last executing test programs: 34.783988309s ago: executing program 1 (id=1384): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000280)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 34.705671069s ago: executing program 1 (id=1387): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000f000000050030000000000005002f00a005000008000300", @ANYRES32=r3], 0x2c}}, 0x0) 34.68289161s ago: executing program 1 (id=1388): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffff001}, 0x18) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000004c0), 0x1, 0x553, &(0x7f0000000800)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100), &(0x7f0000000300)=ANY=[], 0x381, 0x0) 34.482029923s ago: executing program 1 (id=1391): syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file0\x00', 0x1a00e04, &(0x7f0000000080)=ANY=[], 0x1, 0x32f, &(0x7f0000000cc0)="$eJzs3M9LI2cYwPEnP4xJxEwOpaWF4kt7aXsYNO25EIpCaaCiplQLhVEnbcg0kUywpJRqT3td9j/Yyx7Eozdhd/8BL7un3cte9uZlYRdWFtlZMj800Ul2jWaj6/cDMu/M8z7j+5AYngnO7P96869KydZLRkOiSSUREZEDkaxEJRDxt1F3nJB2m/L12PNHL5zFpZ/yhcL0nFIz+YVvc0qpzMTdv/9N+dN2R2Uv+/v+s9zTvY/3Pt1/vfBn2VZlW1VrDWWo5dqThrFsmWq1bFd0pWYt07BNVa7aZt2L17x4yaqtrTWVUV0dT6/VTdtWRrWpKmZTNWqqUW8q4w+jXFW6rqvxtIRJhB69ropbc3NGvs/klQteDPr1ynGcHmEnkjdiIpI6FSluDXRdAADgUjrR/8fclv7M/f/n84tLknH7/9bk4/5/+4v7jbFfdjJ+/7+bCOv/v3vsnauj/0+KyIX2/8mQ6k93RFfexlkmn6v/x+UwcfqaNtKxV68/HEv7f7+u/3/bnnQH9P8AAAAAAAAAAAAAAAAAAAAAAFwFB46jOY6jBVv/55vjGd6xYa4Rg9Pl9ddG/Tumgv1hrxODMb+4JEn3xr14RsS6sV5cL3pbPx5MnBRNDt33g681Du48Ui1ZuWdt+Pkb68WYG8mXpCyWmDIlmmRP5jvOzI+F6Snl6cwfkXR7fk40+Sg8Pxean5CvvmzL10WTBytSE0tWW+/rQ+co/78ppX74uXAiP+XOAwAAAADgQ6CrI6HX77reLe7lH11fd34/INJ2fT4Zen0e1z6LD7d2AAAAAACuC7v5T8WwLLPeY5CSt8/pfxDvL30kJJQIyom1VdgxRza7lpzwnxBsWPHGYCrtMQj+kaKSaAsl5bZ/uJ8zB/UPZs1R6SdrQpxRb1Xn+e3B10bd5sjsoF+veJfQJ7fuvOzvzBH/qb3toe93kuGVSmTQBY6804eHEzvnpw8AAACA9ylo+lO2uxsZ9noAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALiOejwGLH5RjxMbdo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAZfEmAAD//5On/7M=") r0 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) io_setup(0x5ff, &(0x7f0000000040)=0x0) syz_io_uring_setup(0xd90, &(0x7f0000000140)={0x0, 0xaa83, 0x40, 0x0, 0x3ad}, &(0x7f00000001c0)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000240)=@IORING_OP_NOP={0x0, 0x8}) io_submit(r1, 0x1ffffff0, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000)="96", 0xffffff20}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff}]) socket$can_bcm(0x1d, 0x2, 0x2) r3 = epoll_create1(0x0) epoll_pwait(r3, &(0x7f0000000040)=[{}], 0x1, 0xfffffff3, 0x0, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) dup3(r4, r3, 0x0) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x12}, &(0x7f00009b1ffc)) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kfree\x00', r5, 0x0, 0x2}, 0x18) r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x7ff, 0x5, 0xc, 0xfffffffffffffffd, 0x59c, 0xffffffffffffffff}) ioctl$SG_BLKTRACETEARDOWN(r6, 0x1276, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = gettid() tkill(r7, 0x13) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r11 = open_tree(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x9800) faccessat(r11, &(0x7f0000000000)='./file0\x00', 0xd) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 34.097377288s ago: executing program 1 (id=1398): r0 = socket$kcm(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}}) r1 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000380)={0x0, 0x5}, 0x8) r2 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000040)=0x3, 0x4) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000100)={0x2017be01}) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f00000001c0)={0x40000000}) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000080)=0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) add_key$keyring(&(0x7f0000000080), &(0x7f0000001100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xfffeffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r7}, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r8 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b100bf800", 0x33fe0}], 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='cachefiles_ondemand_open\x00', r5}, 0x18) close(0xffffffffffffffff) r9 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0) ioctl$EVIOCGRAB(r9, 0x40044590, &(0x7f0000000200)) ioctl$EVIOCGABS20(r9, 0x40044591, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 33.705358655s ago: executing program 1 (id=1407): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000002c0)=0x1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="090322bd700005dcdf2501000000180001801400020076657468300000000000000000000000200002801c0001800800010a"], 0x4c}}, 0x24040804) sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="1c0000003e000701fcfffffffedbdf25017c0000060004"], 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) 33.660755635s ago: executing program 32 (id=1407): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000002c0)=0x1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="090322bd700005dcdf2501000000180001801400020076657468300000000000000000000000200002801c0001800800010a"], 0x4c}}, 0x24040804) sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="1c0000003e000701fcfffffffedbdf25017c0000060004"], 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) 11.771574244s ago: executing program 0 (id=1834): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) io_setup(0x1, &(0x7f00000012c0)=0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0), &(0x7f00000006c0), 0x20005, r2}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r3}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000632f77fbac141416ac14141686089f034d2f8702890c6aab845013f2325f1a39018902038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) r4 = openat$random(0xffffffffffffff9c, &(0x7f0000000540), 0x1, 0x0) io_submit(r1, 0x1, &(0x7f0000000140)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x0, r4, &(0x7f0000000080)="4e8fc38e", 0xb, 0x200000000004}]) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r5}, './cgroup\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r5, 0x0, 0x4ab}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000a00)=ANY=[@ANYBLOB="0a000000c0000000b30000007f"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018180000", @ANYRES32=r6, @ANYBLOB="0000000000000000660000000000000018000000f8ffffff00000000000000009500000000000000360a00000000000018010000202078250000000000202020db1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 11.611667886s ago: executing program 0 (id=1837): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x8, 0xdd18b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, @perf_bp={0x0, 0x2}, 0x3323, 0x4, 0x3, 0x0, 0x9, 0x800001, 0xfff7, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = getpgrp(0x0) ioprio_set$pid(0x1, r0, 0x4000) socket$nl_netfilter(0x10, 0x3, 0xc) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000680)='sched_switch\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500"], 0x48) signalfd(r1, &(0x7f0000000240)={[0x84]}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000900)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000ede69b0d90e47d39c781e9767dc916f0000020ce8bd93dec4a37e5048b002b80cb63801fe136eb269aa81c1b2bb071a450ef9ba00aba7b635d4a03985eeb6bd4b0e780401f0f08f6669a11e1bbc330bddf62b35fcd641798bca17b89851cd495ac01881ef5eb47c1c6eec23cdf5a19", @ANYBLOB="c888713013a0aa51d041aeb4cfca4d8a75fe82fb50784b15e9510214913a29922fafd34594e6a2d22cb68fe8a892b4687f6f0000dcb14fe3e7c9484394f307e02e49136490cef4a88a978a1ca02bd14dddaf", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x8, 0xfffffedf, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) lgetxattr(0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0/file1\x00', 0x90) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000140)=[{0x9, 0x4, 0x18, 0x200}]}) link(&(0x7f00000000c0)='./file0/file1\x00', &(0x7f0000000180)='./file1\x00') r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="8b332dbd7000000000001500000010001d8022ef9f8008"], 0x24}}, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x0, &(0x7f0000000000)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x768f}}]}, 0x83, 0x5fe, &(0x7f0000001040)="$eJzs3c9rHNcdAPDvzEqqZKuVXYqpTUsFPdhQrB+uqduebF/qg6GG+lBCDhaW5AivbGHJEDuGyJBDAgmEkGsIvuQfyD2YXHMLgSS3nANOCA45JMEbZnbHXla78kbWaiTP5wO7eu/NaN/76ulp3uzo7QRQWZPZUxpxOCIuJRETbdvGo7lxsrXfw+/uXM4eSTQa//s2iaRVVuz/qPV1f/aURIxGxKdnI35f21jv6q3bV+fqjaZXI6bXllemV2/dPr60PHdl4crCtdkT/zx5auZfsydntyXOIq5z5//7p7dee+kfi5/VjydxOi4OvzIfHXFsl8mYjEetENvLhyLiVJbo8nPZa4oQkpLbwdbUWr+PwxFxKCailueaJmLpzVIbBwxUoxbRACoqMf6hoop5QHFuP4jz4N3swZnmCdDG+Iea743EaH5utO9h0nZm1DzfPbAN9Wd1/HznyHvZI3q8DzG0DfX0sn43Iv7YLf4kb9uB/F2cLP400rbvy9IzETHS+lmkW6x/siO/079/vyb+9n7I4j3d+pqVn91i/WXHD0A13T/TOpCvZ7knx79sZljMf6LL/Ge8y7FrK8o+/vWe/xXH+9H8PfK0Yx6WzXkudH/J4c6Cr944906v+tvnf9kjq7+YC+6EB3cjjnTE/3o+mUse93/Spf+zXS71Wcd/Pv/mXK9tZcffuBdxtOv5z5MrWllqem15pSjruD45vbhUX5hpPnet46NPXvygV/1lx5/1f/SIf7P+z8pW+qzjwwv3lnttG39q/OnXI8nFPDXSKnl5bm3txmzESHK+tUtb+YnN21LsU7xGFv+xv3Yf/5vEn3f0ep/xr/z/6sNe2/ru/w1/VXKPGn22oZcs/vkt9v/bfdbxwws3/9xRNFYkNot/7BljAwAAAAAAgKpJ82uwSTr1OJ2mU1PNNbx/iH1p/frq2t8Wr9+8Nh9xLP9/yOG0uNI90cwnWX629f+wRf5ER/7vEXEwIt6tjeX5qcvX6/NlBw8AAAAAAAAAAAAAAAAAAAC7xP7W+v/iPtXf15rr//uydmjArQMGbpA3mAN2N+Mfqisf/1u9gyuwpzn+Q3UZ/1Bdxj9Ul/EP1WX8Q3UZ/1Bdxj9Ul/EPAAAAAM+lg3+5/2USEev/HssfmZHWtuFSWwYMmjEO1VUruwFAaR5f+rf8Hyqnr/n/j60PBxx8c4ASJN0K88lBY/PBf7/rdwIAAAAAAAAAAAAAA3D0sPX/UFVpfFx2E4CSPMP6fx8dAHucj/6H6nKODzxtFf9orw3W/wMAAAAAAAAAAADAjhnPH0k61boF6Hik6dRUxG8j4kAMJ4tL9YWZiPhdRHxRG/5Nlp8tu9EAAAAAAAAAAAAAAAAAAADwnFm9dfvqXL2+cKM98dOGkuc7UdwFdbe0pz0Ryc5XOhYRuyH2wSSG2kqSiPWs53dFw26sxq5oRpo3o+Q/TAAAAAAAAAAAAAAAAAAAUEFta4+7O/L+DrcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHbek/v/bz2RPOV1yo4RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANibfgkAAP//4DE4gw==") bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 11.145172723s ago: executing program 0 (id=1853): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000000)={@none, 0x9, 0xd, 0xfff4, 0xb6, 0x5, "241407d72a4848fd77896dc23728eb65d740162e548a35ab14099f48c0690e8e3531722295a0813f4eef885cfd3dbe73f9e9901445adf4534a6204d701b09b6b1b1f25c79d2094b46dfb2fca5fe85d91dbeb6510f06e9ebfe3873d6a53067ad2dddaede9dff83c52f344f2e2ff05b2a95c77f80ac45d36ca95ff83d57ecd8dd9"}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080f00000a"], 0x48) r2 = syz_open_procfs(0x0, &(0x7f0000019100)='net/fib_trie\x00') pread64(r2, &(0x7f0000032140)=""/102344, 0x18fc8, 0x4000c2a) getsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f00000002c0), &(0x7f0000000300)=0x4) read$char_usb(r2, &(0x7f0000000740)=""/253, 0xfd) mq_open(&(0x7f0000000000)='\x00', 0x80, 0x69, &(0x7f0000000080)={0x828, 0x8, 0x0, 0x2}) r3 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x10000, 0x1}, 0x8002, 0x0, 0x1003, 0x2, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x4) mkdir(&(0x7f0000000000)='./control\x00', 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000340)=ANY=[@ANYRES64=r3, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x3, 0x0, 0x0, 0xa54a9d76e5e2e84, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) dup(0xffffffffffffffff) syz_read_part_table(0x60d, &(0x7f0000002200)="$eJzs3D9olHcYB/DvJbmcUTAdnFxqHDoJRXE0Q5XkqlgIp1IIDvYfIs0UIXDSw5Q4tBkUM0jHLlK4DhonYwYnRaFzEQeLkMGlYBepHXLl7l6SOyjF0oRS/HyGe353PDzf94F3/V34XxtIuTi1Kp3y/qd/298a3TzP50xzYvJ4q9VqnU5KOZtyxsq7l5MMpX9q9icZ7plz8/udq9/+9mG5+fTUq/fOPVgc2JhZyTtJdvU2Z+SvHqXyzzZlO9wafzi6cGW2erX9pdpYW/84uf1yorZycnFp+UT52Oft3y8nj4r+7osxkoup51K+zCdDbxz19eax1Jc/386vj194Um2sfdd8fnB9b3Xw7vkjr/etXrt/KJlrR0yl87JvGv6Xi/fkL/Tkz41dn15qHD1wZ8+Nw/V7j2svBn9vdRWR5a3JBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABge9xqf1yZrV6tj194Um2sffPzTx/dfjlRWzm5uLR8YvjYs6LvUVGHinox9VxKOclMZvJFZt88crrUmz/+cHRhI/+Pncnzg+t7q82754+8nly9dv9Qp6uUqXYZ2IqN+/XnN9bmxq5PLzWOHriz58bh+r3HtReD3b6ZSj7rrJuksvWPAQAAAAAAAAAAAAAAAAAAwFtuYvL4vqkPaqeTUs7uSPLrV51b9q3KyI/p3Lzv2l/UZ5Vkd5KbO7r/BdB8eurV8LkHi78Ul+LnU8l8kl0/rJxJ3t3IudwfW96czH/pzwAAAP//gTiR5w==") r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r7, {0xc, 0x7}, {}, {0xfff3, 0x3}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x3, 0x1, 0x3}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44040}, 0x800) r8 = socket$unix(0x1, 0x5, 0x0) bind$unix(r8, &(0x7f0000003000)=@file={0x1, './file1\x00'}, 0x6e) r9 = perf_event_open(&(0x7f0000000100)={0x1, 0x95, 0x8, 0x0, 0x0, 0x0, 0x0, 0x264f, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280), 0x2}, 0x104002, 0x0, 0xfffffffe, 0x0, 0x3, 0x0, 0x12, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000180), &(0x7f00000001c0)=r9}, 0x20) perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0xfe, 0x1, 0x0, 0x0, 0x0, 0x7fffffff, 0x8004, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43, 0x0, @perf_config_ext={0x18a, 0xf037}, 0x401a, 0x4, 0x0, 0x8, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xa6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 10.711979469s ago: executing program 0 (id=1865): syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file0\x00', 0x1a00e04, &(0x7f0000000080)=ANY=[], 0x1, 0x32f, &(0x7f0000000cc0)="$eJzs3M9LI2cYwPEnP4xJxEwOpaWF4kt7aXsYNO25EIpCaaCiplQLhVEnbcg0kUywpJRqT3td9j/Yyx7Eozdhd/8BL7un3cte9uZlYRdWFtlZMj800Ul2jWaj6/cDMu/M8z7j+5AYngnO7P96869KydZLRkOiSSUREZEDkaxEJRDxt1F3nJB2m/L12PNHL5zFpZ/yhcL0nFIz+YVvc0qpzMTdv/9N+dN2R2Uv+/v+s9zTvY/3Pt1/vfBn2VZlW1VrDWWo5dqThrFsmWq1bFd0pWYt07BNVa7aZt2L17x4yaqtrTWVUV0dT6/VTdtWRrWpKmZTNWqqUW8q4w+jXFW6rqvxtIRJhB69ropbc3NGvs/klQteDPr1ynGcHmEnkjdiIpI6FSluDXRdAADgUjrR/8fclv7M/f/n84tLknH7/9bk4/5/+4v7jbFfdjJ+/7+bCOv/v3vsnauj/0+KyIX2/8mQ6k93RFfexlkmn6v/x+UwcfqaNtKxV68/HEv7f7+u/3/bnnQH9P8AAAAAAAAAAAAAAAAAAAAAAFwFB46jOY6jBVv/55vjGd6xYa4Rg9Pl9ddG/Tumgv1hrxODMb+4JEn3xr14RsS6sV5cL3pbPx5MnBRNDt33g681Du48Ui1ZuWdt+Pkb68WYG8mXpCyWmDIlmmRP5jvOzI+F6Snl6cwfkXR7fk40+Sg8Pxean5CvvmzL10WTBytSE0tWW+/rQ+co/78ppX74uXAiP+XOAwAAAADgQ6CrI6HX77reLe7lH11fd34/INJ2fT4Zen0e1z6LD7d2AAAAAACuC7v5T8WwLLPeY5CSt8/pfxDvL30kJJQIyom1VdgxRza7lpzwnxBsWPHGYCrtMQj+kaKSaAsl5bZ/uJ8zB/UPZs1R6SdrQpxRb1Xn+e3B10bd5sjsoF+veJfQJ7fuvOzvzBH/qb3toe93kuGVSmTQBY6804eHEzvnpw8AAACA9ylo+lO2uxsZ9noAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALiOejwGLH5RjxMbdo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAZfEmAAD//5On/7M=") r0 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) io_setup(0x5ff, &(0x7f0000000040)=0x0) syz_io_uring_setup(0xd90, &(0x7f0000000140)={0x0, 0xaa83, 0x40, 0x0, 0x3ad}, &(0x7f00000001c0)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000240)=@IORING_OP_NOP={0x0, 0x8}) io_submit(r1, 0x1ffffff0, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000)="96", 0xffffff20}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff}]) socket$can_bcm(0x1d, 0x2, 0x2) r3 = epoll_create1(0x0) epoll_pwait(r3, &(0x7f0000000040)=[{}], 0x1, 0xfffffff3, 0x0, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) dup3(r4, r3, 0x0) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x12}, &(0x7f00009b1ffc)) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kfree\x00', r5, 0x0, 0x2}, 0x18) r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x7ff, 0x5, 0xc, 0xfffffffffffffffd, 0x59c, 0xffffffffffffffff}) ioctl$SG_BLKTRACETEARDOWN(r6, 0x1276, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = gettid() tkill(r7, 0x13) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x9800) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 10.216370497s ago: executing program 0 (id=1872): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0), &(0x7f00000006c0), 0x20005, r1}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001ac0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5dbf4ad17b1cb319828918461b78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd1511aa72a95f7d86ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234765be0f4f51bc55f56baab870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfaecf390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b4000000000000ffff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d2943e6f5f828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a74c500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a54d9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a8e72eb71bb9ecf31fd16d1b0a63edfa0eaf452cba1d66b20659af0c9ff8d6e90bc48b1f25d7a7e838eaff2207c3b95ae7b2ccc96f2b1e0def13982b0a8a77a886abf3959ba0c53b0f985e71a7db2e20515c6f7eae7ee1d76243248653ead6e2a9cb1e293f69a237563963dda7037d3d2bef301339343207408d57bb1e37f4bf7147f7c417a2a7c6363667ccc398f1b8cb524d2df30f3162cf6632fcc2b5fc69a8346d4aa21cd812c95cbbf14518829b6c1360300cad57e74361928059940146f1163c1ca2f80dfc7056bce17512e9ac949d2c4f4d283f79d3312a75393faafc5393d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000632f77fbac141416ac14141686089f034d2f8702890c6aab845013f2325f1a39018902038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) r4 = openat$random(0xffffffffffffff9c, &(0x7f0000000540), 0x1, 0x0) io_submit(0x0, 0x1, &(0x7f0000000140)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x0, r4, &(0x7f0000000080)="4e8fc38e", 0xb, 0x200000000004}]) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r5}, './cgroup\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r5, 0x0, 0x4ab}, 0x18) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r7}, 0x18) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000100)) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000005, 0x3032, 0xffffffffffffffff, 0x0) r8 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000a00)=ANY=[@ANYBLOB="0a000000c0000000b30000007f"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018180000", @ANYRES32=r8, @ANYBLOB="0000000000000000660000000000000018000000f8ffffff00000000000000009500000000000000360a00000000000018010000202078250000000000202020db1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=ANY=[@ANYBLOB="880000000101010100000000000000000a0000000c0019"], 0x88}}, 0x24044004) socket$kcm(0xa, 0x3, 0x73) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={0x0}}, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 10.093654799s ago: executing program 0 (id=1876): bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x23, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000000000000000000fc4f000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085000000b50000004020000133ffffff8500000070000000183a000002000000000000000000000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7080000080002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082000000185000000e000000000000000000000085200000010000008510000008000000d2b00000f0ffffff79900200ffffffffbf91000000000000b7020000010000008500000085000000b7000000000000009500000000008000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0xffffffffffffff07) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f00000003c0)=ANY=[], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6) 