last executing test programs: 16.229529381s ago: executing program 2 (id=3): socket(0x2, 0x80805, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x3, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94) r0 = socket$inet6(0xa, 0x3, 0xff) setsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f0000fcb000), 0x4) r1 = syz_io_uring_setup(0x4c28, &(0x7f0000000a40)={0x0, 0x144f, 0x80, 0x0, 0x2d4}, &(0x7f0000000300)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4) io_uring_enter(r1, 0x8ba, 0x696d, 0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000", @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$getregset(0x4204, r3, 0x2, &(0x7f0000000740)={0x0, 0x60}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200087fd, &(0x7f00000000c0)={0x2, 0x4e23, @loopback}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r4 = creat(&(0x7f0000000080)='./file0/file1\x00', 0x90) write$cgroup_type(r4, &(0x7f00000009c0), 0xd4ba0ff) removexattr(&(0x7f0000000000)='./file0/file1\x00', &(0x7f00000002c0)=@known='user.incfs.size\x00') getsockopt$inet6_mreq(r0, 0x29, 0x14, 0x0, &(0x7f0000000840)) setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f0000fcb000)=0x80, 0x4) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00'}, 0x18) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e) 15.577367271s ago: executing program 2 (id=12): bpf$MAP_CREATE(0x0, 0x0, 0x39) open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='kmem_cache_free\x00'}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) 15.382006054s ago: executing program 2 (id=17): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) 15.307482125s ago: executing program 2 (id=19): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x2e3, &(0x7f0000000280)="$eJzs3M9LG2kYwPEnMYkxoslh2WUXFh92L7uXQbP3paEolAYq1pT+gNJRJ23INJFMsKSU2p56Lf0jehCP3oTWf8BLbz310puXQg/1UDol8yNGjdXGH/HH9wPyvvq8T+Z9Z1Sed2Bm4+bLh+WiYxTNukSTKhERkU2RjEQlFAnaqNdPSLtn8u/g5/d/Xr91+2ounx+fUp3ITf+XVdXhkTePngwEw1b7ZT1zd+NT9uP6r+u/b3ybflBytORopVpXU2eqH+rmjG3pXMkpG6qTtmU6lpYqjlXz41U/XrSr8/MNNStzQ6n5muU4alYaWrYaWq9qvdZQ875ZqqhhGDqUEuynsDQ1Zea6TJ494sngmNRqObNPRAZ2RQpLPZkQAADoqaD+b1X70WZJ3039H+tY/y//tVYfvLEyHNT/q4lm/S/SVv/f2/qsbfV/UkSOvf7fXRGdL6774/ih6n+cEc36PxX8/Xqe31ke9TrU/wAAAAAAAAAAAAAAAAAAAAAAnAWbrpt2XTcdtuFXv4gkvSdI/O97PU8cD67/xbb14o7YsIj9YqGwUPDbYMCaiNhiyaik5av3+xBo9hOi3iBtyshbezHIX1wo9HmRXFFKXv6YpCWzM991J67kx8fUtz0/Lqn2/Kyk5ZfO+dmd+fFmm5B//m7LNyQt72alKrbMBU/GhflPx1QvX8vvOP6ANw4AAAAAgPPA0JbW/r2/PW7sjvv7Yz/e2l93vD/g769HO+7vY/JHrFerBgAAAADgYnEaj8umbVu1c9cJV3jQrPC9xnuMiUhkr9ARdMKDn4JTFz/QGYt2NdWRxE9elI6d8LbRXmNksptPdtMihz2Hv716/eXorsX/K8l9VtptJ7HfSuMn9x8IAAAAwEnZKvrDn1zq7YQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALiATuLFcr1eIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBafA8AAP//ohEIjg==") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCGETA(r1, 0x5405, &(0x7f0000000540)) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0x14, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000c1d8000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60e}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) r5 = socket$kcm(0x29, 0x2, 0x0) sendmmsg$inet(r5, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000080)="da", 0x1}], 0x1, &(0x7f0000000040)=ANY=[], 0xd0}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000001c0)='/', 0x1}], 0x1}}], 0x2, 0x0) close(r5) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="4400000010000d00d7ec00"/20, @ANYRES32=r7, @ANYRESDEC], 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r10 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r10, &(0x7f0000000580)={0x23, 0x84, 0x8, 0x7}, 0x10) sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x16, 0x3, "c6a41d106c72fffffffffffffff500000700"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000440)='kfree\x00', r2}, 0x18) symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f0000000180)='./file0\x00') syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000005c0)={[{@nolazytime}, {@jqfmt_vfsold}, {@journal_path={'journal_path', 0x3d, './file0/../file0'}}, {@noquota}, {@nodioread_nolock}, {@journal_checksum}, {@data_err_abort}], [{@seclabel}]}, 0x3, 0x473, &(0x7f0000000640)="$eJzs3M1vG0UbAPBn7Tht+pW8Vd9CP4AgQJQCSZOW0gMXEEgcQEKCQzmGJK1K0wY1QSJVBQGhckSVOHFBHJH4CzjBBcENiQsHuKNKFeqlhZPRZncT2zhpmjpepf79pHVndtedeTwz9uxO7AB61nD6kETsiojfI2IwyzafMJz9c/vmlcm/b16ZTKJef/OvpC89fOvmlcXi1OJ5O4tMX0Tl0yQOtSl3buHy+YmZmelLeX50/sJ7o3MLl589d2Hi7PTZ6Yvjp06dOD72/Mnx5zoSZxrXrYMfzh4+8Orb116fPH3tnZ+/TYr4szgmO1LQiuG1Dj5Rr3e4uHLtbkhnPYOtoJoN06gtjf/BqMZK4w3GK5+UWjlgU9Xr9fr+5Vyt9fBiHbiPJVF2DYByFB/06fVvsXVx+lG6Gy9mF0Bp3LfzLTvSF5X8nFrL9W0nDUfE6cV/vkq32Jz7EAAATb5P5z/PtJv/VWJ/w3l78jWUoYj4X0TsjYiTEbEvIv4fsXTuAxHx4F2W37pIkpU/0LCncn2jsa1HOv97IV/bap7/FbO/GKrmud1L8deSM+dmpo/lr8mRqG1L82NrlPHDy79+vtqxxvlfuqXlF3PBvB7X+7Y1P2dqYn7iXmJudOPjiIN97eJPllcCkog4EBEHN1jGuaPfHF7t2J3jX0MH1pnqX0c8mbX/YrTEX0jWXp8c3R4z08dGi17Rxi9X31it/HuKvwPS9t/Rtv8vxz+UNK7Xzt3N//7lU+nj1T8+W/WaZqP9vz95q2nfBxPz85fGIvqT17JKN+4fbzlvfOX8NP4jj7Uf/3tj5ZU4FBFpJ34oIh6OiEfyuj/62547vgo/vfT4uy27qivxD5Te/lPrb//6YETRERb6I08s72mfqJ7/8bumQodWko3tv2fV9j+xlDqS71nP+9966nW3vRkAAAC2qkpE7IqkMrKcrlRGRrK/4d8XOyozs3PzT5+Zff/iVPYdgaGoVYo7XYMN90PH8sv6Ij/ekj+e3zf+ojqwlB+ZnJ2ZKjt46HE7Vxn/qT+zu5Tbyq0hsKl8Xwt6l/EPvcv4h9713/G/vTlb6V5dgO5q8/k/UEY9gO5rHv/Zj4B8tJ4n7tqc+gDd0/L5Xy2rHkD3uf8HvWsj4997Btwf+tb6yeb+rlYF6J65gbjzl+QltlKiWK3djCJqaW85GhELl6NSeqQSm5go+50JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgM/4NAAD//55o4Oc=") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) r11 = syz_open_dev$loop(&(0x7f00000005c0), 0x9, 0x0) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_user\x00', 0x275a, 0x0) write$binfmt_misc(r12, &(0x7f0000001000), 0xe09) ioctl$LOOP_CONFIGURE(r11, 0x4c0a, &(0x7f00000002c0)={r12, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x1d, "fee8a2abfc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0155aaffffffffffff0300", "2809e85397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac0000000000000000000400", "90010000009265406c09306903d800", [0x0, 0x1]}}) 15.029479949s ago: executing program 2 (id=25): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) inotify_init() syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xfffffd26) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x401c5820, &(0x7f00000001c0)=0x8) 12.831394373s ago: executing program 2 (id=74): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") fallocate(r1, 0x10, 0x0, 0x636) r2 = open(0x0, 0x64842, 0x389b0d52417bb201) pwritev2(r2, &(0x7f0000000240), 0x0, 0x7000, 0x0, 0x3) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4000002, 0x3032, 0xffffffffffffffff, 0x2a1cf000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0}, 0x94) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000740)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000a80)='mm_page_free_batched\x00', r4}, 0x18) r5 = socket$packet(0x11, 0x2, 0x300) mmap(&(0x7f0000568000/0x2000)=nil, 0x1000000, 0x0, 0x11, r5, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22052, r6, 0x0) getsockname$packet(r3, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4000080) dup(r1) bind$packet(r3, &(0x7f0000000040)={0x11, 0x18, r7, 0x1, 0x0, 0x6, @multicast}, 0x14) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000500)=ANY=[@ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500"], &(0x7f0000000140)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r9 = memfd_create(&(0x7f0000000a80)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xd9\x19\x17\xb0\xed|\xb3\xc2\x017h\xe9kL\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f2\xf7]#\xed,\xc7\x03\x00\x00\x00\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4R$\xaa\x00U\x92\xd2\x99\xb80x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4000080) dup(r1) bind$packet(r3, &(0x7f0000000040)={0x11, 0x18, r7, 0x1, 0x0, 0x6, @multicast}, 0x14) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000500)=ANY=[@ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500"], &(0x7f0000000140)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r9 = memfd_create(&(0x7f0000000a80)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xd9\x19\x17\xb0\xed|\xb3\xc2\x017h\xe9kL\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f2\xf7]#\xed,\xc7\x03\x00\x00\x00\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4R$\xaa\x00U\x92\xd2\x99\xb80x0}) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0xf8, r4, 0x4, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0xa9e, 0x9}}}}, [@NL80211_ATTR_IE={0xce, 0x2a, [@random={0x75, 0xc8, "9d9beac7a8cb78d2ab1dbbf2cbcf4ae20e0a05c218ea171b7a4403b72d2002ed0bbead697471a280e44fef9fcee6f8b247940bb95fd8776d8ff41ba4bca1cda4a6956b167393acbc96bd81f34df155b64eacdb68950626ad07a5db96dd73f33c816801bddf11e504611833fde48a49d58fee63a1f16ba9992f165a8e6d5cf6041fe3d0ca9d0e4365c45eee7d7bcc504d96451a5ec6c894624292a65cee3c77ea4bb256d25e3f125622552d7494c36358b036844abf4e36e2e15be8e30a81d82cb1b09bfe21d043ae"}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x80}, 0x20048000) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0x20) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r6, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x4, 0x0, 0x7, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000050b6850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x1a1040, 0x0) 2.599206331s ago: executing program 1 (id=233): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0}, 0x94) io_setup(0x239f, &(0x7f0000000380)=0x0) r1 = eventfd2(0x5, 0x1) io_submit(r0, 0x2, &(0x7f00000000c0)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x6, r1, 0x0, 0x0, 0x800002, 0x0, 0x0, r1}, &(0x7f0000000100)={0x0, 0x0, 0x8000000, 0x3, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x3, r1}]) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x18) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000d80)={[{@mblk_io_submit}, {@dioread_nolock}, {@bh}, {@errors_continue}, {@nouid32}, {@quota}, {@nogrpid}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==") 2.490396752s ago: executing program 4 (id=239): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) inotify_init() syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r0, &(0x7f0000000000), 0xfffffd26) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x401c5820, &(0x7f00000001c0)=0x8) 2.409617413s ago: executing program 1 (id=240): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) inotify_init() syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xfffffd26) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x401c5820, &(0x7f00000001c0)=0x8) 1.945550831s ago: executing program 4 (id=245): syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="ffffffffffff0180c20000030806000108000604"], 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) 1.507329577s ago: executing program 1 (id=251): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='+}[@\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) umount2(&(0x7f0000000580)='./file0\x00', 0x3) open(&(0x7f0000000140)='./file0\x00', 0x3, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000180)='\x00') 1.482319357s ago: executing program 4 (id=252): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x2, 0x3, 0x2d0, 0x0, 0x0, 0x160, 0x160, 0x62020048, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'geneve1\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a05050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8", 0x5a}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x10, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98, 0x0, {0xed030000}}, {0x28, '\x00', 0x4}}}}, 0x330) 1.363456969s ago: executing program 4 (id=253): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYRES8], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000280)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000) syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) r1 = dup(r0) write$P9_RLERRORu(r1, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x53) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000640)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000580)={0xffffffffffffffff}, 0x111, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f0000000800)=[{0x24, 0x0, [0xffff7fff, 0x10001, 0x702a, 0x3, 0xa, 0x100, 0x7fffffff, 0x7, 0xb, 0x7, 0x0, 0x5, 0x2, 0x9, 0x1, 0x3]}, {0x29, 0x0, [0xe487, 0x5, 0x4, 0x3, 0x7ffe, 0x8, 0x0, 0xe3, 0xa, 0x5, 0xc0, 0x53, 0x3, 0x4a, 0x807ff, 0x5]}, {0x20, 0x0, [0x1ff, 0x3, 0x7, 0x9, 0x1e000000, 0x8, 0x2, 0x802, 0x1e2, 0x3, 0x200007, 0x6, 0x24, 0x78, 0x1, 0x4c]}, {0x1c, 0x0, [0x7, 0x5, 0x368, 0x2, 0x3ff, 0x0, 0x6, 0x9, 0x486f, 0x19f, 0x0, 0xbc, 0x7, 0x735c, 0x8000001, 0xffffffff]}, {0x8, 0x0, [0x67, 0x8, 0x0, 0x200, 0x1, 0x8, 0x2, 0x100, 0x0, 0xffff8a24, 0x3, 0xfff, 0x8, 0x7, 0x80, 0x3]}], r2, 0x1, 0x1, 0x168}}, 0x20) write$binfmt_elf64(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x8080, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=r1]) mq_timedreceive(r1, &(0x7f0000000040)=""/104, 0x68, 0x100000000, 0x0) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0xffa0, &(0x7f0000000380)}, &(0x7f0000000180)=0x10) setxattr$incfs_id(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), &(0x7f0000000500)={'0000000000000000000000000000000', 0x30}, 0x20, 0x3) r4 = open(&(0x7f00000005c0)='./bus\x00', 0x167842, 0x19) pwritev2(r4, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xffffffe4}], 0x1, 0x1400, 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="0700000004000000080200002100000000000000", @ANYRES32, @ANYBLOB="000000000000000000009997301d820256e70000afa34f6233f75a725145517512f910e8aae1eafed7ee8ba5de920573286619d1c88461814cd2fe7fe272393389e8bceb1746f7b321db02cd54e5e32941832cb36dc9f7f6d2d24bbc77f22367d250b8ca0a5ae60ac9fe5d3a6be2dce55e2eec05f6afdd3a5387da5458b415b41c852c4b53d374e0e7b8098852bbbd6ac609c9c74d2d88615096e0d762648a07a5b7e64359e0fb67ea90b14981246071c388d56aeeef2da533f58099814b051b325239101379260254c504c38b75cb415198c519a4136772188e4a5ce227a2", @ANYRES32=0x0, @ANYRES32], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000cb000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r7}, 0x18) r8 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) r9 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc2}, &(0x7f00000002c0)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd780bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138", 0x18}, 0x48, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x4, r9, r8, r8, 0x0) write$binfmt_elf64(r5, &(0x7f0000000980)=ANY=[@ANYBLOB="7f454c4600000006010000000000000003003e000000000003000000000000004000000000000000980100000000000002000000000038000200000002000000000000600300000008000000000000000d00000000000000ed08000000000000f0ffffffffffffff0000000000000000080000000000000003000000cff5ffff800300000000000001000000000000000500000000000000ff"], 0x5b0) close(r5) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) 1.168440212s ago: executing program 5 (id=257): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x18) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) 1.123634693s ago: executing program 5 (id=259): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYRES8], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000280)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000) syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) r1 = dup(r0) write$P9_RLERRORu(r1, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x53) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000640)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000580)={0xffffffffffffffff}, 0x111, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f0000000800)=[{0x24, 0x0, [0xffff7fff, 0x10001, 0x702a, 0x3, 0xa, 0x100, 0x7fffffff, 0x7, 0xb, 0x7, 0x0, 0x5, 0x2, 0x9, 0x1, 0x3]}, {0x29, 0x0, [0xe487, 0x5, 0x4, 0x3, 0x7ffe, 0x8, 0x0, 0xe3, 0xa, 0x5, 0xc0, 0x53, 0x3, 0x4a, 0x807ff, 0x5]}, {0x20, 0x0, [0x1ff, 0x3, 0x7, 0x9, 0x1e000000, 0x8, 0x2, 0x802, 0x1e2, 0x3, 0x200007, 0x6, 0x24, 0x78, 0x1, 0x4c]}, {0x1c, 0x0, [0x7, 0x5, 0x368, 0x2, 0x3ff, 0x0, 0x6, 0x9, 0x486f, 0x19f, 0x0, 0xbc, 0x7, 0x735c, 0x8000001, 0xffffffff]}, {0x8, 0x0, [0x67, 0x8, 0x0, 0x200, 0x1, 0x8, 0x2, 0x100, 0x0, 0xffff8a24, 0x3, 0xfff, 0x8, 0x7, 0x80, 0x3]}], r2, 0x1, 0x1, 0x168}}, 0x20) write$binfmt_elf64(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x8080, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=r1]) mq_timedreceive(r1, &(0x7f0000000040)=""/104, 0x68, 0x100000000, 0x0) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0xffa0, &(0x7f0000000380)}, &(0x7f0000000180)=0x10) setxattr$incfs_id(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), &(0x7f0000000500)={'0000000000000000000000000000000', 0x30}, 0x20, 0x3) r4 = open(&(0x7f00000005c0)='./bus\x00', 0x167842, 0x19) pwritev2(r4, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xffffffe4}], 0x1, 0x1400, 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="0700000004000000080200002100000000000000", @ANYRES32, @ANYBLOB="000000000000000000009997301d820256e70000afa34f6233f75a725145517512f910e8aae1eafed7ee8ba5de920573286619d1c88461814cd2fe7fe272393389e8bceb1746f7b321db02cd54e5e32941832cb36dc9f7f6d2d24bbc77f22367d250b8ca0a5ae60ac9fe5d3a6be2dce55e2eec05f6afdd3a5387da5458b415b41c852c4b53d374e0e7b8098852bbbd6ac609c9c74d2d88615096e0d762648a07a5b7e64359e0fb67ea90b14981246071c388d56aeeef2da533f58099814b051b325239101379260254c504c38b75cb415198c519a4136772188e4a5ce227a2", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000cb000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r7}, 0x18) r8 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) r9 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc2}, &(0x7f00000002c0)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd780bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138", 0x18}, 0x48, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x4, r9, r8, r8, 0x0) write$binfmt_elf64(r5, &(0x7f0000000980)=ANY=[@ANYBLOB="7f454c4600000006010000000000000003003e000000000003000000000000004000000000000000980100000000000002000000000038000200000002000000000000600300000008000000000000000d00000000000000ed08000000000000f0ffffffffffffff0000000000000000080000000000000003000000cff5ffff800300000000000001000000000000000500000000000000ff"], 0x5b0) close(r5) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) 1.057671304s ago: executing program 1 (id=261): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200400100000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000001401038010010080080003400000000203"], 0x1d4}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 789.318078ms ago: executing program 5 (id=263): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x8401) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000009c0)={'\x00', 0x7ff, 0x58, 0xc, 0x3, 0x59c, 0xffffffffffffffff}) ioctl$SG_BLKTRACETEARDOWN(r2, 0x1276, 0x0) r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) getpeername(r3, &(0x7f0000000240)=@nl, &(0x7f0000000300)=0x80) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x28, r4, 0x1, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x802}, 0x44000) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0xf8, r4, 0x4, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0xa9e, 0x9}}}}, [@NL80211_ATTR_IE={0xce, 0x2a, [@random={0x75, 0xc8, "9d9beac7a8cb78d2ab1dbbf2cbcf4ae20e0a05c218ea171b7a4403b72d2002ed0bbead697471a280e44fef9fcee6f8b247940bb95fd8776d8ff41ba4bca1cda4a6956b167393acbc96bd81f34df155b64eacdb68950626ad07a5db96dd73f33c816801bddf11e504611833fde48a49d58fee63a1f16ba9992f165a8e6d5cf6041fe3d0ca9d0e4365c45eee7d7bcc504d96451a5ec6c894624292a65cee3c77ea4bb256d25e3f125622552d7494c36358b036844abf4e36e2e15be8e30a81d82cb1b09bfe21d043ae"}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x80}, 0x20048000) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0x20) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r6, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x4, 0x0, 0x7, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000050b6850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x1a1040, 0x0) 655.90262ms ago: executing program 0 (id=265): recvmmsg(0xffffffffffffffff, &(0x7f0000005400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=""/4096, 0x1000}}, {{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, &(0x7f0000005100)=[{0x0}, {&(0x7f0000004f40)=""/101, 0x65}], 0x2}}], 0x3, 0x0, 0x0) r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r2}, 0x10) r3 = dup3(r1, r0, 0x0) recvmmsg(r3, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000040000000900000001"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000f9ffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x10) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x863, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x18) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_bp={0x0, 0xd}, 0x2100, 0x10000, 0x4, 0x0, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x1000000002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r8 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r8, 0x107, 0x12, &(0x7f0000000100)={0x3, 0x9001}, 0x4) r9 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r9, 0x8, 0x0, 0x4, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1) 500.615392ms ago: executing program 3 (id=267): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000008eefeafe6ec3bbe20080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0, r1}, 0x18) (async) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x1a, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x5, 0x3, &(0x7f0000000500)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x401}, 0x94) (async) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r2) (async) r3 = socket$netlink(0x10, 0x3, 0x0) (async) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r5}, 0x18) (async) r6 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) (async) r7 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d0800000000000000e4230800000012f9f6a32e54c598e950cfed0200ad7ff0fb02566a0982430f5aff52dd8d39a714c31ed56ad59300002000"}, 0x48, 0xffffffffffffffff) (async) r8 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x4, r8, r7, 0x0, 0x0) keyctl$KEYCTL_MOVE(0x4, r6, r6, 0x0, 0x0) (async) syz_open_dev$usbfs(&(0x7f00000003c0), 0x80000000, 0x200000) (async) writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000040)="3900000013000318680907070000000f0000ff3f04000000170a001700000000040037000d00030001332564aa58b9a64411f6bbf44dc48f57", 0x39}], 0x1) (async) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x40, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000001, 0x8031, 0xffffffffffffffff, 0x0) (async) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000500)) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r9) sendmsg$NLBL_CIPSOV4_C_ADD(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000000000000000000100000008000100030000002c00048005000300010000000500030002000000050003001f000000050003000100000005000300800000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0xc082}, 0xc000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) getgroups(0x0, 0x0) (async) syz_open_dev$tty1(0xc, 0x4, 0x3) (async) mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0) 492.762312ms ago: executing program 4 (id=268): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) syslog(0x4, 0x0, 0x0) 365.288585ms ago: executing program 3 (id=269): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) 364.222314ms ago: executing program 0 (id=270): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r1}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="ffffffffffff0180c200000308060001080006040002aaaaaaaaaabbac14"], 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) 321.049435ms ago: executing program 3 (id=271): mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f00000039c0)=[{{&(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10, 0x0}}], 0x1, 0x2000c044) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[], 0x30}}, 0x0) sendto$inet(r0, 0x0, 0x0, 0x60, 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x17, 0x8003, 'dh\x00', 0x1, 0x4, 0x80000075}, 0x2c) r5 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@rand_addr=0xac1414aa, 0x4e23, 0x2000, 0x1cb, 0x12d5e, 0x12d58}}, 0x44) setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x8, 0x303b, 0x55}, {@remote, 0x4e23, 0x2000, 0x0, 0x12d5c, 0x12d5c}}, 0x44) write$P9_RVERSION(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r6 = dup(r3) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x22, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r7, 0x0, 0x1000}, 0x18) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYRES16=r1], 0x0}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x18) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000600)=@newtaction={0x90, 0x30, 0x871a15abc695fb3d, 0x0, 0x25dfdbfd, {}, [{0x7c, 0x1, [@m_tunnel_key={0x78, 0x1, 0x0, 0x0, {{0xf}, {0x48, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x204, 0x7, 0x0, 0x200000, 0x6}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @empty}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @empty}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x20048840}, 0x4001000) r11 = socket$inet_udp(0x2, 0x2, 0x0) r12 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000001000000000000000000000018110000a5ed9b2c41e31bf21c4b6eb7c7ab40cb486dfeb2575d11924f641d96453da23bf02db60db78f02ec2548280b3a847094336b5676ae25bd7603d12704c81b7164e5360eb5c4497c1d212d4d31e100d97e87999ece4cb2605a0606679adfa81d84e10a27fb8011742ab2beaefef4b27d15c9b30406a571d7ac5831d43f5b815339717077167c9c85447b59e7cca6bbc737e8ba89219a00a4d57a988305fdabce158c336985ac1454c758cdb8c28101956a4251fb4bbd5be5c167d57fd06038905c39f1eac38ac87c4ab56b8d1c593e7af8fa8f8f51e67ef47d52bfaedc8284ae4add8dd0378ed890929411b5cddd", @ANYRES32=r12, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x5, 0xfe9d, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7b2}, 0x94) r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r13}, 0x10) setsockopt$IPT_SO_SET_REPLACE(r11, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x0, 0x11, 0x148, 0x0, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x81}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6]) 320.797105ms ago: executing program 4 (id=272): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x8401) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000009c0)={'\x00', 0x7ff, 0x58, 0xc, 0x3, 0x59c, 0xffffffffffffffff}) ioctl$SG_BLKTRACETEARDOWN(r2, 0x1276, 0x0) r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) getpeername(r3, &(0x7f0000000240)=@nl, &(0x7f0000000300)=0x80) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x28, r4, 0x1, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x802}, 0x44000) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0xf8, r4, 0x4, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0xa9e, 0x9}}}}, [@NL80211_ATTR_IE={0xce, 0x2a, [@random={0x75, 0xc8, "9d9beac7a8cb78d2ab1dbbf2cbcf4ae20e0a05c218ea171b7a4403b72d2002ed0bbead697471a280e44fef9fcee6f8b247940bb95fd8776d8ff41ba4bca1cda4a6956b167393acbc96bd81f34df155b64eacdb68950626ad07a5db96dd73f33c816801bddf11e504611833fde48a49d58fee63a1f16ba9992f165a8e6d5cf6041fe3d0ca9d0e4365c45eee7d7bcc504d96451a5ec6c894624292a65cee3c77ea4bb256d25e3f125622552d7494c36358b036844abf4e36e2e15be8e30a81d82cb1b09bfe21d043ae"}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x80}, 0x20048000) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0x20) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r6, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x4, 0x0, 0x7, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000050b6850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x1a1040, 0x0) 320.137885ms ago: executing program 0 (id=273): bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000200009500"], &(0x7f00000001c0)='syzkaller\x00'}, 0x94) creat(0x0, 0xecf86c37d53049cc) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r3}, 0x10) set_mempolicy(0x3, &(0x7f0000000000)=0x4000000ffb, 0x8) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) r6 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r5, 0x25, 0x0, @val=@netfilter}, 0x40) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) close_range(r0, r6, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0x101}, 0x18) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0000000000000000000000a8b4f5c7", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x50) unshare(0x22020400) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000500)={r8, 0x0, 0x20000000}, 0x20) 288.016995ms ago: executing program 0 (id=274): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$evdev(0x0, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r2}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000000) socket$nl_netfilter(0x10, 0x3, 0xc) sendto$inet6(r0, &(0x7f00000000c0)="04", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) 271.572126ms ago: executing program 0 (id=275): r0 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x0, @local}, 0x4a, {0x2, 0x0, @multicast2}, 'syz_tun\x00'}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a0000000000008500000006000000"], 0x0, 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) add_key$keyring(0x0, 0x0, 0x0, 0x0, r5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x18) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="54000000000801010000ffffe00000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000) r7 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r7, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc) setsockopt$inet_msfilter(r7, 0x0, 0x29, &(0x7f0000000240)=ANY=[@ANYBLOB="e0000002ac1414aa0100"], 0x18) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r3}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000480)={'syztnl1\x00', &(0x7f0000000580)={'ip6gre0\x00', 0x0, 0x2f, 0x10, 0x7c, 0x80000000, 0x10, @remote, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7800, 0x700, 0x7, 0x4}}) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1f, 0xd, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6}, [@alu={0x4, 0x1, 0x9, 0x1, 0x4, 0xfffffffffffffff0, 0x10}, @map_val={0x18, 0x2, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x8}, @ldst={0x0, 0x1, 0x6, 0x5, 0xa, 0x2, 0xffffffffffffffff}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x4}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}]}, &(0x7f0000000140)='GPL\x00', 0x8, 0x0, &(0x7f00000001c0), 0x40f00, 