1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0) sendto$inet(r10, 0x0, 0x0, 0x24000080, 0x0, 0x0) listen(r10, 0x0) accept$inet(r10, 0x0, 0x0) recvmsg$unix(r5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdc8}, 0x0) 769.691173ms ago: executing program 4 (id=6236): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000940)=@newtfilter={0x174, 0x2c, 0xd27, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {}, {0x1c}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x144, 0x2, [@TCA_CGROUP_EMATCHES={0x140, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x10c, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x7fff, 0x8, 0xf0f9}, {0x4, 0x5, 0x3}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0xfb43, 0x3, 0x7}, {0xffffffff, 0x0, 0xffffffff, 0xffffe1fc}}}, @TCF_EM_META={0x8c, 0x3, 0x0, 0x0, {{0x8, 0x4, 0xc20}, [@TCA_EM_META_RVALUE={0x22, 0x3, [@TCF_META_TYPE_VAR="35ffe53c6d", @TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_VAR="7ebdd9573c", @TCF_META_TYPE_VAR="ad6ae1d551", @TCF_META_TYPE_VAR="5b27e9cde8ea4a", @TCF_META_TYPE_INT=0x8]}, @TCA_EM_META_RVALUE={0x12, 0x3, [@TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR="17e314a2", @TCF_META_TYPE_VAR="e874"]}, @TCA_EM_META_LVALUE={0x1b, 0x2, [@TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_VAR="0129", @TCF_META_TYPE_VAR="73b87c6df20a984d", @TCF_META_TYPE_VAR="69e205c3", @TCF_META_TYPE_VAR="a0", @TCF_META_TYPE_INT=0x9]}, @TCA_EM_META_RVALUE={0x29, 0x3, [@TCF_META_TYPE_VAR="64a7c83702", @TCF_META_TYPE_VAR="5a8a1cbfaea2", @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_INT, @TCF_META_TYPE_VAR='w', @TCF_META_TYPE_VAR="68e3774c1d"]}]}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x2, 0x1, 0xe6}, {0x80000001, 0x2366, 0x2, 0x4, 0x3, 0x0, 0x2}}}, @TCF_EM_META={0x24, 0x1, 0x0, 0x0, {{0x0, 0x4, 0x5765}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x0, 0x8, 0x1}, {0x4, 0x5}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x2, 0xa6, 0x275284422451bb0f}, {0x0, 0x6, 0x2}}}]}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x3, 0x7, 0x1}, {{0x0, 0x1}, {0x1, 0x0, 0x1}}}}]}, @TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_META={0x24, 0x1, 0x0, 0x0, {{0x0, 0x4, 0x6ab2}, [@TCA_EM_META_LVALUE={0x4}, @TCA_EM_META_LVALUE={0x4}, @TCA_EM_META_RVALUE={0x4, 0x3, [@TCF_META_TYPE_VAR, @TCF_META_TYPE_VAR]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x3ff, 0xb7}, {0x8, 0xf, 0x2}}}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}]}]}}]}, 0x174}}, 0x48010) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 756.209884ms ago: executing program 4 (id=6237): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000000000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='kfree\x00', r2}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000a40)={[{@dioread_nolock}, {@noauto_da_alloc}, {@jqfmt_vfsold}, {@data_err_ignore}, {@noauto_da_alloc}, {@delalloc}, {@resuid}, {@oldalloc}, {@jqfmt_vfsv1}]}, 0xfc, 0x550, &(0x7f0000000340)="$eJzs3d9rW1UcAPDvTdv91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRZBlNOtY6cHtwL77IEEQciH+A7z4O/wH/ioEOhoyiD75EbnrTZWvSZm22Zubzgduec89Nzz0593t6bk5CAhhaE9mPQsSrEfFtEnG4rWw08sKJteNWH16fzbYkGo3P/koiyfe1jk/y3wfzzCsR8dvXEScLG+utLa8slMrldDHPT9YrVyZryyunLlVK8+l8enl6ZubMOzPT77/3bt/a+ub5f3749O5HZ745vvr9L/eP3E7ibBzKy9rbsQM32jMTMZE/J2Nx9okDp/pQ2SBJdvsE2JaRPM7HIhsDDsdIHvXA/99XEdEAhlQi/mFIteYBrXv7Pt0HvzAefLh2A7Sx/aNrr43Evua90YHV5LE7o+x+d7wP9Wd1/PrnndvZFv17HQJgSzduRsTp0dGN41+Sj3/bd7qHY56sw/gHz8/dbP7zVqf5T2F9/hMd5j8HO8Tudmwd/4X7faimq2z+90HH+e/6otX4SJ57qTnnG0suXiqn2dj2ckSciLG9WX6z9Zwzq/ca3cra53/ZltXfmgvm53F/dO/jj5kr1Us7aXO7BzcjXus4/03W+z/p0P/Z83G+xzqOpXde71a2dfufrcbPEW907P9HK1rJ5uuTk83rYbJ1VWz0961jv3erf7fbn/X/gc3bP560r9fWnr6On/b9m3Yr2+71vyf5vJnek++7VqrXF6ci9iSfbNw//eixrXzr+Kz9J45vPv51uv73R8QXPbb/1tFbXQ8dhP6fe6r+f/rEvY+//LFb/b31/9vN1Il8Ty/jX68nuJPnDgAAAAAAAAZNISIORVIorqcLhWJx7f0dR+NAoVyt1U9erC5dnovmZ2XHY6zQWuk+3PZ+iKn8/bCt/PQT+ZmIOBIR343sb+aLs9Xy3G43HgAAAAAAAAAAAAAAAAAAAAbEwYh9nT7/n/ljZLfPDnjmfOU3DK/u8Z+X9OObnoCB5P8/DC/xD8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQV+fPncu2xurD67NZfu7q8tJC9eqpubS2UKwszRZnq4tXivPV6nw5Lc5WK1v9vXK1emVqOpauTdbTWn2ytrxyoVJduly/cKlSmk8vpGPPpVUAAAAAAAAAAAAAAAAAAADwYqktryyUyuV0UUJiW4nRwTgNiT4ndntkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH/gsAAP//sQI4ww==") ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x8004587d, &(0x7f00000008c0)={0x0, 0xffffffffffffffff, 0x2, 0x40, 0x200}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000014c0)=@newtaction={0x88c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbc25b5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaa]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x4, 0x2, 0x0, 0x0, 0x0, 0xff}}}]]}, {0x4}, {0xc, 0xb, {0x0, 0x1}}, {0xc, 0xa, {0xcd9ea82f18d77c93}}}}]}]}, 0x88c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getresuid(&(0x7f00000002c0), &(0x7f0000000380), &(0x7f00000003c0)=0x0) setsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000400)={{{@in6=@mcast1, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4e22, 0xe34, 0x4e24, 0x2, 0x2, 0xb0, 0x20, 0x33, 0x0, r4}, {0x5, 0xfffffffffffffffc, 0xff, 0x8, 0x0, 0xfffffffffffffffc, 0x6, 0x2}, {0x4, 0x9, 0xdb, 0x52}, 0xffffffff, 0x6e6bbe, 0x1, 0x1, 0x3}, {{@in=@rand_addr=0x64010102, 0x4d5, 0x32}, 0xa, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x8ed6b52fdd7b417, 0x1, 0x0, 0x200000, 0x7, 0x7}}, 0xe8) socket(0x11, 0x800000003, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000d40)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0xd]}}}}]}, 0x88}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=@newtaction={0xa8, 0x31, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x94, 0x1, [@m_mirred={0x90, 0x1, 0x0, 0x0, {{0xb}, {0x64, 0x3, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x3, 0x3, 0x1, 0x1}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0x4, 0x7, 0x7fff, 0x3f}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa8}}, 0x0) 663.06895ms ago: executing program 4 (id=6238): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x240018, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x469, &(0x7f0000000ac0)="$eJzs3E1sVEUcAPD/e/3i01bEDxC0ikbiR0vLhxy8aDTxoImJHjCealsIUqihNRFCFD3g0ZB4Nx5NvJt40otRD8bEq94NCTFcQE9rZve9sl12S8tuWXB/v+RtZ96bZua/86Y7O7PbAHrWaHrIIrZExB8RMVzLLi8wWvtx7cq56X+unJvOolJ58++sWu7qlXPTZdHy9zbXMpVKxFBKDjWp98I7EVNzc7Oni/z44sn3xxfOnH3u+MmpY7PHZk9NHj58YP/uwUOTB9uKLy9+priu7vxofteOV9+++Pr0kYvv/vxNau+W4np9HLckRdtgtPbsNno0PTzZVmV3lF/Tw9a6E1l/68Jjt6FBrF5fRKTuGqiO/+Hoi41L14bjlU+72jhgXVUqlUqz1+fC+QrwP5ZFt1sAdEf5Qp/e/5bHbZp63BEuv1h7A5TivlYctSv9S2sHAw3vbztpNCKOnP/3y3REJ9YhAABu4vs0/3m22fwvjwfqyt1T7KGMRMS9EbEtIu6LiO0RcX9EteyDEfHQGutv3CG5cf6TX7qlwFYpzf9eKPa2ls//ytlfjPQVua3V+Aeyo8fnZvcVz8neGBhK+YkV6vjh5d8/L9MbGq7Vz//Skeov54JFOy71NyzQzUwtTrUbd+nyJxE7+5vFn0W5jZNFxI6I2HmLdRx/+utdra7dPP4VrLDPtFqVryKeqvX/+VgW//WuylruT048f2jy4PiGmJvdN17eFTf65bcLb7Sqv634OyD1/6am9//SLvBItiFi4czZE9X92oW113Hhz8/qxvSy3eUUf/5txJrv/8HsrWp6sDj34dTi4umJiMHstRvPT17/3TJflk/x793TfPxvq2vxwxGRbuLdEfFIsYmb+u6xiHg8IvasEP9PLz3xXqtrrft/hVX5Dkrxz9ys/6O+/9ee6Dvx43drj7+U+v9ANbW3OLOav3+rbWA7zx0AAADcLfLqZ+CzfGwpnedjY7XP8G+PTfnc/MLiM0fnPzg1U/us/EgM5OVK13DdeuhEsTZc5icb8vuLdeMv+jZW82PT83Mz3Q4eetzmFuM/+auv260D1l0H9tGAu5TxD73L+IfeZfxD7zL+oXc1G/8fd6EdwO3n9R96l/EPvcv4h95l/ENPavnd+Lytr/x3OVH+74Q7pT1dSmxczyoi736APZHoX+/beKjppS7/YQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQ/wIAAP//YKPiyQ==") prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f00001da000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f00001da000/0x2000)=nil, &(0x7f00001db000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00001db000/0x4000)=nil, &(0x7f00001db000/0x4000)=nil, &(0x7f00000015c0)="77e7cd7adebed31d409e9c44e2e25c25b6bb03521e0ee830313d97e937addecbf0714e9a79fae0cc7673b83c46bdffac5307cd2203772531fe46295dde94722889fe8b5a072ffa652f089b8c1ea20553854c41527c568f8b264ffe9c1cf0b62543eb82e6cf4c8868978538c7aca196bd8d4b99c0edb7e87ae8538b1030bc1d58e5842719c1f86f18b1630604088a7a048a686f618753a6e2978612d96ce49e51ef1b4182593b698308c0b2d09d5db5a2075995ca362c8dfa51ac6bad1835408e350cfcc584c805c1ec91f7306f2e39172c7a36cc0168069d727de659cf0e3ab999679c7cd20f65ffeb3572b4a60d30612fff319926b23cc1b23a527d965fda14dfa1a204b77de9010244f9ac2b862602180ede89159f4006505db33034109cc9ee6477e24513a41367f3947407cdc1aea43c1b23c80205d751df2350689d4715e6760ed55e7fef8b168791212f39c77d480ea1d2ee379beb2f9325dd83d005bfed29c3b9249d192212365f5917a8e682a897517042a14a914933f78c31a73152d55dabc9c76d076a1d4fa08cce6e6759e996a7ecbe889228a8ac8f9e6bb29b65143dc0bc805d4f934652e1180cbb9f91791e4d4ee6582d5394e309558e51d5d2f8ec4dac907327208275586a1c3c88479a35640305cef5d7e68cb7347e707eafc577bc4329d2090aa8e449cb3f0ea76f4a665c7f0caac991400cde7090d6d79fb5daaba740f5afac9e9d4d1ce9d28b5426da94677a01fb7b510b994c673f795d38c804dc4f2c5ec75274eb6c308ca6c1438b6f7363103c736a892c15dbb2c637b0137248ce4aa9ed82bd8188ccd372d07fa06a2e67bb3b720e97ac175c73393e6516897f90c154db89ccd808bfdff6bb7af07be1c70ccd4a60a91f9607f574d6f3f732cb6b236dc00501703e4a3054855aa37fae40ed9f05b147ad7e204197f15874f0ae1cb9eec1304338ae41710621b155903c120fe875e345eefd08c3e0e37dfb051d9b6fc1c4d9ccaab5f7250e631e92ad3b6479ed10740d8689273a946eccc14e26fc75e6a63bec91bfbef974091834d84397d0b5a191bbbdb5afdd5f978b8ce8b5ba762ed251f2dd7ccd4678dff94aa5e1d4ceef00580a4a66522a60c161229f192f80c2e70c483c087ba157a5d86e94054455c9d04438cdbb7b6a463f28df074283c90f27a9dd3dd2230c13f536e2ad98fa0b0b5c28d43a18e7a6e8527121a521ac51bc3db60843d79d8275524c44a09f1fd1c8a5393dfd0c195ba9e51ff2d3c1f56c20353ef41e2763c8a418120f1aface71fabf9f2851d8db91463bfc6878dd2e3078b58d4268dcb8e7bfdffff946dee6b7a41d545621bc7f4630f34a750fb4d92b32faac429e06a6ef46897acf6c48bee5000af8d059dc5c2978e3c0ca5b74a86be30b60159a55f88e947d0473ae0daf8e9d8f53ca8bfd72595e8846d8f059a1e663fcf372d4ca704f6fd8b6d9dbcf0ee8c9c3b55b476ccda21971cb46f73555fbee7276b07567a2db72fbf6c626a4e72458a874c37cba79f9501c1d94b2bed84e6072b48d030cc922da91a6855e13ed4d5a4f34884dcea9fbabc8d0e289ed8ea9b7aafa75f124ea73fa0e2c05882022a7cc0d494f54aa1617e0ae1a5020efcb7d981a1924a92d99bf1cec708f6537d132e08abe6b09fad92a00552c8557e844775f7d7c21b11eab4e61c6db6697df9869a2874d395ac550f22625f68979d7a03b932eea2d5fe19b7501abe4c657d7c1a77692a4cbd9a6fc1ac53980ad9ad86b2ca6060b680fa30db1aed2873f789b62487194520d94bb968f7fecf2f522cac69d4fcdd38b78cc6f787b0fded7140268895c4641e270dc8e5132ecd4bbf6763ecfada39060103f91dc06380378815bae430c6380fd3a9ca137493ebc44ec2219cecb939506823bb4ee036850f5d8498e8eeff22e7143b3ea28b9651d8e3a198a1b1fac4211051a1422daa41375c45dbb7eaa0fb445dc434f4b345b31cb1fb8a0e48ed85685", 0x58a}, 0x68) mount$tmpfs(0x0, &(0x7f0000001ac0)='./file0\x00', &(0x7f0000001b00), 0x0, &(0x7f0000001b40)=ANY=[@ANYBLOB='fscon']) 451.764006ms ago: executing program 2 (id=6239): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000005000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) semop(0x0, 0x0, 0x0) 426.853048ms ago: executing program 4 (id=6240): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0xffffffffffffffff, 0xffffffffffffffff}, 0x0, &(0x7f0000000040)=r0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000980)='./file1\x00', 0x280809a, &(0x7f0000000f40)=ANY=[], 0xd, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg") r2 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) write$9p(r2, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706", 0x200) sendfile(r2, r3, 0x0, 0xe066) sendfile(r2, r3, 0x0, 0xffff) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0), 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r4}, 0x90) sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f0000000480)={&(0x7f0000000300), 0xc, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x40800}, 0x4000010) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x90) syz_open_dev$tty20(0xc, 0x4, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000680)='kmem_cache_free\x00', r5}, 0x10) r6 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r6, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000540)={'ip6_vti0\x00', &(0x7f00000004c0)={'syztnl0\x00', 0x0, 0x29, 0x9, 0x9, 0x4, 0x1, @mcast1, @local, 0x20, 0x80, 0x7fffffff, 0x2}}) connect$phonet_pipe(0xffffffffffffffff, &(0x7f0000002200), 0x10) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x800, 0x0, 0x0) 396.582081ms ago: executing program 2 (id=6241): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b70200"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000000000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='kfree\x00', r5}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000a40)={[{@dioread_nolock}, {@noauto_da_alloc}, {@jqfmt_vfsold}, {@data_err_ignore}, {@noauto_da_alloc}, {@delalloc}, {@resuid}, {@oldalloc}, {@jqfmt_vfsv1}]}, 0xfc, 0x550, &(0x7f0000000340)="$eJzs3d9rW1UcAPDvTdv91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRZBlNOtY6cHtwL77IEEQciH+A7z4O/wH/ioEOhoyiD75EbnrTZWvSZm22Zubzgduec89Nzz0593t6bk5CAhhaE9mPQsSrEfFtEnG4rWw08sKJteNWH16fzbYkGo3P/koiyfe1jk/y3wfzzCsR8dvXEScLG+utLa8slMrldDHPT9YrVyZryyunLlVK8+l8enl6ZubMOzPT77/3bt/a+ub5f3749O5HZ745vvr9L/eP3E7ibBzKy9rbsQM32jMTMZE/J2Nx9okDp/pQ2SBJdvsE2JaRPM7HIhsDDsdIHvXA/99XEdEAhlQi/mFIteYBrXv7Pt0HvzAefLh2A7Sx/aNrr43Evua90YHV5LE7o+x+d7wP9Wd1/PrnndvZFv17HQJgSzduRsTp0dGN41+Sj3/bd7qHY56sw/gHz8/dbP7zVqf5T2F9/hMd5j8HO8Tudmwd/4X7faimq2z+90HH+e/6otX4SJ57qTnnG0suXiqn2dj2ckSciLG9WX6z9Zwzq/ca3cra53/ZltXfmgvm53F/dO/jj5kr1Us7aXO7BzcjXus4/03W+z/p0P/Z83G+xzqOpXde71a2dfufrcbPEW907P9HK1rJ5uuTk83rYbJ1VWz0961jv3erf7fbn/X/gc3bP560r9fWnr6On/b9m3Yr2+71vyf5vJnek++7VqrXF6ci9iSfbNw//eixrXzr+Kz9J45vPv51uv73R8QXPbb/1tFbXQ8dhP6fe6r+f/rEvY+//LFb/b31/9vN1Il8Ty/jX68nuJPnDgAAAAAAAAZNISIORVIorqcLhWJx7f0dR+NAoVyt1U9erC5dnovmZ2XHY6zQWuk+3PZ+iKn8/bCt/PQT+ZmIOBIR343sb+aLs9Xy3G43HgAAAAAAAAAAAAAAAAAAAAbEwYh9nT7/n/ljZLfPDnjmfOU3DK/u8Z+X9OObnoCB5P8/DC/xD8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQV+fPncu2xurD67NZfu7q8tJC9eqpubS2UKwszRZnq4tXivPV6nw5Lc5WK1v9vXK1emVqOpauTdbTWn2ytrxyoVJduly/cKlSmk8vpGPPpVUAAAAAAAAAAAAAAAAAAADwYqktryyUyuV0UUJiW4nRwTgNiT4ndntkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH/gsAAP//sQI4ww==") r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_all\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r6, 0x8004587d, &(0x7f00000008c0)={0x0, 0xffffffffffffffff, 0x2, 0x40, 0x200}) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) unlink(&(0x7f0000000480)='./file0/file0\x00') sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000014c0)=@newtaction={0x88c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbc25b5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaa]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x4, 0x2, 0x0, 0x0, 0x0, 0xff}}}]]}, {0x4}, {0xc, 0xb, {0x0, 0x1}}, {0xc, 0xa, {0xcd9ea82f18d77c93}}}}]}]}, 0x88c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) creat(&(0x7f0000000040)='./file0\x00', 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) getresuid(&(0x7f00000002c0), &(0x7f0000000380), &(0x7f00000003c0)=0x0) setsockopt$inet6_IPV6_IPSEC_POLICY(r7, 0x29, 0x22, &(0x7f0000000400)={{{@in6=@mcast1, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4e22, 0xe34, 0x4e24, 0x2, 0x2, 0xb0, 0x20, 0x33, 0x0, r8}, {0x5, 0xfffffffffffffffc, 0xff, 0x8, 0x0, 0xfffffffffffffffc, 0x6, 0x2}, {0x4, 0x9, 0xdb, 0x52}, 0xffffffff, 0x6e6bbe, 0x1, 0x1, 0x3}, {{@in=@rand_addr=0x64010102, 0x4d5, 0x32}, 0xa, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x8ed6b52fdd7b417, 0x1, 0x0, 0x200000, 0x7, 0x7}}, 0xe8) r9 = socket(0x11, 0x800000003, 0x0) r10 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000d40)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0xd]}}}}]}, 0x88}}, 0x0) r12 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=@newtaction={0xa8, 0x31, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x94, 0x1, [@m_mirred={0x90, 0x1, 0x0, 0x0, {{0xb}, {0x64, 0x3, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x3, 0x3, 0x1, 0x1}, 0x2, r11}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0x4, 0x7, 0x7fff, 0x3f}, 0x0, r11}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa8}}, 0x0) 369.959982ms ago: executing program 1 (id=6243): r0 = socket$inet6(0xa, 0x2, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x2, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) setfsuid(r3) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000600)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) 361.663993ms ago: executing program 0 (id=6244): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0xffffffffffffffff, 0xffffffffffffffff}, 0x0, &(0x7f0000000040)=r0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000980)='./file1\x00', 0x280809a, &(0x7f0000000f40)=ANY=[], 0xd, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg") r2 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r3 = open$dir(0x0, 0x0, 0x0) write$9p(r2, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706", 0x200) sendfile(r2, r3, 0x0, 0xe066) sendfile(r2, r3, 0x0, 0xffff) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0), 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r4}, 0x90) sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f0000000480)={&(0x7f0000000300), 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x7c, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x5, 0x24}}}}, [@NL80211_ATTR_QOS_MAP={0x26, 0xc7, {[{0x7e, 0x1}, {0x4, 0x2}, {0x5f, 0x4}, {0x5, 0x5}, {0x1, 0x7}, {0x6, 0x7}, {0x1}, {0x7}, {0xde, 0x6}, {0x3}, {0xf7, 0x5}, {0x7, 0x6}, {0x5, 0x6}], "7b6c7d21f34cfe8c"}}, @NL80211_ATTR_QOS_MAP={0x34, 0xc7, {[{0x2, 0x3}, {0x2, 0x6}, {0x22, 0x5}, {0xff, 0x4}, {0xe, 0x3}, {0x6}, {0x27, 0x4}, {0x6, 0x6}, {0x7, 0x1}, {0x9, 0x3}, {0x4f, 