10.070859629s ago: executing program 33 (id=1876): bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x23, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000000000000000000fc4f000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085000000b50000004020000133ffffff8500000070000000183a000002000000000000000000000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7080000080002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082000000185000000e000000000000000000000085200000010000008510000008000000d2b00000f0ffffff79900200ffffffffbf91000000000000b7020000010000008500000085000000b7000000000000009500000000008000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0xffffffffffffff07) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f00000003c0)=ANY=[], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6) 6.340855635s ago: executing program 6 (id=1929): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000004000001d8500000007000000440000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) linkat(0xffffffffffffffff, &(0x7f0000000100)='./file0/file0\x00', 0xffffffffffffffff, 0x0, 0x400) r1 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x50) 6.340269185s ago: executing program 6 (id=1930): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB], 0x24}}, 0x0) 6.322820575s ago: executing program 6 (id=1931): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kmem_cache_free\x00', r1, 0x0, 0x800}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) utimes(&(0x7f0000000040)='./file0\x00', 0x0) 6.301906866s ago: executing program 6 (id=1933): syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file0\x00', 0x1a00e04, &(0x7f0000000080)=ANY=[], 0x1, 0x32f, &(0x7f0000000cc0)="$eJzs3M9LI2cYwPEnP4xJxEwOpaWF4kt7aXsYNO25EIpCaaCiplQLhVEnbcg0kUywpJRqT3td9j/Yyx7Eozdhd/8BL7un3cte9uZlYRdWFtlZMj800Ul2jWaj6/cDMu/M8z7j+5AYngnO7P96869KydZLRkOiSSUREZEDkaxEJRDxt1F3nJB2m/L12PNHL5zFpZ/yhcL0nFIz+YVvc0qpzMTdv/9N+dN2R2Uv+/v+s9zTvY/3Pt1/vfBn2VZlW1VrDWWo5dqThrFsmWq1bFd0pWYt07BNVa7aZt2L17x4yaqtrTWVUV0dT6/VTdtWRrWpKmZTNWqqUW8q4w+jXFW6rqvxtIRJhB69ropbc3NGvs/klQteDPr1ynGcHmEnkjdiIpI6FSluDXRdAADgUjrR/8fclv7M/f/n84tLknH7/9bk4/5/+4v7jbFfdjJ+/7+bCOv/v3vsnauj/0+KyIX2/8mQ6k93RFfexlkmn6v/x+UwcfqaNtKxV68/HEv7f7+u/3/bnnQH9P8AAAAAAAAAAAAAAAAAAAAAAFwFB46jOY6jBVv/55vjGd6xYa4Rg9Pl9ddG/Tumgv1hrxODMb+4JEn3xr14RsS6sV5cL3pbPx5MnBRNDt33g681Du48Ui1ZuWdt+Pkb68WYG8mXpCyWmDIlmmRP5jvOzI+F6Snl6cwfkXR7fk40+Sg8Pxean5CvvmzL10WTBytSE0tWW+/rQ+co/78ppX74uXAiP+XOAwAAAADgQ6CrI6HX77reLe7lH11fd34/INJ2fT4Zen0e1z6LD7d2AAAAAACuC7v5T8WwLLPeY5CSt8/pfxDvL30kJJQIyom1VdgxRza7lpzwnxBsWPHGYCrtMQj+kaKSaAsl5bZ/uJ8zB/UPZs1R6SdrQpxRb1Xn+e3B10bd5sjsoF+veJfQJ7fuvOzvzBH/qb3toe93kuGVSmTQBY6804eHEzvnpw8AAACA9ylo+lO2uxsZ9noAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALiOejwGLH5RjxMbdo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAZfEmAAD//5On/7M=") r0 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) io_setup(0x5ff, &(0x7f0000000040)=0x0) syz_io_uring_setup(0xd90, &(0x7f0000000140)={0x0, 0xaa83, 0x40, 0x0, 0x3ad}, &(0x7f00000001c0)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000240)=@IORING_OP_NOP={0x0, 0x8}) io_submit(r1, 0x1ffffff0, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000)="96", 0xffffff20}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff}]) socket$can_bcm(0x1d, 0x2, 0x2) r3 = epoll_create1(0x0) epoll_pwait(r3, &(0x7f0000000040)=[{}], 0x1, 0xfffffff3, 0x0, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) dup3(r4, r3, 0x0) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x12}, &(0x7f00009b1ffc)) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kfree\x00', r5, 0x0, 0x2}, 0x18) r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x7ff, 0x5, 0xc, 0xfffffffffffffffd, 0x59c, 0xffffffffffffffff}) ioctl$SG_BLKTRACETEARDOWN(r6, 0x1276, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = gettid() tkill(r7, 0x13) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x9800) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 6.097120879s ago: executing program 6 (id=1938): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) socket$key(0xf, 0x3, 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000001040)=@newsa={0x138, 0x10, 0x713, 0xffffff84, 0x0, {{@in6=@remote, @in=@multicast1}, {@in6=@remote, 0x0, 0x32}, @in=@multicast1, {0x0, 0x1, 0x0, 0x0, 0x3}, {}, {0x0, 0x2000000}, 0x0, 0x0, 0xa, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0xe}, 0x0) 4.116809488s ago: executing program 4 (id=1971): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_selinux(r0, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0) (fail_nth: 2) 3.952016741s ago: executing program 4 (id=1974): r0 = socket$inet6(0xa, 0x80002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001180)={&(0x7f0000000300)='kfree\x00', r1, 0x0, 0x1a400000}, 0x18) syz_usbip_server_init(0x2) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x400a962, @mcast1, 0x9}, 0x1c) socket(0x1e, 0x4, 0x0) unshare(0x2c020400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, 0x0, 0x0) 3.561240877s ago: executing program 6 (id=1976): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_DESTROY(r0, &(0x7f0000000200), 0x4) 3.560959907s ago: executing program 34 (id=1976): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_DESTROY(r0, &(0x7f0000000200), 0x4) 2.858785587s ago: executing program 4 (id=1986): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) utimes(&(0x7f0000000040)='./file0\x00', 0x0) 2.857651307s ago: executing program 4 (id=1988): syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file0\x00', 0x1a00e04, &(0x7f0000000080)=ANY=[], 0x1, 0x32f, &(0x7f0000000cc0)="$eJzs3M9LI2cYwPEnP4xJxEwOpaWF4kt7aXsYNO25EIpCaaCiplQLhVEnbcg0kUywpJRqT3td9j/Yyx7Eozdhd/8BL7un3cte9uZlYRdWFtlZMj800Ul2jWaj6/cDMu/M8z7j+5AYngnO7P96869KydZLRkOiSSUREZEDkaxEJRDxt1F3nJB2m/L12PNHL5zFpZ/yhcL0nFIz+YVvc0qpzMTdv/9N+dN2R2Uv+/v+s9zTvY/3Pt1/vfBn2VZlW1VrDWWo5dqThrFsmWq1bFd0pWYt07BNVa7aZt2L17x4yaqtrTWVUV0dT6/VTdtWRrWpKmZTNWqqUW8q4w+jXFW6rqvxtIRJhB69ropbc3NGvs/klQteDPr1ynGcHmEnkjdiIpI6FSluDXRdAADgUjrR/8fclv7M/f/n84tLknH7/9bk4/5/+4v7jbFfdjJ+/7+bCOv/v3vsnauj/0+KyIX2/8mQ6k93RFfexlkmn6v/x+UwcfqaNtKxV68/HEv7f7+u/3/bnnQH9P8AAAAAAAAAAAAAAAAAAAAAAFwFB46jOY6jBVv/55vjGd6xYa4Rg9Pl9ddG/Tumgv1hrxODMb+4JEn3xr14RsS6sV5cL3pbPx5MnBRNDt33g681Du48Ui1ZuWdt+Pkb68WYG8mXpCyWmDIlmmRP5jvOzI+F6Snl6cwfkXR7fk40+Sg8Pxean5CvvmzL10WTBytSE0tWW+/rQ+co/78ppX74uXAiP+XOAwAAAADgQ6CrI6HX77reLe7lH11fd34/INJ2fT4Zen0e1z6LD7d2AAAAAACuC7v5T8WwLLPeY5CSt8/pfxDvL30kJJQIyom1VdgxRza7lpzwnxBsWPHGYCrtMQj+kaKSaAsl5bZ/uJ8zB/UPZs1R6SdrQpxRb1Xn+e3B10bd5sjsoF+veJfQJ7fuvOzvzBH/qb3toe93kuGVSmTQBY6804eHEzvnpw8AAACA9ylo+lO2uxsZ9noAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALiOejwGLH5RjxMbdo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAZfEmAAD//5On/7M=") r0 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) io_setup(0x5ff, &(0x7f0000000040)=0x0) syz_io_uring_setup(0xd90, &(0x7f0000000140)={0x0, 0xaa83, 0x40, 0x0, 0x3ad}, &(0x7f00000001c0)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000240)=@IORING_OP_NOP={0x0, 0x8}) io_submit(r1, 0x1ffffff0, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000)="96", 0xffffff20}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff}]) socket$can_bcm(0x1d, 0x2, 0x2) r3 = epoll_create1(0x0) epoll_pwait(r3, &(0x7f0000000040)=[{}], 0x1, 0xfffffff3, 0x0, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) dup3(r4, r3, 0x0) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x12}, &(0x7f00009b1ffc)) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kfree\x00', r5, 0x0, 0x2}, 0x18) r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x7ff, 0x5, 0xc, 0xfffffffffffffffd, 0x59c, 0xffffffffffffffff}) ioctl$SG_BLKTRACETEARDOWN(r6, 0x1276, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = gettid() tkill(r7, 0x13) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x10) r11 = open_tree(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x9800) faccessat(r11, &(0x7f0000000000)='./file0\x00', 0xd) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 2.785808918s ago: executing program 4 (id=1994): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r1, 0x0, 0x800}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) utimes(&(0x7f0000000040)='./file0\x00', 0x0) 2.552769542s ago: executing program 4 (id=2000): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0e000000040000", @ANYRES64=0x0, @ANYRESOCT=r0, @ANYBLOB="22fafb9125845e16a7e2f576cf7f3697e9231278cad8d3cb90c1a02ad35208b49058118e9479a47ab483ee103b8d9eaba054702f18146b943814b729dd5db12e"], 0x48) (async) syz_emit_ethernet(0x0, 0x0, 0x0) (async) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff00000000030000000000000000000000020000000000000000000000000000040300"], 0x0, 0x56, 0x0, 0x3, 0x0, 0x0, @void, @value}, 0x28) (async) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]}) (async) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) (async) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) (async) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r2, r4, 0xfffffffffffffc01, 0x0) 2.512433992s ago: executing program 35 (id=2000): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0e000000040000", @ANYRES64=0x0, @ANYRESOCT=r0, @ANYBLOB="22fafb9125845e16a7e2f576cf7f3697e9231278cad8d3cb90c1a02ad35208b49058118e9479a47ab483ee103b8d9eaba054702f18146b943814b729dd5db12e"], 0x48) (async) syz_emit_ethernet(0x0, 0x0, 0x0) (async) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff00000000030000000000000000000000020000000000000000000000000000040300"], 0x0, 0x56, 0x0, 0x3, 0x0, 0x0, @void, @value}, 0x28) (async) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]}) (async) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) (async) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) (async) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r2, r4, 0xfffffffffffffc01, 0x0) 1.679819055s ago: executing program 5 (id=2013): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0xd, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 'veth1\x00'}}, 0x1e) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000400)={0x18, 0x0, {0x2, @broadcast, 'veth0\x00'}}, 0x1e) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x70bd29, 0x300, {0x0, 0x0, 0x0, 0x0, 0x100, 0x42004}, [@IFLA_MTU={0x8, 0x4, 0xd8}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x884) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'sit0\x00'}) sendmsg$nl_route_sched(r0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r5, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000500)={0xf8, 0x0, 0x8, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x2, 0x18}}}}, [@NL80211_ATTR_REKEY_DATA={0xc, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x2}]}, @NL80211_ATTR_REKEY_DATA={0x10, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "714418d1475f3170"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="ef757cc8cb1f7a6603c6768480792ff1"}]}, @NL80211_ATTR_REKEY_DATA={0x9c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x6}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "31d02960a90e65f1"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="258029688c49dc4025b3c5f50aea1b28"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="2493f43320833f8fe3e2562abe75c376"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="e932a81311dbdcfbbeb7ad7944d420d6"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="0b2a71aeada194e4a098321a780ea362bd265696e889a8226b501a255070dffc"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="01a087c2cbe68100125886994f5deda9ba50b391baf859697f6ba17f6b04a404"}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x20000000}, 0x8) 1.679359105s ago: executing program 2 (id=2014): bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) r0 = epoll_create1(0x80000) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/power/wakeup_count', 0x80800, 0x8) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0xe000001a}) read$char_usb(r1, &(0x7f0000001980)=""/179, 0xb3) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2, 0x0, 0xfffffffffffffffd}, 0x18) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0, 0x79}}], 0x30, 0x8000}, 0x4) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x60800) r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r5, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000940)=""/3, 0x3, 0x0, 0x4, 0x0, 0x0, 0xc08}}, 0x120) readv(r5, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}, {0x0, 0x4}], 0x2) write$UHID_DESTROY(r5, &(0x7f0000000200), 0x4) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYRES16=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x7, &(0x7f0000000380)=ANY=[@ANYRESHEX=0x0, @ANYRES32=r7, @ANYRES64=r6], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r8, 0x0, 0x5}, 0x18) sync_file_range(r8, 0x2, 0xac50, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='percpu_free_percpu\x00'}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0600000004000000008000005c00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/28], 0x50) r9 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r9) 1.35852854s ago: executing program 5 (id=2015): r0 = syz_open_procfs(0x0, &(0x7f0000000580)='attr/exec\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) r1 = syz_io_uring_setup(0x2e3b, &(0x7f0000000240)={0x0, 0x69e5, 0x10000, 0x0, 0x166, 0x0, r0}, &(0x7f00000003c0)=0x0, &(0x7f0000001040)=0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000008000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000200)=""/9, 0x9}], 0x1}) io_uring_enter(r1, 0x567, 0xa1ff, 0x0, 0x0, 0x0) 1.282891361s ago: executing program 3 (id=2016): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f00000003c0)) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r2}, 0x10) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 1.275568231s ago: executing program 5 (id=2017): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000000)={@none, 0x9, 0xd, 0xfff4, 0xb6, 0x5, "241407d72a4848fd77896dc23728eb65d740162e548a35ab14099f48c0690e8e3531722295a0813f4eef885cfd3dbe73f9e9901445adf4534a6204d701b09b6b1b1f25c79d2094b46dfb2fca5fe85d91dbeb6510f06e9ebfe3873d6a53067ad2dddaede9dff83c52f344f2e2ff05b2a95c77f80ac45d36ca95ff83d57ecd8dd9"}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080f00000a"], 0x48) r1 = syz_open_procfs(0x0, &(0x7f0000019100)='net/fib_trie\x00') pread64(r1, &(0x7f0000032140)=""/102344, 0x18fc8, 0x4000c2a) getsockopt$WPAN_SECURITY(r1, 0x0, 0x1, &(0x7f00000002c0), &(0x7f0000000300)=0x4) read$char_usb(r1, &(0x7f0000000740)=""/253, 0xfd) mq_open(&(0x7f0000000000)='\x00', 0x80, 0x69, &(0x7f0000000080)={0x828, 0x8, 0x0, 0x2}) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x10000, 0x1}, 0x8002, 0x0, 0x1003, 0x2, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x4) mkdir(&(0x7f0000000000)='./control\x00', 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0) 1.193562662s ago: executing program 5 (id=2018): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r1, 0x0, 0x800}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) utimes(&(0x7f0000000040)='./file0\x00', 0x0) 1.170544843s ago: executing program 5 (id=2019): bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) r0 = epoll_create1(0x80000) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/power/wakeup_count', 0x80800, 0x8) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0xe000001a}) read$char_usb(r1, &(0x7f0000001980)=""/179, 0xb3) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2, 0x0, 0xfffffffffffffffd}, 0x18) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0, 0x79}}], 0x30, 0x8000}, 0x4) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x60800) r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r5, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000940)=""/3, 0x3, 0x0, 0x4, 0x0, 0x0, 0xc08}}, 0x120) readv(r5, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}, {0x0, 0x4}], 0x2) write$UHID_DESTROY(r5, &(0x7f0000000200), 0x4) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYRES16=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x7, &(0x7f0000000380)=ANY=[@ANYRESHEX=0x0, @ANYRES32=r7, @ANYRES64=r6], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r8, 0x0, 0x5}, 0x18) sync_file_range(r8, 0x2, 0xac50, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='percpu_free_percpu\x00'}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0600000004000000008000005c00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/28], 0x50) r9 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r9) 1.153053783s ago: executing program 3 (id=2020): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0xac, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x98, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x3}, 0x8}}]}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xac}}, 0x0) 1.030898525s ago: executing program 3 (id=2021): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 983.058315ms ago: executing program 3 (id=2022): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_REQ_SET_REG(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)={0x20, r2, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20044880}, 0x80) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xd, 0x5, 0x1, 0x40, 0x80, 0xffffffffffffffff, 0xfdc2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (async) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) (async) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r3}, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) (async) write(0xffffffffffffffff, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff) (async) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) (async) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) r5 = socket$pppl2tp(0x18, 0x1, 0x1) (async) r6 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) (async) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8, 0x0, 0xffffffffffffffff}, 0x18) connect$pppl2tp(r5, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r6, 0x1, 0x0, 0xfffd, 0x0, {0xa, 0xfffc, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) (async) writev(r5, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1) (async) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f40)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bc"], 0x40}}, 0x0) 832.856208ms ago: executing program 2 (id=2023): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x200001, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xffffffff, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3122, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$FIGETBSZ(r4, 