0x65, '\x00', r8, @fallback=0x2f, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000600)={0x4, 0x4, 0x6, 0xfffffff8}, 0x10, 0x0, r4, 0xa, 0x0, &(0x7f0000000640)=[{0x5, 0x4, 0x9, 0x5}, {0x3, 0x4, 0xa, 0x3}, {0x2, 0x5, 0xf, 0x9}, {0x2, 0x3, 0x8}, {0x3, 0x10000005, 0x2001, 0x1}, {0x2, 0x3, 0xa, 0x4}, {0x3, 0x1, 0x3, 0x4}, {0x1, 0x5, 0x20000000, 0xb}, {0x5, 0x2, 0x3, 0x3}, {0x0, 0x3, 0x0, 0x5}], 0x10, 0x7}, 0x94) vmsplice(r2, 0x0, 0x0, 0x14) 247.747367ms ago: executing program 0 (id=276): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x2}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000040000850000001b000000b700000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000000c0)='kmem_cache_free\x00', r2}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) ioperm(0x6, 0x2, 0x80) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x4, &(0x7f0000000180)=[{0x2d, 0x0, 0x2}, {}, {}, {0x6}]}) r3 = socket$key(0xf, 0x3, 0x2) r4 = syz_io_uring_setup(0x64b7, &(0x7f0000002600)={0x0, 0xffffff7c, 0x13580, 0x3, 0x35c}, &(0x7f0000000100)=0x0, &(0x7f0000000580)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x6000, @fd_index=0x1, 0xffffffffffffffff, 0xfffffffffffffab2, 0x7, 0x5, 0x1}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000000800)=[{&(0x7f00000005c0)=""/92, 0x5c}], 0x1) io_uring_enter(r4, 0x54, 0x0, 0x0, 0x0, 0x0) sendmsg$key(r3, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300030e000000000700000000000004000900a0000000015204f089b96478db1d8a5f756509e977fb1a030000000002000100000000000000020d1600003f030006000000000002004e21000000800000000000000000030005003200000002"], 0x70}, 0x1, 0x7}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000007390ba782cb4ef2e8911a5ffe400", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='subflow_check_data_avail\x00', r9}, 0x18) r10 = dup(r7) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x20, 0x13, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x20}}, 0x4000040) sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240"], 0x64}, 0x1, 0x0, 0x0, 0x4854}, 0x0) sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4) 193.477907ms ago: executing program 1 (id=277): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x2}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000040000850000001b000000b7000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000000c0)='kmem_cache_free\x00', r2}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) ioperm(0x6, 0x2, 0x80) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x4, &(0x7f0000000180)=[{0x2d, 0x0, 0x2}, {}, {}, {0x6}]}) r3 = socket$key(0xf, 0x3, 0x2) r4 = syz_io_uring_setup(0x64b7, &(0x7f0000002600)={0x0, 0xffffff7c, 0x13580, 0x3, 0x35c}, &(0x7f0000000100)=0x0, &(0x7f0000000580)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x6000, @fd_index=0x1, 0xffffffffffffffff, 0xfffffffffffffab2, 0x7, 0x5, 0x1}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000000800)=[{&(0x7f00000005c0)=""/92, 0x5c}], 0x1) io_uring_enter(r4, 0x54, 0x0, 0x0, 0x0, 0x0) sendmsg$key(r3, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300030e000000000700000000000004000900a0000000015204f089b96478db1d8a5f756509e977fb1a030000000002000100000000000000020d1600003f030006000000000002004e21000000800000000000000000030005003200000002"], 0x70}, 0x1, 0x7}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000007390ba782cb4ef2e8911a5ffe400", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='subflow_check_data_avail\x00', r9}, 0x18) r10 = dup(r7) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x20, 0x13, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x20}}, 0x4000040) sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240"], 0x64}, 0x1, 0x0, 0x0, 0x4854}, 0x0) sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4) 192.475847ms ago: executing program 3 (id=278): r0 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x0, @local}, 0x4a, {0x2, 0x0, @multicast2}, 'syz_tun\x00'}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a0000000000008500000006000000"], 0x0, 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) add_key$keyring(0x0, 0x0, 0x0, 0x0, r5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x18) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="54000000000801010000ffffe00000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000) r7 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r7, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc) setsockopt$inet_msfilter(r7, 0x0, 0x29, &(0x7f0000000240)=ANY=[@ANYBLOB="e0000002ac1414aa0100000002"], 0x18) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, 0x0, &(0x7f00000002c0)=@chain={'key_or_keyring:', r3}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000480)={'syztnl1\x00', &(0x7f0000000580)={'ip6gre0\x00', 0x0, 0x2f, 0x10, 0x7c, 0x80000000, 0x10, @remote, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7800, 0x700, 0x7, 0x4}}) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1f, 0x8, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6}, [@alu={0x4, 0x1, 0x9, 0x1, 0x4, 0xfffffffffffffff0, 0x10}, @map_val={0x18, 0x2, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x8}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x4}]}, &(0x7f0000000140)='GPL\x00', 0x8, 0x0, &(0x7f00000001c0), 0x40f00, 0x65, '\x00', r8, @fallback=0x2f, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000600)={0x4, 0x4, 0x6, 0xfffffff8}, 0x10, 0x0, r4, 0xa, 0x0, &(0x7f0000000640)=[{0x5, 0x4, 0x9, 0x5}, {0x3, 0x4, 0xa, 0x3}, {0x2, 0x5, 0xf, 0x9}, {0x2, 0x3, 0x8}, {0x3, 0x10000005, 0x2001, 0x1}, {0x2, 0x3, 0xa, 0x4}, {0x3, 0x1, 0x3, 0x4}, {0x1, 0x5, 0x20000000, 0xb}, {0x5, 0x2, 0x3, 0x3}, {0x0, 0x3, 0x0, 0x5}], 0x10, 0x7}, 0x94) vmsplice(r2, 0x0, 0x0, 0x14) 184.223477ms ago: executing program 5 (id=279): r0 = syz_open_dev$loop(&(0x7f00000005c0), 0x9, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_user\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000001000), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x1d, "fee8a2abfc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0155aaffffffffffff0300", "2809e85397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac0000000000000000000400", "90010000009265406c09306903d800", [0x0, 0x1]}}) 143.888058ms ago: executing program 3 (id=280): r0 = syz_open_dev$loop(&(0x7f00000005c0), 0x9, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_user\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000001000), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x1d, "fee8a2abfc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0155aaffffffffffff0300", "2809e85397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac0000000000000000000400", "90010000009265406c09306903d800", [0x0, 0x1]}}) 47.835889ms ago: executing program 5 (id=281): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) 39.309799ms ago: executing program 3 (id=282): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x60, r1, 0x1, 0x80000, 0x1, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_PEERS={0x38, 0x8, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x33ae}, @WGPEER_A_ALLOWEDIPS={0x4}]}]}]}, 0x60}}, 0x0) socket$pppoe(0x18, 0x1, 0x0) (async) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x4, @broadcast, 'vlan0\x00'}}, 0x1e) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) sendmsg$inet(r3, &(0x7f0000000380)={0x0, 0x50, 0x0}, 0x2400c855) 0s ago: executing program 5 (id=283): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000070000000850000000f00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r0}, 0x18) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4) (fail_nth: 2) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.118' (ED25519) to the list of known hosts. [ 23.387178][ T29] audit: type=1400 audit(1752777013.424:62): avc: denied { mounton } for pid=3293 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.388008][ T3293] cgroup: Unknown subsys name 'net' [ 23.409892][ T29] audit: type=1400 audit(1752777013.424:63): avc: denied { mount } for pid=3293 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.437256][ T29] audit: type=1400 audit(1752777013.454:64): avc: denied { unmount } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.552730][ T3293] cgroup: Unknown subsys name 'cpuset' [ 23.558752][ T3293] cgroup: Unknown subsys name 'rlimit' [ 23.687128][ T29] audit: type=1400 audit(1752777013.724:65): avc: denied { setattr } for pid=3293 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.710469][ T29] audit: type=1400 audit(1752777013.724:66): avc: denied { create } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.731073][ T29] audit: type=1400 audit(1752777013.724:67): avc: denied { write } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.751473][ T29] audit: type=1400 audit(1752777013.724:68): avc: denied { read } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.771851][ T29] audit: type=1400 audit(1752777013.754:69): avc: denied { mounton } for pid=3293 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.778377][ T3295] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 23.796647][ T29] audit: type=1400 audit(1752777013.754:70): avc: denied { mount } for pid=3293 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 23.828422][ T29] audit: type=1400 audit(1752777013.844:71): avc: denied { relabelto } for pid=3295 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.868715][ T3293] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 25.918556][ T3304] chnl_net:caif_netlink_parms(): no params data found [ 25.977254][ T3302] chnl_net:caif_netlink_parms(): no params data found [ 26.007033][ T3311] chnl_net:caif_netlink_parms(): no params data found [ 26.015451][ T3303] chnl_net:caif_netlink_parms(): no params data found [ 26.040470][ T3304] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.047588][ T3304] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.054839][ T3304] bridge_slave_0: entered allmulticast mode [ 26.061069][ T3304] bridge_slave_0: entered promiscuous mode [ 26.085306][ T3304] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.092399][ T3304] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.099534][ T3304] bridge_slave_1: entered allmulticast mode [ 26.105875][ T3304] bridge_slave_1: entered promiscuous mode [ 26.122632][ T3307] chnl_net:caif_netlink_parms(): no params data found [ 26.145383][ T3304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 26.159033][ T3302] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.166174][ T3302] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.173304][ T3302] bridge_slave_0: entered allmulticast mode [ 26.179592][ T3302] bridge_slave_0: entered promiscuous mode [ 26.188541][ T3304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 26.208833][ T3302] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.216005][ T3302] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.223976][ T3302] bridge_slave_1: entered allmulticast mode [ 26.230542][ T3302] bridge_slave_1: entered promiscuous mode [ 26.264651][ T3304] team0: Port device team_slave_0 added [ 26.272487][ T3303] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.279703][ T3303] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.287101][ T3303] bridge_slave_0: entered allmulticast mode [ 26.293557][ T3303] bridge_slave_0: entered promiscuous mode [ 26.309398][ T3304] team0: Port device team_slave_1 added [ 26.324058][ T3303] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.331206][ T3303] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.338526][ T3303] bridge_slave_1: entered allmulticast mode [ 26.344965][ T3303] bridge_slave_1: entered promiscuous mode [ 26.352570][ T3302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 26.365617][ T3311] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.372877][ T3311] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.379954][ T3311] bridge_slave_0: entered allmulticast mode [ 26.386432][ T3311] bridge_slave_0: entered promiscuous mode [ 26.403026][ T3302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 26.416685][ T3311] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.423788][ T3311] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.430886][ T3311] bridge_slave_1: entered allmulticast mode [ 26.437242][ T3311] bridge_slave_1: entered promiscuous mode [ 26.443715][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 26.450717][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 26.476718][ T3304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 26.487844][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 26.494821][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 26.520758][ T3304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 26.531586][ T3307] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.538680][ T3307] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.545963][ T3307] bridge_slave_0: entered allmulticast mode [ 26.552381][ T3307] bridge_slave_0: entered promiscuous mode [ 26.563775][ T3303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 26.579575][ T3307] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.586683][ T3307] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.593890][ T3307] bridge_slave_1: entered allmulticast mode [ 26.600627][ T3307] bridge_slave_1: entered promiscuous mode [ 26.612140][ T3303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 26.631314][ T3302] team0: Port device team_slave_0 added [ 26.643405][ T3311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 26.653532][ T3311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 26.667364][ T3302] team0: Port device team_slave_1 added [ 26.695395][ T3307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 26.709894][ T3303] team0: Port device team_slave_0 added [ 26.717290][ T3304] hsr_slave_0: entered promiscuous mode [ 26.723290][ T3304] hsr_slave_1: entered promiscuous mode [ 26.734677][ T3307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 26.744014][ T3302] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 26.750991][ T3302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 26.777021][ T3302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 26.788798][ T3303] team0: Port device team_slave_1 added [ 26.804644][ T3311] team0: Port device team_slave_0 added [ 26.810665][ T3302] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 26.817635][ T3302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 26.843795][ T3302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 26.862733][ T3311] team0: Port device team_slave_1 added [ 26.869055][ T3307] team0: Port device team_slave_0 added [ 26.875829][ T3307] team0: Port device team_slave_1 added [ 26.911257][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 26.918532][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 26.944485][ T3307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 26.955664][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 26.962685][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 26.988688][ T3303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 26.999860][ T3311] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.006921][ T3311] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.033092][ T3311] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.045891][ T3311] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.052942][ T3311] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.078885][ T3311] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.095402][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.102379][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.128386][ T3307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.145261][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.152311][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.178301][ T3303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.208627][ T3302] hsr_slave_0: entered promiscuous mode [ 27.214673][ T3302] hsr_slave_1: entered promiscuous mode [ 27.220648][ T3302] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 27.228222][ T3302] Cannot create hsr debugfs directory [ 27.258188][ T3307] hsr_slave_0: entered promiscuous mode [ 27.264300][ T3307] hsr_slave_1: entered promiscuous mode [ 27.270176][ T3307] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 27.277855][ T3307] Cannot create hsr debugfs directory [ 27.297355][ T3311] hsr_slave_0: entered promiscuous mode [ 27.303259][ T3311] hsr_slave_1: entered promiscuous mode [ 27.309044][ T3311] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 27.316615][ T3311] Cannot create hsr debugfs directory [ 27.328968][ T3303] hsr_slave_0: entered promiscuous mode [ 27.335130][ T3303] hsr_slave_1: entered promiscuous mode [ 27.340908][ T3303] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 27.348584][ T3303] Cannot create hsr debugfs directory [ 27.511209][ T3304] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 27.522391][ T3304] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 27.530905][ T3304] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 27.541598][ T3304] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 27.560365][ T3302] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 27.571319][ T3302] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 27.579910][ T3302] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 27.591519][ T3302] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 27.615288][ T3307] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 27.624477][ T3307] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 27.638030][ T3307] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 27.648910][ T3307] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 27.688265][ T3303] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 27.705543][ T3303] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 27.716684][ T3303] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 27.725759][ T3303] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 27.746693][ T3311] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 27.755491][ T3311] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 27.765801][ T3304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.775541][ T3311] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 27.784199][ T3311] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 27.797173][ T3302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.811128][ T3304] 8021q: adding VLAN 0 to HW filter on device team0 [ 27.826469][ T3302] 8021q: adding VLAN 0 to HW filter on device team0 [ 27.843466][ T378] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.850700][ T378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.859526][ T378] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.866679][ T378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.890066][ T378] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.897145][ T378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.921598][ T3307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.929725][ T111] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.936786][ T111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.979463][ T3303] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.996121][ T3307] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.010497][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.017608][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.043103][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.050502][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.066972][ T3303] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.078793][ T3311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.089886][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.097040][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.112122][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.119335][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.141533][ T3311] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.151864][ T3302] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.160904][ T3304] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.171343][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.178559][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.191441][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.198589][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.241367][ T3307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.259014][ T3311] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 28.269510][ T3311] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 28.338949][ T3304] veth0_vlan: entered promiscuous mode [ 28.370489][ T3302] veth0_vlan: entered promiscuous mode [ 28.382379][ T3311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.391038][ T3304] veth1_vlan: entered promiscuous mode [ 28.404587][ T3303] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.415283][ T3302] veth1_vlan: entered promiscuous mode [ 28.427783][ T3304] veth0_macvtap: entered promiscuous mode [ 28.449419][ T3302] veth0_macvtap: entered promiscuous mode [ 28.456081][ T3304] veth1_macvtap: entered promiscuous mode [ 28.467073][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.481509][ T3302] veth1_macvtap: entered promiscuous mode [ 28.489526][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.497902][ T3307] veth0_vlan: entered promiscuous mode [ 28.513544][ T3304] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.522361][ T3304] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.531106][ T3304] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.539930][ T3304] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.550597][ T3307] veth1_vlan: entered promiscuous mode [ 28.563334][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.576955][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.587581][ T3302] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.596407][ T3302] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.605146][ T3302] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.613921][ T3302] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.641809][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 28.641823][ T29] audit: type=1400 audit(1752777018.674:81): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/root/syzkaller.qLsEQR/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 28.677290][ T3307] veth0_macvtap: entered promiscuous mode [ 28.683465][ T29] audit: type=1400 audit(1752777018.674:82): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 28.705498][ T29] audit: type=1400 audit(1752777018.674:83): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/root/syzkaller.qLsEQR/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 28.708565][ T3311] veth0_vlan: entered promiscuous mode [ 28.730811][ T29] audit: type=1400 audit(1752777018.674:84): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 28.738151][ T3307] veth1_macvtap: entered promiscuous mode [ 28.758044][ T29] audit: type=1400 audit(1752777018.674:85): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/root/syzkaller.qLsEQR/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 28.790392][ T29] audit: type=1400 audit(1752777018.674:86): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/root/syzkaller.qLsEQR/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4549 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 28.817949][ T29] audit: type=1400 audit(1752777018.674:87): avc: denied { unmount } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 28.837451][ T29] audit: type=1400 audit(1752777018.714:88): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 28.860228][ T29] audit: type=1400 audit(1752777018.714:89): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="gadgetfs" ino=4550 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 28.884869][ T3304] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 28.894518][ T3311] veth1_vlan: entered promiscuous mode [ 28.917232][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.935326][ T29] audit: type=1400 audit(1752777018.964:90): avc: denied { read write } for pid=3304 comm="syz-executor" name="loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 28.940242][ T3311] veth0_macvtap: entered promiscuous mode [ 28.971722][ T3311] veth1_macvtap: entered promiscuous mode [ 28.986041][ T3474] netlink: 332 bytes leftover after parsing attributes in process `syz.0.1'. [ 28.993609][ T3303] veth0_vlan: entered promiscuous mode [ 29.006730][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.021118][ T3307] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.029885][ T3307] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.038647][ T3307] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.047449][ T3307] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.069377][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.078795][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.087413][ T3311] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.096226][ T3311] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.104922][ T3311] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.113744][ T3311] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.144855][ T3303] veth1_vlan: entered promiscuous mode [ 29.150695][ T3477] loop3: detected capacity change from 0 to 512 [ 29.178755][ T3477] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4: bg 0: block 248: padding at end of block bitmap is not set [ 29.207303][ T3303] veth0_macvtap: entered promiscuous mode [ 29.237325][ T3303] veth1_macvtap: entered promiscuous mode [ 29.283331][ T3477] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.4: Failed to acquire dquot type 1 [ 29.308665][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.379320][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.392893][ T3477] EXT4-fs (loop3): 1 truncate cleaned up [ 29.411165][ T3477] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 29.429994][ T3303] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.438869][ T3303] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.447692][ T3303] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.456530][ T3303] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.480065][ T3477] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.586460][ T3499] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 29.603268][ T3477] syz.3.4 (3477) used greatest stack depth: 9096 bytes left [ 29.624538][ T3503] SELinux: syz.1.9 (3503) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 29.638329][ T3499] loop0: detected capacity change from 0 to 512 [ 29.645962][ T3499] ======================================================= [ 29.645962][ T3499] WARNING: The mand mount option has been deprecated and [ 29.645962][ T3499] and is ignored by this kernel. Remove the mand [ 29.645962][ T3499] option from the mount to silence this warning. [ 29.645962][ T3499] ======================================================= [ 29.694595][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 29.704398][ T3499] EXT4-fs: Ignoring removed i_version option [ 29.710526][ T3499] EXT4-fs: dax option not supported [ 29.738130][ T3505] netlink: 'syz.4.5': attribute type 1 has an invalid length. [ 29.751062][ T3507] FAULT_INJECTION: forcing a failure. [ 29.751062][ T3507] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 29.753728][ T3509] tipc: Started in network mode [ 29.764398][ T3507] CPU: 0 UID: 0 PID: 3507 Comm: syz.1.10 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 29.764427][ T3507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 29.764443][ T3507] Call Trace: [ 29.764449][ T3507] [ 29.764456][ T3507] __dump_stack+0x1d/0x30 [ 29.764476][ T3507] dump_stack_lvl+0xe8/0x140 [ 29.764515][ T3507] dump_stack+0x15/0x1b [ 29.764573][ T3507] should_fail_ex+0x265/0x280 [ 29.764663][ T3507] should_fail+0xb/0x20 [ 29.764687][ T3507] should_fail_usercopy+0x1a/0x20 [ 29.764729][ T3507] _copy_from_user+0x1c/0xb0 [ 29.764747][ T3507] simple_transaction_get+0xe2/0x130 [ 29.764810][ T3507] selinux_transaction_write+0x9d/0x110 [ 29.764837][ T3507] ? __pfx_selinux_transaction_write+0x10/0x10 [ 29.764862][ T3507] vfs_write+0x269/0x8e0 [ 29.764930][ T3507] ? __rcu_read_unlock+0x4f/0x70 [ 29.764950][ T3507] ? __fget_files+0x184/0x1c0 [ 29.764969][ T3507] ksys_write+0xda/0x1a0 [ 29.764996][ T3507] __x64_sys_write+0x40/0x50 [ 29.765055][ T3507] x64_sys_call+0x2cdd/0x2fb0 [ 29.765075][ T3507] do_syscall_64+0xd2/0x200 [ 29.765092][ T3507] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 29.765116][ T3507] ? clear_bhb_loop+0x40/0x90 [ 29.765135][ T3507] ? clear_bhb_loop+0x40/0x90 [ 29.765192][ T3507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 29.765212][ T3507] RIP: 0033:0x7fed6b37e929 [ 29.765229][ T3507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 29.765245][ T3507] RSP: 002b:00007fed699df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 29.765267][ T3507] RAX: ffffffffffffffda RBX: 00007fed6b5a5fa0 RCX: 00007fed6b37e929 [ 29.765322][ T3507] RDX: 0000000000000027 RSI: 0000200000000080 RDI: 0000000000000003 [ 29.765333][ T3507] RBP: 00007fed699df090 R08: 0000000000000000 R09: 0000000000000000 [ 29.765344][ T3507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 29.765355][ T3507] R13: 0000000000000000 R14: 00007fed6b5a5fa0 R15: 00007ffe903d07b8 [ 29.765370][ T3507] [ 29.827893][ T3499] binfmt_misc: register: failed to install interpreter file ./file2 [ 29.829573][ T3509] tipc: Node identity type_len, cluster identity 4711 [ 29.921508][ T3516] loop0: detected capacity change from 0 to 256 [ 29.924112][ T3509] tipc: Enabling of bearer rejected, failed to enable media [ 30.034842][ T3516] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.067661][ T3516] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 30.076301][ T3516] FAT-fs (loop0): Filesystem has been set read-only [ 30.144441][ T3534] loop2: detected capacity change from 0 to 128 [ 30.161237][ T3534] netlink: 36 bytes leftover after parsing attributes in process `syz.2.19'. [ 30.241882][ T3534] loop9: detected capacity change from 0 to 7 [ 30.258567][ T3534] Buffer I/O error on dev loop9, logical block 0, async page read [ 30.280801][ T3545] loop1: detected capacity change from 0 to 1024 [ 30.282263][ T3534] Buffer I/O error on dev loop9, logical block 0, async page read [ 30.287739][ T3545] EXT4-fs: Ignoring removed orlov option [ 30.295000][ T3534] loop9: unable to read partition table [ 30.299269][ T3534] loop_reread_partitions: partition scan of loop9 (被ڬdƤݡ [ 30.299269][ T3534] U) failed (rc=-5) [ 30.321408][ T3536] Buffer I/O error on dev loop9, logical block 0, async page read [ 30.342724][ T3536] Buffer I/O error on dev loop9, logical block 0, async page read [ 30.345307][ T3545] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 30.381120][ T3536] Buffer I/O error on dev loop9, logical block 0, async page read [ 30.406034][ T3550] loop0: detected capacity change from 0 to 1024 [ 30.413267][ T3536] Buffer I/O error on dev loop9, logical block 0, async page read [ 30.433420][ T3536] Buffer I/O error on dev loop9, logical block 0, async page read [ 30.441503][ T3536] Buffer I/O error on dev loop9, logical block 0, async page read [ 30.449572][ T3307] FAT-fs (loop2): error, invalid access to FAT (entry 0x05000006) [ 30.449966][ T3550] EXT4-fs: Ignoring removed orlov option [ 30.457522][ T3307] FAT-fs (loop2): Filesystem has been set read-only [ 30.496362][ T3536] Buffer I/O error on dev loop9, logical block 0, async page read [ 30.504914][ T3536] Buffer I/O error on dev loop9, logical block 0, async page read [ 30.537931][ T3550] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 30.563677][ T3553] loop4: detected capacity change from 0 to 512 [ 30.573229][ T3553] ext4: Unknown parameter 'V' [ 30.647713][ T3562] syz.0.24 uses obsolete (PF_INET,SOCK_PACKET) [ 30.656975][ T3559] loop3: detected capacity change from 0 to 2048 [ 30.683616][ T3559] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 30.720415][ T3414] IPVS: starting estimator thread 0... [ 30.728559][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.734955][ T3567] xt_hashlimit: max too large, truncated to 1048576 [ 30.758222][ T3559] process 'syz.3.29' launched './file1' with NULL argv: empty string added [ 30.778056][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.788086][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.811974][ T3568] IPVS: using max 3024 ests per chain, 151200 per kthread [ 30.819397][ T3574] loop1: detected capacity change from 0 to 2048 [ 30.843534][ T3574] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 30.895952][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.927721][ T3584] loop4: detected capacity change from 0 to 1764 [ 30.947512][ T3584] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 30.958832][ T3584] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 30.966885][ T3579] SELinux: Context is not valid (left unmapped). [ 31.060860][ T3584] netlink: 4 bytes leftover after parsing attributes in process `syz.4.37'. [ 31.077828][ T3584] netlink: 32 bytes leftover after parsing attributes in process `syz.4.37'. [ 31.153831][ T3609] netlink: 'syz.4.45': attribute type 4 has an invalid length. [ 31.265101][ T3613] loop4: detected capacity change from 0 to 2048 [ 31.313994][ T3613] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 31.385117][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.417634][ T3628] loop3: detected capacity change from 0 to 512 [ 31.433860][ T3627] netlink: 332 bytes leftover after parsing attributes in process `syz.0.50'. [ 31.450485][ T3628] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 31.463211][ T3628] ext4 filesystem being mounted at /10/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 31.477121][ T3632] loop4: detected capacity change from 0 to 1024 [ 31.485449][ T3632] EXT4-fs: Ignoring removed orlov option [ 31.559199][ T3632] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 31.658958][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.693378][ T3649] netlink: 'syz.4.55': attribute type 1 has an invalid length. [ 31.721544][ T3651] netlink: 'syz.4.56': attribute type 4 has an invalid length. [ 31.804146][ T3654] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 31.871382][ T3657] loop4: detected capacity change from 0 to 2048 [ 31.883647][ T3657] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.014802][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.066932][ T3673] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 32.073557][ T3673] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 32.081139][ T3673] vhci_hcd vhci_hcd.0: Device attached [ 32.089312][ T3674] vhci_hcd: connection closed [ 32.089956][ T3428] vhci_hcd: stop threads [ 32.099137][ T3428] vhci_hcd: release socket [ 32.103683][ T3428] vhci_hcd: disconnect device [ 32.112303][ T3677] loop4: detected capacity change from 0 to 512 [ 32.125246][ T3677] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.64: bg 0: block 248: padding at end of block bitmap is not set [ 32.139804][ T3677] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.64: Failed to acquire dquot type 1 [ 32.151602][ T3677] EXT4-fs (loop4): 1 truncate cleaned up [ 32.157699][ T3677] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.170730][ T3677] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 32.193689][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.204270][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.240161][ T3686] loop4: detected capacity change from 0 to 256 [ 32.248188][ T3686] msdos: Unknown parameter 'xn]' [ 32.277702][ T3686] Cannot find add_set index 0 as target [ 32.338275][ T3695] loop4: detected capacity change from 0 to 2048 [ 32.354878][ T3695] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.367185][ T3697] loop3: detected capacity change from 0 to 2048 [ 32.391133][ T3701] FAULT_INJECTION: forcing a failure. [ 32.391133][ T3701] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 32.404301][ T3701] CPU: 0 UID: 0 PID: 3701 Comm: syz.1.73 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 32.404405][ T3701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 32.404415][ T3701] Call Trace: [ 32.404421][ T3701] [ 32.404428][ T3701] __dump_stack+0x1d/0x30 [ 32.404449][ T3701] dump_stack_lvl+0xe8/0x140 [ 32.404469][ T3701] dump_stack+0x15/0x1b [ 32.404521][ T3701] should_fail_ex+0x265/0x280 [ 32.404550][ T3701] should_fail+0xb/0x20 [ 32.404575][ T3701] should_fail_usercopy+0x1a/0x20 [ 32.404607][ T3701] strncpy_from_user+0x25/0x230 [ 32.404639][ T3701] ? kmem_cache_alloc_noprof+0x186/0x310 [ 32.404661][ T3701] ? getname_flags+0x80/0x3b0 [ 32.404746][ T3701] getname_flags+0xae/0x3b0 [ 32.404767][ T3701] do_sys_openat2+0x60/0x110 [ 32.404793][ T3701] __x64_sys_openat+0xf2/0x120 [ 32.404856][ T3701] x64_sys_call+0x1af/0x2fb0 [ 32.404923][ T3701] do_syscall_64+0xd2/0x200 [ 32.404940][ T3701] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 32.404962][ T3701] ? clear_bhb_loop+0x40/0x90 [ 32.404979][ T3701] ? clear_bhb_loop+0x40/0x90 [ 32.404998][ T3701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 32.405026][ T3701] RIP: 0033:0x7fed6b37d290 [ 32.405042][ T3701] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 32.405060][ T3701] RSP: 002b:00007fed699def70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 32.405078][ T3701] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fed6b37d290 [ 32.405203][ T3701] RDX: 0000000000000000 RSI: 00007fed6b400db9 RDI: 00000000ffffff9c [ 32.405215][ T3701] RBP: 00007fed6b400db9 R08: 0000000000000000 R09: 0000000000000000 [ 32.405236][ T3701] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 32.405310][ T3701] R13: 0000000000000001 R14: 00007fed6b5a5fa0 R15: 00007ffe903d07b8 [ 32.405325][ T3701] [ 32.635968][ T3697] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.659948][ T41] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 32.879002][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.894923][ T41] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 32.919383][ T3702] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 32.941597][ T3702] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 32.954201][ T3702] EXT4-fs (loop4): This should not happen!! Data will be lost [ 32.954201][ T3702] [ 32.963915][ T3702] EXT4-fs (loop4): Total free blocks count 0 [ 32.969894][ T3702] EXT4-fs (loop4): Free/Dirty block details [ 32.975834][ T3702] EXT4-fs (loop4): free_blocks=2415919104 [ 32.981603][ T3702] EXT4-fs (loop4): dirty_blocks=8208 [ 32.986923][ T3702] EXT4-fs (loop4): Block reservation details [ 32.993088][ T3702] EXT4-fs (loop4): i_reserved_data_blocks=513 [ 33.015061][ T41] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.051854][ T3733] loop1: detected capacity change from 0 to 1024 [ 33.060896][ T378] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 33.078229][ T3708] chnl_net:caif_netlink_parms(): no params data found [ 33.082464][ T3733] EXT4-fs: Ignoring removed orlov option [ 33.109544][ T41] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.135634][ T3733] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.266057][ T3724] netlink: 260 bytes leftover after parsing attributes in process `syz.0.79'. [ 33.275036][ T3724] netlink: 260 bytes leftover after parsing attributes in process `syz.0.79'. [ 33.396239][ T3746] loop3: detected capacity change from 0 to 1024 [ 33.437380][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.449890][ T3708] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.457027][ T3708] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.474273][ T3746] EXT4-fs: Ignoring removed orlov option [ 33.526481][ T3746] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.539121][ T3708] bridge_slave_0: entered allmulticast mode [ 33.545625][ T3708] bridge_slave_0: entered promiscuous mode [ 33.552616][ T3708] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.559801][ T3708] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.566999][ T3708] bridge_slave_1: entered allmulticast mode [ 33.585434][ T3708] bridge_slave_1: entered promiscuous mode [ 33.606485][ T41] bridge_slave_1: left allmulticast mode [ 33.612360][ T41] bridge_slave_1: left promiscuous mode [ 33.618072][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.633773][ T41] bridge_slave_0: left allmulticast mode [ 33.639472][ T41] bridge_slave_0: left promiscuous mode [ 33.645340][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.672466][ T29] kauditd_printk_skb: 320 callbacks suppressed [ 33.672479][ T29] audit: type=1400 audit(1752777023.714:407): avc: denied { add_name } for pid=3748 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 33.701840][ T29] audit: type=1400 audit(1752777023.714:408): avc: denied { create } for pid=3748 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.770376][ T29] audit: type=1400 audit(1752777023.714:409): avc: denied { write } for pid=3748 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth1.link" dev="tmpfs" ino=1177 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.796536][ T29] audit: type=1400 audit(1752777023.714:410): avc: denied { append } for pid=3748 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" dev="tmpfs" ino=1177 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.820831][ T29] audit: type=1400 audit(1752777023.774:411): avc: denied { tracepoint } for pid=3765 comm="syz.4.86" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 33.840468][ T29] audit: type=1400 audit(1752777023.784:412): avc: denied { remove_name } for pid=3767 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=1177 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 33.847776][ T3773] capability: warning: `syz.0.87' uses deprecated v2 capabilities in a way that may be insecure [ 33.864014][ T29] audit: type=1400 audit(1752777023.784:413): avc: denied { unlink } for pid=3767 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=1177 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.897753][ T29] audit: type=1400 audit(1752777023.884:414): avc: denied { create } for pid=3772 comm="syz.0.87" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 33.917265][ T29] audit: type=1400 audit(1752777023.884:415): avc: denied { bind } for pid=3772 comm="syz.0.87" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 33.936412][ T29] audit: type=1400 audit(1752777023.884:416): avc: denied { listen } for pid=3772 comm="syz.0.87" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 33.977834][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.988238][ T3776] loop1: detected capacity change from 0 to 1024 [ 33.995774][ T3776] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 34.014295][ T3776] EXT4-fs (loop1): can't mount with commit=, fs mounted w/o journal [ 34.022474][ T3779] loop3: detected capacity change from 0 to 1024 [ 34.055555][ T41] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 34.056490][ T3782] FAULT_INJECTION: forcing a failure. [ 34.056490][ T3782] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 34.077176][ T3782] CPU: 1 UID: 0 PID: 3782 Comm: syz.3.91 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 34.077230][ T3782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 34.077242][ T3782] Call Trace: [ 34.077249][ T3782] [ 34.077286][ T3782] __dump_stack+0x1d/0x30 [ 34.077304][ T3782] dump_stack_lvl+0xe8/0x140 [ 34.077323][ T3782] dump_stack+0x15/0x1b [ 34.077339][ T3782] should_fail_ex+0x265/0x280 [ 34.077367][ T3782] should_fail+0xb/0x20 [ 34.077388][ T3782] should_fail_usercopy+0x1a/0x20 [ 34.077454][ T3782] strncpy_from_user+0x25/0x230 [ 34.077477][ T3782] __se_sys_memfd_create+0x1ff/0x590 [ 34.077555][ T3782] __x64_sys_memfd_create+0x31/0x40 [ 34.077615][ T3782] x64_sys_call+0x122f/0x2fb0 [ 34.077633][ T3782] do_syscall_64+0xd2/0x200 [ 34.077647][ T3782] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 34.077671][ T3782] ? clear_bhb_loop+0x40/0x90 [ 34.077703][ T3782] ? clear_bhb_loop+0x40/0x90 [ 34.077797][ T3782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 34.077827][ T3782] RIP: 0033:0x7f896b02e929 [ 34.077843][ T3782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 34.077861][ T3782] RSP: 002b:00007f8969696e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 34.077878][ T3782] RAX: ffffffffffffffda RBX: 0000000000000554 RCX: 00007f896b02e929 [ 34.077889][ T3782] RDX: 00007f8969696ef0 RSI: 0000000000000000 RDI: 00007f896b0b1634 [ 34.077902][ T3782] RBP: 0000200000001540 R08: 00007f8969696bb7 R09: 00007f8969696e40 [ 34.077914][ T3782] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000040 [ 34.077948][ T3782] R13: 00007f8969696ef0 R14: 00007f8969696eb0 R15: 00002000000004c0 [ 34.077967][ T3782] [ 34.261256][ T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 34.266655][ T3784] loop1: detected capacity change from 0 to 512 [ 34.276947][ T41] bond0 (unregistering): Released all slaves [ 34.277579][ T3784] EXT4-fs (loop1): fragment/cluster size (2048) != block size (1024) [ 34.318864][ T3708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.338321][ T41] hsr_slave_0: left promiscuous mode [ 34.344475][ T41] hsr_slave_1: left promiscuous mode [ 34.355384][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 34.362960][ T41] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 34.374076][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 34.381535][ T41] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 34.404799][ T41] veth1_macvtap: left promiscuous mode [ 34.410660][ T41] veth0_macvtap: left promiscuous mode [ 34.416307][ T41] veth1_vlan: left promiscuous mode [ 34.424679][ T41] veth0_vlan: left promiscuous mode [ 34.428087][ T3793] loop4: detected capacity change from 0 to 2048 [ 34.454920][ T3793] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 34.536795][ T41] team0 (unregistering): Port device team_slave_1 removed [ 34.554480][ T41] team0 (unregistering): Port device team_slave_0 removed [ 34.637378][ T3708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.651064][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.698826][ T3708] team0: Port device team_slave_0 added [ 34.711810][ T3708] team0: Port device team_slave_1 added [ 34.726895][ T3806] netlink: 16 bytes leftover after parsing attributes in process `syz.0.99'. [ 34.748114][ T3810] netlink: 332 bytes leftover after parsing attributes in process `syz.3.100'. [ 34.766110][ T3812] netlink: 8 bytes leftover after parsing attributes in process `syz.4.101'. [ 34.800979][ T3815] netlink: 260 bytes leftover after parsing attributes in process `syz.1.97'. [ 34.810154][ T3815] netlink: 260 bytes leftover after parsing attributes in process `syz.1.97'. [ 34.831579][ T23] IPVS: starting estimator thread 0... [ 34.862801][ T3806] xt_hashlimit: max too large, truncated to 1048576 [ 34.870768][ T3708] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.877814][ T3708] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.904061][ T3708] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.927648][ T3818] xt_hashlimit: max too large, truncated to 1048576 [ 34.971065][ T3816] IPVS: using max 2736 ests per chain, 136800 per kthread [ 35.005772][ T3819] loop3: detected capacity change from 0 to 2048 [ 35.057159][ T3819] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.070244][ T3708] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.077294][ T3708] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.103382][ T3708] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.192202][ T3708] hsr_slave_0: entered promiscuous mode [ 35.198391][ T3708] hsr_slave_1: entered promiscuous mode [ 35.204587][ T3708] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 35.212160][ T3708] Cannot create hsr debugfs directory [ 35.227704][ T3839] loop4: detected capacity change from 0 to 512 [ 35.295961][ T3839] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.104: bg 0: block 248: padding at end of block bitmap is not set [ 35.356336][ T3839] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.104: Failed to acquire dquot type 1 [ 35.415686][ T3836] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 35.426379][ T3839] EXT4-fs (loop4): 1 truncate cleaned up [ 35.439099][ T3836] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 35.451670][ T3836] EXT4-fs (loop3): This should not happen!! Data will be lost [ 35.451670][ T3836] [ 35.461405][ T3836] EXT4-fs (loop3): Total free blocks count 0 [ 35.467457][ T3836] EXT4-fs (loop3): Free/Dirty block details [ 35.473500][ T3836] EXT4-fs (loop3): free_blocks=2415919104 [ 35.479216][ T3836] EXT4-fs (loop3): dirty_blocks=8208 [ 35.484541][ T3836] EXT4-fs (loop3): Block reservation details [ 35.490599][ T3836] EXT4-fs (loop3): i_reserved_data_blocks=513 [ 35.503676][ T3839] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.524523][ T3859] FAULT_INJECTION: forcing a failure. [ 35.524523][ T3859] name failslab, interval 1, probability 0, space 0, times 1 [ 35.537204][ T3859] CPU: 0 UID: 0 PID: 3859 Comm: syz.1.106 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 35.537228][ T3859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 35.537238][ T3859] Call Trace: [ 35.537244][ T3859] [ 35.537250][ T3859] __dump_stack+0x1d/0x30 [ 35.537269][ T3859] dump_stack_lvl+0xe8/0x140 [ 35.537348][ T3859] dump_stack+0x15/0x1b [ 35.537361][ T3859] should_fail_ex+0x265/0x280 [ 35.537386][ T3859] should_failslab+0x8c/0xb0 [ 35.537403][ T3859] kmem_cache_alloc_noprof+0x50/0x310 [ 35.537421][ T3859] ? __mpol_dup+0x42/0x1b0 [ 35.537443][ T3859] __mpol_dup+0x42/0x1b0 [ 35.537464][ T3859] mbind_range+0x1e8/0x440 [ 35.537489][ T3859] ? mas_find+0x4ea/0x610 [ 35.537518][ T3859] __se_sys_mbind+0x648/0xac0 [ 35.537546][ T3859] __x64_sys_mbind+0x78/0x90 [ 35.537569][ T3859] x64_sys_call+0x14af/0x2fb0 [ 35.537589][ T3859] do_syscall_64+0xd2/0x200 [ 35.537605][ T3859] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 35.537629][ T3859] ? clear_bhb_loop+0x40/0x90 [ 35.537648][ T3859] ? clear_bhb_loop+0x40/0x90 [ 35.537667][ T3859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 35.537687][ T3859] RIP: 0033:0x7fed6b37e929 [ 35.537702][ T3859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 35.537718][ T3859] RSP: 002b:00007fed699df038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 35.537736][ T3859] RAX: ffffffffffffffda RBX: 00007fed6b5a5fa0 RCX: 00007fed6b37e929 [ 35.537747][ T3859] RDX: 0000000000000004 RSI: 0000000000800000 RDI: 0000200000001000 [ 35.537758][ T3859] RBP: 00007fed699df090 R08: 0000000000000000 R09: 0000000000000000 [ 35.537770][ T3859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 35.537781][ T3859] R13: 0000000000000000 R14: 00007fed6b5a5fa0 R15: 00007ffe903d07b8 [ 35.537797][ T3859] [ 35.540001][ T3839] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 35.689683][ T3870] loop0: detected capacity change from 0 to 2048 [ 35.748334][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.764337][ T378] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 35.785034][ T3870] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.853036][ T3876] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 35.857687][ T3708] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 35.859628][ T3876] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 35.873820][ T3876] vhci_hcd vhci_hcd.0: Device attached [ 35.883746][ T3708] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 35.895943][ T3708] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 35.913402][ T3708] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 35.949718][ T3877] vhci_hcd: connection closed [ 35.949904][ T378] vhci_hcd: stop threads [ 35.959013][ T378] vhci_hcd: release socket [ 35.963468][ T378] vhci_hcd: disconnect device [ 36.044997][ T3708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.068189][ T3906] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 36.074781][ T3906] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 36.082445][ T3906] vhci_hcd vhci_hcd.0: Device attached [ 36.095244][ T3708] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.107288][ T3428] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.114499][ T3428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.134580][ T3910] vhci_hcd: connection closed [ 36.134879][ T3447] vhci_hcd: stop threads [ 36.135448][ T3708] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 36.139559][ T3447] vhci_hcd: release socket [ 36.139568][ T3447] vhci_hcd: disconnect device [ 36.140034][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.143851][ T3708] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 36.190198][ T3428] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.197912][ T3428] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.300018][ T3708] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.343623][ T3934] netlink: 'syz.4.118': attribute type 4 has an invalid length. [ 36.513427][ T3954] loop4: detected capacity change from 0 to 512 [ 36.550590][ T3954] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.119: bg 0: block 248: padding at end of block bitmap is not set [ 36.569422][ T3708] veth0_vlan: entered promiscuous mode [ 36.589641][ T3954] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.119: Failed to acquire dquot type 1 [ 36.603411][ T3708] veth1_vlan: entered promiscuous mode [ 36.617346][ T3708] veth0_macvtap: entered promiscuous mode [ 36.624766][ T3954] EXT4-fs (loop4): 1 truncate cleaned up [ 36.631046][ T3954] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.650304][ T3708] veth1_macvtap: entered promiscuous mode [ 36.657759][ T3954] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 36.693402][ T3708] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.715850][ T3708] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.730645][ T3708] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.739671][ T3708] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.748472][ T3708] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.757489][ T3708] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.759331][ T3991] loop3: detected capacity change from 0 to 2048 [ 36.779090][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.801342][ T3996] netlink: 332 bytes leftover after parsing attributes in process `syz.4.127'. [ 36.844097][ T3991] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.004565][ T4023] loop4: detected capacity change from 0 to 1764 [ 37.023325][ T4031] netlink: 'syz.1.132': attribute type 1 has an invalid length. [ 37.112113][ T4036] netlink: 4 bytes leftover after parsing attributes in process `syz.1.134'. [ 37.117185][ T4023] netlink: 4 bytes leftover after parsing attributes in process `syz.4.130'. [ 37.168369][ T4049] netlink: 32 bytes leftover after parsing attributes in process `syz.4.130'. [ 37.257251][ T4055] loop5: detected capacity change from 0 to 512 [ 37.267871][ T4013] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 37.284813][ T4013] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 37.297475][ T4013] EXT4-fs (loop3): This should not happen!! Data will be lost [ 37.297475][ T4013] [ 37.307169][ T4013] EXT4-fs (loop3): Total free blocks count 0 [ 37.313205][ T4013] EXT4-fs (loop3): Free/Dirty block details [ 37.319189][ T4013] EXT4-fs (loop3): free_blocks=2415919104 [ 37.324998][ T4013] EXT4-fs (loop3): dirty_blocks=8208 [ 37.330507][ T4013] EXT4-fs (loop3): Block reservation details [ 37.336714][ T4013] EXT4-fs (loop3): i_reserved_data_blocks=513 [ 37.347116][ T4055] EXT4-fs error (device loop5): ext4_orphan_get:1393: inode #15: comm syz.5.135: casefold flag without casefold feature [ 37.360111][ T4055] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.135: couldn't read orphan inode 15 (err -117) [ 37.379112][ T4055] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.417245][ T4055] netlink: 8 bytes leftover after parsing attributes in process `syz.5.135'. [ 37.434920][ T4063] loop4: detected capacity change from 0 to 2048 [ 37.445418][ T3708] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.491200][ T4063] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.508581][ T4072] loop5: detected capacity change from 0 to 1024 [ 37.517706][ T41] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 37.534167][ T4067] FAULT_INJECTION: forcing a failure. [ 37.534167][ T4067] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 37.547300][ T4067] CPU: 1 UID: 0 PID: 4067 Comm: syz.1.140 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 37.547329][ T4067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.547364][ T4067] Call Trace: [ 37.547370][ T4067] [ 37.547376][ T4067] __dump_stack+0x1d/0x30 [ 37.547397][ T4067] dump_stack_lvl+0xe8/0x140 [ 37.547455][ T4067] dump_stack+0x15/0x1b [ 37.547471][ T4067] should_fail_ex+0x265/0x280 [ 37.547551][ T4067] should_fail+0xb/0x20 [ 37.547578][ T4067] should_fail_usercopy+0x1a/0x20 [ 37.547669][ T4067] _copy_from_user+0x1c/0xb0 [ 37.547764][ T4067] memdup_user+0x5e/0xd0 [ 37.547785][ T4067] strndup_user+0x68/0xb0 [ 37.547803][ T4067] __se_sys_mount+0x4d/0x2e0 [ 37.547859][ T4067] ? fput+0x8f/0xc0 [ 37.547882][ T4067] ? ksys_write+0x192/0x1a0 [ 37.547913][ T4067] __x64_sys_mount+0x67/0x80 [ 37.548014][ T4067] x64_sys_call+0xd36/0x2fb0 [ 37.548107][ T4067] do_syscall_64+0xd2/0x200 [ 37.548125][ T4067] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 37.548150][ T4067] ? clear_bhb_loop+0x40/0x90 [ 37.548171][ T4067] ? clear_bhb_loop+0x40/0x90 [ 37.548262][ T4067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 37.548280][ T4067] RIP: 0033:0x7fed6b37e929 [ 37.548316][ T4067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 37.548332][ T4067] RSP: 002b:00007fed699df038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 37.548350][ T4067] RAX: ffffffffffffffda RBX: 00007fed6b5a5fa0 RCX: 00007fed6b37e929 [ 37.548362][ T4067] RDX: 0000200000000100 RSI: 0000200000000500 RDI: 0000000000000000 [ 37.548409][ T4067] RBP: 00007fed699df090 R08: 0000200000000a40 R09: 0000000000000000 [ 37.548420][ T4067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 37.548432][ T4067] R13: 0000000000000000 R14: 00007fed6b5a5fa0 R15: 00007ffe903d07b8 [ 37.548449][ T4067] [ 37.754158][ T4072] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.778254][ T4072] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 37.799753][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.892662][ T3708] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.902644][ T4091] mmap: syz.1.143 (4091) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 37.990797][ T4096] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 37.990797][ T4096] program syz.0.145 not setting count and/or reply_len properly [ 38.007488][ T4097] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 38.007488][ T4097] program syz.0.145 not setting count and/or reply_len properly [ 38.038706][ C1] hrtimer: interrupt took 27355 ns [ 38.088423][ T4082] loop1: detected capacity change from 0 to 512 [ 38.125869][ T4082] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 38.139232][ T4082] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 38.165594][ T4082] EXT4-fs (loop1): 1 truncate cleaned up [ 38.171638][ T4082] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.199509][ T4116] loop4: detected capacity change from 0 to 1764 [ 38.232497][ T4082] EXT4-fs warning (device loop1): ext4_group_add:1736: No reserved GDT blocks, can't resize [ 38.292761][ T4082] Zero length message leads to an empty skb [ 38.351258][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.450421][ T4140] netlink: 'syz.1.159': attribute type 1 has an invalid length. [ 38.460459][ T4145] FAULT_INJECTION: forcing a failure. [ 38.460459][ T4145] name failslab, interval 1, probability 0, space 0, times 0 [ 38.473188][ T4145] CPU: 0 UID: 0 PID: 4145 Comm: syz.0.154 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 38.473212][ T4145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 38.473300][ T4145] Call Trace: [ 38.473307][ T4145] [ 38.473313][ T4145] __dump_stack+0x1d/0x30 [ 38.473331][ T4145] dump_stack_lvl+0xe8/0x140 [ 38.473357][ T4145] dump_stack+0x15/0x1b [ 38.473372][ T4145] should_fail_ex+0x265/0x280 [ 38.473479][ T4145] should_failslab+0x8c/0xb0 [ 38.473551][ T4145] __kmalloc_noprof+0xa5/0x3e0 [ 38.473571][ T4145] ? parse_usbdevfs_streams+0x11c/0x610 [ 38.473591][ T4145] parse_usbdevfs_streams+0x11c/0x610 [ 38.473610][ T4145] ? ioctl_has_perm+0x257/0x2a0 [ 38.473659][ T4145] proc_alloc_streams+0x6b/0x110 [ 38.473739][ T4145] usbdev_ioctl+0xc74/0x1710 [ 38.473766][ T4145] ? __pfx_usbdev_ioctl+0x10/0x10 [ 38.473816][ T4145] __se_sys_ioctl+0xcb/0x140 [ 38.473839][ T4145] __x64_sys_ioctl+0x43/0x50 [ 38.473907][ T4145] x64_sys_call+0x19a8/0x2fb0 [ 38.473930][ T4145] do_syscall_64+0xd2/0x200 [ 38.473946][ T4145] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 38.473972][ T4145] ? clear_bhb_loop+0x40/0x90 [ 38.473991][ T4145] ? clear_bhb_loop+0x40/0x90 [ 38.474011][ T4145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 38.474104][ T4145] RIP: 0033:0x7fcacd44e929 [ 38.474119][ T4145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 38.474136][ T4145] RSP: 002b:00007fcacbab7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 38.474151][ T4145] RAX: ffffffffffffffda RBX: 00007fcacd675fa0 RCX: 00007fcacd44e929 [ 38.474161][ T4145] RDX: 0000200000000180 RSI: 000000008008551c RDI: 0000000000000003 [ 38.474171][ T4145] RBP: 00007fcacbab7090 R08: 0000000000000000 R09: 0000000000000000 [ 38.474246][ T4145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 38.474257][ T4145] R13: 0000000000000000 R14: 00007fcacd675fa0 R15: 00007ffe6530d058 [ 38.474272][ T4145] [ 38.693077][ T29] kauditd_printk_skb: 266 callbacks suppressed [ 38.693097][ T29] audit: type=1326 audit(1752777028.734:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4149 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b232e929 code=0x7ffc0000 [ 38.722921][ T29] audit: type=1326 audit(1752777028.734:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4149 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b232e929 code=0x7ffc0000 [ 38.746188][ T29] audit: type=1326 audit(1752777028.734:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4149 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f07b232e929 code=0x7ffc0000 [ 38.769720][ T29] audit: type=1326 audit(1752777028.734:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4149 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f07b232e963 code=0x7ffc0000 [ 38.793044][ T29] audit: type=1326 audit(1752777028.734:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4149 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f07b232e963 code=0x7ffc0000 [ 38.816297][ T29] audit: type=1326 audit(1752777028.734:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4149 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b232e929 code=0x7ffc0000 [ 38.817723][ T4155] loop4: detected capacity change from 0 to 512 [ 38.839554][ T29] audit: type=1326 audit(1752777028.734:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4149 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b232e929 code=0x7ffc0000 [ 38.873094][ T29] audit: type=1326 audit(1752777028.774:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4149 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b232e929 code=0x7ffc0000 [ 38.896565][ T29] audit: type=1326 audit(1752777028.774:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4149 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b232e929 code=0x7ffc0000 [ 38.920165][ T29] audit: type=1326 audit(1752777028.774:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4149 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b232e929 code=0x7ffc0000 [ 38.975020][ T4155] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.163: bg 0: block 248: padding at end of block bitmap is not set [ 39.003302][ T4155] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.163: Failed to acquire dquot type 1 [ 39.020828][ T4155] EXT4-fs (loop4): 1 truncate cleaned up [ 39.028495][ T4155] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.041355][ T4155] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.113378][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.141490][ T4176] loop3: detected capacity change from 0 to 1024 [ 39.150691][ T4176] EXT4-fs: Ignoring removed orlov option [ 39.176102][ T4180] FAULT_INJECTION: forcing a failure. [ 39.176102][ T4180] name failslab, interval 1, probability 0, space 0, times 0 [ 39.188802][ T4180] CPU: 1 UID: 0 PID: 4180 Comm: syz.4.170 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 39.188829][ T4180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.188839][ T4180] Call Trace: [ 39.188845][ T4180] [ 39.188907][ T4180] __dump_stack+0x1d/0x30 [ 39.188929][ T4180] dump_stack_lvl+0xe8/0x140 [ 39.189008][ T4180] dump_stack+0x15/0x1b [ 39.189025][ T4180] should_fail_ex+0x265/0x280 [ 39.189057][ T4180] should_failslab+0x8c/0xb0 [ 39.189076][ T4180] kmem_cache_alloc_node_noprof+0x57/0x320 [ 39.189119][ T4180] ? __alloc_skb+0x101/0x320 [ 39.189218][ T4180] __alloc_skb+0x101/0x320 [ 39.189242][ T4180] netlink_alloc_large_skb+0xba/0xf0 [ 39.189350][ T4180] netlink_sendmsg+0x3cf/0x6b0 [ 39.189368][ T4180] ? __pfx_netlink_sendmsg+0x10/0x10 [ 39.189384][ T4180] __sock_sendmsg+0x145/0x180 [ 39.189406][ T4180] ____sys_sendmsg+0x31e/0x4e0 [ 39.189482][ T4180] ___sys_sendmsg+0x17b/0x1d0 [ 39.189523][ T4180] __x64_sys_sendmsg+0xd4/0x160 [ 39.189662][ T4180] x64_sys_call+0x2999/0x2fb0 [ 39.189684][ T4180] do_syscall_64+0xd2/0x200 [ 39.189701][ T4180] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 39.189823][ T4180] ? clear_bhb_loop+0x40/0x90 [ 39.189840][ T4180] ? clear_bhb_loop+0x40/0x90 [ 39.189857][ T4180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 39.189901][ T4180] RIP: 0033:0x7f07b232e929 [ 39.189914][ T4180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 39.189948][ T4180] RSP: 002b:00007f07b0997038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 39.189967][ T4180] RAX: ffffffffffffffda RBX: 00007f07b2555fa0 RCX: 00007f07b232e929 [ 39.190056][ T4180] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 39.190066][ T4180] RBP: 00007f07b0997090 R08: 0000000000000000 R09: 0000000000000000 [ 39.190078][ T4180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 39.190090][ T4180] R13: 0000000000000000 R14: 00007f07b2555fa0 R15: 00007ffe020f9a48 [ 39.190105][ T4180] [ 39.437867][ T4182] loop0: detected capacity change from 0 to 1024 [ 39.447546][ T4176] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.463446][ T4187] loop4: detected capacity change from 0 to 512 [ 39.466754][ T4182] EXT4-fs: Ignoring removed nobh option [ 39.472286][ T4187] EXT4-fs: Ignoring removed nomblk_io_submit option [ 39.475556][ T4182] EXT4-fs: Ignoring removed bh option [ 39.516569][ T4187] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.531689][ T4182] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.533237][ T4187] ext4 filesystem being mounted at /49/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 39.556632][ T4182] FAULT_INJECTION: forcing a failure. [ 39.556632][ T4182] name failslab, interval 1, probability 0, space 0, times 0 [ 39.569341][ T4182] CPU: 1 UID: 0 PID: 4182 Comm: syz.0.173 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 39.569368][ T4182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.569446][ T4182] Call Trace: [ 39.569477][ T4182] [ 39.569484][ T4182] __dump_stack+0x1d/0x30 [ 39.569534][ T4182] dump_stack_lvl+0xe8/0x140 [ 39.569553][ T4182] dump_stack+0x15/0x1b [ 39.569570][ T4182] should_fail_ex+0x265/0x280 [ 39.569650][ T4182] should_failslab+0x8c/0xb0 [ 39.569672][ T4182] __kmalloc_noprof+0xa5/0x3e0 [ 39.569737][ T4182] ? ext4_find_extent+0x16b/0x7a0 [ 39.569766][ T4182] ext4_find_extent+0x16b/0x7a0 [ 39.569839][ T4182] ? __rcu_read_unlock+0x4f/0x70 [ 39.569867][ T4182] ext4_ext_map_blocks+0x11f/0x38a0 [ 39.569924][ T4182] ? update_load_avg+0x1da/0x820 [ 39.569950][ T4182] ? __list_add_valid_or_report+0x38/0xe0 [ 39.569973][ T4182] ? _raw_spin_unlock+0x26/0x50 [ 39.569996][ T4182] ? finish_task_switch+0xad/0x2b0 [ 39.570034][ T4182] ? __schedule+0x6a8/0xb30 [ 39.570055][ T4182] ? schedule+0x5f/0xd0 [ 39.570079][ T4182] ? find_get_block_common+0x736/0x960 [ 39.570108][ T4182] ? folio_mark_accessed+0x240/0x3d0 [ 39.570194][ T4182] ext4_map_query_blocks+0xa8/0x480 [ 39.570228][ T4182] ext4_map_blocks+0x3a1/0xd70 [ 39.570276][ T4182] ? __ext4_journal_start_sb+0x131/0x300 [ 39.570309][ T4182] ext4_iomap_begin+0x93a/0xe00 [ 39.570334][ T4182] ? __pfx_ext4_iomap_begin+0x10/0x10 [ 39.570420][ T4182] iomap_iter+0x338/0x730 [ 39.570442][ T4182] ? should_failslab+0x8c/0xb0 [ 39.570465][ T4182] __iomap_dio_rw+0x708/0x1250 [ 39.570568][ T4182] ? ext4_xattr_security_get+0x32/0x40 [ 39.570594][ T4182] ? __pfx_ext4_xattr_security_get+0x10/0x10 [ 39.570629][ T4182] ? ext4_journal_check_start+0x11a/0x1b0 [ 39.570703][ T4182] iomap_dio_rw+0x40/0x90 [ 39.570790][ T4182] ext4_file_write_iter+0xad9/0xf00 [ 39.570818][ T4182] do_iter_readv_writev+0x41e/0x4c0 [ 39.570854][ T4182] vfs_writev+0x2df/0x8b0 [ 39.570958][ T4182] __se_sys_pwritev2+0xfc/0x1c0 [ 39.570979][ T4182] __x64_sys_pwritev2+0x67/0x80 [ 39.570999][ T4182] x64_sys_call+0x1cea/0x2fb0 [ 39.571021][ T4182] do_syscall_64+0xd2/0x200 [ 39.571036][ T4182] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 39.571093][ T4182] ? clear_bhb_loop+0x40/0x90 [ 39.571113][ T4182] ? clear_bhb_loop+0x40/0x90 [ 39.571158][ T4182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 39.571178][ T4182] RIP: 0033:0x7fcacd44e929 [ 39.571193][ T4182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 39.571211][ T4182] RSP: 002b:00007fcacbab7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 39.571230][ T4182] RAX: ffffffffffffffda RBX: 00007fcacd675fa0 RCX: 00007fcacd44e929 [ 39.571241][ T4182] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000004 [ 39.571253][ T4182] RBP: 00007fcacbab7090 R08: 0000000000000000 R09: 0000000000000003 [ 39.571295][ T4182] R10: 0000000000007c00 R11: 0000000000000246 R12: 0000000000000001 [ 39.571307][ T4182] R13: 0000000000000000 R14: 00007fcacd675fa0 R15: 00007ffe6530d058 [ 39.571325][ T4182] [ 39.933055][ T4182] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 39.954622][ T4195] __nla_validate_parse: 10 callbacks suppressed [ 39.954643][ T4195] netlink: 332 bytes leftover after parsing attributes in process `syz.5.176'. [ 39.974893][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.995651][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.037528][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.054162][ T4206] loop0: detected capacity change from 0 to 512 [ 40.064927][ T4200] loop1: detected capacity change from 0 to 2048 [ 40.067395][ T4205] loop5: detected capacity change from 0 to 2048 [ 40.090805][ T4200] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.103928][ T4205] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.106360][ T4206] EXT4-fs (loop0): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 40.277943][ T4206] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 40.384004][ T4224] loop3: detected capacity change from 0 to 512 [ 40.399048][ T3708] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.432075][ T4217] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 40.445681][ T4224] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.184: bg 0: block 248: padding at end of block bitmap is not set [ 40.464239][ T4215] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 40.472410][ T4224] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.184: Failed to acquire dquot type 1 [ 40.482214][ T4217] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 40.495023][ T4215] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 40.517227][ T4215] EXT4-fs (loop1): This should not happen!! Data will be lost [ 40.517227][ T4215] [ 40.523372][ T4224] EXT4-fs (loop3): 1 truncate cleaned up [ 40.526875][ T4215] EXT4-fs (loop1): Total free blocks count 0 [ 40.526888][ T4215] EXT4-fs (loop1): Free/Dirty block details [ 40.526898][ T4215] EXT4-fs (loop1): free_blocks=2415919104 [ 40.526909][ T4215] EXT4-fs (loop1): dirty_blocks=8208 [ 40.533635][ T4224] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.538528][ T4215] EXT4-fs (loop1): Block reservation details [ 40.544488][ T4224] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.550249][ T4215] EXT4-fs (loop1): i_reserved_data_blocks=513 [ 40.610765][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.651428][ T111] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 40.673569][ T4206] netlink: 24 bytes leftover after parsing attributes in process `syz.0.178'. [ 40.698335][ T3304] EXT4-fs (loop0): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 40.703523][ T4236] netlink: 332 bytes leftover after parsing attributes in process `syz.3.186'. [ 40.777196][ T4228] bond_slave_0: entered promiscuous mode [ 40.782913][ T4228] bond_slave_1: entered promiscuous mode [ 40.830797][ T4228] bond_slave_0: left promiscuous mode [ 40.836246][ T4228] bond_slave_1: left promiscuous mode [ 40.854331][ T4248] loop3: detected capacity change from 0 to 512 [ 40.865333][ T4242] netlink: 12 bytes leftover after parsing attributes in process `syz.0.189'. [ 40.895946][ T4248] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.190: bg 0: block 248: padding at end of block bitmap is not set [ 40.913522][ T4248] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.190: Failed to acquire dquot type 1 [ 40.936208][ T4255] netlink: 332 bytes leftover after parsing attributes in process `syz.0.191'. [ 40.968025][ T4248] EXT4-fs (loop3): 1 truncate cleaned up [ 40.979709][ T4248] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.019976][ T4248] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.129472][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.196372][ T3414] IPVS: starting estimator thread 0... [ 41.199741][ T4272] netlink: 332 bytes leftover after parsing attributes in process `syz.5.198'. [ 41.204022][ T4271] xt_hashlimit: max too large, truncated to 1048576 [ 41.285678][ T4273] IPVS: using max 3168 ests per chain, 158400 per kthread [ 41.292242][ T4283] loop5: detected capacity change from 0 to 2048 [ 41.344410][ T4285] xt_hashlimit: max too large, truncated to 1048576 [ 41.353335][ T3363] IPVS: starting estimator thread 0... [ 41.378913][ T4286] loop4: detected capacity change from 0 to 8192 [ 41.405266][ T4283] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.452291][ T4287] IPVS: using max 2784 ests per chain, 139200 per kthread [ 41.586860][ T4303] loop4: detected capacity change from 0 to 512 [ 41.592363][ T4310] netlink: 'syz.1.211': attribute type 1 has an invalid length. [ 41.670345][ T4301] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 41.676474][ T4301] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 41.676501][ T4301] EXT4-fs (loop5): This should not happen!! Data will be lost [ 41.676501][ T4301] [ 41.676513][ T4301] EXT4-fs (loop5): Total free blocks count 0 [ 41.676525][ T4301] EXT4-fs (loop5): Free/Dirty block details [ 41.676536][ T4301] EXT4-fs (loop5): free_blocks=2415919104 [ 41.676576][ T4301] EXT4-fs (loop5): dirty_blocks=8208 [ 41.676587][ T4301] EXT4-fs (loop5): Block reservation details [ 41.676598][ T4301] EXT4-fs (loop5): i_reserved_data_blocks=513 [ 41.686495][ T4319] loop3: detected capacity change from 0 to 1024 [ 41.686976][ T4319] EXT4-fs: Ignoring removed nobh option [ 41.686998][ T4319] EXT4-fs: Ignoring removed bh option [ 41.687839][ T4303] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.208: bg 0: block 248: padding at end of block bitmap is not set [ 41.691174][ T4303] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.208: Failed to acquire dquot type 1 [ 41.693293][ T4303] EXT4-fs (loop4): 1 truncate cleaned up [ 41.693762][ T4303] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.693815][ T4303] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.728855][ T4320] loop0: detected capacity change from 0 to 1764 [ 41.748358][ T4320] siw: device registration error -23 [ 41.856897][ T3428] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 41.865202][ T4319] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.908196][ T4320] netlink: 4 bytes leftover after parsing attributes in process `syz.0.214'. [ 41.934604][ T4313] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.212: Allocating blocks 497-513 which overlap fs metadata [ 41.963900][ T4327] netlink: 260 bytes leftover after parsing attributes in process `syz.1.215'. [ 41.972883][ T4327] netlink: 260 bytes leftover after parsing attributes in process `syz.1.215'. [ 41.986701][ T4329] netlink: 32 bytes leftover after parsing attributes in process `syz.0.214'. [ 42.004262][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.190672][ T4313] EXT4-fs (loop3): pa ffff8881069651c0: logic 256, phys. 369, len 9 [ 42.198744][ T4313] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 42.264975][ T4313] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 42.316658][ T4338] xt_hashlimit: max too large, truncated to 1048576 [ 42.331402][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.361098][ T4342] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 42.367653][ T4342] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 42.375370][ T4342] vhci_hcd vhci_hcd.0: Device attached [ 42.379071][ T4348] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4) [ 42.387386][ T4348] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 42.392902][ T4344] vhci_hcd: connection closed [ 42.394953][ T4348] vhci_hcd vhci_hcd.0: Device attached [ 42.395189][ T111] vhci_hcd: stop threads [ 42.408697][ T4349] vhci_hcd: connection closed [ 42.409425][ T111] vhci_hcd: release socket [ 42.409434][ T111] vhci_hcd: disconnect device [ 42.423744][ T51] vhci_hcd: stop threads [ 42.428138][ T51] vhci_hcd: release socket [ 42.432732][ T51] vhci_hcd: disconnect device [ 42.657165][ T4364] loop5: detected capacity change from 0 to 1764 [ 42.667008][ T4364] siw: device registration error -23 [ 42.858383][ T4377] loop1: detected capacity change from 0 to 512 [ 42.865868][ T4377] EXT4-fs: Ignoring removed mblk_io_submit option [ 42.872508][ T4377] EXT4-fs: Ignoring removed bh option [ 42.879368][ T4377] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 42.891873][ T4377] EXT4-fs (loop1): 1 truncate cleaned up [ 42.899219][ T4377] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.934166][ T4388] netlink: 'syz.4.237': attribute type 1 has an invalid length. [ 42.975571][ T4390] loop4: detected capacity change from 0 to 2048 [ 42.983908][ T4386] loop3: detected capacity change from 0 to 2048 [ 42.999324][ T4386] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.005537][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.036073][ T4390] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.076734][ T4401] loop5: detected capacity change from 0 to 1024 [ 43.098110][ T4400] loop1: detected capacity change from 0 to 2048 [ 43.136887][ T4401] EXT4-fs: Ignoring removed orlov option [ 43.173269][ T4400] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.186403][ T4401] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.306151][ T4403] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 43.404818][ T4403] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 43.417319][ T4403] EXT4-fs (loop4): This should not happen!! Data will be lost [ 43.417319][ T4403] [ 43.427001][ T4403] EXT4-fs (loop4): Total free blocks count 0 [ 43.433181][ T4403] EXT4-fs (loop4): Free/Dirty block details [ 43.439096][ T4403] EXT4-fs (loop4): free_blocks=2415919104 [ 43.444886][ T4403] EXT4-fs (loop4): dirty_blocks=8208 [ 43.450231][ T4403] EXT4-fs (loop4): Block reservation details [ 43.456239][ T4403] EXT4-fs (loop4): i_reserved_data_blocks=513 [ 43.474631][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.511219][ T51] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 43.581084][ T3708] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.622486][ T4421] netlink: 'syz.5.247': attribute type 1 has an invalid length. [ 43.650359][ T4423] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 43.657014][ T4423] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 43.664716][ T4423] vhci_hcd vhci_hcd.0: Device attached [ 43.679598][ T4427] loop5: detected capacity change from 0 to 1764 [ 43.692415][ T4427] siw: device registration error -23 [ 43.698437][ T4425] vhci_hcd: connection closed [ 43.699285][ T51] vhci_hcd: stop threads [ 43.708389][ T51] vhci_hcd: release socket [ 43.712836][ T51] vhci_hcd: disconnect device [ 43.722844][ T29] kauditd_printk_skb: 338 callbacks suppressed [ 43.722859][ T29] audit: type=1326 audit(1752777033.754:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4424 comm="syz.5.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb66ad2e929 code=0x7ffc0000 [ 43.764411][ T29] audit: type=1326 audit(1752777033.754:1018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4424 comm="syz.5.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7fb66ad2e929 code=0x7ffc0000 [ 43.788014][ T29] audit: type=1326 audit(1752777033.764:1019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4424 comm="syz.5.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb66ad2e929 code=0x7ffc0000 [ 43.811412][ T29] audit: type=1326 audit(1752777033.794:1020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4424 comm="syz.5.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb66ad2e929 code=0x7ffc0000 [ 43.845657][ T4413] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 43.860766][ T4413] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 43.873308][ T4413] EXT4-fs (loop1): This should not happen!! Data will be lost [ 43.873308][ T4413] [ 43.883031][ T4413] EXT4-fs (loop1): Total free blocks count 0 [ 43.889033][ T4413] EXT4-fs (loop1): Free/Dirty block details [ 43.895094][ T4413] EXT4-fs (loop1): free_blocks=2415919104 [ 43.900829][ T4413] EXT4-fs (loop1): dirty_blocks=8208 [ 43.906176][ T4413] EXT4-fs (loop1): Block reservation details [ 43.912284][ T4413] EXT4-fs (loop1): i_reserved_data_blocks=513 [ 43.941861][ T51] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 43.962539][ T4433] FAULT_INJECTION: forcing a failure. [ 43.962539][ T4433] name failslab, interval 1, probability 0, space 0, times 0 [ 43.970846][ T29] audit: type=1400 audit(1752777033.994:1021): avc: denied { mount } for pid=4432 comm="+}[@" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 43.975195][ T4433] CPU: 0 UID: 0 PID: 4433 Comm: +}[@ Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 43.975220][ T4433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.975232][ T4433] Call Trace: [ 43.975239][ T4433] [ 43.975246][ T4433] __dump_stack+0x1d/0x30 [ 43.975286][ T4433] dump_stack_lvl+0xe8/0x140 [ 43.975304][ T4433] dump_stack+0x15/0x1b [ 43.975319][ T4433] should_fail_ex+0x265/0x280 [ 43.975346][ T4433] should_failslab+0x8c/0xb0 [ 43.975367][ T4433] kmem_cache_alloc_noprof+0x50/0x310 [ 43.975452][ T4433] ? getname_flags+0x80/0x3b0 [ 43.975501][ T4433] getname_flags+0x80/0x3b0 [ 43.975595][ T4433] user_path_at+0x28/0x130 [ 43.975619][ T4433] __x64_sys_umount+0x85/0xe0 [ 43.975645][ T4433] x64_sys_call+0x2915/0x2fb0 [ 43.975665][ T4433] do_syscall_64+0xd2/0x200 [ 43.975682][ T4433] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 43.975731][ T4433] ? clear_bhb_loop+0x40/0x90 [ 43.975751][ T4433] ? clear_bhb_loop+0x40/0x90 [ 43.975770][ T4433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 43.975790][ T4433] RIP: 0033:0x7fb66ad2e929 [ 43.975804][ T4433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 43.975847][ T4433] RSP: 002b:00007fb669397038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 43.975868][ T4433] RAX: ffffffffffffffda RBX: 00007fb66af55fa0 RCX: 00007fb66ad2e929 [ 43.975879][ T4433] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000200000000580 [ 43.975890][ T4433] RBP: 00007fb669397090 R08: 0000000000000000 R09: 0000000000000000 [ 43.975902][ T4433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 43.975963][ T4433] R13: 0000000000000000 R14: 00007fb66af55fa0 R15: 00007ffca7d85368 [ 43.975980][ T4433] [ 44.071489][ T4438] loop4: detected capacity change from 0 to 2048 [ 44.153469][ T29] audit: type=1400 audit(1752777034.084:1022): avc: denied { unmount } for pid=3708 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 44.164151][ T4441] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 44.211011][ T4441] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 44.218655][ T4441] vhci_hcd vhci_hcd.0: Device attached [ 44.255020][ T4442] vhci_hcd: connection closed [ 44.257127][ T51] vhci_hcd: stop threads [ 44.266249][ T51] vhci_hcd: release socket [ 44.270754][ T51] vhci_hcd: disconnect device [ 44.288925][ T4438] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.321497][ T4457] loop5: detected capacity change from 0 to 2048 [ 44.352682][ T4459] xt_hashlimit: max too large, truncated to 1048576 [ 44.353729][ T4457] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.604367][ T3708] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.865505][ T29] audit: type=1326 audit(1752777034.904:1023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4476 comm="syz.3.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f896b02e929 code=0x7ffc0000 [ 44.913765][ T4478] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 44.951082][ T29] audit: type=1326 audit(1752777034.944:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4476 comm="syz.3.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f896b02e929 code=0x7ffc0000 [ 44.974791][ T29] audit: type=1326 audit(1752777034.944:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4476 comm="syz.3.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f896b02e929 code=0x7ffc0000 [ 44.998251][ T29] audit: type=1326 audit(1752777034.944:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4476 comm="syz.3.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f896b02e929 code=0x7ffc0000 [ 45.004646][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.116128][ T4497] xt_hashlimit: max too large, truncated to 1048576 [ 45.177381][ T4505] netlink: 'syz.0.275': attribute type 1 has an invalid length. [ 45.280321][ T4512] netlink: 'syz.3.278': attribute type 1 has an invalid length. [ 45.294477][ T4514] loop9: detected capacity change from 0 to 7 [ 45.303288][ T4514] buffer_io_error: 2 callbacks suppressed [ 45.303301][ T4514] Buffer I/O error on dev loop9, logical block 0, async page read [ 45.318584][ T4514] Buffer I/O error on dev loop9, logical block 0, async page read [ 45.326638][ T4514] loop9: unable to read partition table [ 45.332335][ T4514] loop_reread_partitions: partition scan of loop9 (被ڬdƤݡ [ 45.332335][ T4514] U) failed (rc=-5) [ 45.335152][ T4321] Buffer I/O error on dev loop9, logical block 0, async page read [ 45.355967][ T4321] Buffer I/O error on dev loop9, logical block 0, async page read [ 45.364148][ T4321] Buffer I/O error on dev loop9, logical block 0, async page read [ 45.372655][ T4321] Buffer I/O error on dev loop9, logical block 0, async page read [ 45.388592][ T4321] Buffer I/O error on dev loop9, logical block 0, async page read [ 45.396912][ T4321] Buffer I/O error on dev loop9, logical block 0, async page read [ 45.406598][ T4321] Buffer I/O error on dev loop9, logical block 0, async page read [ 45.415445][ T4321] Buffer I/O error on dev loop9, logical block 0, async page read [ 45.425240][ T4524] ================================================================== [ 45.433327][ T4524] BUG: KCSAN: data-race in selinux_inode_permission / selinux_inode_permission [ 45.442251][ T4524] [ 45.444565][ T4524] write to 0xffff888119f484a0 of 4 bytes by task 4522 on cpu 0: [ 45.452192][ T4524] selinux_inode_permission+0x31b/0x620 [ 45.457730][ T4524] security_inode_permission+0x6d/0xb0 [ 45.463197][ T4524] inode_permission+0x106/0x310 [ 45.468058][ T4524] link_path_walk+0x162/0x900 [ 45.472736][ T4524] path_openat+0x1de/0x2170 [ 45.477237][ T4524] do_filp_open+0x109/0x230 [ 45.481732][ T4524] do_sys_openat2+0xa6/0x110 [ 45.486321][ T4524] __x64_sys_openat+0xf2/0x120 [ 45.491077][ T4524] x64_sys_call+0x1af/0x2fb0 [ 45.495667][ T4524] do_syscall_64+0xd2/0x200 [ 45.500182][ T4524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 45.506076][ T4524] [ 45.508391][ T4524] write to 0xffff888119f484a0 of 4 bytes by task 4524 on cpu 1: [ 45.516014][ T4524] selinux_inode_permission+0x31b/0x620 [ 45.521898][ T4524] security_inode_permission+0x6d/0xb0 [ 45.527363][ T4524] inode_permission+0x106/0x310 [ 45.532206][ T4524] link_path_walk+0x162/0x900 [ 45.536871][ T4524] path_openat+0x1de/0x2170 [ 45.541365][ T4524] do_filp_open+0x109/0x230 [ 45.545867][ T4524] do_sys_openat2+0xa6/0x110 [ 45.550455][ T4524] __x64_sys_openat+0xf2/0x120 [ 45.555212][ T4524] x64_sys_call+0x1af/0x2fb0 [ 45.559791][ T4524] do_syscall_64+0xd2/0x200 [ 45.564279][ T4524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 45.570190][ T4524] [ 45.572502][ T4524] value changed: 0x00000001 -> 0x00000002 [ 45.578197][ T4524] [ 45.580511][ T4524] Reported by Kernel Concurrency Sanitizer on: [ 45.586645][ T4524] CPU: 1 UID: 0 PID: 4524 Comm: syz.3.282 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 45.598965][ T4524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.609013][ T4524] ================================================================== [ 45.622940][ T4526] FAULT_INJECTION: forcing a failure. [ 45.622940][ T4526] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 45.636024][ T4526] CPU: 0 UID: 0 PID: 4526 Comm: syz.5.283 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 45.636118][ T4526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.636128][ T4526] Call Trace: [ 45.636134][ T4526] [ 45.636140][ T4526] __dump_stack+0x1d/0x30 [ 45.636166][ T4526] dump_stack_lvl+0xe8/0x140 [ 45.636184][ T4526] dump_stack+0x15/0x1b [ 45.636198][ T4526] should_fail_ex+0x265/0x280 [ 45.636222][ T4526] should_fail+0xb/0x20 [ 45.636279][ T4526] should_fail_usercopy+0x1a/0x20 [ 45.636414][ T4526] strncpy_from_user+0x25/0x230 [ 45.636434][ T4526] ? kmem_cache_alloc_noprof+0x186/0x310 [ 45.636455][ T4526] ? getname_flags+0x80/0x3b0 [ 45.636475][ T4526] getname_flags+0xae/0x3b0 [ 45.636496][ T4526] __x64_sys_renameat2+0x5f/0x90 [ 45.636646][ T4526] x64_sys_call+0x2bf6/0x2fb0 [ 45.636667][ T4526] do_syscall_64+0xd2/0x200 [ 45.636683][ T4526] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 45.636704][ T4526] ? clear_bhb_loop+0x40/0x90 [ 45.636721][ T4526] ? clear_bhb_loop+0x40/0x90 [ 45.636755][ T4526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 45.636776][ T4526] RIP: 0033:0x7fb66ad2e929 [ 45.636790][ T4526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 45.636857][ T4526] RSP: 002b:00007fb669397038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 45.636872][ T4526] RAX: ffffffffffffffda RBX: 00007fb66af55fa0 RCX: 00007fb66ad2e929 [ 45.636883][ T4526] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: ffffffffffffffff [ 45.636893][ T4526] RBP: 00007fb669397090 R08: 0000000000000004 R09: 0000000000000000 [ 45.636902][ T4526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 45.636913][ T4526] R13: 0000000000000000 R14: 00007fb66af55fa0 R15: 00007ffca7d85368 [ 45.636998][ T4526]