0x7}, {0xfe}, {0x7, 0x7}, {0x4, 0x3}, {0x6, 0x4}, {0x6, 0x3}, {0x9, 0x3}, {0x74, 0x2}, {0xd, 0x6}, {0x2}], "9a228d4fa0422131"}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x40800}, 0x4000010) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x90) syz_open_dev$tty20(0xc, 0x4, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000680)='kmem_cache_free\x00', r5}, 0x10) r6 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r6, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000540)={'ip6_vti0\x00', &(0x7f00000004c0)={'syztnl0\x00', 0x0, 0x29, 0x9, 0x9, 0x4, 0x1, @mcast1, @local, 0x20, 0x80, 0x7fffffff, 0x2}}) connect$phonet_pipe(0xffffffffffffffff, &(0x7f0000002200), 0x10) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x800, 0x0, 0x0) 281.056249ms ago: executing program 1 (id=6245): openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000067dfb4a518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea95ec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf81700cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be3827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f969369de47422604e2fc5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293b6c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b612272d40f522d8c98c879aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbe71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd46dbd61627a2e0a74b5e6aefb7eee403502734137ff47a57f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a125e3af1130d66a7b66837ae7e7123dde7404a067ad0a6a2d6bec9411b61cad4121be3c72ff3a04713042253d438e7becf8120de3895b8ce974958bde39cb8da3427a2e9e2de936431e67fed5ab5684db07de39083d8948cc4c8a2608100000000000000000000aecb8b0b7941088f971ce17427eec32a012295cc0cdd32955176b6ad5a4bb953e58ccfa9428f452cfb5a48a9fda26db3985c8be3c2f99827da074825b01c4a3a71fb59d5798100000000000000c76b05a45d2dd8c20d971e2f3e4369168f5cb83d6ff3a18733fec726034fbfa95624135bee374414b2c8c61f52357a520efd6a10aff244bc8a62ed367981fb4d5d77f7bc093958ff46527499957da4934cd4b370cf76f72dd05fa80cdfb68c836fd81be7a58532e041a87f9222f157610a4bcdc05b2a55308c8e7568b90f7a338557e816a16972aea79dff5becefa6f9c5ce6c58fb38da9e7532dc53cfdc2e789b76f7d32aca1bfea2aa62621b78dded30fc07171866bf3d552900000000a32dda61eeda1750e157c2d569b9d08f583c0ee28daec2e8bb85f3c8e91c4448096ee953def18dc73e55cb30f9cd069d8780b00eaba382f0c3ae391c30a5f1b0f36dd0c2193b791995d2890327a10d7abac76d1202f72e97f0105184d7aaaab8d3e29c9a8d263f076b55cf53c5bb9c0662a3d19a6722d7f83ae4331d3256f90af0857788b380ccc3b266c418e66d1d756d5df6423dd0cea67bc235d3776d22270fc19301ead09f1568"], &(0x7f0000000340)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x24, 0x60000000}, 0x2c) 280.473869ms ago: executing program 4 (id=6246): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180800000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r1) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="24000000180001000000000000000000802000000011000500000000080003000a"], 0x24}}, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_RTHDR(r5, 0x29, 0x39, &(0x7f00000003c0)=ANY=[@ANYRES32=r5], 0x28) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454c9, 0x7) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000280)={0x3c, @local, 0x4e24, 0x3, 'lblcr\x00', 0x0, 0x2, 0x55}, 0x2c) r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000001500000000000000020000000000"], 0x0, 0x1a, 0x0, 0xff, 0xd1}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r7}, 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f00000003c0)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r8}, 0x10) quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000240)='./file0\x00') r9 = socket$phonet_pipe(0x23, 0x5, 0x2) ftruncate(r6, 0x8979) getsockopt$PNPIPE_IFINDEX(r9, 0x113, 0x9, 0x0, &(0x7f0000000740)) 224.646303ms ago: executing program 1 (id=6247): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000380)={0x10, 0x14, 0x200, 0x70bd2d, 0x25dfdbfc}, 0x10}], 0x1, &(0x7f0000000d80), 0x0, 0x4881}, 0x20042084) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000088000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000340)='sched_kthread_stop_ret\x00', r2}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4000000010001fff000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000a00b8"], 0x40}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}]}, @NFT_MSG_NEWSETELEM={0x30, 0xe, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}], {0x14, 0x10}}, 0xb4}}, 0x4000000) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'dummy0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10) close(r0) 224.491903ms ago: executing program 0 (id=6248): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) 189.123636ms ago: executing program 0 (id=6249): r0 = socket$nl_route(0x10, 0x3, 0x0) ioperm(0x0, 0x6, 0x400) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f00000001c0)=0xc) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001500010000006eb1000000000a380000", @ANYRES32=0x0, @ANYBLOB="140001"], 0x34}}, 0x0) unshare(0x24020400) inotify_init1(0x0) r2 = syz_io_uring_setup(0x44f, &(0x7f0000000140)={0x0, 0x0, 0x10780}, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000740)=@IORING_OP_LINKAT={0x27, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00'}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x2b8, 0xffffffff, 0x98, 0x98, 0x130, 0xffffffff, 0xffffffff, 0x220, 0x220, 0x220, 0xffffffff, 0x4, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0x0, 0x0, 'veth0_to_hsr\x00', 'team0\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28}}, {{@ip={@multicast2, @dev, 0x0, 0x0, 'wlan1\x00', 'veth0\x00'}, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@ttl={{0x28}}, @common=@ah={{0x30}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318) io_uring_enter(r2, 0x42d3e, 0x0, 0x0, 0x0, 0x0) 150.014808ms ago: executing program 2 (id=6250): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x240018, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x469, &(0x7f0000000ac0)="$eJzs3E1sVEUcAPD/e/3i01bEDxC0ikbiR0vLhxy8aDTxoImJHjCealsIUqihNRFCFD3g0ZB4Nx5NvJt40otRD8bEq94NCTFcQE9rZve9sl12S8tuWXB/v+RtZ96bZua/86Y7O7PbAHrWaHrIIrZExB8RMVzLLi8wWvtx7cq56X+unJvOolJ58++sWu7qlXPTZdHy9zbXMpVKxFBKDjWp98I7EVNzc7Oni/z44sn3xxfOnH3u+MmpY7PHZk9NHj58YP/uwUOTB9uKLy9+priu7vxofteOV9+++Pr0kYvv/vxNau+W4np9HLckRdtgtPbsNno0PTzZVmV3lF/Tw9a6E1l/68Jjt6FBrF5fRKTuGqiO/+Hoi41L14bjlU+72jhgXVUqlUqz1+fC+QrwP5ZFt1sAdEf5Qp/e/5bHbZp63BEuv1h7A5TivlYctSv9S2sHAw3vbztpNCKOnP/3y3REJ9YhAABu4vs0/3m22fwvjwfqyt1T7KGMRMS9EbEtIu6LiO0RcX9EteyDEfHQGutv3CG5cf6TX7qlwFYpzf9eKPa2ls//ytlfjPQVua3V+Aeyo8fnZvcVz8neGBhK+YkV6vjh5d8/L9MbGq7Vz//Skeov54JFOy71NyzQzUwtTrUbd+nyJxE7+5vFn0W5jZNFxI6I2HmLdRx/+utdra7dPP4VrLDPtFqVryKeqvX/+VgW//WuylruT048f2jy4PiGmJvdN17eFTf65bcLb7Sqv634OyD1/6am9//SLvBItiFi4czZE9X92oW113Hhz8/qxvSy3eUUf/5txJrv/8HsrWp6sDj34dTi4umJiMHstRvPT17/3TJflk/x793TfPxvq2vxwxGRbuLdEfFIsYmb+u6xiHg8IvasEP9PLz3xXqtrrft/hVX5Dkrxz9ys/6O+/9ee6Dvx43drj7+U+v9ANbW3OLOav3+rbWA7zx0AAADcLfLqZ+CzfGwpnedjY7XP8G+PTfnc/MLiM0fnPzg1U/us/EgM5OVK13DdeuhEsTZc5icb8vuLdeMv+jZW82PT83Mz3Q4eetzmFuM/+auv260D1l0H9tGAu5TxD73L+IfeZfxD7zL+oXc1G/8fd6EdwO3n9R96l/EPvcv4h95l/ENPavnd+Lytr/x3OVH+74Q7pT1dSmxczyoi736APZHoX+/beKjppS7/YQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQ/wIAAP//YKPiyQ==") prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f00001da000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f00001da000/0x2000)=nil, &(0x7f00001db000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00001db000/0x4000)=nil, &(0x7f00001db000/0x4000)=nil, &(0x7f00000015c0)="77e7cd7adebed31d409e9c44e2e25c25b6bb03521e0ee830313d97e937addecbf0714e9a79fae0cc7673b83c46bdffac5307cd2203772531fe46295dde94722889fe8b5a072ffa652f089b8c1ea20553854c41527c568f8b264ffe9c1cf0b62543eb82e6cf4c8868978538c7aca196bd8d4b99c0edb7e87ae8538b1030bc1d58e5842719c1f86f18b1630604088a7a048a686f618753a6e2978612d96ce49e51ef1b4182593b698308c0b2d09d5db5a2075995ca362c8dfa51ac6bad1835408e350cfcc584c805c1ec91f7306f2e39172c7a36cc0168069d727de659cf0e3ab999679c7cd20f65ffeb3572b4a60d30612fff319926b23cc1b23a527d965fda14dfa1a204b77de9010244f9ac2b862602180ede89159f4006505db33034109cc9ee6477e24513a41367f3947407cdc1aea43c1b23c80205d751df2350689d4715e6760ed55e7fef8b168791212f39c77d480ea1d2ee379beb2f9325dd83d005bfed29c3b9249d192212365f5917a8e682a897517042a14a914933f78c31a73152d55dabc9c76d076a1d4fa08cce6e6759e996a7ecbe889228a8ac8f9e6bb29b65143dc0bc805d4f934652e1180cbb9f91791e4d4ee6582d5394e309558e51d5d2f8ec4dac907327208275586a1c3c88479a35640305cef5d7e68cb7347e707eafc577bc4329d2090aa8e449cb3f0ea76f4a665c7f0caac991400cde7090d6d79fb5daaba740f5afac9e9d4d1ce9d28b5426da94677a01fb7b510b994c673f795d38c804dc4f2c5ec75274eb6c308ca6c1438b6f7363103c736a892c15dbb2c637b0137248ce4aa9ed82bd8188ccd372d07fa06a2e67bb3b720e97ac175c73393e6516897f90c154db89ccd808bfdff6bb7af07be1c70ccd4a60a91f9607f574d6f3f732cb6b236dc00501703e4a3054855aa37fae40ed9f05b147ad7e204197f15874f0ae1cb9eec1304338ae41710621b155903c120fe875e345eefd08c3e0e37dfb051d9b6fc1c4d9ccaab5f7250e631e92ad3b6479ed10740d8689273a946eccc14e26fc75e6a63bec91bfbef974091834d84397d0b5a191bbbdb5afdd5f978b8ce8b5ba762ed251f2dd7ccd4678dff94aa5e1d4ceef00580a4a66522a60c161229f192f80c2e70c483c087ba157a5d86e94054455c9d04438cdbb7b6a463f28df074283c90f27a9dd3dd2230c13f536e2ad98fa0b0b5c28d43a18e7a6e8527121a521ac51bc3db60843d79d8275524c44a09f1fd1c8a5393dfd0c195ba9e51ff2d3c1f56c20353ef41e2763c8a418120f1aface71fabf9f2851d8db91463bfc6878dd2e3078b58d4268dcb8e7bfdffff946dee6b7a41d545621bc7f4630f34a750fb4d92b32faac429e06a6ef46897acf6c48bee5000af8d059dc5c2978e3c0ca5b74a86be30b60159a55f88e947d0473ae0daf8e9d8f53ca8bfd72595e8846d8f059a1e663fcf372d4ca704f6fd8b6d9dbcf0ee8c9c3b55b476ccda21971cb46f73555fbee7276b07567a2db72fbf6c626a4e72458a874c37cba79f9501c1d94b2bed84e6072b48d030cc922da91a6855e13ed4d5a4f34884dcea9fbabc8d0e289ed8ea9b7aafa75f124ea73fa0e2c05882022a7cc0d494f54aa1617e0ae1a5020efcb7d981a1924a92d99bf1cec708f6537d132e08abe6b09fad92a00552c8557e844775f7d7c21b11eab4e61c6db6697df9869a2874d395ac550f22625f68979d7a03b932eea2d5fe19b7501abe4c657d7c1a77692a4cbd9a6fc1ac53980ad9ad86b2ca6060b680fa30db1aed2873f789b62487194520d94bb968f7fecf2f522cac69d4fcdd38b78cc6f787b0fded7140268895c4641e270dc8e5132ecd4bbf6763ecfada39060103f91dc06380378815bae430c6380fd3a9ca137493ebc44ec2219cecb939506823bb4ee036850f5d8498e8eeff22e7143b3ea28b9651d8e3a198a1b1fac4211051a1422daa41375c45dbb7eaa0fb445dc434f4b345b31cb1fb8a0e48ed85685", 0x58a}, 0x68) mount$tmpfs(0x0, &(0x7f0000001ac0)='./file0\x00', &(0x7f0000001b00), 0x0, &(0x7f0000001b40)=ANY=[@ANYBLOB='fscon']) 118.613031ms ago: executing program 0 (id=6251): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000005000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) semop(0x0, 0x0, 0x0) 79.947564ms ago: executing program 0 (id=6252): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000005000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) semop(0x0, 0x0, 0x0) 79.122034ms ago: executing program 1 (id=6253): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x1080000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc27, 0x1, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x0, 0x0, &(0x7f0000001180), &(0x7f0000000000), 0x0) 66.860775ms ago: executing program 2 (id=6254): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0xffffffffffffffff, 0xffffffffffffffff}, 0x0, &(0x7f0000000040)=r0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000980)='./file1\x00', 0x280809a, &(0x7f0000000f40)=ANY=[], 0xd, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg") r2 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) write$9p(r2, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706", 0x200) sendfile(r2, r3, 0x0, 0xe066) sendfile(r2, r3, 0x0, 0xffff) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0), 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r4}, 0x90) sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f0000000480)={&(0x7f0000000300), 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x7c, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x5, 0x24}}}}, [@NL80211_ATTR_QOS_MAP={0x26, 0xc7, {[{0x7e, 0x1}, {0x4, 0x2}, {0x5f, 0x4}, {0x5, 0x5}, {0x1, 0x7}, {0x6, 0x7}, {0x1}, {0x7}, {0xde, 0x6}, {0x3}, {0xf7, 0x5}, {0x7, 0x6}, {0x5, 0x6}], "7b6c7d21f34cfe8c"}}, @NL80211_ATTR_QOS_MAP={0x34, 0xc7, {[{0x2, 0x3}, {0x2, 0x6}, {0x22, 0x5}, {0xff, 0x4}, {0xe, 0x3}, {0x6}, {0x27, 0x4}, {0x6, 0x6}, {0x7, 0x1}, {0x9, 0x3}, {0x4f, 0x7}, {0xfe}, {0x7, 0x7}, {0x4, 0x3}, {0x6, 0x4}, {0x6, 0x3}, {0x9, 0x3}, {0x74, 0x2}, {0xd, 0x6}, {0x2}], "9a228d4fa0422131"}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x40800}, 0x4000010) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r5, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000540)={'ip6_vti0\x00', &(0x7f00000004c0)={'syztnl0\x00', 0x0, 0x29, 0x9, 0x9, 0x4, 0x1, @mcast1, @local, 0x20, 0x80, 0x7fffffff, 0x2}}) connect$phonet_pipe(0xffffffffffffffff, &(0x7f0000002200), 0x10) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x800, 0x0, 0x0) 32.071877ms ago: executing program 0 (id=6255): connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000180)) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000110020850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200088, &(0x7f0000000780)={[{@errors_remount}, {@dax_never}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x13e8}}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@noacl}, {@i_version}, {@dax_always}, {@jqfmt_vfsv1}, {@nouser_xattr}], [{@fsuuid={'fsuuid', 0x3d, {[0x38, 0x62, 0x30, 0x37, 0x38, 0x36, 0x37, 0x35], 0x2d, [0x39, 0x38, 0x32, 0x62], 0x2d, [0x35, 0x32, 0x34, 0x37], 0x2d, [0x32, 0x65, 0x32, 0x38], 0x2d, [0x33, 0x65, 0x36, 0x65, 0x63, 0x31, 0x39, 0x35]}}}]}, 0x3, 0x579, &(0x7f0000001b40)="$eJzs3V9rU+cfAPDvSRut1t/PCiLbLkbBizmcqW33x8FAdzk2mbDdu9AeizQ10qRiO0G9mDe7GTIYY8LYC9j9LmVvYK9C2AQZUraL3XSc9ERj27RpjaZdPh84+jznnPR7njznefI9OQkJoG+NZv8UIl6NiG+SiMMt2wYj3zi6ut/y4xtT2ZLEyspnfyaR5Oua+yf5/8N55ZWI+PWriJOF9XFri0uz5Uolnc/rY/W5q2O1xaVTl+fKM+lMemVicvLMO5MT77/3btfa+uaFv7//9P5HZ74+vvzdzw+P3E3iXBzKt7W24zncaq2Mxmj+nBTj3Jodx7sQbDdJen0A7MhAPs6Lkc0Bh2MgH/XAf9/NiFgB+lRi/EOfauYBzWv7Ll0H7xmPPly9AFrf/sHV90ZiqHFtdHA5eebKKLveHelC/CzGL3/cu5stscX7EDe7EA+g6dbtiDg9OLh+/kvy+W/nTjfePN7c2hj99voDvXQ/y3/e2ij/KTzJf2KD/Gd4g7G7E1uP/8LDLoRpK8v/Ptgw/30ydY0M5LX/NXK+YnLpciU9HRH/j4gTUdyf1Te7n3Nm+cFKu22t+V+2ZPGbuWB+HA8H9z/7mOlyvfw8bW716HbEa0/z3yTWzf9DjVx3bf9nz8eFDmMcS++93m7b1u1v1f0MeOWniDc27P+nd7SSze9PjjXOh7HmWbHeX3eO/dYu/vba331Z/x/cvP0jSev92tr2Y/w49E/abttOz/99yeeN8r583fVyvT4/HrEv+WT9+omnj23Wm/tn7T9xfPP5b6Pz/0BEfNFh++8cvdN2193Q/9Pb6v/tFx58/OUP7eJ31v9vN0on8jWdzH+dHuDzPHcAAAAAAACw2xQi4lAkhdKTcqFQKq1+vuNoHCxUqrX6yUvVhSvT0fiu7EgUC8073YdbPg8xnn8etlmfWFOfjIgjEfHtwIFGvTRVrUz3uvEAAAAAAAAAAAAAAAAAAACwSwy3+f5/5veBXh8d8ML5yW/oX1uO/2780hOwK3n9h/411OsDAHrG6z/0L+Mf+pfxD/3L+If+ZfxD/zL+AQAAAAAAAAAAAAAAAAAAAAAAAAAAoKsunD+fLSvLj29MZfXpa4sLs9Vrp6bT2mxpbmGqNFWdv1qaqVZnKmlpqjrXeNBw+79XqVavjk/EwvWxelqrj9UWly7OVReu1C9enivPpBfT4ktrGQAAAAAAAAAAAAAAAAAAAOwdtcWl2XKlks7vwcL+lxTrbPS6pR0Uiu27Mtmql8/mJ8OOog/2vu0KL6DQ44kJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFr8GwAA//8rtTKZ") bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = add_key(0x0, &(0x7f00000006c0)={'syz', 0x3}, &(0x7f0000000740)="ba13b6a5d0f9cc7f3c1e3e8d347e8e18753534edcb30090ee8fc6d90d69fcfeda2b3d530b1bd5e0dd2b63009bce47775c21fb3a5", 0x34, 0xfffffffffffffff9) add_key(&(0x7f00000003c0)='blacklist\x00', &(0x7f0000000500)={'syz', 0x1}, 0x0, 0x0, r2) chdir(&(0x7f0000000000)='./file1\x00') r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc00, 0x0) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x0, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff) getpid() madvise(&(0x7f0000b16000/0x4000)=nil, 0x4000, 0x4) 28.146498ms ago: executing program 1 (id=6256): r0 = socket$nl_route(0x10, 0x3, 0x0) ioperm(0x0, 0x6, 0x400) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f00000001c0)=0xc) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001500010000006eb1000000000a380000", @ANYRES32=0x0, @ANYBLOB="140001"], 0x34}}, 0x0) unshare(0x24020400) r2 = inotify_init1(0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x0) ftruncate(r3, 0x6000000) inotify_add_watch(r2, &(0x7f0000000200)='./file0\x00', 0xa2000721) read$usbfs(r3, &(0x7f0000000100)=""/209, 0xd1) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000740)=@IORING_OP_LINKAT={0x27, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00'}) io_uring_enter(0xffffffffffffffff, 0x42d3e, 0x0, 0x0, 0x0, 0x0) 295.31µs ago: executing program 1 (id=6257): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x1080000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc27, 0x1, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), 0x0, 0x0) 0s ago: executing program 4 (id=6258): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000000}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): T29] audit: type=1326 audit(2000000004.640:22874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22495 comm="syz.0.5654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 405.594234][ T29] audit: type=1326 audit(2000000004.640:22875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22495 comm="syz.0.5654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 405.617998][ T29] audit: type=1326 audit(2000000004.640:22876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22495 comm="syz.0.5654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 405.641643][ T29] audit: type=1326 audit(2000000004.640:22877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22495 comm="syz.0.5654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 