0x2, &(0x7f0000000040)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x19, 0x0) 698.8592ms ago: executing program 2 (id=2024): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0xd, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 'veth1\x00'}}, 0x1e) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000400)={0x18, 0x0, {0x2, @broadcast, 'veth0\x00'}}, 0x1e) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x70bd29, 0x300, {0x0, 0x0, 0x0, 0x0, 0x100, 0x42004}, [@IFLA_MTU={0x8, 0x4, 0xd8}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x884) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'sit0\x00'}) sendmsg$nl_route_sched(r0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r5, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000500)={0xf8, 0x0, 0x8, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x2, 0x18}}}}, [@NL80211_ATTR_REKEY_DATA={0xc, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x2}]}, @NL80211_ATTR_REKEY_DATA={0x10, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "714418d1475f3170"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="ef757cc8cb1f7a6603c6768480792ff1"}]}, @NL80211_ATTR_REKEY_DATA={0x9c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x6}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "31d02960a90e65f1"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="258029688c49dc4025b3c5f50aea1b28"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="2493f43320833f8fe3e2562abe75c376"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="e932a81311dbdcfbbeb7ad7944d420d6"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="0b2a71aeada194e4a098321a780ea362bd265696e889a8226b501a255070dffc"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="01a087c2cbe68100125886994f5deda9ba50b391baf859697f6ba17f6b04a404"}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x20000000}, 0x8) 577.098562ms ago: executing program 3 (id=2025): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x8, 0xdd18b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, @perf_bp={0x0, 0x2}, 0x3323, 0x4, 0x3, 0x0, 0x9, 0x800001, 0xfff7, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = getpgrp(0x0) ioprio_set$pid(0x1, r0, 0x4000) socket$nl_netfilter(0x10, 0x3, 0xc) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000680)='sched_switch\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) signalfd(r1, &(0x7f0000000240)={[0x84]}, 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) lgetxattr(0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0/file1\x00', 0x90) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000140)=[{0x9, 0x4, 0x18, 0x200}]}) link(&(0x7f00000000c0)='./file0/file1\x00', &(0x7f0000000180)='./file1\x00') r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="8b332dbd7000000000001500000010001d8022ef9f8008"], 0x24}}, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x0, &(0x7f0000000000)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x768f}}]}, 0x83, 0x5fe, &(0x7f0000001040)="$eJzs3c9rHNcdAPDvzEqqZKuVXYqpTUsFPdhQrB+uqduebF/qg6GG+lBCDhaW5AivbGHJEDuGyJBDAgmEkGsIvuQfyD2YXHMLgSS3nANOCA45JMEbZnbHXla78kbWaiTP5wO7eu/NaN/76ulp3uzo7QRQWZPZUxpxOCIuJRETbdvGo7lxsrXfw+/uXM4eSTQa//s2iaRVVuz/qPV1f/aURIxGxKdnI35f21jv6q3bV+fqjaZXI6bXllemV2/dPr60PHdl4crCtdkT/zx5auZfsydntyXOIq5z5//7p7dee+kfi5/VjydxOi4OvzIfHXFsl8mYjEetENvLhyLiVJbo8nPZa4oQkpLbwdbUWr+PwxFxKCailueaJmLpzVIbBwxUoxbRACoqMf6hoop5QHFuP4jz4N3swZnmCdDG+Iea743EaH5utO9h0nZm1DzfPbAN9Wd1/HznyHvZI3q8DzG0DfX0sn43Iv7YLf4kb9uB/F2cLP400rbvy9IzETHS+lmkW6x/siO/079/vyb+9n7I4j3d+pqVn91i/WXHD0A13T/TOpCvZ7knx79sZljMf6LL/Ge8y7FrK8o+/vWe/xXH+9H8PfK0Yx6WzXkudH/J4c6Cr944906v+tvnf9kjq7+YC+6EB3cjjnTE/3o+mUse93/Spf+zXS71Wcd/Pv/mXK9tZcffuBdxtOv5z5MrWllqem15pSjruD45vbhUX5hpPnet46NPXvygV/1lx5/1f/SIf7P+z8pW+qzjwwv3lnttG39q/OnXI8nFPDXSKnl5bm3txmzESHK+tUtb+YnN21LsU7xGFv+xv3Yf/5vEn3f0ep/xr/z/6sNe2/ru/w1/VXKPGn22oZcs/vkt9v/bfdbxwws3/9xRNFYkNot/7BljAwAAAAAAgKpJ82uwSTr1OJ2mU1PNNbx/iH1p/frq2t8Wr9+8Nh9xLP9/yOG0uNI90cwnWX629f+wRf5ER/7vEXEwIt6tjeX5qcvX6/NlBw8AAAAAAAAAAAAAAAAAAAC7xP7W+v/iPtXf15rr//uydmjArQMGbpA3mAN2N+Mfqisf/1u9gyuwpzn+Q3UZ/1Bdxj9Ul/EP1WX8Q3UZ/1Bdxj9Ul/EPAAAAAM+lg3+5/2USEev/HssfmZHWtuFSWwYMmjEO1VUruwFAaR5f+rf8Hyqnr/n/j60PBxx8c4ASJN0K88lBY/PBf7/rdwIAAAAAAAAAAAAAA3D0sPX/UFVpfFx2E4CSPMP6fx8dAHucj/6H6nKODzxtFf9orw3W/wMAAAAAAAAAAADAjhnPH0k61boF6Hik6dRUxG8j4kAMJ4tL9YWZiPhdRHxRG/5Nlp8tu9EAAAAAAAAAAAAAAAAAAADwnFm9dfvqXL2+cKM98dOGkuc7UdwFdbe0pz0Ryc5XOhYRuyH2wSSG2kqSiPWs53dFw26sxq5oRpo3o+Q/TAAAAAAAAAAAAAAAAAAAUEFta4+7O/L+DrcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHbek/v/bz2RPOV1yo4RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANibfgkAAP//4DE4gw==") bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 576.156012ms ago: executing program 2 (id=2026): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mount(&(0x7f0000000080)=@sg0, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='9p\x00', 0x806465, &(0x7f0000000200)='.^{$\'*\x00') syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f00000003c0)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00'}, 0x10) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 416.247344ms ago: executing program 2 (id=2027): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kmem_cache_free\x00', r1, 0x0, 0x800}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) utimes(&(0x7f0000000040)='./file0\x00', 0x0) 341.830075ms ago: executing program 2 (id=2028): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r0, 0x0, 0x0) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}, {0x0, 0x4}], 0x2) write$UHID_DESTROY(r0, &(0x7f0000000200), 0x4) 328.681365ms ago: executing program 7 (id=1977): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) timer_settime(r2, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0) preadv2(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1) 290.203566ms ago: executing program 5 (id=2029): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x8, 0xdd18b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, @perf_bp={0x0, 0x2}, 0x3323, 0x4, 0x3, 0x0, 0x9, 0x800001, 0xfff7, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000404000000000000000000611233000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = getpgrp(0x0) ioprio_set$pid(0x1, r0, 0x4000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000680)='sched_switch\x00', r2}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) signalfd(r2, &(0x7f0000000240)={[0x84]}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000900)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000ede69b0d90e47d39c781e9767dc916f0000020ce8bd93dec4a37e5048b002b80cb63801fe136eb269aa81c1b2bb071a450ef9ba00aba7b635d4a03985eeb6bd4b0e780401f0f08f6669a11e1bbc330bddf62b35fcd641798bca17b89851cd495ac01881ef5eb47c1c6eec23cdf5a19", @ANYBLOB="c888713013a0aa51d041aeb4cfca4d8a75fe82fb50784b15e9510214913a29922fafd34594e6a2d22cb68fe8a892b4687f6f0000dcb14fe3e7c9484394f307e02e49136490cef4a88a978a1ca02bd14dddaf", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x8, 0xfffffedf, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18) lgetxattr(0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0/file1\x00', 0x90) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000140)=[{0x9, 0x4, 0x18, 0x200}]}) link(&(0x7f00000000c0)='./file0/file1\x00', &(0x7f0000000180)='./file1\x00') r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="8b332dbd7000000000001500000010001d8022ef9f8008"], 0x24}}, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x0, &(0x7f0000000000)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x768f}}]}, 0x83, 0x5fe, &(0x7f0000001040)="$eJzs3c9rHNcdAPDvzEqqZKuVXYqpTUsFPdhQrB+uqduebF/qg6GG+lBCDhaW5AivbGHJEDuGyJBDAgmEkGsIvuQfyD2YXHMLgSS3nANOCA45JMEbZnbHXla78kbWaiTP5wO7eu/NaN/76ulp3uzo7QRQWZPZUxpxOCIuJRETbdvGo7lxsrXfw+/uXM4eSTQa//s2iaRVVuz/qPV1f/aURIxGxKdnI35f21jv6q3bV+fqjaZXI6bXllemV2/dPr60PHdl4crCtdkT/zx5auZfsydntyXOIq5z5//7p7dee+kfi5/VjydxOi4OvzIfHXFsl8mYjEetENvLhyLiVJbo8nPZa4oQkpLbwdbUWr+PwxFxKCailueaJmLpzVIbBwxUoxbRACoqMf6hoop5QHFuP4jz4N3swZnmCdDG+Iea743EaH5utO9h0nZm1DzfPbAN9Wd1/HznyHvZI3q8DzG0DfX0sn43Iv7YLf4kb9uB/F2cLP400rbvy9IzETHS+lmkW6x/siO/079/vyb+9n7I4j3d+pqVn91i/WXHD0A13T/TOpCvZ7knx79sZljMf6LL/Ge8y7FrK8o+/vWe/xXH+9H8PfK0Yx6WzXkudH/J4c6Cr944906v+tvnf9kjq7+YC+6EB3cjjnTE/3o+mUse93/Spf+zXS71Wcd/Pv/mXK9tZcffuBdxtOv5z5MrWllqem15pSjruD45vbhUX5hpPnet46NPXvygV/1lx5/1f/SIf7P+z8pW+qzjwwv3lnttG39q/OnXI8nFPDXSKnl5bm3txmzESHK+tUtb+YnN21LsU7xGFv+xv3Yf/5vEn3f0ep/xr/z/6sNe2/ru/w1/VXKPGn22oZcs/vkt9v/bfdbxwws3/9xRNFYkNot/7BljAwAAAAAAgKpJ82uwSTr1OJ2mU1PNNbx/iH1p/frq2t8Wr9+8Nh9xLP9/yOG0uNI90cwnWX629f+wRf5ER/7vEXEwIt6tjeX5qcvX6/NlBw8AAAAAAAAAAAAAAAAAAAC7xP7W+v/iPtXf15rr//uydmjArQMGbpA3mAN2N+Mfqisf/1u9gyuwpzn+Q3UZ/1Bdxj9Ul/EP1WX8Q3UZ/1Bdxj9Ul/EPAAAAAM+lg3+5/2USEev/HssfmZHWtuFSWwYMmjEO1VUruwFAaR5f+rf8Hyqnr/n/j60PBxx8c4ASJN0K88lBY/PBf7/rdwIAAAAAAAAAAAAAA3D0sPX/UFVpfFx2E4CSPMP6fx8dAHucj/6H6nKODzxtFf9orw3W/wMAAAAAAAAAAADAjhnPH0k61boF6Hik6dRUxG8j4kAMJ4tL9YWZiPhdRHxRG/5Nlp8tu9EAAAAAAAAAAAAAAAAAAADwnFm9dfvqXL2+cKM98dOGkuc7UdwFdbe0pz0Ryc5XOhYRuyH2wSSG2kqSiPWs53dFw26sxq5oRpo3o+Q/TAAAAAAAAAAAAAAAAAAAUEFta4+7O/L+DrcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHbek/v/bz2RPOV1yo4RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANibfgkAAP//4DE4gw==") sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 0s ago: executing program 3 (id=2030): fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="06000000040000000800000006000000101000005eb689b726da9f38c997cfc93829beb487ca98f1dba47de8a3fd3d85cfb1909aa6ee01acb547b1236e298c77c77710402d4770e59e9c50915f518b1e8077b36b2349f44827c82b13577a76d51bf42c4c0be8fc3029b2ae67d33ab69f4fa559f6d16fcb62ffff37e17bdad86255582223c59cc6ce1089a9dee37a1bf89e1ddaba3acab30af72d5260a3c32f2ca50e44affa96954b7781f30966be", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) r0 = shmat(0x0, &(0x7f0000ffa000/0x3000)=nil, 0x4000) mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) shmdt(r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xfdef) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, 0x0, 0x0) ioprio_set$pid(0x2, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0xc084) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xd, &(0x7f0000000180)=ANY=[], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc) r5 = socket$netlink(0x10, 0x3, 0x0) writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r5, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) r6 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r6, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) kernel console output (not intermixed with test programs): .761791][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.822798][ T7556] FAULT_INJECTION: forcing a failure. [ 103.822798][ T7556] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 103.836148][ T7556] CPU: 1 UID: 0 PID: 7556 Comm: syz.0.1479 Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(voluntary) [ 103.836183][ T7556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 103.836263][ T7556] Call Trace: [ 103.836270][ T7556] [ 103.836280][ T7556] __dump_stack+0x1d/0x30 [ 103.836335][ T7556] dump_stack_lvl+0xe8/0x140 [ 103.836360][ T7556] dump_stack+0x15/0x1b [ 103.836382][ T7556] should_fail_ex+0x265/0x280 [ 103.836409][ T7556] should_fail+0xb/0x20 [ 103.836431][ T7556] should_fail_usercopy+0x1a/0x20 [ 103.836535][ T7556] _copy_from_user+0x1c/0xb0 [ 103.836569][ T7556] __ia32_sys_rt_sigreturn+0x128/0x350 [ 103.836611][ T7556] x64_sys_call+0x2e8a/0x2fb0 [ 103.836662][ T7556] do_syscall_64+0xd2/0x200 [ 103.836743][ T7556] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 103.836771][ T7556] ? clear_bhb_loop+0x40/0x90 [ 103.836797][ T7556] ? clear_bhb_loop+0x40/0x90 [ 103.836819][ T7556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.836840][ T7556] RIP: 0033:0x7fc712c3ab19 [ 103.836894][ T7556] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 103.836918][ T7556] RSP: 002b:00007fc711306a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 103.836939][ T7556] RAX: ffffffffffffffda RBX: 00007fc712ec5fa0 RCX: 00007fc712c3ab19 [ 103.836951][ T7556] RDX: 00007fc711306a80 RSI: 00007fc711306bb0 RDI: 0000000000000021 [ 103.836965][ T7556] RBP: 00007fc711307090 R08: 0000000000000000 R09: 0000000000000000 [ 103.837047][ T7556] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 103.837145][ T7556] R13: 0000000000000000 R14: 00007fc712ec5fa0 R15: 00007fff5a0051e8 [ 103.837169][ T7556] [ 103.880224][ T7567] loop4: detected capacity change from 0 to 512 [ 104.009920][ T7570] loop5: detected capacity change from 0 to 764 [ 104.014248][ T7567] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 104.020219][ T7564] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1478'. [ 104.052724][ T7567] Cannot find del_set index 3 as target [ 104.073184][ T7570] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 104.119106][ T7575] 9pnet_fd: Insufficient options for proto=fd [ 104.135844][ T7570] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1484'. [ 104.182838][ T7577] netlink: 'syz.3.1487': attribute type 29 has an invalid length. [ 104.195788][ T7577] loop3: detected capacity change from 0 to 1024 [ 104.219132][ T7582] FAULT_INJECTION: forcing a failure. [ 104.219132][ T7582] name failslab, interval 1, probability 0, space 0, times 0 [ 104.231884][ T7582] CPU: 0 UID: 0 PID: 7582 Comm: syz.4.1489 Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(voluntary) [ 104.231917][ T7582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 104.231933][ T7582] Call Trace: [ 104.231942][ T7582] [ 104.231950][ T7582] __dump_stack+0x1d/0x30 [ 104.231977][ T7582] dump_stack_lvl+0xe8/0x140 [ 104.232042][ T7582] dump_stack+0x15/0x1b [ 104.232063][ T7582] should_fail_ex+0x265/0x280 [ 104.232089][ T7582] should_failslab+0x8c/0xb0 [ 104.232115][ T7582] kmem_cache_alloc_noprof+0x50/0x310 [ 104.232181][ T7582] ? audit_log_start+0x365/0x6c0 [ 104.232226][ T7582] audit_log_start+0x365/0x6c0 [ 104.232265][ T7582] audit_seccomp+0x48/0x100 [ 104.232369][ T7582] ? __seccomp_filter+0x68c/0x10d0 [ 104.232395][ T7582] __seccomp_filter+0x69d/0x10d0 [ 104.232427][ T7582] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 104.232516][ T7582] ? vfs_write+0x75e/0x8e0 [ 104.232535][ T7582] ? __rcu_read_unlock+0x4f/0x70 [ 104.232561][ T7582] ? __fget_files+0x184/0x1c0 [ 104.232595][ T7582] __secure_computing+0x82/0x150 [ 104.232698][ T7582] syscall_trace_enter+0xcf/0x1e0 [ 104.232794][ T7582] do_syscall_64+0xac/0x200 [ 104.232819][ T7582] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 104.232887][ T7582] ? clear_bhb_loop+0x40/0x90 [ 104.232909][ T7582] ? clear_bhb_loop+0x40/0x90 [ 104.232981][ T7582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.233004][ T7582] RIP: 0033:0x7f8ad0cee929 [ 104.233091][ T7582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.233110][ T7582] RSP: 002b:00007f8acf357038 EFLAGS: 00000246 ORIG_RAX: 0000000000000043 [ 104.233133][ T7582] RAX: ffffffffffffffda RBX: 00007f8ad0f15fa0 RCX: 00007f8ad0cee929 [ 104.233149][ T7582] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000ffa000 [ 104.233164][ T7582] RBP: 00007f8acf357090 R08: 0000000000000000 R09: 0000000000000000 [ 104.233176][ T7582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.233188][ T7582] R13: 0000000000000000 R14: 00007f8ad0f15fa0 R15: 00007ffcd8f4e8a8 [ 104.233222][ T7582] [ 104.234161][ T7577] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 104.262579][ T7579] loop5: detected capacity change from 0 to 2048 [ 104.338233][ T7577] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 104.379040][ T7579] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.417985][ T7577] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 104.492351][ T7577] EXT4-fs (loop3): orphan cleanup on readonly fs [ 104.493375][ T7332] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.499798][ T7577] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.1487: Invalid inode table block 0 in block_group 0 [ 104.521659][ T7577] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 104.532173][ T7577] EXT4-fs error (device loop3): ext4_quota_write:7322: inode #3: comm syz.3.1487: mark_inode_dirty error [ 104.544606][ T7577] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1487: Failed to acquire dquot type 0 [ 104.560378][ T7577] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.1487: Invalid inode table block 0 in block_group 0 [ 104.574754][ T7577] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 104.589894][ T7594] netlink: 'syz.5.1493': attribute type 7 has an invalid length. [ 104.597779][ T7594] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1493'. [ 104.641586][ T7577] EXT4-fs error (device loop3): ext4_ext_truncate:4475: inode #15: comm syz.3.1487: mark_inode_dirty error [ 104.676102][ T7577] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.1487: Invalid inode table block 0 in block_group 0 [ 104.684140][ T7598] loop2: detected capacity change from 0 to 2048 [ 104.691900][ T7577] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 104.707007][ T7577] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 104.716142][ T7577] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.1487: Invalid inode table block 0 in block_group 0 [ 104.732614][ T7598] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.738376][ T7577] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 104.757457][ T7577] EXT4-fs error (device loop3): ext4_truncate:4597: inode #15: comm syz.3.1487: mark_inode_dirty error [ 104.773452][ T7577] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 104.786138][ T7577] EXT4-fs (loop3): 1 truncate cleaned up [ 104.792362][ T7577] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 104.805505][ T7577] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.912679][ T7614] 9pnet_virtio: no channels available for device 127.0.0.1 [ 104.966002][ T7619] loop3: detected capacity change from 0 to 2048 [ 104.978252][ T7611] netlink: 'syz.5.1499': attribute type 4 has an invalid length. [ 104.989031][ T7619] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.991819][ T7611] netlink: 'syz.5.1499': attribute type 4 has an invalid length. [ 105.022132][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.062742][ T7625] loop5: detected capacity change from 0 to 512 [ 105.072660][ T7625] EXT4-fs error (device loop5): ext4_iget_extra_inode:5035: inode #15: comm syz.5.1504: corrupted in-inode xattr: invalid ea_ino [ 105.086343][ T7625] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.1504: couldn't read orphan inode 15 (err -117) [ 105.102159][ T7625] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.264825][ T7332] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.288406][ T7634] loop5: detected capacity change from 0 to 1024 [ 105.305814][ T7634] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.330894][ T7637] 9pnet_virtio: no channels available for device 127.0.0.1 [ 105.345396][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.357451][ T7332] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.373058][ T7639] 9pnet_fd: Insufficient options for proto=fd [ 105.532438][ T7651] loop5: detected capacity change from 0 to 2048 [ 105.546796][ T7651] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.571405][ T7332] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.591107][ T7657] veth0: entered promiscuous mode [ 105.599848][ T7657] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 106.181986][ T7673] netlink: 'syz.4.1522': attribute type 32 has an invalid length. [ 106.249137][ T7673] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1522'. [ 106.275243][ T7680] 9pnet_fd: Insufficient options for proto=fd [ 106.317027][ T7686] 9pnet_virtio: no channels available for device 127.0.0.1 [ 106.377423][ T7691] serio: Serial port ptm0 [ 106.434697][ T7696] 9pnet_fd: Insufficient options for proto=fd [ 106.445891][ T7656] veth0: left promiscuous mode [ 106.452265][ T7696] netem: change failed [ 106.520929][ T7700] loop4: detected capacity change from 0 to 2048 [ 106.541235][ T7700] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.633100][ T7708] 9pnet_virtio: no channels available for device 127.0.0.1 [ 106.730706][ T7710] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1536'. [ 107.046906][ T7720] 9pnet_virtio: no channels available for device 127.0.0.1 [ 107.174045][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.226964][ T7724] xt_hashlimit: size too large, truncated to 1048576 [ 107.260996][ T7729] loop4: detected capacity change from 0 to 512 [ 107.268397][ T7729] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 107.282697][ T7729] Cannot find del_set index 3 as target [ 107.466932][ T7741] 9pnet_virtio: no channels available for device 127.0.0.1 [ 107.593367][ T7753] 9pnet_virtio: no channels available for device 127.0.0.1 [ 107.612486][ T29] kauditd_printk_skb: 150 callbacks suppressed [ 107.612503][ T29] audit: type=1400 audit(1749376201.393:6013): avc: denied { ioctl } for pid=7754 comm="syz.3.1550" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 107.612939][ T7755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 107.652622][ T7755] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 107.686366][ T7760] 9pnet_fd: Insufficient options for proto=fd [ 107.760691][ T7768] loop5: detected capacity change from 0 to 1024 [ 107.775780][ T7768] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.802366][ T7332] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.815536][ T29] audit: type=1326 audit(1749376201.603:6014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7749 comm="syz.4.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 107.840114][ T29] audit: type=1326 audit(1749376201.603:6015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7749 comm="syz.4.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 107.841647][ T7775] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1555'. [ 107.863644][ T29] audit: type=1326 audit(1749376201.603:6016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7749 comm="syz.4.1547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 107.863760][ T29] audit: type=1326 audit(1749376201.603:6017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7749 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 107.863794][ T29] audit: type=1326 audit(1749376201.603:6018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7749 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 108.190626][ T7790] loop4: detected capacity change from 0 to 1024 [ 108.280306][ T7790] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.345282][ T7795] x_tables: ip6_tables: tcpmss match: only valid for protocol 6 [ 108.445323][ T29] audit: type=1400 audit(1749376202.223:6019): avc: denied { create } for pid=7794 comm="syz.2.1560" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 108.498445][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.509151][ T29] audit: type=1400 audit(1749376202.263:6020): avc: denied { write } for pid=7794 comm="syz.2.1560" path="socket:[20164]" dev="sockfs" ino=20164 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 108.532526][ T29] audit: type=1400 audit(1749376202.263:6021): avc: denied { connect } for pid=7794 comm="syz.2.1560" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 108.574006][ T7804] 9pnet_fd: Insufficient options for proto=fd [ 108.606437][ T7809] 9pnet_fd: Insufficient options for proto=fd [ 108.623693][ T7811] loop2: detected capacity change from 0 to 764 [ 108.631126][ T7797] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1561'. [ 108.644306][ T7811] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 108.807652][ T7815] loop4: detected capacity change from 0 to 128 [ 108.816469][ T7815] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 108.826526][ T7817] loop5: detected capacity change from 0 to 128 [ 108.833532][ T7817] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 108.850573][ T7815] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 108.870832][ T7815] EXT4-fs (loop4): ext4_remount: Checksum for group 0 failed (30846!=65535) [ 108.885276][ T7817] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 108.908838][ T3317] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 108.918883][ T7817] EXT4-fs (loop5): ext4_remount: Checksum for group 0 failed (30846!=65535) [ 108.936254][ T7821] vhci_hcd: invalid port number 96 [ 108.941476][ T7821] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 108.967073][ T7332] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 108.992762][ T7829] loop3: detected capacity change from 0 to 512 [ 109.008576][ T7832] FAULT_INJECTION: forcing a failure. [ 109.008576][ T7832] name failslab, interval 1, probability 0, space 0, times 0 [ 109.021422][ T7832] CPU: 0 UID: 0 PID: 7832 Comm: syz.4.1575 Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(voluntary) [ 109.021458][ T7832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 109.021499][ T7832] Call Trace: [ 109.021508][ T7832] [ 109.021518][ T7832] __dump_stack+0x1d/0x30 [ 109.021543][ T7832] dump_stack_lvl+0xe8/0x140 [ 109.021569][ T7832] dump_stack+0x15/0x1b [ 109.021590][ T7832] should_fail_ex+0x265/0x280 [ 109.021694][ T7832] should_failslab+0x8c/0xb0 [ 109.021727][ T7832] kmem_cache_alloc_noprof+0x50/0x310 [ 109.021763][ T7832] ? alloc_empty_file+0x76/0x200 [ 109.021802][ T7832] alloc_empty_file+0x76/0x200 [ 109.021834][ T7832] path_openat+0x68/0x2170 [ 109.021873][ T7832] ? __rcu_read_unlock+0x34/0x70 [ 109.021903][ T7832] ? filemap_map_pages+0x9be/0xab0 [ 109.021954][ T7832] ? css_rstat_updated+0xcd/0x5b0 [ 109.021999][ T7832] do_filp_open+0x109/0x230 [ 109.022054][ T7832] do_sys_openat2+0xa6/0x110 [ 109.022127][ T7832] __x64_sys_openat+0xf2/0x120 [ 109.022170][ T7832] x64_sys_call+0x1af/0x2fb0 [ 109.022194][ T7832] do_syscall_64+0xd2/0x200 [ 109.022239][ T7832] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 109.022265][ T7832] ? clear_bhb_loop+0x40/0x90 [ 109.022286][ T7832] ? clear_bhb_loop+0x40/0x90 [ 109.022369][ T7832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.022392][ T7832] RIP: 0033:0x7f8ad0ced290 [ 109.022462][ T7832] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 109.022559][ T7832] RSP: 002b:00007f8acf356b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 109.022584][ T7832] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8ad0ced290 [ 109.022600][ T7832] RDX: 0000000000000000 RSI: 00007f8acf356c10 RDI: 00000000ffffff9c [ 109.022616][ T7832] RBP: 00007f8acf356c10 R08: 0000000000000000 R09: 0000000000000000 [ 109.022631][ T7832] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd [ 109.022645][ T7832] R13: 0000000000000000 R14: 00007f8ad0f15fa0 R15: 00007ffcd8f4e8a8 [ 109.022714][ T7832] [ 109.234191][ T29] audit: type=1326 audit(1749376203.013:6022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7834 comm="syz.2.1576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f737f31e929 code=0x7ffc0000 [ 109.264027][ T7835] netlink: 'syz.2.1576': attribute type 29 has an invalid length. [ 109.277817][ T7835] loop2: detected capacity change from 0 to 1024 [ 109.284788][ T7832] loop4: detected capacity change from 0 to 512 [ 109.292647][ T7835] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 109.302003][ T7835] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 109.314754][ T7835] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 109.323394][ T7835] EXT4-fs (loop2): orphan cleanup on readonly fs [ 109.331274][ T7832] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.1575: corrupted in-inode xattr: invalid ea_ino [ 109.346918][ T7835] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1576: Invalid inode table block 0 in block_group 0 [ 109.359386][ T7843] netlink: 'syz.0.1577': attribute type 29 has an invalid length. [ 109.362089][ T7832] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.1575: couldn't read orphan inode 15 (err -117) [ 109.373445][ T7843] loop0: detected capacity change from 0 to 1024 [ 109.384533][ T7835] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 109.388393][ T7842] 9pnet_fd: Insufficient options for proto=fd [ 109.396711][ T7843] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 109.410799][ T7832] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.425130][ T7835] EXT4-fs error (device loop2): ext4_quota_write:7322: inode #3: comm syz.2.1576: mark_inode_dirty error [ 109.437642][ T7843] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 109.449365][ T7835] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1576: Failed to acquire dquot type 0 [ 109.462695][ T7835] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1576: Invalid inode table block 0 in block_group 0 [ 109.478415][ T7843] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 109.486700][ T7835] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 109.497818][ T7835] EXT4-fs error (device loop2): ext4_ext_truncate:4475: inode #15: comm syz.2.1576: mark_inode_dirty error [ 109.503995][ T7843] EXT4-fs (loop0): orphan cleanup on readonly fs [ 109.509572][ T7835] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1576: Invalid inode table block 0 in block_group 0 [ 109.527541][ T7843] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz.0.1577: Invalid inode table block 0 in block_group 0 [ 109.543244][ T7835] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 109.592562][ T7835] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 109.612783][ T7843] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 109.644456][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.668995][ T7853] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1580'. [ 109.675897][ T7835] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1576: Invalid inode table block 0 in block_group 0 [ 109.693304][ T7843] EXT4-fs error (device loop0): ext4_quota_write:7322: inode #3: comm syz.0.1577: mark_inode_dirty error [ 109.696111][ T7849] loop3: detected capacity change from 0 to 2048 [ 109.717587][ T7835] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 109.732478][ T7835] EXT4-fs error (device loop2): ext4_truncate:4597: inode #15: comm syz.2.1576: mark_inode_dirty error [ 109.744736][ T7849] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.757276][ T7843] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.1577: Failed to acquire dquot type 0 [ 109.771383][ T7835] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 109.777134][ T7843] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz.0.1577: Invalid inode table block 0 in block_group 0 [ 109.790485][ T7859] loop4: detected capacity change from 0 to 764 [ 109.795185][ T7843] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 109.799708][ T7835] EXT4-fs (loop2): 1 truncate cleaned up [ 109.810933][ T7843] EXT4-fs error (device loop0): ext4_ext_truncate:4475: inode #15: comm syz.0.1577: mark_inode_dirty error [ 109.826844][ T7835] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 109.828083][ T7843] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz.0.1577: Invalid inode table block 0 in block_group 0 [ 109.839981][ T7835] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.853945][ T7859] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 109.875760][ T7843] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 109.894003][ T7843] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 109.903102][ T7843] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz.0.1577: Invalid inode table block 0 in block_group 0 [ 109.968190][ T7843] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 109.980698][ T7843] EXT4-fs error (device loop0): ext4_truncate:4597: inode #15: comm syz.0.1577: mark_inode_dirty error [ 109.996171][ T7864] vhci_hcd: invalid port number 96 [ 110.001537][ T7864] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 110.003705][ T7843] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 110.019681][ T7843] EXT4-fs (loop0): 1 truncate cleaned up [ 110.026450][ T7843] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 110.043338][ T7843] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.078452][ T36] hid-generic 0000:0004:0000.0012: unknown main item tag 0x0 [ 110.086073][ T36] hid-generic 0000:0004:0000.0012: unknown main item tag 0x0 [ 110.093517][ T36] hid-generic 0000:0004:0000.0012: unknown main item tag 0x0 [ 110.101331][ T36] hid-generic 0000:0004:0000.0012: hidraw0: HID v0.00 Device [syz0] on syz1 [ 110.116728][ T7873] netlink: 256 bytes leftover after parsing attributes in process `syz.5.1588'. [ 110.164549][ T7880] 9pnet_fd: Insufficient options for proto=fd [ 110.281232][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.395129][ T7892] loop3: detected capacity change from 0 to 764 [ 110.474393][ T7892] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 110.684206][ T7896] loop0: detected capacity change from 0 to 512 [ 110.691022][ T7896] EXT4-fs: Ignoring removed bh option [ 110.701875][ T7896] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 110.727637][ T7896] EXT4-fs (loop0): 1 truncate cleaned up [ 110.734718][ T7896] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.991280][ T7899] loop2: detected capacity change from 0 to 1024 [ 111.007592][ T7899] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 111.016757][ T7899] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 111.032816][ T7903] vhci_hcd: invalid port number 96 [ 111.038226][ T7903] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 111.046699][ T7899] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 111.066752][ T7899] EXT4-fs (loop2): orphan cleanup on readonly fs [ 111.097611][ T7899] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1596: Invalid inode table block 0 in block_group 0 [ 111.129359][ T7912] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1602'. [ 111.142533][ T7899] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 111.154131][ T7899] EXT4-fs error (device loop2): ext4_quota_write:7322: inode #3: comm syz.2.1596: mark_inode_dirty error [ 111.185368][ T7899] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1596: Failed to acquire dquot type 0 [ 111.214087][ T7899] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1596: Invalid inode table block 0 in block_group 0 [ 111.256248][ T7899] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 111.273335][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.323665][ T7899] EXT4-fs error (device loop2): ext4_ext_truncate:4475: inode #15: comm syz.2.1596: mark_inode_dirty error [ 111.349930][ T7899] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1596: Invalid inode table block 0 in block_group 0 [ 111.374813][ T7899] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 111.386013][ T7922] netlink: 'syz.0.1607': attribute type 29 has an invalid length. [ 111.394095][ T7899] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 111.402840][ T7899] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1596: Invalid inode table block 0 in block_group 0 [ 111.425834][ T7899] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 111.459370][ T7899] EXT4-fs error (device loop2): ext4_truncate:4597: inode #15: comm syz.2.1596: mark_inode_dirty error [ 111.472301][ T7899] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 111.482106][ T7899] EXT4-fs (loop2): 1 truncate cleaned up [ 111.489884][ T7899] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 111.506478][ T7928] 9pnet_virtio: no channels available for device 127.0.0.1 [ 111.575128][ T7899] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.745645][ T7939] FAULT_INJECTION: forcing a failure. [ 111.745645][ T7939] name failslab, interval 1, probability 0, space 0, times 0 [ 111.758522][ T7939] CPU: 0 UID: 0 PID: 7939 Comm: syz.2.1612 Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(voluntary) [ 111.758579][ T7939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.758596][ T7939] Call Trace: [ 111.758605][ T7939] [ 111.758615][ T7939] __dump_stack+0x1d/0x30 [ 111.758641][ T7939] dump_stack_lvl+0xe8/0x140 [ 111.758661][ T7939] dump_stack+0x15/0x1b [ 111.758677][ T7939] should_fail_ex+0x265/0x280 [ 111.758755][ T7939] should_failslab+0x8c/0xb0 [ 111.758785][ T7939] kmem_cache_alloc_node_noprof+0x57/0x320 [ 111.758824][ T7939] ? __alloc_skb+0x101/0x320 [ 111.758847][ T7939] __alloc_skb+0x101/0x320 [ 111.758865][ T7939] netlink_alloc_large_skb+0xba/0xf0 [ 111.758955][ T7939] netlink_sendmsg+0x3cf/0x6b0 [ 111.758988][ T7939] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.759027][ T7939] __sock_sendmsg+0x142/0x180 [ 111.759065][ T7939] ____sys_sendmsg+0x31e/0x4e0 [ 111.759114][ T7939] ___sys_sendmsg+0x17b/0x1d0 [ 111.759157][ T7939] __x64_sys_sendmsg+0xd4/0x160 [ 111.759192][ T7939] x64_sys_call+0x2999/0x2fb0 [ 111.759221][ T7939] do_syscall_64+0xd2/0x200 [ 111.759276][ T7939] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 111.759303][ T7939] ? clear_bhb_loop+0x40/0x90 [ 111.759324][ T7939] ? clear_bhb_loop+0x40/0x90 [ 111.759350][ T7939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.759444][ T7939] RIP: 0033:0x7f737f31e929 [ 111.759464][ T7939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.759510][ T7939] RSP: 002b:00007f737d987038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.759529][ T7939] RAX: ffffffffffffffda RBX: 00007f737f545fa0 RCX: 00007f737f31e929 [ 111.759542][ T7939] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 111.759558][ T7939] RBP: 00007f737d987090 R08: 0000000000000000 R09: 0000000000000000 [ 111.759652][ T7939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.759665][ T7939] R13: 0000000000000000 R14: 00007f737f545fa0 R15: 00007fff467444c8 [ 111.759684][ T7939] [ 112.106808][ T7948] vhci_hcd: invalid port number 96 [ 112.112066][ T7948] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 112.228582][ T7956] netlink: 'syz.5.1620': attribute type 29 has an invalid length. [ 112.259951][ T7956] loop5: detected capacity change from 0 to 1024 [ 112.279190][ T7956] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 112.292765][ T7961] loop2: detected capacity change from 0 to 1024 [ 112.304039][ T7956] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 112.323984][ T7951] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1618'. [ 112.334280][ T7961] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.346870][ T7956] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 112.362716][ T7956] EXT4-fs (loop5): orphan cleanup on readonly fs [ 112.400829][ T7956] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1620: Invalid inode table block 0 in block_group 0 [ 112.413924][ T7956] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 112.424243][ T7956] EXT4-fs error (device loop5): ext4_quota_write:7322: inode #3: comm syz.5.1620: mark_inode_dirty error [ 112.435916][ T7956] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1620: Failed to acquire dquot type 0 [ 112.447523][ T7956] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1620: Invalid inode table block 0 in block_group 0 [ 112.460427][ T7956] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 112.470430][ T7956] EXT4-fs error (device loop5): ext4_ext_truncate:4475: inode #15: comm syz.5.1620: mark_inode_dirty error [ 112.482562][ T7956] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1620: Invalid inode table block 0 in block_group 0 [ 112.496508][ T7956] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 112.506567][ T7956] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 112.515602][ T7956] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1620: Invalid inode table block 0 in block_group 0 [ 112.529877][ T7956] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 112.539788][ T7956] EXT4-fs error (device loop5): ext4_truncate:4597: inode #15: comm syz.5.1620: mark_inode_dirty error [ 112.556018][ T7966] 9pnet_fd: Insufficient options for proto=fd [ 112.573074][ T7956] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 112.589097][ T7956] EXT4-fs (loop5): 1 truncate cleaned up [ 112.615156][ T29] kauditd_printk_skb: 260 callbacks suppressed [ 112.615174][ T29] audit: type=1326 audit(1749376206.403:6275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7955 comm="syz.5.