405.665299][ T29] audit: type=1326 audit(2000000004.640:22878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22495 comm="syz.0.5654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 405.688891][ T29] audit: type=1326 audit(2000000004.640:22879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22495 comm="syz.0.5654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 405.725454][T22498] loop2: detected capacity change from 0 to 2048 [ 405.732309][T22498] EXT4-fs: Ignoring removed orlov option [ 405.751129][T22500] syz.0.5657[22500] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 405.751219][T22500] syz.0.5657[22500] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 405.768121][T22498] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5655'. [ 405.792442][T22504] loop1: detected capacity change from 0 to 2048 [ 405.804060][T22504] EXT4-fs: Ignoring removed orlov option [ 405.822809][T22498] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.834106][T22506] loop4: detected capacity change from 0 to 1024 [ 405.841040][T22506] EXT4-fs: Ignoring removed oldalloc option [ 405.855154][T22504] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.869582][T22506] EXT4-fs (loop4): shut down requested (0) [ 405.869965][T22498] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.886961][T22506] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 405.895855][T22506] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 405.904737][T22506] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=13 [ 405.913834][T22506] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 405.922762][T22506] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 405.932262][T22506] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=13 [ 405.933318][T22504] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.954297][T22506] netlink: 'syz.4.5658': attribute type 3 has an invalid length. [ 405.975317][T22519] loop4: detected capacity change from 0 to 256 [ 405.998808][T22498] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.016405][T22504] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.066663][T22498] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.116036][T22504] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.159282][T22498] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.169814][T22498] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.180254][T22498] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.191647][T22498] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.224330][T22525] loop2: detected capacity change from 0 to 1024 [ 406.231150][T22525] EXT4-fs: Ignoring removed oldalloc option [ 406.256888][T22525] EXT4-fs (loop2): shut down requested (0) [ 406.263775][T22525] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 406.272936][T22525] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 406.281856][T22525] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=13 [ 406.290854][T22525] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 406.299684][T22525] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 406.308477][T22525] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=13 [ 406.318067][T22525] netlink: 'syz.2.5664': attribute type 3 has an invalid length. [ 406.348113][T22530] loop2: detected capacity change from 0 to 1024 [ 406.355034][T22530] EXT4-fs: Ignoring removed nobh option [ 406.370006][T22530] EXT4-fs error (device loop2): ext4_lookup:1811: inode #12: comm syz.2.5665: iget: bad extended attribute block 768799145984 [ 406.383743][T22530] EXT4-fs error (device loop2): ext4_lookup:1811: inode #12: comm syz.2.5665: iget: bad extended attribute block 768799145984 [ 406.417737][T22534] loop2: detected capacity change from 0 to 512 [ 406.425436][T22534] tmpfs: Bad value for 'fscontext' [ 406.449211][T22536] loop2: detected capacity change from 0 to 2048 [ 406.456179][T22536] EXT4-fs: Ignoring removed orlov option [ 406.471293][T22536] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.517262][T22536] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.566123][T22536] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.626025][T22536] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.798804][T22541] bridge0: port 3(vlan0) entered blocking state [ 406.805211][T22541] bridge0: port 3(vlan0) entered disabled state [ 406.811729][T22541] vlan0: entered allmulticast mode [ 406.817586][T22541] vlan0: left allmulticast mode [ 406.901919][T22550] loop4: detected capacity change from 0 to 1024 [ 406.909201][T22550] EXT4-fs: Ignoring removed oldalloc option [ 406.926931][T22550] EXT4-fs (loop4): shut down requested (0) [ 406.933681][T22550] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 406.942631][T22550] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 406.951854][T22550] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=13 [ 406.960994][T22550] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 406.970093][T22550] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 406.979235][T22550] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=13 [ 406.993085][T22550] netlink: 'syz.4.5672': attribute type 3 has an invalid length. [ 407.128991][T22563] loop4: detected capacity change from 0 to 1024 [ 407.136198][T22563] EXT4-fs: Ignoring removed nobh option [ 407.150284][T22563] EXT4-fs error (device loop4): ext4_lookup:1811: inode #12: comm syz.4.5677: iget: bad extended attribute block 768799145984 [ 407.164022][T22563] EXT4-fs error (device loop4): ext4_lookup:1811: inode #12: comm syz.4.5677: iget: bad extended attribute block 768799145984 [ 407.232600][T22569] netlink: 'syz.0.5678': attribute type 3 has an invalid length. [ 407.929262][T22574] loop0: detected capacity change from 0 to 256 [ 408.006254][T22580] loop0: detected capacity change from 0 to 128 [ 408.012737][T22580] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 408.024730][T22580] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 408.035147][T22580] FAULT_INJECTION: forcing a failure. [ 408.035147][T22580] name failslab, interval 1, probability 0, space 0, times 0 [ 408.047815][T22580] CPU: 1 UID: 0 PID: 22580 Comm: syz.0.5683 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0 [ 408.058680][T22580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 408.068726][T22580] Call Trace: [ 408.072061][T22580] [ 408.074976][T22580] dump_stack_lvl+0xf2/0x150 [ 408.079559][T22580] dump_stack+0x15/0x20 [ 408.083802][T22580] should_fail_ex+0x229/0x230 [ 408.088460][T22580] ? getname_flags+0x81/0x3b0 [ 408.093142][T22580] should_failslab+0x8f/0xb0 [ 408.097724][T22580] kmem_cache_alloc_noprof+0x4c/0x290 [ 408.103137][T22580] getname_flags+0x81/0x3b0 [ 408.104747][T22374] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, [ 408.107694][T22580] __x64_sys_renameat+0x50/0x80 [ 408.115967][T22374] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 408.120740][T22580] x64_sys_call+0x764/0x2d60 [ 408.131600][T22374] EXT4-fs (loop1): Remounting filesystem read-only [ 408.134032][T22580] do_syscall_64+0xc9/0x1c0 [ 408.145119][T22580] ? clear_bhb_loop+0x55/0xb0 [ 408.149859][T22580] ? clear_bhb_loop+0x55/0xb0 [ 408.154637][T22580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.160598][T22580] RIP: 0033:0x7f130b429eb9 [ 408.165001][T22580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.184670][T22580] RSP: 002b:00007f130a0a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 408.193158][T22580] RAX: ffffffffffffffda RBX: 00007f130b5c5f80 RCX: 00007f130b429eb9 [ 408.201169][T22580] RDX: 0000000000000006 RSI: 0000000020000400 RDI: 0000000000000006 [ 408.209189][T22580] RBP: 00007f130a0a7090 R08: 0000000000000000 R09: 0000000000000000 [ 408.217240][T22580] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001 [ 408.225267][T22580] R13: 0000000000000000 R14: 00007f130b5c5f80 R15: 00007ffc1d747e68 [ 408.233241][T22580] [ 408.377644][T22584] loop4: detected capacity change from 0 to 128 [ 408.384279][T22584] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 408.399866][T22584] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 408.425369][T16544] FAT-fs (loop4): error, invalid access to FAT (entry 0xffff0000) [ 408.433239][T16544] FAT-fs (loop4): Filesystem has been set read-only [ 408.440510][T16544] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 408.449075][T16544] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 408.538569][T22590] loop0: detected capacity change from 0 to 512 [ 408.546765][T22590] tmpfs: Bad value for 'fscontext' [ 408.569557][T22592] loop0: detected capacity change from 0 to 2048 [ 408.576331][T22592] EXT4-fs: Ignoring removed orlov option [ 408.587157][T22592] EXT4-fs mount: 86 callbacks suppressed [ 408.587167][T22592] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 408.609460][T22592] __nla_validate_parse: 3 callbacks suppressed [ 408.609471][T22592] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5690'. [ 408.625873][T22592] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.676077][T22592] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.704757][T22374] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 408.719828][T22374] EXT4-fs (loop2): Remounting filesystem read-only [ 408.726549][T22374] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 408.741598][T22374] EXT4-fs (loop0): Remounting filesystem read-only [ 408.743618][T22592] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.749381][T16544] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 408.771910][ T3375] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.796533][T22592] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.856230][ T3375] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.912609][T22596] chnl_net:caif_netlink_parms(): no params data found [ 408.941843][T22596] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.949092][T22596] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.956266][T22596] bridge_slave_0: entered allmulticast mode [ 408.962736][T22596] bridge_slave_0: entered promiscuous mode [ 408.970231][ T3375] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.980997][T22596] bridge0: port 2(bridge_slave_1) entered blocking state [ 408.988119][T22596] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.995454][T22596] bridge_slave_1: entered allmulticast mode [ 409.001732][T22596] bridge_slave_1: entered promiscuous mode [ 409.017044][T22596] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 409.027564][ T3375] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.039693][T22596] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 409.057480][T22596] team0: Port device team_slave_0 added [ 409.063925][T22596] team0: Port device team_slave_1 added [ 409.079743][T22596] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 409.086792][T22596] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 409.112700][T22596] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 409.123845][T22596] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 409.130803][T22596] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 409.156889][T22596] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 409.193329][T22596] hsr_slave_0: entered promiscuous mode [ 409.199296][T22596] hsr_slave_1: entered promiscuous mode [ 409.213257][ T3375] bridge_slave_1: left allmulticast mode [ 409.219111][ T3375] bridge_slave_1: left promiscuous mode [ 409.224805][ T3375] bridge0: port 2(bridge_slave_1) entered disabled state [ 409.232382][ T3375] bridge_slave_0: left allmulticast mode [ 409.238161][ T3375] bridge_slave_0: left promiscuous mode [ 409.243840][ T3375] bridge0: port 1(bridge_slave_0) entered disabled state [ 409.317592][ T3375] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 409.327578][ T3375] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 409.338047][ T3375] bond0 (unregistering): Released all slaves [ 409.407112][ T3375] hsr_slave_0: left promiscuous mode [ 409.413076][ T3375] hsr_slave_1: left promiscuous mode [ 409.418826][ T3375] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 409.426316][ T3375] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 409.435215][ T3375] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 409.442615][ T3375] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 409.453647][ T3375] veth1_macvtap: left promiscuous mode [ 409.459267][ T3375] veth0_macvtap: left promiscuous mode [ 409.464897][ T3375] veth1_vlan: left promiscuous mode [ 409.470115][ T3375] veth0_vlan: left promiscuous mode [ 409.534277][ T3375] team0 (unregistering): Port device team_slave_1 removed [ 409.544355][ T3375] team0 (unregistering): Port device team_slave_0 removed [ 409.840280][T22596] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 409.850265][T22596] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 409.859126][T22596] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 409.869250][T22596] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 409.917233][T22596] 8021q: adding VLAN 0 to HW filter on device bond0 [ 409.934414][T22596] 8021q: adding VLAN 0 to HW filter on device team0 [ 409.943948][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 409.951062][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 409.978433][T22596] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 409.988924][T22596] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 410.002734][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 410.009817][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 410.056983][T22596] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 410.152589][T22596] veth0_vlan: entered promiscuous mode [ 410.160686][T22596] veth1_vlan: entered promiscuous mode [ 410.175156][T22596] veth0_macvtap: entered promiscuous mode [ 410.182406][T22596] veth1_macvtap: entered promiscuous mode [ 410.192372][T22596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 410.202835][T22596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.212759][T22596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 410.223284][T22596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.233089][T22596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 410.243557][T22596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.253480][T22596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 410.263954][T22596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.274641][T22596] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 410.285165][T22596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 410.295656][T22596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.305563][T22596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 410.315984][T22596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.325788][T22596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 410.336224][T22596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.346060][T22596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 410.356519][T22596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.367401][T22596] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 410.376927][T22596] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.385753][T22596] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.394410][T22596] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.403145][T22596] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.447490][T22711] loop4: detected capacity change from 0 to 1024 [ 410.454247][T22711] EXT4-fs: Ignoring removed oldalloc option [ 410.466328][T22711] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 410.479613][T22711] EXT4-fs (loop4): shut down requested (0) [ 410.483535][T22592] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.494585][T22711] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 410.496411][T22592] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.504782][T22711] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 410.514537][T22592] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.528657][T22711] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=13 [ 410.531847][T22592] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.537685][T22711] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 410.554931][T22711] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 410.564262][T16688] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 410.566991][T22715] netlink: 'syz.4.5692': attribute type 3 has an invalid length. [ 410.573359][T22711] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=13 [ 410.604360][T22596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 410.641566][ T29] kauditd_printk_skb: 286 callbacks suppressed [ 410.641581][ T29] audit: type=1326 audit(2000000009.960:23166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22721 comm="syz.4.5695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 410.671896][ T29] audit: type=1326 audit(2000000009.960:23167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22721 comm="syz.4.5695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 410.695603][ T29] audit: type=1326 audit(2000000009.960:23168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22721 comm="syz.4.5695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 410.915836][T22726] netlink: 'syz.0.5696': attribute type 3 has an invalid length. [ 411.418682][T22504] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.429581][T22504] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.440028][T22504] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.450775][T22504] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.465394][T16618] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 