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3ac5e6d290 code=0x7ffc0000 [ 112.645026][ T29] audit: type=1326 audit(1749376206.403:6276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7955 comm="syz.5.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3ac5e6e52b code=0x7ffc0000 [ 112.668450][ T29] audit: type=1326 audit(1749376206.403:6277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7955 comm="syz.5.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3ac5e6d58a code=0x7ffc0000 [ 112.692018][ T29] audit: type=1326 audit(1749376206.403:6278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7955 comm="syz.5.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 112.715592][ T29] audit: type=1326 audit(1749376206.403:6279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7955 comm="syz.5.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 112.739103][ T29] audit: type=1326 audit(1749376206.413:6280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7955 comm="syz.5.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 112.762775][ T29] audit: type=1326 audit(1749376206.413:6281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7955 comm="syz.5.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 112.786467][ T29] audit: type=1326 audit(1749376206.413:6282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7955 comm="syz.5.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 112.846084][ T7970] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1625'. [ 112.867109][ T7980] FAULT_INJECTION: forcing a failure. [ 112.867109][ T7980] name failslab, interval 1, probability 0, space 0, times 0 [ 112.879832][ T7980] CPU: 0 UID: 0 PID: 7980 Comm: syz.4.1628 Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(voluntary) [ 112.879863][ T7980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.879879][ T7980] Call Trace: [ 112.879887][ T7980] [ 112.879898][ T7980] __dump_stack+0x1d/0x30 [ 112.879923][ T7980] dump_stack_lvl+0xe8/0x140 [ 112.879946][ T7980] dump_stack+0x15/0x1b [ 112.879969][ T7980] should_fail_ex+0x265/0x280 [ 112.879992][ T7980] should_failslab+0x8c/0xb0 [ 112.880023][ T7980] kmem_cache_alloc_noprof+0x50/0x310 [ 112.880057][ T7980] ? __mpol_dup+0x42/0x1b0 [ 112.880094][ T7980] __mpol_dup+0x42/0x1b0 [ 112.880129][ T7980] vma_dup_policy+0x29/0x70 [ 112.880159][ T7980] __split_vma+0x266/0x650 [ 112.880187][ T7980] ? path_openat+0x1bf8/0x2170 [ 112.880231][ T7980] vma_modify+0x21e/0xca0 [ 112.880259][ T7980] ? _parse_integer+0x27/0x40 [ 112.880293][ T7980] vma_modify_policy+0x101/0x130 [ 112.880328][ T7980] mbind_range+0x1b8/0x440 [ 112.880354][ T7980] __se_sys_set_mempolicy_home_node+0x351/0x530 [ 112.880400][ T7980] __x64_sys_set_mempolicy_home_node+0x55/0x70 [ 112.880431][ T7980] x64_sys_call+0x117c/0x2fb0 [ 112.880451][ T7980] do_syscall_64+0xd2/0x200 [ 112.880479][ T7980] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 112.880511][ T7980] ? clear_bhb_loop+0x40/0x90 [ 112.880538][ T7980] ? clear_bhb_loop+0x40/0x90 [ 112.880562][ T7980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.880589][ T7980] RIP: 0033:0x7f8ad0cee929 [ 112.880608][ T7980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.880630][ T7980] RSP: 002b:00007f8acf357038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c2 [ 112.880652][ T7980] RAX: ffffffffffffffda RBX: 00007f8ad0f15fa0 RCX: 00007f8ad0cee929 [ 112.880665][ T7980] RDX: 0000000000000000 RSI: 000000000000a000 RDI: 0000200000349000 [ 112.880676][ T7980] RBP: 00007f8acf357090 R08: 0000000000000000 R09: 0000000000000000 [ 112.880688][ T7980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.880699][ T7980] R13: 0000000000000000 R14: 00007f8ad0f15fa0 R15: 00007ffcd8f4e8a8 [ 112.880720][ T7980] [ 113.197206][ T29] audit: type=1326 audit(1749376206.973:6283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7989 comm="syz.3.1633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84fa78e929 code=0x7ffc0000 [ 113.220902][ T29] audit: type=1326 audit(1749376206.973:6284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7989 comm="syz.3.1633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84fa78e929 code=0x7ffc0000 [ 113.250133][ T7995] SELinux: Context system_u:object_r:dhcpd_exec_t:s0 is not valid (left unmapped). [ 113.257710][ T7993] 9pnet_fd: Insufficient options for proto=fd [ 113.271691][ T7997] vhci_hcd: invalid port number 96 [ 113.277181][ T7997] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 113.307111][ T3386] hid-generic 0000:0004:0000.0013: unknown main item tag 0x0 [ 113.314632][ T3386] hid-generic 0000:0004:0000.0013: unknown main item tag 0x0 [ 113.322076][ T3386] hid-generic 0000:0004:0000.0013: unknown main item tag 0x0 [ 113.330442][ T3386] hid-generic 0000:0004:0000.0013: hidraw0: HID v0.00 Device [syz0] on syz1 [ 113.645853][ T8016] loop2: detected capacity change from 0 to 2048 [ 114.142372][ T8023] dummy0: entered promiscuous mode [ 114.149492][ T8023] dummy0: left promiscuous mode [ 114.295984][ T8029] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1646'. [ 114.449118][ T8041] 9pnet_fd: Insufficient options for proto=fd [ 114.493426][ T8045] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1653'. [ 114.549552][ T8050] loop3: detected capacity change from 0 to 1024 [ 114.621362][ T8040] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1651'. [ 114.665548][ T8058] 9pnet_fd: Insufficient options for proto=fd [ 114.798206][ T8069] loop2: detected capacity change from 0 to 512 [ 114.808150][ T8069] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 114.821727][ T8069] Cannot find del_set index 3 as target [ 114.883132][ T8081] loop2: detected capacity change from 0 to 128 [ 114.890707][ T8077] netlink: 'syz.5.1664': attribute type 29 has an invalid length. [ 114.902972][ T8081] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 114.908270][ T8077] loop5: detected capacity change from 0 to 1024 [ 114.921921][ T8077] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 114.930630][ T8081] EXT4-fs (loop2): ext4_remount: Checksum for group 0 failed (30846!=65535) [ 114.941574][ T8077] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 114.957074][ T8077] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 114.968589][ T8077] EXT4-fs (loop5): orphan cleanup on readonly fs [ 114.975519][ T8077] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1664: Invalid inode table block 0 in block_group 0 [ 114.989393][ T8077] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 114.999124][ T8077] EXT4-fs error (device loop5): ext4_quota_write:7322: inode #3: comm syz.5.1664: mark_inode_dirty error [ 115.009060][ T8092] loop0: detected capacity change from 0 to 128 [ 115.017514][ T8092] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 115.028149][ T8077] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1664: Failed to acquire dquot type 0 [ 115.042115][ T8092] EXT4-fs (loop0): ext4_remount: Checksum for group 0 failed (30846!=65535) [ 115.042247][ T8077] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1664: Invalid inode table block 0 in block_group 0 [ 115.053245][ T8095] 9pnet_fd: Insufficient options for proto=fd [ 115.064452][ T8077] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 115.080077][ T8077] EXT4-fs error (device loop5): ext4_ext_truncate:4475: inode #15: comm syz.5.1664: mark_inode_dirty error [ 115.091832][ T8077] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1664: Invalid inode table block 0 in block_group 0 [ 115.106239][ T8077] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 115.115820][ T8077] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 115.126014][ T8077] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1664: Invalid inode table block 0 in block_group 0 [ 115.139436][ T8099] 9pnet_fd: Insufficient options for proto=fd [ 115.139450][ T8077] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 115.165371][ T8102] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1673'. [ 115.178993][ T8077] EXT4-fs error (device loop5): ext4_truncate:4597: inode #15: comm syz.5.1664: mark_inode_dirty error [ 115.197153][ T8077] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 115.215014][ T8077] EXT4-fs (loop5): 1 truncate cleaned up [ 115.246174][ T8108] loop0: detected capacity change from 0 to 128 [ 115.270257][ T8108] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 115.289192][ T8108] EXT4-fs (loop0): ext4_remount: Checksum for group 0 failed (30846!=65535) [ 115.356119][ T8113] vhci_hcd: invalid port number 96 [ 115.361370][ T8113] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 115.403786][ T8118] loop4: detected capacity change from 0 to 128 [ 115.411001][ T8118] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 115.436835][ T8118] EXT4-fs (loop4): ext4_remount: Checksum for group 0 failed (30846!=65535) [ 115.499229][ T8126] loop5: detected capacity change from 0 to 1024 [ 115.507257][ T8126] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 115.518896][ T8126] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 115.532150][ T8126] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 115.541924][ T8126] EXT4-fs (loop5): orphan cleanup on readonly fs [ 115.549713][ T8126] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1683: Invalid inode table block 0 in block_group 0 [ 115.564847][ T8126] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 115.574636][ T8126] EXT4-fs error (device loop5): ext4_quota_write:7322: inode #3: comm syz.5.1683: mark_inode_dirty error [ 115.588491][ T8126] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1683: Failed to acquire dquot type 0 [ 115.605464][ T8126] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1683: Invalid inode table block 0 in block_group 0 [ 115.628453][ T8135] 9pnet_fd: Insufficient options for proto=fd [ 115.659123][ T8126] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 115.675710][ T8126] EXT4-fs error (device loop5): ext4_ext_truncate:4475: inode #15: comm syz.5.1683: mark_inode_dirty error [ 115.689557][ T8141] vhci_hcd: invalid port number 96 [ 115.694752][ T8141] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 115.709959][ T8126] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1683: Invalid inode table block 0 in block_group 0 [ 115.740866][ T8126] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 115.779944][ T8126] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 115.790878][ T8126] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1683: Invalid inode table block 0 in block_group 0 [ 115.827617][ T8126] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 115.842820][ T8143] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1690'. [ 115.853124][ T8126] EXT4-fs error (device loop5): ext4_truncate:4597: inode #15: comm syz.5.1683: mark_inode_dirty error [ 115.872010][ T8126] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 115.872346][ T8155] 9pnet_fd: Insufficient options for proto=fd [ 115.888536][ T8126] EXT4-fs (loop5): 1 truncate cleaned up [ 115.945864][ T8165] netlink: 256 bytes leftover after parsing attributes in process `syz.5.1699'. [ 115.996581][ T8172] netlink: 'syz.0.1701': attribute type 29 has an invalid length. [ 116.013640][ T8172] loop0: detected capacity change from 0 to 1024 [ 116.021346][ T8172] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 116.031582][ T8172] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 116.043595][ T8172] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 116.055405][ T8172] EXT4-fs (loop0): orphan cleanup on readonly fs [ 116.066694][ T8172] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz.0.1701: Invalid inode table block 0 in block_group 0 [ 116.079746][ T8172] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 116.091159][ T8172] EXT4-fs error (device loop0): ext4_quota_write:7322: inode #3: comm syz.0.1701: mark_inode_dirty error [ 116.102700][ T8189] 9pnet_virtio: no channels available for device 127.0.0.1 [ 116.111641][ T8172] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.1701: Failed to acquire dquot type 0 [ 116.157040][ T8172] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz.0.1701: Invalid inode table block 0 in block_group 0 [ 116.171450][ T8172] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 116.182275][ T8172] EXT4-fs error (device loop0): ext4_ext_truncate:4475: inode #15: comm syz.0.1701: mark_inode_dirty error [ 116.195925][ T8172] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz.0.1701: Invalid inode table block 0 in block_group 0 [ 116.209330][ T8172] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 116.221501][ T8172] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 116.233993][ T8172] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz.0.1701: Invalid inode table block 0 in block_group 0 [ 116.248050][ T8172] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 116.258546][ T8172] EXT4-fs error (device loop0): ext4_truncate:4597: inode #15: comm syz.0.1701: mark_inode_dirty error [ 116.270975][ T8172] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 116.284517][ T8172] EXT4-fs (loop0): 1 truncate cleaned up [ 116.293126][ T8195] loop4: detected capacity change from 0 to 2048 [ 116.410439][ T8207] loop0: detected capacity change from 0 to 764 [ 116.432121][ T8194] loop5: detected capacity change from 0 to 2048 [ 116.439152][ T8207] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 116.491350][ T8217] loop2: detected capacity change from 0 to 1024 [ 116.498990][ T8217] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 116.509625][ T8217] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 116.523558][ T8207] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1710'. [ 116.534635][ T8217] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 116.542785][ T8217] EXT4-fs (loop2): orphan cleanup on readonly fs [ 116.560115][ T8217] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1714: Invalid inode table block 0 in block_group 0 [ 116.575184][ T8217] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 116.585781][ T8217] EXT4-fs error (device loop2): ext4_quota_write:7322: inode #3: comm syz.2.1714: mark_inode_dirty error [ 116.600433][ T8223] 9pnet_virtio: no channels available for device 127.0.0.1 [ 116.605715][ T8221] 9pnet_virtio: no channels available for device 127.0.0.1 [ 116.625005][ T8217] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1714: Failed to acquire dquot type 0 [ 116.654720][ T8217] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1714: Invalid inode table block 0 in block_group 0 [ 116.684355][ T8217] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 116.702996][ T8217] EXT4-fs error (device loop2): ext4_ext_truncate:4475: inode #15: comm syz.2.1714: mark_inode_dirty error [ 116.723669][ T8217] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1714: Invalid inode table block 0 in block_group 0 [ 116.738882][ T8217] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 116.749709][ T8217] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 116.759451][ T8217] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1714: Invalid inode table block 0 in block_group 0 [ 116.762079][ T8230] 9pnet_fd: Insufficient options for proto=fd [ 116.784719][ T8217] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 116.794712][ T8217] EXT4-fs error (device loop2): ext4_truncate:4597: inode #15: comm syz.2.1714: mark_inode_dirty error [ 116.807434][ T8217] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 116.825480][ T8217] EXT4-fs (loop2): 1 truncate cleaned up [ 116.937194][ T8243] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1723'. [ 116.959613][ T8235] loop3: detected capacity change from 0 to 8192 [ 116.975734][ T8235] vfat: Unknown parameter 'GPL' [ 116.994618][ T8235] loop3: detected capacity change from 0 to 128 [ 117.020697][ T8250] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 117.033028][ T8235] IPVS: stopping master sync thread 8250 ... [ 