411.490322][T22728] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=52892 sclass=netlink_route_socket pid=22728 comm=syz.4.5698 [ 411.515176][ T3311] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.544398][ T29] audit: type=1400 audit(2000000010.860:23169): avc: denied { setopt } for pid=22733 comm="syz.1.5700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 411.559459][T22736] loop4: detected capacity change from 0 to 512 [ 411.564131][ T29] audit: type=1400 audit(2000000010.860:23170): avc: denied { bind } for pid=22733 comm="syz.1.5700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 411.589775][ T29] audit: type=1400 audit(2000000010.860:23171): avc: denied { name_bind } for pid=22733 comm="syz.1.5700" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 411.611696][ T29] audit: type=1400 audit(2000000010.860:23172): avc: denied { node_bind } for pid=22733 comm="syz.1.5700" saddr=127.0.0.1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 411.634939][ T29] audit: type=1400 audit(2000000010.900:23173): avc: denied { name_connect } for pid=22733 comm="syz.1.5700" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 411.657204][ T29] audit: type=1400 audit(2000000010.900:23174): avc: denied { read } for pid=22733 comm="syz.1.5700" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 411.712876][T22536] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.737480][T22536] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.764836][T22536] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.778459][T22743] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5704'. [ 411.787447][T22743] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5704'. [ 411.799549][T22536] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.847680][ T29] audit: type=1326 audit(2000000011.150:23175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22735 comm="syz.4.5701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 411.885831][T16529] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 411.964359][T22751] loop0: detected capacity change from 0 to 256 [ 411.978491][T22751] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 412.529854][T22763] loop4: detected capacity change from 0 to 256 [ 412.706073][T22764] chnl_net:caif_netlink_parms(): no params data found [ 412.738372][T22764] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.745707][T22764] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.752931][T22764] bridge_slave_0: entered allmulticast mode [ 412.759548][T22764] bridge_slave_0: entered promiscuous mode [ 412.766452][T22764] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.773561][T22764] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.780882][T22764] bridge_slave_1: entered allmulticast mode [ 412.787369][T22764] bridge_slave_1: entered promiscuous mode [ 412.806202][ T28] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.826247][T22793] loop4: detected capacity change from 0 to 1024 [ 412.832963][T22793] EXT4-fs: Ignoring removed oldalloc option [ 412.843952][T22764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 412.855114][T22764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 412.855694][T22793] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 412.896884][ T28] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.912206][T22793] EXT4-fs (loop4): shut down requested (0) [ 412.922561][T22793] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 412.935304][T22800] loop1: detected capacity change from 0 to 1024 [ 412.941913][T22800] EXT4-fs: Ignoring removed oldalloc option [ 412.948388][T22793] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 412.949794][T22764] team0: Port device team_slave_0 added [ 412.957241][T22793] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=13 [ 412.971670][T22793] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 412.973114][T22764] team0: Port device team_slave_1 added [ 412.980693][T22793] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 412.992254][T22800] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 413.002348][T22793] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=13 [ 413.030070][ T28] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.043355][T22800] EXT4-fs (loop1): shut down requested (0) [ 413.055382][T22764] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 413.062390][T22764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 413.088358][T22764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 413.123253][T22815] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=13 [ 413.132243][T22815] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=13 [ 413.139450][T22804] netlink: 'syz.4.5718': attribute type 3 has an invalid length. [ 413.158227][ T28] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.178302][T22596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 413.189171][T22764] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 413.196273][T22764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 413.222318][T22764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 413.263536][T22800] netlink: 'syz.1.5720': attribute type 3 has an invalid length. [ 413.292892][T16618] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 413.420545][ T28] bridge_slave_1: left allmulticast mode [ 413.426316][ T28] bridge_slave_1: left promiscuous mode [ 413.432089][ T28] bridge0: port 2(bridge_slave_1) entered disabled state [ 413.514538][T22828] loop1: detected capacity change from 0 to 1024 [ 413.529345][T22828] EXT4-fs: Ignoring removed nobh option [ 413.578408][T22828] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 413.606692][T22828] EXT4-fs error (device loop1): ext4_lookup:1811: inode #12: comm syz.1.5730: iget: bad extended attribute block 768799145984 [ 413.622132][T22828] EXT4-fs error (device loop1): ext4_lookup:1811: inode #12: comm syz.1.5730: iget: bad extended attribute block 768799145984 [ 413.696800][T22833] loop0: detected capacity change from 0 to 1024 [ 413.704459][T22833] EXT4-fs: Ignoring removed oldalloc option [ 413.736663][T22833] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 413.757795][T22833] EXT4-fs (loop0): shut down requested (0) [ 413.768432][T22833] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 413.777533][T22833] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 413.789396][T22833] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=13 [ 413.798289][T22833] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 413.804604][ T28] bridge_slave_0: left allmulticast mode [ 413.807390][T22833] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 413.812717][ T28] bridge_slave_0: left promiscuous mode [ 413.822833][T22833] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=13 [ 413.827114][ T28] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.928631][ T28] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 413.938853][ T28] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 413.949364][ T28] bond0 (unregistering): Released all slaves [ 413.958380][ T28] bond1 (unregistering): (slave batadv1): Removing an active aggregator [ 413.967285][ T28] bond1 (unregistering): (slave batadv1): Releasing backup interface [ 413.977110][ T28] bond1 (unregistering): Released all slaves [ 413.986798][T22764] hsr_slave_0: entered promiscuous mode [ 413.992750][T22764] hsr_slave_1: entered promiscuous mode [ 413.999006][T22764] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 414.006773][T22764] Cannot create hsr debugfs directory [ 414.019043][T22839] netlink: 'syz.0.5731': attribute type 3 has an invalid length. [ 414.054740][T16618] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 414.055017][T16688] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 414.122073][ T28] hsr_slave_0: left promiscuous mode [ 414.191986][ T28] hsr_slave_1: left promiscuous mode [ 414.207509][ T28] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.215069][ T28] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.242195][ T28] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 414.249643][ T28] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.297088][ T28] veth1_macvtap: left promiscuous mode [ 414.302684][ T28] veth0_macvtap: left promiscuous mode [ 414.308359][ T28] veth1_vlan: left promiscuous mode [ 414.313561][ T28] veth0_vlan: left promiscuous mode [ 414.394653][ T28] team0 (unregistering): Port device team_slave_1 removed [ 414.407048][ T28] team0 (unregistering): Port device team_slave_0 removed [ 414.631091][T22886] loop1: detected capacity change from 0 to 256 [ 414.902251][T22764] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 414.926611][T22764] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 414.965706][T22926] loop1: detected capacity change from 0 to 512 [ 414.989364][T22764] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 414.993755][T22928] loop4: detected capacity change from 0 to 256 [ 415.010048][T22764] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 415.015984][T22926] tmpfs: Bad value for 'fscontext' [ 415.141987][T22936] netlink: 'syz.1.5748': attribute type 3 has an invalid length. [ 415.159661][T22764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 415.218379][T22764] 8021q: adding VLAN 0 to HW filter on device team0 [ 415.254205][ T3375] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.261333][ T3375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 415.332250][ T3375] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.339441][ T3375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 415.455144][T22945] loop1: detected capacity change from 0 to 2048 [ 415.468679][T22945] EXT4-fs: Ignoring removed orlov option [ 415.501967][T22958] FAULT_INJECTION: forcing a failure. [ 415.501967][T22958] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 415.515152][T22958] CPU: 1 UID: 0 PID: 22958 Comm: syz.4.5753 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0 [ 415.525959][T22958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 415.536083][T22958] Call Trace: [ 415.539427][T22958] [ 415.542353][T22958] dump_stack_lvl+0xf2/0x150 [ 415.546957][T22958] dump_stack+0x15/0x20 [ 415.551196][T22958] should_fail_ex+0x229/0x230 [ 415.555965][T22958] should_fail+0xb/0x10 [ 415.559853][T22962] netlink: 112 bytes leftover after parsing attributes in process `syz.2.5754'. [ 415.560202][T22958] should_fail_usercopy+0x1a/0x20 [ 415.560246][T22958] _copy_from_user+0x1e/0xd0 [ 415.560266][T22958] do_handle_open+0x164/0x570 [ 415.583617][T22958] __x64_sys_open_by_handle_at+0x46/0x50 [ 415.589260][T22958] x64_sys_call+0x2909/0x2d60 [ 415.594075][T22958] do_syscall_64+0xc9/0x1c0 [ 415.598582][T22958] ? clear_bhb_loop+0x55/0xb0 [ 415.599141][T22764] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 415.603280][T22958] ? clear_bhb_loop+0x55/0xb0 [ 415.614702][T22958] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.620607][T22958] RIP: 0033:0x7fee77449eb9 [ 415.625025][T22958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 415.644635][T22958] RSP: 002b:00007fee760c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 415.653114][T22958] RAX: ffffffffffffffda RBX: 00007fee775e5f80 RCX: 00007fee77449eb9 [ 415.661172][T22958] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 415.669147][T22958] RBP: 00007fee760c7090 R08: 0000000000000000 R09: 0000000000000000 [ 415.677253][T22958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 415.684182][T22764] veth0_vlan: entered promiscuous mode [ 415.685211][T22958] R13: 0000000000000000 R14: 00007fee775e5f80 R15: 00007ffedfb073d8 [ 415.685239][T22958] [ 415.710942][T22945] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 415.737663][T22764] veth1_vlan: entered promiscuous mode [ 415.753264][T22945] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5750'. [ 415.759010][T22764] veth0_macvtap: entered promiscuous mode [ 415.771579][T22764] veth1_macvtap: entered promiscuous mode [ 415.780881][T22945] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.783697][T22980] loop4: detected capacity change from 0 to 1024 [ 415.797642][T22980] EXT4-fs: Ignoring removed oldalloc option [ 415.802370][T22764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 415.814074][T22764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 415.823944][T22764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 415.834577][T22764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 415.844437][T22764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 415.854978][T22764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 415.865521][T22764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 415.874370][T22980] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 415.876173][T22764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 415.893662][T22980] EXT4-fs (loop4): shut down requested (0) [ 415.900244][T22764] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 415.912193][T22764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 415.922812][T22764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 415.932724][T22764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 415.943456][T22764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 415.953291][T22764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 415.963724][T22764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 415.973545][T22764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 415.984015][T22764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 415.998687][T22992] netlink: 'syz.0.5759': attribute type 3 has an invalid length. [ 416.010370][T22764] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 416.023319][T22945] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.041708][T22980] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 416.051838][T22980] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 416.061927][T22980] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=13 [ 416.071445][T22980] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 416.083311][T22764] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.092104][T22764] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.100817][T22764] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.109678][T22764] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.121240][T22980] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 416.130424][T22980] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=13 [ 416.147166][T22945] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.160567][T22980] netlink: 'syz.4.5756': attribute type 3 has an invalid length. [ 416.179742][T22596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 416.206519][T22945] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.252495][ T29] kauditd_printk_skb: 180 callbacks suppressed [ 416.252510][ T29] audit: type=1326 audit(2000000015.570:23356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22995 comm="syz.4.5760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 416.299519][ T29] audit: type=1326 audit(2000000015.600:23357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22995 comm="syz.4.5760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 416.323309][ T29] audit: type=1326 audit(2000000015.600:23358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22995 comm="syz.4.5760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 416.347107][ T29] audit: type=1326 audit(2000000015.600:23359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22995 comm="syz.4.5760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 416.382126][ T29] audit: type=1400 audit(2000000015.700:23360): avc: denied { name_bind } for pid=23001 comm="syz.0.5762" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 416.400948][T23007] netlink: 112 bytes leftover after parsing attributes in process `syz.4.5765'. [ 416.411236][ T29] audit: type=1400 audit(2000000015.720:23361): avc: denied { mounton } for pid=23005 comm="syz.3.5764" path="/1/file0" dev="tmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 416.527223][T23017] loop4: detected capacity change from 0 to 512 [ 416.536311][T23017] tmpfs: Unknown parameter '1˸ äŽØV…' [ 416.623797][T23022] FAULT_INJECTION: forcing a failure. [ 416.623797][T23022] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 416.636900][T23022] CPU: 0 UID: 0 PID: 23022 Comm: syz.2.5771 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0 [ 416.647965][T23022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 416.658022][T23022] Call Trace: [ 416.661282][T23022] [ 416.664192][T23022] dump_stack_lvl+0xf2/0x150 [ 416.668768][T23022] dump_stack+0x15/0x20 [ 416.672906][T23022] should_fail_ex+0x229/0x230 [ 416.677598][T23022] should_fail+0xb/0x10 [ 416.681786][T23022] should_fail_usercopy+0x1a/0x20 [ 416.686797][T23022] _copy_from_user+0x1e/0xd0 [ 416.691425][T23022] move_addr_to_kernel+0x82/0x120 [ 416.696582][T23022] __sys_connect+0x74/0x1c0 [ 416.701099][T23022] __x64_sys_connect+0x41/0x50 [ 416.705863][T23022] x64_sys_call+0x2220/0x2d60 [ 416.710526][T23022] do_syscall_64+0xc9/0x1c0 [ 416.715046][T23022] ? clear_bhb_loop+0x55/0xb0 [ 416.719702][T23022] ? clear_bhb_loop+0x55/0xb0 [ 416.724357][T23022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.730269][T23022] RIP: 0033:0x7f5bb30d9eb9 [ 416.734681][T23022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.754289][T23022] RSP: 