117.077262][ T8254] loop4: detected capacity change from 0 to 764 [ 117.086650][ T8254] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 117.098448][ T8254] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1728'. [ 117.118410][ T8258] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1729'. [ 117.144049][ T8263] loop4: detected capacity change from 0 to 1024 [ 117.189039][ T8270] loop3: detected capacity change from 0 to 1024 [ 117.201830][ T8270] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 117.210845][ T8270] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 117.223633][ T8270] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 117.232010][ T8270] EXT4-fs (loop3): orphan cleanup on readonly fs [ 117.239075][ T8270] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.1732: Invalid inode table block 0 in block_group 0 [ 117.253609][ T8270] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 117.263305][ T8270] EXT4-fs error (device loop3): ext4_quota_write:7322: inode #3: comm syz.3.1732: mark_inode_dirty error [ 117.275043][ T8270] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1732: Failed to acquire dquot type 0 [ 117.287412][ T8270] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.1732: Invalid inode table block 0 in block_group 0 [ 117.290061][ T3386] hid-generic 0000:0004:0000.0014: unknown main item tag 0x0 [ 117.307575][ T3386] hid-generic 0000:0004:0000.0014: unknown main item tag 0x0 [ 117.315081][ T3386] hid-generic 0000:0004:0000.0014: unknown main item tag 0x0 [ 117.322854][ T8270] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 117.325991][ T3386] hid-generic 0000:0004:0000.0014: hidraw0: HID v0.00 Device [syz0] on syz1 [ 117.343116][ T8270] EXT4-fs error (device loop3): ext4_ext_truncate:4475: inode #15: comm syz.3.1732: mark_inode_dirty error [ 117.355988][ T8270] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.1732: Invalid inode table block 0 in block_group 0 [ 117.369199][ T8270] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 117.382482][ T8270] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 117.391592][ T8270] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.1732: Invalid inode table block 0 in block_group 0 [ 117.404757][ T8270] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 117.414641][ T8270] EXT4-fs error (device loop3): ext4_truncate:4597: inode #15: comm syz.3.1732: mark_inode_dirty error [ 117.426002][ T8270] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 117.435171][ T8270] EXT4-fs (loop3): 1 truncate cleaned up [ 117.483953][ T8291] 9pnet_virtio: no channels available for device 127.0.0.1 [ 117.541241][ T8295] netlink: 'syz.3.1741': attribute type 21 has an invalid length. [ 117.651217][ T8308] 9pnet_virtio: no channels available for device 127.0.0.1 [ 117.665872][ T8307] vhci_hcd: invalid port number 96 [ 117.671022][ T8307] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 117.701612][ T29] kauditd_printk_skb: 246 callbacks suppressed [ 117.701630][ T29] audit: type=1326 audit(1749376211.483:6521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8285 comm="syz.4.1737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 117.731711][ T29] audit: type=1326 audit(1749376211.483:6522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8285 comm="syz.4.1737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 117.781656][ T8317] loop4: detected capacity change from 0 to 1024 [ 117.790709][ T8317] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 117.801197][ T8317] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 117.812434][ T8317] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 117.820682][ T8317] EXT4-fs (loop4): orphan cleanup on readonly fs [ 117.827765][ T8317] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.1749: Invalid inode table block 0 in block_group 0 [ 117.841226][ T8317] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 117.850919][ T8317] EXT4-fs error (device loop4): ext4_quota_write:7322: inode #3: comm syz.4.1749: mark_inode_dirty error [ 117.857169][ T3386] hid-generic 0000:0004:0000.0015: unknown main item tag 0x0 [ 117.864250][ T8317] Quota error (device loop4): write_blk: dquota write failed [ 117.869775][ T3386] hid-generic 0000:0004:0000.0015: unknown main item tag 0x0 [ 117.877193][ T8317] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 117.877276][ T8317] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1749: Failed to acquire dquot type 0 [ 117.884732][ T3386] hid-generic 0000:0004:0000.0015: unknown main item tag 0x0 [ 117.900533][ T29] audit: type=1326 audit(1749376211.683:6523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8303 comm="syz.5.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 117.906855][ T3386] hid-generic 0000:0004:0000.0015: hidraw1: HID v0.00 Device [syz0] on syz1 [ 117.913493][ T29] audit: type=1326 audit(1749376211.683:6524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8303 comm="syz.5.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 117.938807][ T8317] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.1749: Invalid inode table block 0 in block_group 0 [ 117.946440][ T29] audit: type=1326 audit(1749376211.683:6525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8303 comm="syz.5.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 117.946477][ T29] audit: type=1326 audit(1749376211.683:6526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8303 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 117.946514][ T29] audit: type=1326 audit(1749376211.683:6527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8303 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 117.972192][ T8317] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 118.068303][ T8317] EXT4-fs error (device loop4): ext4_ext_truncate:4475: inode #15: comm syz.4.1749: mark_inode_dirty error [ 118.081527][ T8317] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.1749: Invalid inode table block 0 in block_group 0 [ 118.094870][ T8317] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 118.104571][ T8317] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 118.113273][ T8317] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.1749: Invalid inode table block 0 in block_group 0 [ 118.127824][ T8317] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 118.138282][ T8317] EXT4-fs error (device loop4): ext4_truncate:4597: inode #15: comm syz.4.1749: mark_inode_dirty error [ 118.151060][ T8317] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 118.160488][ T8317] EXT4-fs (loop4): 1 truncate cleaned up [ 118.168521][ T8329] 9pnet_virtio: no channels available for device 127.0.0.1 [ 118.219274][ T8333] loop4: detected capacity change from 0 to 128 [ 118.226348][ T8333] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 118.281008][ T8338] loop5: detected capacity change from 0 to 1024 [ 118.437829][ T3455] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 118.447080][ T8353] loop0: detected capacity change from 0 to 2048 [ 118.457061][ T8352] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1760'. [ 118.538788][ T36] hid-generic 0000:0004:0000.0016: unknown main item tag 0x0 [ 118.546328][ T36] hid-generic 0000:0004:0000.0016: unknown main item tag 0x0 [ 118.553788][ T36] hid-generic 0000:0004:0000.0016: unknown main item tag 0x0 [ 118.603079][ T36] hid-generic 0000:0004:0000.0016: hidraw0: HID v0.00 Device [syz0] on syz1 [ 118.641370][ T29] audit: type=1326 audit(1749376212.413:6528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8357 comm="syz.2.1762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f737f31e929 code=0x7ffc0000 [ 118.708342][ T8373] loop4: detected capacity change from 0 to 1024 [ 118.759476][ T8385] 9pnet_virtio: no channels available for device 127.0.0.1 [ 118.760451][ T8386] loop4: detected capacity change from 0 to 128 [ 118.777609][ T8386] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 118.793260][ T8386] EXT4-fs (loop4): ext4_remount: Checksum for group 0 failed (30846!=65535) [ 118.815740][ T8392] loop0: detected capacity change from 0 to 128 [ 118.830451][ T8392] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 118.848869][ T8392] EXT4-fs (loop0): ext4_remount: Checksum for group 0 failed (30846!=65535) [ 118.924967][ T36] hid-generic 0000:0004:0000.0017: unknown main item tag 0x0 [ 118.932521][ T36] hid-generic 0000:0004:0000.0017: unknown main item tag 0x0 [ 118.940147][ T36] hid-generic 0000:0004:0000.0017: unknown main item tag 0x0 [ 118.948722][ T36] hid-generic 0000:0004:0000.0017: hidraw0: HID v0.00 Device [syz0] on syz1 [ 119.021131][ T8412] loop3: detected capacity change from 0 to 512 [ 119.028151][ T8412] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 119.038940][ T8407] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1780'. [ 119.057539][ T8412] Cannot find del_set index 3 as target [ 119.191738][ T8425] loop0: detected capacity change from 0 to 128 [ 119.199046][ T8425] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 119.229614][ T8428] loop0: detected capacity change from 0 to 512 [ 119.236499][ T8428] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 119.267225][ T8428] Cannot find del_set index 3 as target [ 119.320504][ T8440] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1795'. [ 119.364468][ T8443] 9pnet_virtio: no channels available for device 127.0.0.1 [ 119.409733][ T8449] netlink: 'syz.4.1797': attribute type 29 has an invalid length. [ 119.423819][ T8449] loop4: detected capacity change from 0 to 1024 [ 119.432597][ T8449] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 119.442899][ T8449] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 119.454371][ T8449] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 119.462643][ T8449] EXT4-fs (loop4): orphan cleanup on readonly fs [ 119.469808][ T8449] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.1797: Invalid inode table block 0 in block_group 0 [ 119.482866][ T8449] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 119.492523][ T8449] EXT4-fs error (device loop4): ext4_quota_write:7322: inode #3: comm syz.4.1797: mark_inode_dirty error [ 119.504498][ T8449] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1797: Failed to acquire dquot type 0 [ 119.516032][ T8449] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.1797: Invalid inode table block 0 in block_group 0 [ 119.529082][ T8449] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 119.538951][ T8449] EXT4-fs error (device loop4): ext4_ext_truncate:4475: inode #15: comm syz.4.1797: mark_inode_dirty error [ 119.550747][ T8449] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.1797: Invalid inode table block 0 in block_group 0 [ 119.567687][ T8449] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 119.577613][ T8449] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 119.588392][ T8449] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.1797: Invalid inode table block 0 in block_group 0 [ 119.601528][ T8449] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 119.611256][ T8449] EXT4-fs error (device loop4): ext4_truncate:4597: inode #15: comm syz.4.1797: mark_inode_dirty error [ 119.622724][ T8449] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 119.631923][ T8449] EXT4-fs (loop4): 1 truncate cleaned up [ 119.877890][ T8479] loop2: detected capacity change from 0 to 128 [ 119.885392][ T8479] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 119.996888][ T8490] 9pnet_virtio: no channels available for device 127.0.0.1 [ 120.345243][ T8497] loop0: detected capacity change from 0 to 764 [ 120.369288][ T8497] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 120.381751][ T8497] __nla_validate_parse: 2 callbacks suppressed [ 120.381825][ T8497] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1815'. [ 120.438470][ T8505] loop2: detected capacity change from 0 to 764 [ 120.454740][ T8505] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 120.470963][ T8505] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1819'. [ 120.527021][ T8511] loop0: detected capacity change from 0 to 512 [ 120.535293][ T8511] EXT4-fs (loop0): orphan cleanup on readonly fs [ 120.542231][ T8511] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1823: bg 0: block 248: padding at end of block bitmap is not set [ 120.558069][ T8511] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.1823: Failed to acquire dquot type 1 [ 120.572980][ T8511] EXT4-fs (loop0): 1 truncate cleaned up [ 120.657861][ T8511] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 120.685649][ T8511] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 120.695412][ T8511] EXT4-fs error (device loop0): ext4_lookup:1791: inode #2: comm syz.0.1823: deleted inode referenced: 12 [ 120.710572][ T8527] 9pnet_virtio: no channels available for device 127.0.0.1 [ 120.782313][ T8529] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1829'. [ 120.869902][ T8540] 9pnet_virtio: no channels available for device 127.0.0.1 [ 121.035785][ T8556] loop4: detected capacity change from 0 to 512 [ 121.044842][ T8556] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 121.049631][ T8553] netlink: 'syz.0.1837': attribute type 29 has an invalid length. [ 121.057332][ T8556] Cannot find del_set index 3 as target [ 121.072180][ T8553] loop0: detected capacity change from 0 to 1024 [ 121.079542][ T8553] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 121.089642][ T8553] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 121.102990][ T8553] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 121.135383][ T36] hid-generic 0000:0004:0000.0018: unknown main item tag 0x0 [ 121.137024][ T8553] EXT4-fs (loop0): orphan cleanup on readonly fs [ 121.142834][ T36] hid-generic 0000:0004:0000.0018: unknown main item tag 0x0 [ 121.156807][ T36] hid-generic 0000:0004:0000.0018: unknown main item tag 0x0 [ 121.181569][ T8553] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz.0.1837: Invalid inode table block 0 in block_group 0 [ 121.196720][ T8553] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 121.211535][ T8553] EXT4-fs error (device loop0): ext4_quota_write:7322: inode #3: comm syz.0.1837: mark_inode_dirty error [ 121.224110][ T8553] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.1837: Failed to acquire dquot type 0 [ 121.236203][ T8553] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz.0.1837: Invalid inode table block 0 in block_group 0 [ 121.249196][ T8553] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 121.249289][ T36] hid-generic 0000:0004:0000.0018: hidraw0: HID v0.00 Device [syz0] on syz1 [ 121.270622][ T8572] 9pnet_virtio: no channels available for device 127.0.0.1 [ 121.279985][ T8553] EXT4-fs error (device loop0): ext4_ext_truncate:4475: inode #15: comm syz.0.1837: mark_inode_dirty error [ 121.292426][ T8553] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz.0.1837: Invalid inode table block 0 in block_group 0 [ 121.309262][ T8553] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 121.321479][ T8553] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 121.330991][ T8553] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz.0.1837: Invalid inode table block 0 in block_group 0 [ 121.347586][ T8553] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 121.362581][ T8553] EXT4-fs error (device loop0): ext4_truncate:4597: inode #15: comm syz.0.1837: mark_inode_dirty error [ 121.375241][ T8553] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 121.384519][ T8553] EXT4-fs (loop0): 1 truncate cleaned up [ 121.450106][ T8584] 9pnet_fd: Insufficient options for proto=fd [ 121.493384][ T8592] loop5: detected capacity change from 0 to 512 [ 121.528211][ T8581] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1848'. [ 121.532576][ T8594] loop0: detected capacity change from 0 to 2048 [ 121.544444][ T8592] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 121.558364][ T8592] Cannot find del_set index 3 as target [ 121.671552][ T23] hid-generic 0000:0004:0000.0019: unknown main item tag 0x0 [ 121.675446][ T8594] loop0: p1 < > p4 [ 121.679117][ T23] hid-generic 0000:0004:0000.0019: unknown main item tag 0x0 [ 121.683694][ T8594] loop0: p4 size 8388608 extends beyond EOD, [ 121.690291][ T23] hid-generic 0000:0004:0000.0019: unknown main item tag 0x0 [ 121.690348][ T8594] truncated [ 121.709508][ T23] hid-generic 0000:0004:0000.0019: hidraw0: HID v0.00 Device [syz0] on syz1 [ 121.727980][ T8594] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1853'. [ 121.780230][ T8606] 9pnet_fd: Insufficient options for proto=fd [ 121.857389][ T8616] 9pnet_fd: Insufficient options for proto=fd [ 121.937774][ T8625] loop0: detected capacity change from 0 to 128 [ 121.945622][ T8625] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 122.087366][ T8630] loop5: detected capacity change from 0 to 764 [ 122.096800][ T8630] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 122.166775][ T8630] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1869'. [ 122.402808][ T8638] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1871'. [ 122.422317][ T8636] 9pnet_fd: Insufficient options for proto=fd [ 122.423411][ T3315] FAT-fs (loop0): error, invalid access to FAT (entry 0x0affffff) [ 122.436794][ T3315] FAT-fs (loop0): Filesystem has been set read-only [ 122.475921][ T8642] loop5: detected capacity change from 0 to 764 [ 122.492119][ T8642] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 122.505336][ T8642] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1873'. [ 122.515782][ T8644] 9pnet_fd: Insufficient options for proto=fd [ 122.525177][ T6245] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 122.637225][ T8660] 9pnet_virtio: no channels available for device 127.0.0.1 [ 122.741173][ T29] kauditd_printk_skb: 386 callbacks suppressed [ 122.741191][ T29] audit: type=1326 audit(1749376216.523:6908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8670 comm="syz.4.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 122.777253][ T29] audit: type=1326 audit(1749376216.563:6909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8670 comm="syz.4.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 122.805124][ T29] audit: type=1326 audit(1749376216.563:6910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8670 comm="syz.4.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 122.828709][ T29] audit: type=1326 audit(1749376216.563:6911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8670 comm="syz.4.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 122.852219][ T29] audit: type=1326 audit(1749376216.563:6912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8670 comm="syz.4.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 122.868384][ T8653] chnl_net:caif_netlink_parms(): no params data found [ 122.895721][ T29] audit: type=1326 audit(1749376216.683:6913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8648 comm="syz.5.1875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 122.919208][ T29] audit: type=1326 audit(1749376216.683:6914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8648 comm="syz.5.1875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 123.008872][ T29] audit: type=1326 audit(1749376216.793:6915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8689 comm="syz.5.1889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 123.032439][ T29] audit: type=1326 audit(1749376216.793:6916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8689 comm="syz.5.1889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 123.056148][ T29] audit: type=1326 audit(1749376216.793:6917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8689 comm="syz.5.1889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f3ac5e6e929 code=0x7ffc0000 [ 123.136900][ T8693] netlink: 'syz.5.1890': attribute type 29 has an invalid length. [ 123.299587][ T8681] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1886'. [ 123.509061][ T8699] loop5: detected capacity change from 0 to 1024 [ 123.522685][ T8653] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.529919][ T8653] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.538844][ T8653] bridge_slave_0: entered allmulticast mode [ 123.540089][ T8699] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 123.545563][ T8653] bridge_slave_0: entered promiscuous mode [ 123.562081][ T8699] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 123.578550][ T8653] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.586052][ T8653] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.593556][ T8653] bridge_slave_1: entered allmulticast mode [ 123.602299][ T8699] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 123.604317][ T8653] bridge_slave_1: entered promiscuous mode [ 123.612297][ T8699] EXT4-fs (loop5): orphan cleanup on readonly fs [ 123.622733][ T8703] loop2: detected capacity change from 0 to 2048 [ 123.631172][ T8699] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1890: Invalid inode table block 0 in block_group 0 [ 123.658981][ T8653] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 123.669114][ T8699] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 123.673089][ T8653] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 123.680856][ T8699] EXT4-fs error (device loop5): ext4_quota_write:7322: inode #3: comm syz.5.1890: mark_inode_dirty error [ 123.701173][ T8699] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1890: Failed to acquire dquot type 0 [ 123.713915][ T8699] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1890: Invalid inode table block 0 in block_group 0 [ 123.728123][ T8653] team0: Port device team_slave_0 added [ 123.728664][ T8699] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 123.743506][ T8699] EXT4-fs error (device loop5): ext4_ext_truncate:4475: inode #15: comm syz.5.1890: mark_inode_dirty error [ 123.744768][ T8653] team0: Port device team_slave_1 added [ 123.768753][ T8699] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1890: Invalid inode table block 0 in block_group 0 [ 123.784205][ T8699] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 123.793478][ T8653] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 123.799719][ T8699] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 123.800651][ T8653] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 123.815767][ T8699] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1890: Invalid inode table block 0 in block_group 0 [ 123.835304][ T8653] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 123.850321][ T8699] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 123.860110][ T8653] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 123.874352][ T8699] EXT4-fs error (device loop5): ext4_truncate:4597: inode #15: comm syz.5.1890: mark_inode_dirty error [ 123.874754][ T8653] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 123.888566][ T8699] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 123.911838][ T8653] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 123.925713][ T8699] EXT4-fs (loop5): 1 truncate cleaned up [ 123.995300][ T23] hid-generic 0000:0004:0000.001A: unknown main item tag 0x0 [ 124.002906][ T23] hid-generic 0000:0004:0000.001A: unknown main item tag 0x0 [ 124.010438][ T23] hid-generic 0000:0004:0000.001A: unknown main item tag 0x0 [ 124.018470][ T23] hid-generic 0000:0004:0000.001A: hidraw0: HID v0.00 Device [syz0] on syz1 [ 124.136434][ T8653] hsr_slave_0: entered promiscuous mode [ 124.142712][ T8653] hsr_slave_1: entered promiscuous mode [ 124.150498][ T8653] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 124.158220][ T8653] Cannot create hsr debugfs directory [ 124.243790][ T8653] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 124.466735][ T8653] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 124.579289][ T8653] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 124.623748][ T8728] netlink: 'syz.5.1899': attribute type 29 has an invalid length. [ 124.662055][ T8653] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 124.693823][ T8732] loop5: detected capacity change from 0 to 1024 [ 124.724975][ T8732] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 124.749977][ T1034] hid-generic 0000:0004:0000.001B: unknown main item tag 0x0 [ 124.753082][ T8732] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 124.757459][ T1034] hid-generic 0000:0004:0000.001B: unknown main item tag 0x0 [ 124.757487][ T1034] hid-generic 0000:0004:0000.001B: unknown main item tag 0x0 [ 124.788632][ T8653] 8021q: adding VLAN 0 to HW filter on device bond0 [ 124.795811][ T8732] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 124.801282][ T8653] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.810747][ T1034] hid-generic 0000:0004:0000.001B: hidraw0: HID v0.00 Device [syz0] on syz1 [ 124.812254][ T8732] EXT4-fs (loop5): orphan cleanup on readonly fs [ 124.833792][ T8732] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1899: Invalid inode table block 0 in block_group 0 [ 124.837813][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.847734][ T8732] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 124.853798][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.864613][ T8732] EXT4-fs error (device loop5): ext4_quota_write:7322: inode #3: comm syz.5.1899: mark_inode_dirty error [ 124.882314][ T8732] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1899: Failed to acquire dquot type 0 [ 124.895661][ T8732] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1899: Invalid inode table block 0 in block_group 0 [ 124.909104][ T8732] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 124.920806][ T8732] EXT4-fs error (device loop5): ext4_ext_truncate:4475: inode #15: comm syz.5.1899: mark_inode_dirty error [ 124.932748][ T8732] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1899: Invalid inode table block 0 in block_group 0 [ 124.952217][ T8732] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 124.966798][ T8732] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 124.983759][ T8732] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1899: Invalid inode table block 0 in block_group 0 [ 124.998417][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.005522][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.014010][ T8732] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 125.026992][ T8732] EXT4-fs error (device loop5): ext4_truncate:4597: inode #15: comm syz.5.1899: mark_inode_dirty error [ 125.045303][ T8732] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 125.056622][ T8732] EXT4-fs (loop5): 1 truncate cleaned up [ 125.125317][ T8653] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 125.329949][ T8653] veth0_vlan: entered promiscuous mode [ 125.341049][ T8653] veth1_vlan: entered promiscuous mode [ 125.360420][ T8653] veth0_macvtap: entered promiscuous mode [ 125.368679][ T8653] veth1_macvtap: entered promiscuous mode [ 125.382523][ T8653] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 125.397622][ T8653] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 125.408015][ T8653] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.416953][ T8653] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.425848][ T8653] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.434690][ T8653] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.517080][ T8770] vhci_hcd: invalid port number 96 [ 125.522272][ T8770] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 125.556052][ T1034] hid-generic 0000:0004:0000.001C: unknown main item tag 0x0 [ 125.563524][ T1034] hid-generic 0000:0004:0000.001C: unknown main item tag 0x0 [ 125.571006][ T1034] hid-generic 0000:0004:0000.001C: unknown main item tag 0x0 [ 125.594695][ T1034] hid-generic 0000:0004:0000.001C: hidraw0: HID v0.00 Device [syz0] on syz1 [ 125.657112][ T8779] loop3: detected capacity change from 0 to 512 [ 125.666478][ T8779] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 125.680351][ T8779] Cannot find del_set index 3 as target [ 125.769490][ T8783] vhci_hcd: invalid port number 96 [ 125.774824][ T8783] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 125.810559][ T8787] netlink: 'syz.6.1913': attribute type 29 has an invalid length. [ 125.837093][ T8787] loop6: detected capacity change from 0 to 1024 [ 125.846340][ T8787] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 125.863938][ T8787] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 125.877946][ T8787] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 125.888667][ T1034] hid-generic 0000:0004:0000.001D: unknown main item tag 0x0 [ 125.896167][ T1034] hid-generic 0000:0004:0000.001D: unknown main item tag 0x0 [ 125.903626][ T1034] hid-generic 0000:0004:0000.001D: unknown main item tag 0x0 [ 125.924425][ T8787] EXT4-fs (loop6): orphan cleanup on readonly fs [ 125.937644][ T1034] hid-generic 0000:0004:0000.001D: hidraw0: HID v0.00 Device [syz0] on syz1 [ 125.955779][ T8787] EXT4-fs error (device loop6): __ext4_get_inode_loc:4792: comm syz.6.1913: Invalid inode table block 0 in block_group 0 [ 125.969354][ T8787] EXT4-fs error (device loop6) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 125.980391][ T8787] EXT4-fs error (device loop6): ext4_quota_write:7322: inode #3: comm syz.6.1913: mark_inode_dirty error [ 125.993105][ T8787] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.1913: Failed to acquire dquot type 0 [ 126.007763][ T8787] EXT4-fs error (device loop6): __ext4_get_inode_loc:4792: comm syz.6.1913: Invalid inode table block 0 in block_group 0 [ 126.021209][ T8787] EXT4-fs error (device loop6) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 126.022572][ T8806] 9pnet_virtio: no channels available for device 127.0.0.1 [ 126.032345][ T8787] EXT4-fs error (device loop6): ext4_ext_truncate:4475: inode #15: comm syz.6.1913: mark_inode_dirty error [ 126.050257][ T8787] EXT4-fs error (device loop6): __ext4_get_inode_loc:4792: comm syz.6.1913: Invalid inode table block 0 in block_group 0 [ 126.063471][ T8787] EXT4-fs error (device loop6) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 126.073457][ T8787] EXT4-fs error (device loop6) in ext4_orphan_del:305: Corrupt filesystem [ 126.082340][ T8787] EXT4-fs error (device loop6): __ext4_get_inode_loc:4792: comm syz.6.1913: Invalid inode table block 0 in block_group 0 [ 126.097130][ T8787] EXT4-fs error (device loop6) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 126.106905][ T8787] EXT4-fs error (device loop6): ext4_truncate:4597: inode #15: comm syz.6.1913: mark_inode_dirty error [ 126.120110][ T8787] EXT4-fs error (device loop6) in ext4_process_orphan:347: Corrupt filesystem [ 126.129363][ T8787] EXT4-fs (loop6): 1 truncate cleaned up [ 126.233207][ T8820] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8820 comm=syz.6.1927 [ 126.247448][ T8820] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 126.286343][ T8822] vhci_hcd: invalid port number 96 [ 126.291575][ T8822] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 126.338611][ T8833] loop6: detected capacity change from 0 to 128 [ 126.345919][ T8833] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 126.534030][ T8653] FAT-fs (loop6): error, invalid access to FAT (entry 0x0affffff) [ 126.542018][ T8653] FAT-fs (loop6): Filesystem has been set read-only [ 126.661124][ T8850] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1941'. [ 126.736260][ T8855] vhci_hcd: invalid port number 96 [ 126.741473][ T8855] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 126.784762][ T8859] FAULT_INJECTION: forcing a failure. [ 126.784762][ T8859] name failslab, interval 1, probability 0, space 0, times 0 [ 126.797579][ T8859] CPU: 0 UID: 0 PID: 8859 Comm: syz.4.1945 Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(voluntary) [ 126.797611][ T8859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 126.797626][ T8859] Call Trace: [ 126.797633][ T8859] [ 126.797642][ T8859] __dump_stack+0x1d/0x30 [ 126.797667][ T8859] dump_stack_lvl+0xe8/0x140 [ 126.797773][ T8859] dump_stack+0x15/0x1b [ 126.797848][ T8859] should_fail_ex+0x265/0x280 [ 126.797876][ T8859] should_failslab+0x8c/0xb0 [ 126.797951][ T8859] __kmalloc_node_track_caller_noprof+0xa4/0x410 [ 126.797999][ T8859] ? sidtab_sid2str_get+0xa0/0x130 [ 126.798039][ T8859] kmemdup_noprof+0x2b/0x70 [ 126.798159][ T8859] sidtab_sid2str_get+0xa0/0x130 [ 126.798197][ T8859] security_sid_to_context_core+0x1eb/0x2e0 [ 126.798294][ T8859] security_sid_to_context+0x27/0x40 [ 126.798329][ T8859] selinux_lsmprop_to_secctx+0x67/0xf0 [ 126.798367][ T8859] security_lsmprop_to_secctx+0x43/0x80 [ 126.798416][ T8859] audit_log_task_context+0x77/0x190 [ 126.798465][ T8859] audit_log_task+0xf4/0x250 [ 126.798515][ T8859] audit_seccomp+0x61/0x100 [ 126.798552][ T8859] ? __seccomp_filter+0x68c/0x10d0 [ 126.798585][ T8859] __seccomp_filter+0x69d/0x10d0 [ 126.798648][ T8859] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 126.798679][ T8859] ? vfs_write+0x75e/0x8e0 [ 126.798709][ T8859] ? __rcu_read_unlock+0x4f/0x70 [ 126.798738][ T8859] ? __fget_files+0x184/0x1c0 [ 126.798815][ T8859] __secure_computing+0x82/0x150 [ 126.798847][ T8859] syscall_trace_enter+0xcf/0x1e0 [ 126.798880][ T8859] do_syscall_64+0xac/0x200 [ 126.799010][ T8859] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 126.799046][ T8859] ? clear_bhb_loop+0x40/0x90 [ 126.799075][ T8859] ? clear_bhb_loop+0x40/0x90 [ 126.799105][ T8859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.799145][ T8859] RIP: 0033:0x7f8ad0cee929 [ 126.799166][ T8859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.799192][ T8859] RSP: 002b:00007f8acf357038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 126.799220][ T8859] RAX: ffffffffffffffda RBX: 00007f8ad0f15fa0 RCX: 00007f8ad0cee929 [ 126.799237][ T8859] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 126.799255][ T8859] RBP: 00007f8acf357090 R08: 0000000000000000 R09: 0000000000000000 [ 126.799306][ T8859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.799322][ T8859] R13: 0000000000000000 R14: 00007f8ad0f15fa0 R15: 00007ffcd8f4e8a8 [ 126.799348][ T8859] [ 126.820800][ T8861] FAULT_INJECTION: forcing a failure. [ 126.820800][ T8861] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 126.820832][ T8861] CPU: 1 UID: 0 PID: 8861 Comm: syz.3.1946 Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(voluntary) [ 126.820866][ T8861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 126.820878][ T8861] Call Trace: [ 126.820947][ T8861] [ 126.820957][ T8861] __dump_stack+0x1d/0x30 [ 126.820986][ T8861] dump_stack_lvl+0xe8/0x140 [ 126.821007][ T8861] dump_stack+0x15/0x1b [ 126.821023][ T8861] should_fail_ex+0x265/0x280 [ 126.821043][ T8861] should_fail+0xb/0x20 [ 126.821142][ T8861] should_fail_usercopy+0x1a/0x20 [ 126.821166][ T8861] strncpy_from_user+0x25/0x230 [ 126.821204][ T8861] ? kmem_cache_alloc_noprof+0x186/0x310 [ 126.821237][ T8861] ? getname_flags+0x80/0x3b0 [ 126.821326][ T8861] getname_flags+0xae/0x3b0 [ 126.821362][ T8861] do_sys_openat2+0x60/0x110 [ 126.821404][ T8861] __x64_sys_openat+0xf2/0x120 [ 126.821486][ T8861] x64_sys_call+0x1af/0x2fb0 [ 126.821509][ T8861] do_syscall_64+0xd2/0x200 [ 126.821543][ T8861] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 126.821611][ T8861] ? clear_bhb_loop+0x40/0x90 [ 126.821675][ T8861] ? clear_bhb_loop+0x40/0x90 [ 126.821718][ T8861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.821746][ T8861] RIP: 0033:0x7f84fa78e929 [ 126.821765][ T8861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.821852][ T8861] RSP: 002b:00007f84f8df7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 126.821876][ T8861] RAX: ffffffffffffffda RBX: 00007f84fa9b5fa0 RCX: 00007f84fa78e929 [ 126.821892][ T8861] RDX: 0000000000060000 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 126.821904][ T8861] RBP: 00007f84f8df7090 R08: 0000000000000000 R09: 0000000000000000 [ 126.821916][ T8861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.821927][ T8861] R13: 0000000000000001 R14: 00007f84fa9b5fa0 R15: 00007ffc64413d78 [ 126.821947][ T8861] [ 127.210027][ T8878] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1953'. [ 127.240115][ T8880] loop3: detected capacity change from 0 to 2048 [ 127.386095][ T8883] vhci_hcd: invalid port number 96 [ 127.391348][ T8883] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 127.405231][ T8880] loop3: p1 < > p4 [ 127.409668][ T8880] loop3: p4 size 8388608 extends beyond EOD, truncated [ 127.492353][ T8891] SELinux: Context system_u:object_r:setfiles_exec_t:s0 is not valid (left unmapped). [ 127.509272][ T8892] 9pnet_virtio: no channels available for device 127.0.0.1 [ 127.614997][ T8935] netlink: 'syz.5.1960': attribute type 20 has an invalid length. [ 127.646997][ T8937] loop4: detected capacity change from 0 to 2048 [ 127.714478][ T8937] loop4: p1 < > p4 [ 127.719251][ T8937] loop4: p4 size 8388608 extends beyond EOD, truncated [ 128.073912][ T29] kauditd_printk_skb: 332 callbacks suppressed [ 128.073932][ T29] audit: type=1326 audit(1749376221.773:7243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8945 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 128.103595][ T29] audit: type=1326 audit(1749376221.773:7244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8945 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 128.127340][ T29] audit: type=1326 audit(1749376221.783:7245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8945 