002b:00007f5bb1d51038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 416.762703][T23022] RAX: ffffffffffffffda RBX: 00007f5bb3275f80 RCX: 00007f5bb30d9eb9 [ 416.770675][T23022] RDX: 000000000000001e RSI: 0000000020000080 RDI: 0000000000000006 [ 416.778642][T23022] RBP: 00007f5bb1d51090 R08: 0000000000000000 R09: 0000000000000000 [ 416.786168][T23025] netlink: 'syz.4.5770': attribute type 3 has an invalid length. [ 416.786603][T23022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 416.802287][T23022] R13: 0000000000000000 R14: 00007f5bb3275f80 R15: 00007ffc89efe968 [ 416.810282][T23022] [ 416.846211][ T29] audit: type=1326 audit(2000000016.170:23362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23028 comm="syz.2.5773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 416.870582][ T29] audit: type=1326 audit(2000000016.170:23363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23028 comm="syz.2.5773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 416.894283][ T29] audit: type=1326 audit(2000000016.170:23364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23028 comm="syz.2.5773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 416.918172][ T29] audit: type=1326 audit(2000000016.170:23365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23028 comm="syz.2.5773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 416.973477][T23035] netlink: 112 bytes leftover after parsing attributes in process `syz.2.5776'. [ 417.091783][T23044] loop2: detected capacity change from 0 to 512 [ 417.100114][T23044] tmpfs: Unknown parameter 'fsconäŽØV…' [ 417.141718][T23048] loop0: detected capacity change from 0 to 1024 [ 417.149535][T23048] EXT4-fs: Ignoring removed oldalloc option [ 417.165946][T23048] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 417.180738][T23048] EXT4-fs (loop0): shut down requested (0) [ 417.187999][T23048] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 417.196968][T23048] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 417.205934][T23048] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=13 [ 417.214828][T23048] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 417.223598][T23048] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 417.232529][T23048] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=13 [ 417.244707][T23048] netlink: 'syz.0.5782': attribute type 3 has an invalid length. [ 417.257558][T16688] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 417.452799][T23059] Process accounting resumed [ 417.558441][T23063] netlink: 112 bytes leftover after parsing attributes in process `syz.4.5787'. [ 417.703232][T23068] loop4: detected capacity change from 0 to 1024 [ 417.710368][T23068] EXT4-fs: Ignoring removed nobh option [ 417.725749][T23068] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 417.745394][T23068] EXT4-fs error (device loop4): ext4_lookup:1811: inode #12: comm syz.4.5790: iget: bad extended attribute block 768799145984 [ 417.759498][T23068] EXT4-fs error (device loop4): ext4_lookup:1811: inode #12: comm syz.4.5790: iget: bad extended attribute block 768799145984 [ 417.785733][T22596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 417.943763][T23086] netlink: 88 bytes leftover after parsing attributes in process `syz.4.5796'. [ 417.955187][T22978] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 417.970637][T22978] EXT4-fs (loop1): Remounting filesystem read-only [ 418.007703][T23095] netlink: 112 bytes leftover after parsing attributes in process `syz.2.5800'. [ 418.114137][T23104] loop2: detected capacity change from 0 to 1024 [ 418.121349][T23104] EXT4-fs: Ignoring removed oldalloc option [ 418.136115][T23104] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 418.152371][T23104] EXT4-fs (loop2): shut down requested (0) [ 418.167729][T23104] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 418.177061][T23104] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 418.193723][T23104] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=13 [ 418.202736][T23104] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 418.224018][T22945] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.233986][T23104] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 418.245021][T22945] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.259157][T23104] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=13 [ 418.273632][T22945] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.289606][T22945] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.307230][T16618] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 418.321016][T23118] netlink: 88 bytes leftover after parsing attributes in process `syz.0.5808'. [ 418.381006][T23104] netlink: 'syz.2.5803': attribute type 3 has an invalid length. [ 418.393902][T23127] FAULT_INJECTION: forcing a failure. [ 418.393902][T23127] name failslab, interval 1, probability 0, space 0, times 0 [ 418.406554][T23127] CPU: 0 UID: 0 PID: 23127 Comm: syz.0.5811 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0 [ 418.417374][T23127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 418.427438][T23127] Call Trace: [ 418.430712][T23127] [ 418.433635][T23127] dump_stack_lvl+0xf2/0x150 [ 418.438286][T23127] dump_stack+0x15/0x20 [ 418.442436][T23127] should_fail_ex+0x229/0x230 [ 418.447123][T23127] ? security_file_alloc+0x32/0xe0 [ 418.452243][T23127] should_failslab+0x8f/0xb0 [ 418.456852][T23127] kmem_cache_alloc_noprof+0x4c/0x290 [ 418.462290][T23127] security_file_alloc+0x32/0xe0 [ 418.467386][T23127] alloc_empty_file+0x121/0x310 [ 418.472246][T23127] alloc_file_pseudo+0xc3/0x140 [ 418.477109][T23127] anon_inode_getfile+0xa3/0x130 [ 418.482116][T23127] __se_sys_perf_event_open+0x1777/0x2180 [ 418.488010][T23127] __x64_sys_perf_event_open+0x67/0x80 [ 418.493534][T23127] x64_sys_call+0x18d7/0x2d60 [ 418.498281][T23127] do_syscall_64+0xc9/0x1c0 [ 418.502784][T23127] ? clear_bhb_loop+0x55/0xb0 [ 418.507483][T23127] ? clear_bhb_loop+0x55/0xb0 [ 418.512154][T23127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.518106][T23127] RIP: 0033:0x7f130b429eb9 [ 418.522523][T23127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.542198][T23127] RSP: 002b:00007f130a0a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 418.550632][T23127] RAX: ffffffffffffffda RBX: 00007f130b5c5f80 RCX: 00007f130b429eb9 [ 418.558588][T23127] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000000 [ 418.566612][T23127] RBP: 00007f130a0a7090 R08: 0000000000000000 R09: 0000000000000000 [ 418.574569][T23127] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 418.582524][T23127] R13: 0000000000000000 R14: 00007f130b5c5f80 R15: 00007ffc1d747e68 [ 418.590506][T23127] [ 418.610414][T16529] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 418.642315][T23133] loop0: detected capacity change from 0 to 1024 [ 418.649865][T23133] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 418.660809][T23133] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 418.672795][T23136] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5813'. [ 418.683361][T23133] jbd2_journal_init_inode: Cannot locate journal superblock [ 418.690719][T23133] EXT4-fs (loop0): Could not load journal inode [ 418.763132][T23133] loop0: detected capacity change from 0 to 1024 [ 418.769654][T23133] ext4: Unknown parameter 'fowner>00000000000000000000' [ 418.961863][T23151] loop4: detected capacity change from 0 to 512 [ 418.983894][T23152] loop0: detected capacity change from 0 to 164 [ 418.991983][T23152] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 419.003183][T23152] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 419.045590][T23151] tmpfs: Unknown parameter 'fsconteØV…' [ 419.727014][T23169] FAULT_INJECTION: forcing a failure. [ 419.727014][T23169] name failslab, interval 1, probability 0, space 0, times 0 [ 419.739789][T23169] CPU: 0 UID: 0 PID: 23169 Comm: syz.0.5826 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0 [ 419.750967][T23169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 419.761022][T23169] Call Trace: [ 419.764278][T23169] [ 419.767270][T23169] dump_stack_lvl+0xf2/0x150 [ 419.771848][T23169] dump_stack+0x15/0x20 [ 419.776010][T23169] should_fail_ex+0x229/0x230 [ 419.780666][T23169] ? __request_module+0x1ba/0x3e0 [ 419.785758][T23169] should_failslab+0x8f/0xb0 [ 419.790358][T23169] __kmalloc_cache_noprof+0x4b/0x2a0 [ 419.795640][T23169] ? dev_load+0x5e/0xb0 [ 419.799831][T23169] __request_module+0x1ba/0x3e0 [ 419.804666][T23169] ? capable+0x7c/0xb0 [ 419.808782][T23169] ? security_capable+0x64/0x80 [ 419.813621][T23169] dev_load+0x5e/0xb0 [ 419.817580][T23169] dev_ioctl+0x741/0xab0 [ 419.821907][T23169] sock_do_ioctl+0x11c/0x260 [ 419.826482][T23169] sock_ioctl+0x470/0x640 [ 419.830900][T23169] ? __pfx_sock_ioctl+0x10/0x10 [ 419.835791][T23169] __se_sys_ioctl+0xd3/0x150 [ 419.840482][T23169] __x64_sys_ioctl+0x43/0x50 [ 419.845064][T23169] x64_sys_call+0x15cc/0x2d60 [ 419.849723][T23169] do_syscall_64+0xc9/0x1c0 [ 419.854216][T23169] ? clear_bhb_loop+0x55/0xb0 [ 419.858880][T23169] ? clear_bhb_loop+0x55/0xb0 [ 419.863582][T23169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.869534][T23169] RIP: 0033:0x7f130b429eb9 [ 419.874001][T23169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.893678][T23169] RSP: 002b:00007f130a0a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 419.902118][T23169] RAX: ffffffffffffffda RBX: 00007f130b5c5f80 RCX: 00007f130b429eb9 [ 419.910067][T23169] RDX: 0000000020000040 RSI: 0000000000008923 RDI: 0000000000000003 [ 419.918021][T23169] RBP: 00007f130a0a7090 R08: 0000000000000000 R09: 0000000000000000 [ 419.925978][T23169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 419.933931][T23169] R13: 0000000000000000 R14: 00007f130b5c5f80 R15: 00007ffc1d747e68 [ 419.941928][T23169] [ 419.987185][T23175] loop1: detected capacity change from 0 to 128 [ 420.001325][T23175] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 420.019543][T23184] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5831'. [ 420.024731][T23175] ext4 filesystem being mounted at /401/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 420.062866][T23184] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.137181][T23184] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.236113][T23184] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.254461][T23193] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.286037][T23184] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.306312][T23193] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.321985][T23184] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.332723][T23184] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.343529][T23184] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.354649][T23184] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.364385][T23193] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.381948][T23196] loop2: detected capacity change from 0 to 512 [ 420.417265][T23193] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.479476][T23193] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.490128][T23193] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.500653][T23193] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.512676][T23193] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.619257][T23200] netlink: 'syz.0.5835': attribute type 37 has an invalid length. [ 420.662856][T23206] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 420.732555][T23213] FAULT_INJECTION: forcing a failure. [ 420.732555][T23213] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 420.745773][T23213] CPU: 0 UID: 0 PID: 23213 Comm: syz.0.5841 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0 [ 420.756597][T23213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 420.766926][T23213] Call Trace: [ 420.770355][T23213] [ 420.773343][T23213] dump_stack_lvl+0xf2/0x150 [ 420.777934][T23213] dump_stack+0x15/0x20 [ 420.782102][T23213] should_fail_ex+0x229/0x230 [ 420.786778][T23213] should_fail+0xb/0x10 [ 420.790941][T23213] should_fail_usercopy+0x1a/0x20 [ 420.796004][T23213] _copy_from_iter+0xd3/0xb00 [ 420.800664][T23213] ? kmalloc_reserve+0x16e/0x190 [ 420.805588][T23213] ? __build_skb_around+0x196/0x1f0 [ 420.810804][T23213] ? __alloc_skb+0x21f/0x310 [ 420.815406][T23213] ? __virt_addr_valid+0x1ed/0x250 [ 420.820515][T23213] ? __check_object_size+0x35b/0x510 [ 420.825943][T23213] netlink_sendmsg+0x460/0x6e0 [ 420.830793][T23213] ? __pfx_netlink_sendmsg+0x10/0x10 [ 420.836072][T23213] __sock_sendmsg+0x140/0x180 [ 420.840804][T23213] ____sys_sendmsg+0x312/0x410 [ 420.845565][T23213] __sys_sendmsg+0x1e9/0x280 [ 420.850183][T23213] __x64_sys_sendmsg+0x46/0x50 [ 420.854941][T23213] x64_sys_call+0x2689/0x2d60 [ 420.859612][T23213] do_syscall_64+0xc9/0x1c0 [ 420.864108][T23213] ? clear_bhb_loop+0x55/0xb0 [ 420.868789][T23213] ? clear_bhb_loop+0x55/0xb0 [ 420.873453][T23213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.879412][T23213] RIP: 0033:0x7f130b429eb9 [ 420.883822][T23213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.903421][T23213] RSP: 002b:00007f130a0a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 420.911923][T23213] RAX: ffffffffffffffda RBX: 00007f130b5c5f80 RCX: 00007f130b429eb9 [ 420.919907][T23213] RDX: 0000000000000000 RSI: 0000000020000640 RDI: 0000000000000004 [ 420.927938][T23213] RBP: 00007f130a0a7090 R08: 0000000000000000 R09: 0000000000000000 [ 420.935901][T23213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 420.943872][T23213] R13: 0000000000000000 R14: 00007f130b5c5f80 R15: 00007ffc1d747e68 [ 420.951896][T23213] [ 420.989785][T16618] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 420.995516][T23215] loop0: detected capacity change from 0 to 512 [ 421.007830][T23215] tmpfs: Unknown parameter 'fsconteØV…' [ 421.056054][T23224] __nla_validate_parse: 1 callbacks suppressed [ 421.056078][T23224] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5845'. [ 421.071336][T23224] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5845'. [ 421.100457][T23228] loop0: detected capacity change from 0 to 1024 [ 421.107408][T23228] EXT4-fs: Ignoring removed nobh option [ 421.126145][T23228] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 421.145437][T23228] EXT4-fs error (device loop0): ext4_lookup:1811: inode #12: comm syz.0.5847: iget: bad extended attribute block 768799145984 [ 421.159554][T23228] EXT4-fs error (device loop0): ext4_lookup:1811: inode #12: comm syz.0.5847: iget: bad extended attribute block 768799145984 [ 421.432665][T23237] netlink: 'syz.2.5848': attribute type 3 has an invalid length. [ 421.494849][ T29] kauditd_printk_skb: 423 callbacks suppressed [ 421.494862][ T29] audit: type=1326 audit(2000000020.820:23789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23238 comm="syz.4.5849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 421.566245][ T29] audit: type=1326 audit(2000000020.820:23790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23238 comm="syz.4.5849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 421.589895][ T29] audit: type=1326 audit(2000000020.850:23791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23238 comm="syz.4.5849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 421.613454][ T29] audit: type=1326 audit(2000000020.850:23792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23238 comm="syz.4.5849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 421.637018][ T29] audit: type=1326 audit(2000000020.850:23793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23238 comm="syz.4.5849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 421.709551][T23243] pim6reg1: entered promiscuous mode [ 421.714895][T23243] pim6reg1: entered allmulticast mode [ 421.916213][T23248] loop1: detected capacity change from 0 to 1024 [ 421.922969][T23248] EXT4-fs: Ignoring removed oldalloc option [ 421.936542][T23248] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 421.951864][T23248] EXT4-fs (loop1): shut down requested (0) [ 421.960649][T23248] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 421.971190][T23248] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 421.982292][T23248] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=13 [ 421.991469][T23248] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 422.001646][T23248] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 422.010545][T23248] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=13 [ 422.023152][T23252] netlink: 'syz.1.5853': attribute type 3 has an invalid length. [ 422.042808][T16618] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 422.142070][T23254] loop2: detected capacity change from 0 to 512 [ 422.154385][T23254] tmpfs: Unknown parameter 'fscontexV…' [ 422.226967][T23262] loop2: detected capacity change from 0 to 512 [ 422.254896][ T29] audit: type=1326 audit(2000000021.570:23794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23263 comm="syz.1.5859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8ec79eb9 code=0x7ffc0000 [ 422.278532][ T29] audit: type=1326 audit(2000000021.570:23795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23263 comm="syz.1.5859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f4a8ec79eb9 code=0x7ffc0000 [ 422.300042][T23266] loop1: detected capacity change from 0 to 256 [ 422.302235][ T29] audit: type=1326 audit(2000000021.570:23796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23263 comm="syz.1.5859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8ec79eb9 code=0x7ffc0000 [ 422.332326][ T29] audit: type=1326 audit(2000000021.570:23797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23263 comm="syz.1.5859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4a8ec79eb9 code=0x7ffc0000 [ 422.355917][ T29] audit: type=1326 audit(2000000021.570:23798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23263 comm="syz.1.5859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8ec79eb9 code=0x7ffc0000 [ 422.584660][T23271] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5861'. [ 422.740177][T16688] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 422.751603][T23276] loop4: detected capacity change from 0 to 2048 [ 422.763645][T23278] netlink: 'syz.3.5864': attribute type 3 has an invalid length. [ 422.772077][T23276] EXT4-fs: Ignoring removed bh option [ 422.777510][T23276] EXT4-fs: Ignoring removed nomblk_io_submit option [ 422.796548][T23276] EXT4-fs: Ignoring removed nobh option [ 422.859449][T23276] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 422.874402][T23276] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 422.889093][T23276] EXT4-fs error (device loop4): __ext4_remount:6491: comm syz.4.5863: Abort forced by user [ 422.899662][T23276] EXT4-fs (loop4): Remounting filesystem read-only [ 422.908112][T23276] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=16 [ 422.917116][T23276] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=16 [ 422.928413][T23276] raw_sendmsg: syz.4.5863 forgot to set AF_INET. Fix it! [ 422.949877][T22596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 422.995030][T23294] netlink: 'syz.0.5865': attribute type 3 has an invalid length. [ 423.181945][T23304] loop4: detected capacity change from 0 to 1024 [ 423.189950][T23304] EXT4-fs: Ignoring removed nobh option [ 423.217458][T23304] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 423.279142][T23304] EXT4-fs error (device loop4): ext4_lookup:1811: inode #12: comm syz.4.5873: iget: bad extended attribute block 768799145984 [ 423.299795][T23304] EXT4-fs error (device loop4): ext4_lookup:1811: inode #12: comm syz.4.5873: iget: bad extended attribute block 768799145984 [ 423.327439][T23316] loop2: detected capacity change from 0 to 512 [ 423.336154][T23316] tmpfs: Unknown parameter 'fscontexV…' [ 423.342456][T22596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 423.387435][T23325] netlink: 'syz.2.5881': attribute type 4 has an invalid length. [ 423.404397][T23327] loop4: detected capacity change from 0 to 256 [ 423.425721][T23325] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5881'. [ 423.492317][T23325] netlink: 'syz.2.5881': attribute type 17 has an invalid length. [ 423.550464][T23342] Process accounting resumed [ 423.647900][T23352] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=23352 comm=syz.4.5891 [ 423.666725][T23351] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5888'. [ 423.681868][T23355] loop0: detected capacity change from 0 to 256 [ 423.753373][T23358] netlink: 'syz.3.5892': attribute type 3 has an invalid length. [ 424.597320][T23385] xt_hashlimit: max too large, truncated to 1048576 [ 424.607845][T23385] IPv4: Oversized IP packet from 172.20.20.24 [ 424.614033][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 424.620199][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 424.639491][T23386] netlink: 'syz.2.5905': attribute type 3 has an invalid length. [ 424.701568][T23392] netlink: 'syz.4.5903': attribute type 3 has an invalid length. [ 425.043327][T23405] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23405 comm=syz.2.5909 [ 425.107593][T23411] loop2: detected capacity change from 0 to 512 [ 425.301227][T23414] netlink: 'syz.1.5911': attribute type 3 has an invalid length. [ 426.632127][ T29] kauditd_printk_skb: 352 callbacks suppressed [ 426.632141][ T29] audit: type=1326 audit(2000000025.950:24151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 426.794627][ T29] audit: type=1326 audit(2000000025.950:24152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 426.818413][ T29] audit: type=1326 audit(2000000025.950:24153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 426.841976][ T29] audit: type=1326 audit(2000000025.950:24154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 426.865538][ T29] audit: type=1326 audit(2000000025.950:24155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 426.889198][ T29] audit: type=1326 audit(2000000025.950:24156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 426.912763][ T29] audit: type=1326 audit(2000000025.950:24157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 426.936389][ T29] audit: type=1326 audit(2000000025.950:24158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 426.959911][ T29] audit: type=1326 audit(2000000025.950:24159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 426.983581][ T29] audit: type=1326 audit(2000000025.950:24160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f130b429eb9 code=0x7ffc0000 [ 428.314785][T23472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 428.414679][T23472] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 431.649542][ T29] kauditd_printk_skb: 8350 callbacks suppressed [ 431.649557][ T29] audit: type=1326 audit(2000000030.970:32511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f130b3c5839 code=0x7ffc0000 [ 431.679328][ T29] audit: type=1326 audit(2000000030.970:32512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f130b3c5839 code=0x7ffc0000 [ 431.702894][ T29] audit: type=1326 audit(2000000030.970:32513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f130b3c5839 code=0x7ffc0000 [ 431.726364][ T29] audit: type=1326 audit(2000000030.970:32514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f130b3c5839 code=0x7ffc0000 [ 431.749860][ T29] audit: type=1326 audit(2000000030.970:32515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f130b3c5839 code=0x7ffc0000 [ 431.773392][ T29] audit: type=1326 audit(2000000030.970:32516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f130b3c5839 code=0x7ffc0000 [ 431.797083][ T29] audit: type=1326 audit(2000000030.970:32517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f130b3c5839 code=0x7ffc0000 [ 431.820693][ T29] audit: type=1326 audit(2000000030.970:32518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f130b3c5839 code=0x7ffc0000 [ 431.844158][ T29] audit: type=1326 audit(2000000030.970:32519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f130b3c5839 code=0x7ffc0000 [ 431.867638][ T29] audit: type=1326 audit(2000000030.970:32520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23473 comm="syz.0.5934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f130b3c5839 code=0x7ffc0000 [ 433.485258][T23474] loop0: detected capacity change from 0 to 1024 [ 433.492385][T23474] EXT4-fs: Ignoring removed nobh option [ 433.715076][T23474] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 434.824768][T23474] EXT4-fs error (device loop0): ext4_lookup:1811: inode #12: comm syz.0.5934: iget: bad extended attribute block 768799145984 [ 435.426715][T23483] FAULT_INJECTION: forcing a failure. [ 435.426715][T23483] name failslab, interval 1, probability 0, space 0, times 0 [ 435.439381][T23483] CPU: 0 UID: 0 PID: 23483 Comm: syz.2.5935 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0 [ 435.450172][T23483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 435.460218][T23483] Call Trace: [ 435.463484][T23483] [ 435.466420][T23483] dump_stack_lvl+0xf2/0x150 [ 435.471007][T23483] dump_stack+0x15/0x20 [ 435.475152][T23483] should_fail_ex+0x229/0x230 [ 435.479836][T23483] ? build_skb+0x33/0x210 [ 435.484155][T23483] should_failslab+0x8f/0xb0 [ 435.488770][T23483] kmem_cache_alloc_noprof+0x4c/0x290 [ 435.494185][T23483] ? alloc_pages_mpol_noprof+0xd5/0x1e0 [ 435.499856][T23483] build_skb+0x33/0x210 [ 435.504052][T23483] __tun_build_skb+0x2b/0x1b0 [ 435.508726][T23483] ? tun_get_user+0x1474/0x24b0 [ 435.513627][T23483] tun_get_user+0x1494/0x24b0 [ 435.518392][T23483] ? ref_tracker_alloc+0x1f5/0x2f0 [ 435.523587][T23483] tun_chr_write_iter+0x18e/0x240 [ 435.528766][T23483] vfs_write+0x78f/0x900 [ 435.533001][T23483] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 435.538592][T23483] ksys_write+0xeb/0x1b0 [ 435.542909][T23483] __x64_sys_write+0x42/0x50 [ 435.547495][T23483] x64_sys_call+0x27dd/0x2d60 [ 435.552166][T23483] do_syscall_64+0xc9/0x1c0 [ 435.556658][T23483] ? clear_bhb_loop+0x55/0xb0 [ 435.561406][T23483] ? clear_bhb_loop+0x55/0xb0 [ 435.566111][T23483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.572012][T23483] RIP: 0033:0x7f5bb30d899f [ 435.576414][T23483] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 435.596129][T23483] RSP: 002b:00007f5bb1d51000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 435.604536][T23483] RAX: ffffffffffffffda RBX: 00007f5bb3275f80 RCX: 00007f5bb30d899f [ 435.612544][T23483] RDX: 0000000000000082 RSI: 0000000020000180 RDI: 00000000000000c8 [ 435.620576][T23483] RBP: 00007f5bb1d51090 R08: 0000000000000000 R09: 0000000000000000 [ 435.628626][T23483] R10: 0000000000000082 R11: 0000000000000293 R12: 0000000000000001 [ 435.636583][T23483] R13: 0000000000000000 R14: 00007f5bb3275f80 R15: 00007ffc89efe968 [ 435.644625][T23483] [ 435.655480][T16688] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 435.662175][T23486] loop1: detected capacity change from 0 to 512 [ 435.701005][T23490] loop0: detected capacity change from 0 to 256 [ 435.988120][T23524] xt_CT: You must specify a L4 protocol and not use inversions on it [ 436.689516][T23541] loop0: detected capacity change from 0 to 2048 [ 436.703403][T23541] EXT4-fs: Ignoring removed orlov option [ 436.729246][T23541] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 436.800728][T23541] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5959'. [ 436.811778][T23541] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.891857][T23541] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.925599][T23549] netlink: 'syz.1.5960': attribute type 4 has an invalid length. [ 436.991026][T23541] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.010304][T23549] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5960'. [ 437.050404][T23541] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.109365][T23549] netlink: 'syz.1.5960': attribute type 17 has an invalid length. [ 437.236829][ T29] kauditd_printk_skb: 3829 callbacks suppressed [ 437.236844][ T29] audit: type=1326 audit(2000000036.560:36350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23555 comm="syz.1.5962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8ec79eb9 code=0x7ffc0000 [ 437.257505][T23541] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.284555][T23541] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.305012][T23541] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.311162][ T29] audit: type=1326 audit(2000000036.600:36351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23555 comm="syz.1.5962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f4a8ec79eb9 code=0x7ffc0000 [ 437.336853][ T29] audit: type=1326 audit(2000000036.600:36352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23555 comm="syz.1.5962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8ec79eb9 code=0x7ffc0000 [ 437.360481][ T29] audit: type=1326 audit(2000000036.600:36353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23555 comm="syz.1.5962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8ec79eb9 code=0x7ffc0000 [ 437.375877][T23541] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.432660][T23563] loop1: detected capacity change from 0 to 512 [ 437.443823][T16688] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 437.466622][T23563] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 437.475264][T23563] System zones: 0-2, 18-18, 34-35 [ 437.484911][T23563] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 437.512459][T23563] ext4 filesystem being mounted at /420/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 437.540429][ T29] audit: type=1400 audit(2000000036.860:36354): avc: denied { append } for pid=23562 comm="syz.1.5964" name="ppp" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 437.541819][T23563] EXT4-fs error (device loop1): ext4_add_entry:2435: inode #2: comm syz.1.5964: Directory hole found for htree leaf block 0 [ 437.584596][T23578] loop4: detected capacity change from 0 to 1024 [ 437.596376][T23563] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5964'. [ 437.615048][T23578] EXT4-fs: Ignoring removed oldalloc option [ 437.621311][ T29] audit: type=1400 audit(2000000036.860:36355): avc: denied { create } for pid=23562 comm="syz.1.5964" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 437.671394][T23578] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 437.696938][ T29] audit: type=1326 audit(2000000037.010:36356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23584 comm="syz.2.5975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 437.720584][ T29] audit: type=1326 audit(2000000037.010:36357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23584 comm="syz.2.5975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 437.744325][ T29] audit: type=1326 audit(2000000037.010:36358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23584 comm="syz.2.5975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 437.767907][ T29] audit: type=1326 audit(2000000037.010:36359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23584 comm="syz.2.5975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 437.795577][T23578] netlink: 'syz.4.5972': attribute type 3 has an invalid length. [ 437.810326][T16618] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 437.842713][T22596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 437.883839][T23603] loop1: detected capacity change from 0 to 256 [ 437.909851][T23605] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 437.916418][T23605] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 437.925330][T23605] vhci_hcd vhci_hcd.0: Device attached [ 437.934444][T23607] usbip_core: unknown command [ 437.939185][T23607] vhci_hcd: unknown pdu 589373486 [ 437.944219][T23607] usbip_core: unknown command [ 437.958740][T10458] vhci_hcd: stop threads [ 437.963036][T10458] vhci_hcd: release socket [ 437.967465][T10458] vhci_hcd: disconnect device [ 438.149641][T23629] FAULT_INJECTION: forcing a failure. [ 438.149641][T23629] name failslab, interval 1, probability 0, space 0, times 0 [ 438.162393][T23629] CPU: 0 UID: 0 PID: 23629 Comm: syz.1.5992 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0 [ 438.173152][T23629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 438.183201][T23629] Call Trace: [ 438.186591][T23629] [ 438.189559][T23629] dump_stack_lvl+0xf2/0x150 [ 438.194224][T23629] dump_stack+0x15/0x20 [ 438.198441][T23629] should_fail_ex+0x229/0x230 [ 438.203110][T23629] ? build_skb+0x33/0x210 [ 438.207480][T23629] should_failslab+0x8f/0xb0 [ 438.212066][T23629] kmem_cache_alloc_noprof+0x4c/0x290 [ 438.217515][T23629] ? alloc_pages_mpol_noprof+0xd5/0x1e0 [ 438.223170][T23629] build_skb+0x33/0x210 [ 438.227350][T23629] __tun_build_skb+0x2b/0x1b0 [ 438.232014][T23629] ? tun_get_user+0x1474/0x24b0 [ 438.236912][T23629] tun_get_user+0x1494/0x24b0 [ 438.241683][T23629] ? ref_tracker_alloc+0x1f5/0x2f0 [ 438.246835][T23629] tun_chr_write_iter+0x18e/0x240 [ 438.251957][T23629] vfs_write+0x78f/0x900 [ 438.256227][T23629] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 438.261769][T23629] ksys_write+0xeb/0x1b0 [ 438.266039][T23629] __x64_sys_write+0x42/0x50 [ 438.270710][T23629] x64_sys_call+0x27dd/0x2d60 [ 438.275428][T23629] do_syscall_64+0xc9/0x1c0 [ 438.279913][T23629] ? clear_bhb_loop+0x55/0xb0 [ 438.284729][T23629] ? clear_bhb_loop+0x55/0xb0 [ 438.289389][T23629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.295357][T23629] RIP: 0033:0x7f4a8ec7899f [ 438.299815][T23629] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 438.319423][T23629] RSP: 002b:00007f4a8d8f1000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 438.327816][T23629] RAX: ffffffffffffffda RBX: 00007f4a8ee15f80 RCX: 00007f4a8ec7899f [ 438.335799][T23629] RDX: 0000000000000082 RSI: 0000000020000180 RDI: 00000000000000c8 [ 438.343752][T23629] RBP: 00007f4a8d8f1090 R08: 0000000000000000 R09: 0000000000000000 [ 438.351719][T23629] R10: 0000000000000082 R11: 0000000000000293 R12: 0000000000000001 [ 438.359779][T23629] R13: 0000000000000000 R14: 00007f4a8ee15f80 R15: 00007ffce04a0398 [ 438.367812][T23629] [ 438.429803][T23634] netlink: zone id is out of range [ 438.435287][T23634] netlink: set zone limit has 8 unknown bytes [ 438.463344][T23641] loop2: detected capacity change from 0 to 256 [ 438.474308][T23644] loop1: detected capacity change from 0 to 256 [ 438.592585][T23657] loop2: detected capacity change from 0 to 1024 [ 438.600942][T23653] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6002'. [ 438.608672][T23657] EXT4-fs: Ignoring removed oldalloc option [ 438.629124][T23653] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.633892][T23659] loop1: detected capacity change from 0 to 256 [ 438.651813][T23657] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 438.699143][T23657] netlink: 'syz.2.6003': attribute type 3 has an invalid length. [ 438.718607][T16529] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 438.731693][T23653] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.775581][T23653] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.817636][T23672] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6009'. [ 438.843303][T23672] x_tables: ip_tables: ah match: only valid for protocol 51 [ 438.854872][T23653] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.870402][T23671] loop0: detected capacity change from 0 to 8192 [ 438.913279][T23676] netlink: 'syz.2.6011': attribute type 1 has an invalid length. [ 438.927783][T23653] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.948574][T23653] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.960600][T23653] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.973289][T23653] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.057630][T23671] FAT-fs (loop0): error, corrupted directory (invalid entries) [ 439.065303][T23671] FAT-fs (loop0): Filesystem has been set read-only [ 439.073993][T23677] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 439.107174][T23671] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 439.117519][T23671] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 439.126526][T23671] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 439.135830][T23671] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 439.145272][T23671] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 439.155218][T23671] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 439.164002][T23671] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 439.180736][T23681] netlink: 112 bytes leftover after parsing attributes in process `syz.1.6012'. [ 439.231756][T23687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6016'. [ 439.242047][T23687] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.262065][T23689] loop1: detected capacity change from 0 to 1024 [ 439.268931][T23689] EXT4-fs: Ignoring removed oldalloc option [ 439.286126][T23689] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 439.300024][T23687] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.313572][T23689] netlink: 'syz.1.6017': attribute type 3 has an invalid length. [ 439.328148][T16618] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 439.360521][T23687] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.429571][T23687] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.595027][T23709] loop4: detected capacity change from 0 to 4096 [ 439.609430][T23709] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 439.635191][T22596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 439.726976][T23716] netlink: 112 bytes leftover after parsing attributes in process `syz.0.6025'. [ 439.828412][T23724] loop4: detected capacity change from 0 to 1024 [ 439.835534][T23724] EXT4-fs: Ignoring removed oldalloc option [ 439.848022][T23724] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 439.863763][T23724] netlink: 'syz.4.6029': attribute type 3 has an invalid length. [ 439.882428][T22596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 439.908647][T23736] netlink: 'syz.4.6034': attribute type 4 has an invalid length. [ 439.927692][T23736] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6034'. [ 439.945073][ C1] vcan0: j1939_tp_rxtimer: 0xffff88811529d400: rx timeout, send abort [ 439.953250][ C1] vcan0: j1939_tp_rxtimer: 0xffff888114ce0a00: rx timeout, send abort [ 439.961492][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811529d400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 439.975802][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888114ce0a00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 439.996193][T23738] netlink: 'syz.4.6034': attribute type 17 has an invalid length. [ 440.014221][T23741] netlink: 112 bytes leftover after parsing attributes in process `syz.0.6036'. [ 440.195431][T23760] pim6reg1: entered promiscuous mode [ 440.200779][T23760] pim6reg1: entered allmulticast mode [ 440.201402][T23762] loop4: detected capacity change from 0 to 2048 [ 440.212853][T23762] EXT4-fs: Ignoring removed orlov option [ 440.225862][T23762] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 440.245685][T23762] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.303887][T23762] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.372276][T23762] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.384403][T23773] loop0: detected capacity change from 0 to 256 [ 440.415209][ C1] vcan0: j1939_tp_rxtimer: 0xffff888115262200: rx timeout, send abort [ 440.423439][ C1] vcan0: j1939_tp_rxtimer: 0xffff888115263600: rx timeout, send abort [ 440.431785][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888115262200: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 440.434352][T23762] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.446072][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888115263600: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 440.490503][T23776] loop1: detected capacity change from 0 to 512 [ 440.501948][T23776] tmpfs: Bad value for 'fscontext' [ 440.522280][T23762] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.537658][T23762] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.549103][T23762] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.560745][T23762] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.580654][T22596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 440.613483][T23784] loop1: detected capacity change from 0 to 256 [ 440.700155][T23793] x_tables: ip_tables: ah match: only valid for protocol 51 [ 440.764975][T23799] loop0: detected capacity change from 0 to 512 [ 440.772726][T23800] FAULT_INJECTION: forcing a failure. [ 440.772726][T23800] name failslab, interval 1, probability 0, space 0, times 0 [ 440.778692][T23799] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 440.785434][T23800] CPU: 1 UID: 0 PID: 23800 Comm: syz.1.6060 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0 [ 440.793516][T23799] System zones: [ 440.804052][T23800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 440.804066][T23800] Call Trace: [ 440.804074][T23800] [ 440.804082][T23800] dump_stack_lvl+0xf2/0x150 [ 440.807631][T23799] 0-2 [ 440.817646][T23800] dump_stack+0x15/0x20 [ 440.820915][T23799] , 18-18 [ 440.823823][T23800] should_fail_ex+0x229/0x230 [ 440.828431][T23799] , 34-35 [ 440.830944][T23800] ? __kvmalloc_node_noprof+0x72/0x170 [ 440.835096][T23799] [ 440.853403][T23800] should_failslab+0x8f/0xb0 [ 440.858094][T23800] __kmalloc_node_noprof+0xa8/0x380 [ 440.860963][T23799] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 440.863303][T23800] __kvmalloc_node_noprof+0x72/0x170 [ 440.877751][T23799] ext4 filesystem being mounted at /446/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 440.880946][T23800] pfifo_fast_init+0xce/0x360 [ 440.896038][T23800] qdisc_create_dflt+0xce/0x280 [ 440.900934][T23800] dev_activate+0x20e/0x9e0 [ 440.905457][T23800] __dev_open+0x263/0x2e0 [ 440.909878][T23800] __dev_change_flags+0x155/0x410 [ 440.914902][T23800] dev_change_flags+0x59/0xd0 [ 440.919575][T23800] dev_ifsioc+0x67f/0xa10 [ 440.923952][T23800] dev_ioctl+0x7fa/0xab0 [ 440.928185][T23800] sock_do_ioctl+0x11c/0x260 [ 440.932805][T23800] sock_ioctl+0x470/0x640 [ 440.937203][T23800] ? __pfx_sock_ioctl+0x10/0x10 [ 440.942114][T23800] __se_sys_ioctl+0xd3/0x150 [ 440.946770][T23800] __x64_sys_ioctl+0x43/0x50 [ 440.951397][T23800] x64_sys_call+0x15cc/0x2d60 [ 440.956217][T23800] do_syscall_64+0xc9/0x1c0 [ 440.960726][T23800] ? clear_bhb_loop+0x55/0xb0 [ 440.965400][T23800] ? clear_bhb_loop+0x55/0xb0 [ 440.970079][T23800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.976018][T23800] RIP: 0033:0x7f4a8ec79eb9 [ 440.980420][T23800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.000038][T23800] RSP: 002b:00007f4a8d8f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 441.008628][T23800] RAX: ffffffffffffffda RBX: 00007f4a8ee15f80 RCX: 00007f4a8ec79eb9 [ 441.016641][T23800] RDX: 0000000020000100 RSI: 0000000000008914 RDI: 0000000000000008 [ 441.024602][T23800] RBP: 00007f4a8d8f1090 R08: 0000000000000000 R09: 0000000000000000 [ 441.032659][T23800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 441.040620][T23800] R13: 0000000000000000 R14: 00007f4a8ee15f80 R15: 00007ffce04a0398 [ 441.048587][T23800] [ 441.051683][T23800] pim6reg1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 441.073122][T23804] loop2: detected capacity change from 0 to 512 [ 441.083682][T23804] tmpfs: Bad value for 'fscontext' [ 441.126190][T23800] pim6reg1: entered promiscuous mode [ 441.131593][T23800] pim6reg1: entered allmulticast mode [ 441.271093][T23811] loop2: detected capacity change from 0 to 2048 [ 441.309697][T16688] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 441.323717][T23811] EXT4-fs: Ignoring removed orlov option [ 441.406995][T23811] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 441.427367][T23811] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.476752][T23811] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.555211][T23832] loop4: detected capacity change from 0 to 512 [ 441.566457][T23832] tmpfs: Bad value for 'fscontext' [ 441.578544][T23811] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.628006][T23841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 441.636834][T23841] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 441.646324][T23811] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.698036][T23847] 9pnet_fd: Insufficient options for proto=fd [ 441.707055][T23847] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 441.711344][T23811] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 441.723691][T23847] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 441.728124][T23811] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 441.742451][T23811] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 441.752842][T23811] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 441.771057][T16529] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 441.867185][T23855] loop2: detected capacity change from 0 to 256 [ 441.966772][T23862] loop2: detected capacity change from 0 to 512 [ 441.975374][T23862] tmpfs: Bad value for 'fscontext' [ 442.280782][T23871] loop0: detected capacity change from 0 to 256 [ 442.368745][T23873] loop0: detected capacity change from 0 to 1024 [ 442.385977][T23873] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 442.401241][ T29] kauditd_printk_skb: 451 callbacks suppressed [ 442.401255][ T29] audit: type=1400 audit(2000000099.722:36811): avc: denied { write } for pid=23872 comm="syz.0.6091" path="socket:[89584]" dev="sockfs" ino=89584 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 442.433316][ T3375] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 442.448587][ T3375] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 442.460847][ T3375] EXT4-fs (loop0): This should not happen!! Data will be lost [ 442.460847][ T3375] [ 442.470554][ T3375] EXT4-fs (loop0): Total free blocks count 0 [ 442.476627][ T3375] EXT4-fs (loop0): Free/Dirty block details [ 442.482586][ T3375] EXT4-fs (loop0): free_blocks=68451041280 [ 442.488411][ T3375] EXT4-fs (loop0): dirty_blocks=16 [ 442.493519][ T3375] EXT4-fs (loop0): Block reservation details [ 442.499582][ T3375] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 442.506323][T16688] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 442.531282][T23877] loop0: detected capacity change from 0 to 2048 [ 442.537880][T23877] EXT4-fs: Ignoring removed orlov option [ 442.546105][T23877] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 442.561430][T23877] __nla_validate_parse: 4 callbacks suppressed [ 442.561444][T23877] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6092'. [ 442.577743][T23877] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.626251][T23877] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.686115][T23877] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.746303][T23877] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.897311][T23886] loop2: detected capacity change from 0 to 256 [ 442.988057][ T29] audit: type=1326 audit(2000000100.312:36812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23889 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 443.011879][ T29] audit: type=1326 audit(2000000100.312:36813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23889 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 443.036574][ T29] audit: type=1326 audit(2000000100.312:36814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23889 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 443.060192][ T29] audit: type=1326 audit(2000000100.312:36815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23889 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 443.083845][ T29] audit: type=1326 audit(2000000100.312:36816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23889 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 443.107502][ T29] audit: type=1326 audit(2000000100.312:36817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23889 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 443.126614][T23892] netlink: 'syz.2.6098': attribute type 4 has an invalid length. [ 443.131157][ T29] audit: type=1326 audit(2000000100.312:36818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23889 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 443.162520][ T29] audit: type=1326 audit(2000000100.312:36819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23889 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 443.186308][ T29] audit: type=1326 audit(2000000100.312:36820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23889 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb30d9eb9 code=0x7ffc0000 [ 443.211541][T23893] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6098'. [ 443.223103][T23892] netlink: 'syz.2.6098': attribute type 17 has an invalid length. [ 443.359231][T23911] netlink: 'syz.2.6103': attribute type 4 has an invalid length. [ 443.370613][T23911] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6103'. [ 443.381209][T23911] netlink: 'syz.2.6103': attribute type 17 has an invalid length. [ 443.406510][T23913] loop2: detected capacity change from 0 to 512 [ 443.415310][T23913] tmpfs: Bad value for 'fscontext' [ 443.514778][T23693] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 443.530373][T23693] EXT4-fs (loop0): Remounting filesystem read-only [ 443.543750][T23921] loop2: detected capacity change from 0 to 256 [ 443.641641][T23923] loop2: detected capacity change from 0 to 1024 [ 443.648392][T23923] EXT4-fs: Ignoring removed oldalloc option [ 443.665991][T23923] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 443.679070][T23923] EXT4-fs (loop2): shut down requested (0) [ 443.685988][T23923] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 443.694901][T23923] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 443.703714][T23923] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=13 [ 443.712525][T23923] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 443.721445][T23923] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 443.730247][T23923] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=13 [ 443.750832][T23923] netlink: 'syz.2.6109': attribute type 3 has an invalid length. [ 443.762668][T16529] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 443.780522][T23931] netlink: 'syz.2.6110': attribute type 4 has an invalid length. [ 443.790682][T23931] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6110'. [ 443.800952][T23931] netlink: 'syz.2.6110': attribute type 17 has an invalid length. [ 443.850771][T23937] loop2: detected capacity change from 0 to 256 [ 444.049944][T23949] loop2: detected capacity change from 0 to 256 [ 444.070333][T23877] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.081650][T23877] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.092994][T23877] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.104347][T23877] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.120946][T16688] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 444.152829][T23955] netlink: 'syz.2.6122': attribute type 4 has an invalid length. [ 444.163067][T23955] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6122'. [ 444.227439][T23955] netlink: 'syz.2.6122': attribute type 17 has an invalid length. [ 444.312440][T23969] xt_CT: You must specify a L4 protocol and not use inversions on it [ 444.376369][T23975] FAULT_INJECTION: forcing a failure. [ 444.376369][T23975] name failslab, interval 1, probability 0, space 0, times 0 [ 444.389101][T23975] CPU: 0 UID: 0 PID: 23975 Comm: syz.0.6130 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0 [ 444.400007][T23975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 444.410095][T23975] Call Trace: [ 444.413380][T23975] [ 444.416299][T23975] dump_stack_lvl+0xf2/0x150 [ 444.420892][T23975] dump_stack+0x15/0x20 [ 444.425027][T23975] should_fail_ex+0x229/0x230 [ 444.429688][T23975] ? fdb_create+0x111/0x9d0 [ 444.434184][T23975] should_failslab+0x8f/0xb0 [ 444.438777][T23975] kmem_cache_alloc_noprof+0x4c/0x290 [ 444.444211][T23975] fdb_create+0x111/0x9d0 [ 444.448526][T23975] ? fdb_delete+0x6c7/0x860 [ 444.453015][T23975] ? fdb_find_rcu+0x277/0x290 [ 444.457694][T23975] fdb_add_local+0xe9/0x1b0 [ 444.462282][T23975] br_fdb_changeaddr+0x16d/0x260 [ 444.467312][T23975] br_device_event+0x2fe/0x570 [ 444.472085][T23975] ? __pfx_br_device_event+0x10/0x10 [ 444.477355][T23975] raw_notifier_call_chain+0x6f/0x1d0 [ 444.482775][T23975] call_netdevice_notifiers_info+0xae/0x100 [ 444.488680][T23975] dev_set_mac_address+0x1ff/0x260 [ 444.493812][T23975] dev_set_mac_address_user+0x31/0x50 [ 444.499253][T23975] dev_ifsioc+0x8c3/0xa10 [ 444.503655][T23975] dev_ioctl+0x7fa/0xab0 [ 444.507900][T23975] sock_do_ioctl+0x11c/0x260 [ 444.512477][T23975] sock_ioctl+0x470/0x640 [ 444.516894][T23975] ? __pfx_sock_ioctl+0x10/0x10 [ 444.521793][T23975] __se_sys_ioctl+0xd3/0x150 [ 444.526365][T23975] __x64_sys_ioctl+0x43/0x50 [ 444.531376][T23975] x64_sys_call+0x15cc/0x2d60 [ 444.536106][T23975] do_syscall_64+0xc9/0x1c0 [ 444.540664][T23975] ? clear_bhb_loop+0x55/0xb0 [ 444.545376][T23975] ? clear_bhb_loop+0x55/0xb0 [ 444.550101][T23975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.556144][T23975] RIP: 0033:0x7f130b429eb9 [ 444.560548][T23975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.580215][T23975] RSP: 002b:00007f130a0a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 444.588614][T23975] RAX: ffffffffffffffda RBX: 00007f130b5c5f80 RCX: 00007f130b429eb9 [ 444.596574][T23975] RDX: 0000000020000000 RSI: 0000000000008924 RDI: 0000000000000008 [ 444.605302][T23975] RBP: 00007f130a0a7090 R08: 0000000000000000 R09: 0000000000000000 [ 444.613262][T23975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 444.621237][T23975] R13: 0000000000000000 R14: 00007f130b5c5f80 R15: 00007ffc1d747e68 [ 444.629298][T23975] [ 444.647960][T23977] loop1: detected capacity change from 0 to 2048 [ 444.654679][T23977] EXT4-fs: Ignoring removed orlov option [ 444.666892][T23977] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 444.681930][T23977] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6131'. [ 444.692749][T23977] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.786922][T23977] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.864957][T23989] netlink: 'syz.0.6132': attribute type 3 has an invalid length. [ 444.900816][T23977] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.977069][T23977] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.008849][T23990] loop4: detected capacity change from 0 to 512 [ 445.044089][T23990] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.6134: bg 0: block 393: padding at end of block bitmap is not set [ 445.112160][T23977] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.132374][T23990] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 445.143328][T23977] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.157278][T23990] EXT4-fs (loop4): 2 truncates cleaned up [ 445.165497][T23977] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.174721][T23990] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 445.188335][T23990] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 445.189356][T23977] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.236277][T16618] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 445.290437][T23999] loop1: detected capacity change from 0 to 512 [ 445.299895][T23999] EXT4-fs error (device loop1): ext4_xattr_inode_iget:436: comm syz.1.6138: Parent and EA inode have the same ino 15 [ 445.313286][T23999] EXT4-fs (loop1): Remounting filesystem read-only [ 445.320062][T23999] EXT4-fs (loop1): 1 orphan inode deleted [ 445.326863][T23999] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 445.339519][T23999] SELinux: (dev loop1, type ext4) getxattr errno 5 [ 445.348139][T23999] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 445.411469][T24002] loop1: detected capacity change from 0 to 256 [ 445.555248][T24006] loop1: detected capacity change from 0 to 1024 [ 445.562970][T24006] EXT4-fs: Ignoring removed oldalloc option [ 445.592407][T24006] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 445.633574][T16618] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 445.758208][T24021] xt_CT: You must specify a L4 protocol and not use inversions on it [ 445.830560][T24026] loop0: detected capacity change from 0 to 256 [ 445.833018][T23687] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.850054][T23687] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.866202][T23687] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.880288][T23687] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.951651][T24029] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6150'. [ 446.032533][T24029] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.121719][T24033] loop2: detected capacity change from 0 to 256 [ 446.165171][T24035] loop0: detected capacity change from 0 to 512 [ 446.179684][T24029] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.227571][T24029] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.241881][T24039] loop0: detected capacity change from 0 to 2048 [ 446.248614][T24039] EXT4-fs: Ignoring removed orlov option [ 446.267587][T24039] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 446.281708][T24029] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.295676][T24039] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6154'. [ 446.296419][T24047] loop2: detected capacity change from 0 to 512 [ 446.312306][T24039] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.326001][T24047] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 446.338861][T24047] ext4 filesystem being mounted at /558/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 446.367202][T24039] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.378336][T16529] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 446.426345][T24039] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.525724][T24039] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.077010][T24074] loop4: detected capacity change from 0 to 1024 [ 447.111293][T24074] EXT4-fs: Ignoring removed i_version option [ 447.152757][T24074] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 447.323627][T24080] loop2: detected capacity change from 0 to 256 [ 447.334713][T22596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 447.402852][T24082] syz.4.6164[24082] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 447.402907][T24082] syz.4.6164[24082] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 447.493458][T24088] loop4: detected capacity change from 0 to 256 [ 447.595986][ T29] kauditd_printk_skb: 185 callbacks suppressed [ 447.596046][ T29] audit: type=1326 audit(2000000104.922:37006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24090 comm="syz.4.6167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 447.644861][T24091] loop4: detected capacity change from 0 to 1024 [ 447.658615][ T29] audit: type=1326 audit(2000000104.922:37007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24090 comm="syz.4.6167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 447.682314][ T29] audit: type=1326 audit(2000000104.922:37008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24090 comm="syz.4.6167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 447.706161][ T29] audit: type=1326 audit(2000000104.922:37009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24090 comm="syz.4.6167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 447.729984][ T29] audit: type=1326 audit(2000000104.922:37010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24090 comm="syz.4.6167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 447.730897][T24091] EXT4-fs: Ignoring removed nobh option [ 447.753686][ T29] audit: type=1326 audit(2000000104.922:37011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24090 comm="syz.4.6167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 447.782791][ T29] audit: type=1326 audit(2000000104.922:37012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24090 comm="syz.4.6167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 447.806414][ T29] audit: type=1326 audit(2000000104.922:37013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24090 comm="syz.4.6167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 447.830084][ T29] audit: type=1326 audit(2000000104.922:37014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24090 comm="syz.4.6167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 447.853785][ T29] audit: type=1326 audit(2000000104.922:37015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24090 comm="syz.4.6167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee77449eb9 code=0x7ffc0000 [ 447.856125][T24091] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 447.910441][T24091] EXT4-fs error (device loop4): ext4_lookup:1811: inode #12: comm syz.4.6167: iget: bad extended attribute block 768799145984 [ 447.924799][T24091] EXT4-fs error (device loop4): ext4_lookup:1811: inode #12: comm syz.4.6167: iget: bad extended attribute block 768799145984 [ 447.949848][T22596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 447.990664][T24105] xt_CT: You must specify a L4 protocol and not use inversions on it [ 448.820399][T24119] loop1: detected capacity change from 0 to 1024 [ 448.824912][T24121] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6179'. [ 448.828008][T24119] EXT4-fs: Ignoring removed oldalloc option [ 448.855555][T24124] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6180'. [ 448.855914][T24119] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 448.886349][T24119] EXT4-fs (loop1): shut down requested (0) [ 448.893727][T24119] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 448.904481][T24119] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 448.913456][T24119] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=13 [ 448.924461][T24119] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 448.933525][T24119] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 448.942413][T24119] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=13 [ 448.953653][T24119] validate_nla: 3 callbacks suppressed [ 448.953666][T24119] netlink: 'syz.1.6178': attribute type 3 has an invalid length. [ 448.970684][T16618] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 449.066460][T24139] xt_CT: You must specify a L4 protocol and not use inversions on it [ 449.856062][T24147] loop1: detected capacity change from 0 to 256 [ 449.948090][T24151] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6191'. [ 449.983940][T24153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6192'. [ 450.264754][T24045] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 450.279786][T24045] EXT4-fs (loop0): Remounting filesystem read-only [ 450.403126][T24184] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6205'. [ 450.452299][T24188] loop2: detected capacity change from 0 to 256 [ 450.541247][T24190] loop2: detected capacity change from 0 to 256 [ 450.554015][T24192] loop4: detected capacity change from 0 to 256 [ 450.631296][T24202] netlink: 'syz.2.6214': attribute type 4 has an invalid length. [ 450.645219][T24202] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6214'. [ 450.708516][T24202] netlink: 'syz.2.6214': attribute type 17 has an invalid length. [ 450.731964][T24207] loop2: detected capacity change from 0 to 512 [ 450.740053][T24207] tmpfs: Unknown parameter '1˸ äŽØV…' [ 450.771276][T24211] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6218'. [ 450.799392][T24213] loop2: detected capacity change from 0 to 1024 [ 450.806065][T24213] EXT4-fs: Ignoring removed nobh option [ 450.816032][T24213] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 450.834196][T24213] EXT4-fs error (device loop2): ext4_lookup:1811: inode #12: comm syz.2.6219: iget: bad extended attribute block 768799145984 [ 450.848075][T24213] EXT4-fs error (device loop2): ext4_lookup:1811: inode #12: comm syz.2.6219: iget: bad extended attribute block 768799145984 [ 450.866967][T24204] loop4: detected capacity change from 0 to 512 [ 450.873440][T24204] EXT4-fs: Ignoring removed orlov option [ 450.879947][T24204] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 450.889449][T24204] EXT4-fs (loop4): orphan cleanup on readonly fs [ 450.896648][T24204] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.6215: bg 0: block 248: padding at end of block bitmap is not set [ 450.911363][T24204] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.6215: Failed to acquire dquot type 1 [ 450.912185][T16529] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 450.923986][T24204] EXT4-fs (loop4): 1 truncate cleaned up [ 450.938612][T24204] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 451.089925][T24223] loop1: detected capacity change from 0 to 256 [ 451.260029][T24039] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 451.270982][T24039] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 451.281390][T24039] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 451.292559][T24039] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 451.307000][T16688] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 451.343887][T24235] loop0: detected capacity change from 0 to 256 [ 451.427032][T24237] loop0: detected capacity change from 0 to 512 [ 451.436496][T24237] tmpfs: Unknown parameter '1˸ äŽØV…' [ 451.469886][T24241] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6229'. [ 451.479392][T22596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 451.493614][T24243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6231'. [ 451.551034][T24249] loop0: detected capacity change from 0 to 256 [ 451.681230][T24258] loop4: detected capacity change from 0 to 1024 [ 451.689265][T24258] EXT4-fs: Ignoring removed oldalloc option [ 451.720418][T24259] netlink: 'syz.0.6235': attribute type 1 has an invalid length. [ 451.731020][T24258] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 451.747601][T24258] netlink: 'syz.4.6237': attribute type 3 has an invalid length. [ 451.763870][T22596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 451.832002][T24265] loop0: detected capacity change from 0 to 1024 [ 451.846766][T24265] EXT4-fs: Ignoring removed i_version option [ 451.857005][T24265] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 451.961802][T24269] loop4: detected capacity change from 0 to 512 [ 451.979607][T24269] tmpfs: Unknown parameter 'fsconäŽØV…' [ 452.017575][T24273] loop4: detected capacity change from 0 to 256 [ 452.064646][T16688] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 452.078388][T24275] loop2: detected capacity change from 0 to 1024 [ 452.089031][T24275] EXT4-fs: Ignoring removed oldalloc option [ 452.111132][T24275] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 452.128179][T24282] loop0: detected capacity change from 0 to 256 [ 452.134616][T24275] EXT4-fs (loop2): shut down requested (0) [ 452.147732][T24275] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 452.165030][T24275] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 452.173916][T24275] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=13 [ 452.182936][T24275] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 452.192012][T24275] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 452.207965][T24275] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=13 [ 452.249949][T24275] netlink: 'syz.2.6241': attribute type 3 has an invalid length. [ 452.258190][T24299] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6249'. [ 452.272410][T16529] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 452.299913][T24301] loop2: detected capacity change from 0 to 512 [ 452.320321][T24301] tmpfs: Unknown parameter 'fsconäŽØV…' [ 452.377488][T24310] loop2: detected capacity change from 0 to 256 [ 452.439089][T24314] loop0: detected capacity change from 0 to 1024 [ 452.455804][T24314] EXT4-fs: dax option not supported [ 452.471494][T24310] ================================================================== [ 452.479593][T24310] BUG: KCSAN: data-race in page_cache_sync_ra / page_cache_sync_ra [ 452.487493][T24310] [ 452.489802][T24310] write to 0xffff88810eff4678 of 8 bytes by task 24321 on cpu 0: [ 452.497504][T24310] page_cache_sync_ra+0x41f/0x670 [ 452.502527][T24310] filemap_get_pages+0x252/0xfb0 [ 452.507462][T24310] filemap_splice_read+0x360/0x920 [ 452.512570][T24310] splice_direct_to_actor+0x26c/0x670 [ 452.517944][T24310] do_splice_direct+0xd7/0x150 [ 452.522704][T24310] do_sendfile+0x3ab/0x950 [ 452.527112][T24310] __x64_sys_sendfile64+0x110/0x150 [ 452.532307][T24310] x64_sys_call+0xed5/0x2d60 [ 452.536895][T24310] do_syscall_64+0xc9/0x1c0 [ 452.541387][T24310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.547282][T24310] [ 452.549592][T24310] write to 0xffff88810eff4678 of 8 bytes by task 24310 on cpu 1: [ 452.557294][T24310] page_cache_sync_ra+0x41f/0x670 [ 452.562312][T24310] filemap_get_pages+0x252/0xfb0 [ 452.567249][T24310] filemap_splice_read+0x360/0x920 [ 452.572358][T24310] splice_direct_to_actor+0x26c/0x670 [ 452.577729][T24310] do_splice_direct+0xd7/0x150 [ 452.582502][T24310] do_sendfile+0x3ab/0x950 [ 452.586909][T24310] __x64_sys_sendfile64+0x110/0x150 [ 452.592111][T24310] x64_sys_call+0xed5/0x2d60 [ 452.596694][T24310] do_syscall_64+0xc9/0x1c0 [ 452.601193][T24310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.607086][T24310] [ 452.609394][T24310] value changed: 0x0000000000000007 -> 0x0000000000000008 [ 452.616481][T24310] [ 452.618786][T24310] Reported by Kernel Concurrency Sanitizer on: [ 452.624924][T24310] CPU: 1 UID: 0 PID: 24310 Comm: syz.2.6254 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0 [ 452.635676][T24310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 452.645718][T24310] ================================================================== [ 453.118437][T24029] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.129268][T24029] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.139973][T24029] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.152249][T24029] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0