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 128.150681][ T29] audit: type=1326 audit(1749376221.783:7246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8945 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 128.174119][ T29] audit: type=1326 audit(1749376221.783:7247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8945 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 128.197660][ T29] audit: type=1326 audit(1749376221.783:7248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8945 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 128.221139][ T29] audit: type=1326 audit(1749376221.783:7249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8945 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 128.228247][ T8949] 9pnet_virtio: no channels available for device 127.0.0.1 [ 128.244733][ T29] audit: type=1326 audit(1749376221.783:7250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8945 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad0cee929 code=0x7ffc0000 [ 128.310344][ T8952] netlink: 45 bytes leftover after parsing attributes in process `syz.2.1966'. [ 128.341416][ T8956] vhci_hcd: invalid port number 96 [ 128.346756][ T8956] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 128.376969][ T8959] loop3: detected capacity change from 0 to 2048 [ 128.388035][ T29] audit: type=1326 audit(1749376222.173:7251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8960 comm="syz.2.1969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f737f31e929 code=0x7ffc0000 [ 128.397345][ T8961] netlink: 'syz.2.1969': attribute type 29 has an invalid length. [ 128.411784][ T29] audit: type=1326 audit(1749376222.173:7252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8960 comm="syz.2.1969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f737f31e929 code=0x7ffc0000 [ 128.445708][ T8959] loop3: p1 < > p4 [ 128.446883][ T8961] loop2: detected capacity change from 0 to 1024 [ 128.450235][ T8959] loop3: p4 size 8388608 extends beyond EOD, truncated [ 128.457127][ T8961] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 128.472045][ T8961] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 128.515173][ T8961] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 128.524673][ T8961] EXT4-fs (loop2): orphan cleanup on readonly fs [ 128.531484][ T8961] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1969: Invalid inode table block 0 in block_group 0 [ 128.546376][ T8961] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 128.556402][ T8961] EXT4-fs error (device loop2): ext4_quota_write:7322: inode #3: comm syz.2.1969: mark_inode_dirty error [ 128.561384][ T3409] hid-generic 0000:0004:0000.001E: unknown main item tag 0x0 [ 128.569169][ T8967] FAULT_INJECTION: forcing a failure. [ 128.569169][ T8967] name failslab, interval 1, probability 0, space 0, times 0 [ 128.575191][ T3409] hid-generic 0000:0004:0000.001E: unknown main item tag 0x0 [ 128.575219][ T3409] hid-generic 0000:0004:0000.001E: unknown main item tag 0x0 [ 128.591024][ T3409] hid-generic 0000:0004:0000.001E: hidraw0: HID v0.00 Device [syz0] on syz1 [ 128.595641][ T8967] CPU: 0 UID: 0 PID: 8967 Comm: syz.4.1971 Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(voluntary) [ 128.595680][ T8967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 128.595697][ T8967] Call Trace: [ 128.595706][ T8967] [ 128.595718][ T8967] __dump_stack+0x1d/0x30 [ 128.595787][ T8967] dump_stack_lvl+0xe8/0x140 [ 128.595815][ T8967] dump_stack+0x15/0x1b [ 128.595836][ T8967] should_fail_ex+0x265/0x280 [ 128.595864][ T8967] should_failslab+0x8c/0xb0 [ 128.595900][ T8967] kmem_cache_alloc_node_noprof+0x57/0x320 [ 128.595999][ T8967] ? __alloc_skb+0x101/0x320 [ 128.596026][ T8967] __alloc_skb+0x101/0x320 [ 128.596049][ T8967] ? audit_log_start+0x365/0x6c0 [ 128.596136][ T8967] audit_log_start+0x380/0x6c0 [ 128.596184][ T8967] audit_seccomp+0x48/0x100 [ 128.596236][ T8967] ? __seccomp_filter+0x68c/0x10d0 [ 128.596270][ T8967] __seccomp_filter+0x69d/0x10d0 [ 128.596305][ T8967] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 128.596336][ T8967] ? vfs_write+0x75e/0x8e0 [ 128.596440][ T8967] __secure_computing+0x82/0x150 [ 128.596481][ T8967] syscall_trace_enter+0xcf/0x1e0 [ 128.596516][ T8967] do_syscall_64+0xac/0x200 [ 128.596556][ T8967] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 128.596592][ T8967] ? clear_bhb_loop+0x40/0x90 [ 128.596669][ T8967] ? clear_bhb_loop+0x40/0x90 [ 128.596705][ T8967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.596734][ T8967] RIP: 0033:0x7f8ad0cee929 [ 128.596762][ T8967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.596787][ T8967] RSP: 002b:00007f8acf357038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be [ 128.596867][ T8967] RAX: ffffffffffffffda RBX: 00007f8ad0f15fa0 RCX: 00007f8ad0cee929 [ 128.596886][ T8967] RDX: 0000200000000040 RSI: 00002000000000c0 RDI: 0000000000000004 [ 128.596903][ T8967] RBP: 00007f8acf357090 R08: 0000000000000000 R09: 0000000000000000 [ 128.596916][ T8967] R10: 000000000000001e R11: 0000000000000246 R12: 0000000000000001 [ 128.596935][ T8967] R13: 0000000000000000 R14: 00007f8ad0f15fa0 R15: 00007ffcd8f4e8a8 [ 128.596989][ T8967] [ 128.597701][ T8961] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1969: Failed to acquire dquot type 0 [ 128.766872][ T8977] loop5: detected capacity change from 0 to 1024 [ 128.775373][ T8961] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1969: Invalid inode table block 0 in block_group 0 [ 128.784590][ T8975] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 128.791304][ T8961] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 128.798786][ T8975] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 128.799131][ T8975] vhci_hcd vhci_hcd.0: Device attached [ 128.811663][ T8961] EXT4-fs error (device loop2): ext4_ext_truncate:4475: inode #15: comm syz.2.1969: mark_inode_dirty error [ 128.818600][ T8977] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 128.823474][ T8961] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1969: Invalid inode table block 0 in block_group 0 [ 128.826732][ T8977] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 128.840339][ T8961] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 128.846712][ T8977] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 128.856964][ T8961] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 128.863107][ T8977] EXT4-fs (loop5): orphan cleanup on readonly fs [ 128.874590][ T8961] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.1969: Invalid inode table block 0 in block_group 0 [ 128.880908][ T8977] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1975: Invalid inode table block 0 in block_group 0 [ 128.887711][ T8961] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 128.929175][ T8977] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 128.938937][ T8961] EXT4-fs error (device loop2): ext4_truncate:4597: inode #15: comm syz.2.1969: mark_inode_dirty error [ 128.946998][ T8977] EXT4-fs error (device loop5): ext4_quota_write:7322: inode #3: comm syz.5.1975: mark_inode_dirty error [ 128.956248][ T8961] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 128.961737][ T8977] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1975: Failed to acquire dquot type 0 [ 128.974077][ T8836] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 128.988262][ T8977] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1975: Invalid inode table block 0 in block_group 0 [ 129.005571][ T8961] EXT4-fs (loop2): 1 truncate cleaned up [ 129.076490][ T8977] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 129.080345][ T8961] EXT4-fs mount: 61 callbacks suppressed [ 129.080365][ T8961] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 129.092581][ T8977] EXT4-fs error (device loop5): ext4_ext_truncate:4475: inode #15: comm syz.5.1975: mark_inode_dirty error [ 129.104823][ T8961] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.125161][ T8977] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1975: Invalid inode table block 0 in block_group 0 [ 129.141263][ T8925] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.153327][ T8977] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 129.163623][ T8977] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 129.174169][ T8977] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.1975: Invalid inode table block 0 in block_group 0 [ 129.198044][ T8977] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 129.209452][ T8977] EXT4-fs error (device loop5): ext4_truncate:4597: inode #15: comm syz.5.1975: mark_inode_dirty error [ 129.221420][ T8977] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 129.233219][ T8977] EXT4-fs (loop5): 1 truncate cleaned up [ 129.240075][ T8977] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 129.262771][ T8977] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.352822][ T8983] chnl_net:caif_netlink_parms(): no params data found [ 129.391943][ T9003] loop5: detected capacity change from 0 to 512 [ 129.399311][ T9003] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 129.410598][ T8979] vhci_hcd: connection closed [ 129.410864][ T8930] vhci_hcd: stop threads [ 129.415892][ T9003] Cannot find del_set index 3 as target [ 129.420099][ T8930] vhci_hcd: release socket [ 129.430178][ T8930] vhci_hcd: disconnect device [ 129.462527][ T8983] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.469732][ T8983] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.497628][ T8983] bridge_slave_0: entered allmulticast mode [ 129.504389][ T8983] bridge_slave_0: entered promiscuous mode [ 129.511529][ T9018] loop4: detected capacity change from 0 to 128 [ 129.519032][ T8983] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.526341][ T8983] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.533658][ T8983] bridge_slave_1: entered allmulticast mode [ 129.533658][ T9018] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 129.545769][ T9019] loop3: detected capacity change from 0 to 512 [ 129.550024][ T8983] bridge_slave_1: entered promiscuous mode [ 129.561693][ T9014] dummy0: entered promiscuous mode [ 129.580815][ T8983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 129.593567][ T8983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 129.617122][ T9019] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 129.618441][ T9016] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1987'. [ 129.636559][ T8983] team0: Port device team_slave_0 added [ 129.643676][ T8983] team0: Port device team_slave_1 added [ 129.677872][ T9019] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.691635][ T8983] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 129.692571][ T9019] ext4 filesystem being mounted at /370/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 129.698682][ T8983] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.735511][ T8983] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.737060][ T9014] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1984'. [ 129.751572][ T8983] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 129.762181][ T8983] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.788266][ T8983] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 129.843862][ T9014] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 129.855822][ T3317] FAT-fs (loop4): error, invalid access to FAT (entry 0x0affffff) [ 129.863913][ T3317] FAT-fs (loop4): Filesystem has been set read-only [ 129.885399][ T9014] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 129.905060][ T9014] bond0 (unregistering): Released all slaves [ 129.916439][ T9033] netlink: 'syz.5.1992': attribute type 13 has an invalid length. [ 129.939860][ T9039] loop2: detected capacity change from 0 to 512 [ 129.952618][ T8925] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.967479][ T9039] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 129.994271][ T9012] dummy0: left promiscuous mode [ 130.004060][ T9039] Cannot find del_set index 3 as target [ 130.014464][ T8983] hsr_slave_0: entered promiscuous mode [ 130.021046][ T8983] hsr_slave_1: entered promiscuous mode [ 130.027430][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.027502][ T8983] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 130.027519][ T8983] Cannot create hsr debugfs directory [ 130.056803][ T8925] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.122757][ T8925] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.185830][ T9050] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2001'. [ 130.259454][ T9061] FAULT_INJECTION: forcing a failure. [ 130.259454][ T9061] name failslab, interval 1, probability 0, space 0, times 0 [ 130.272087][ T8983] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 130.278893][ T9061] CPU: 1 UID: 0 PID: 9061 Comm: syz.2.2004 Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(voluntary) [ 130.278930][ T9061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 130.278947][ T9061] Call Trace: [ 130.278955][ T9061] [ 130.278965][ T9061] __dump_stack+0x1d/0x30 [ 130.278991][ T9061] dump_stack_lvl+0xe8/0x140 [ 130.279078][ T9061] dump_stack+0x15/0x1b [ 130.279094][ T9061] should_fail_ex+0x265/0x280 [ 130.279114][ T9061] should_failslab+0x8c/0xb0 [ 130.279207][ T9061] __kmalloc_node_track_caller_noprof+0xa4/0x410 [ 130.279251][ T9061] ? sidtab_sid2str_get+0xa0/0x130 [ 130.279290][ T9061] kmemdup_noprof+0x2b/0x70 [ 130.279360][ T9061] sidtab_sid2str_get+0xa0/0x130 [ 130.279398][ T9061] security_sid_to_context_core+0x1eb/0x2e0 [ 130.279447][ T9061] security_sid_to_context+0x27/0x40 [ 130.279482][ T9061] selinux_lsmprop_to_secctx+0x67/0xf0 [ 130.279520][ T9061] security_lsmprop_to_secctx+0x43/0x80 [ 130.279621][ T9061] audit_log_task_context+0x77/0x190 [ 130.279661][ T9061] audit_log_task+0xf4/0x250 [ 130.279717][ T9061] audit_seccomp+0x61/0x100 [ 130.279768][ T9061] ? __seccomp_filter+0x68c/0x10d0 [ 130.279801][ T9061] __seccomp_filter+0x69d/0x10d0 [ 130.279872][ T9061] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 130.279917][ T9061] ? vfs_write+0x75e/0x8e0 [ 130.279952][ T9061] __secure_computing+0x82/0x150 [ 130.279982][ T9061] syscall_trace_enter+0xcf/0x1e0 [ 130.280075][ T9061] do_syscall_64+0xac/0x200 [ 130.280106][ T9061] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 130.280215][ T9061] ? clear_bhb_loop+0x40/0x90 [ 130.280244][ T9061] ? clear_bhb_loop+0x40/0x90 [ 130.280273][ T9061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.280345][ T9061] RIP: 0033:0x7f737f31e929 [ 130.280392][ T9061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.280488][ T9061] RSP: 002b:00007f737d987038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b8 [ 130.280520][ T9061] RAX: ffffffffffffffda RBX: 00007f737f545fa0 RCX: 00007f737f31e929 [ 130.280535][ T9061] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff [ 130.280550][ T9061] RBP: 00007f737d987090 R08: 0000000000000000 R09: 0000000000000000 [ 130.280564][ T9061] R10: 0000000000000019 R11: 0000000000000246 R12: 0000000000000001 [ 130.280579][ T9061] R13: 0000000000000000 R14: 00007f737f545fa0 R15: 00007fff467444c8 [ 130.280603][ T9061] [ 130.526822][ T8983] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 130.540994][ T8983] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 130.551602][ T8983] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 130.570732][ T8925] bridge_slave_1: left allmulticast mode [ 130.576464][ T8925] bridge_slave_1: left promiscuous mode [ 130.582241][ T8925] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.600598][ T8925] bridge_slave_0: left allmulticast mode [ 130.606449][ T8925] bridge_slave_0: left promiscuous mode [ 130.612356][ T8925] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.754103][ T9079] loop3: detected capacity change from 0 to 512 [ 130.760833][ T9079] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 130.771863][ T8925] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 130.773758][ T9079] Cannot find del_set index 3 as target [ 130.788112][ T8925] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 130.800442][ T8925] bond0 (unregistering): Released all slaves [ 130.851540][ T8925] hsr_slave_0: left promiscuous mode [ 130.851572][ T9083] vhci_hcd: invalid port number 96 [ 130.862282][ T9083] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 130.874752][ T8925] hsr_slave_1: left promiscuous mode [ 130.894794][ T8925] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 130.902300][ T8925] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 130.915554][ T8925] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.919725][ T9092] netlink: 'syz.3.2012': attribute type 29 has an invalid length. [ 130.923154][ T8925] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 130.943152][ T8925] veth1_macvtap: left promiscuous mode [ 130.948709][ T8925] veth0_macvtap: left promiscuous mode [ 130.954591][ T8925] veth1_vlan: left promiscuous mode [ 130.960083][ T8925] veth0_vlan: left promiscuous mode [ 130.977308][ T9098] loop3: detected capacity change from 0 to 1024 [ 130.984814][ T9098] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 130.995999][ T9098] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 131.008084][ T9098] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 131.009751][ T36] hid-generic 0000:0004:0000.001F: unknown main item tag 0x0 [ 131.024163][ T36] hid-generic 0000:0004:0000.001F: unknown main item tag 0x0 [ 131.031759][ T36] hid-generic 0000:0004:0000.001F: unknown main item tag 0x0 [ 131.040878][ T9098] EXT4-fs (loop3): orphan cleanup on readonly fs [ 131.047759][ T36] hid-generic 0000:0004:0000.001F: hidraw0: HID v0.00 Device [syz0] on syz1 [ 131.049984][ T9098] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2012: Invalid inode table block 0 in block_group 0 [ 131.072410][ T9098] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 131.082032][ T9098] EXT4-fs error (device loop3): ext4_quota_write:7322: inode #3: comm syz.3.2012: mark_inode_dirty error [ 131.093603][ T9098] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.2012: Failed to acquire dquot type 0 [ 131.105229][ T9098] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2012: Invalid inode table block 0 in block_group 0 [ 131.107028][ T8925] team0 (unregistering): Port device team_slave_1 removed [ 131.118065][ T9098] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 131.134852][ T9098] EXT4-fs error (device loop3): ext4_ext_truncate:4475: inode #15: comm syz.3.2012: mark_inode_dirty error [ 131.149356][ T9098] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2012: Invalid inode table block 0 in block_group 0 [ 131.162328][ T8925] team0 (unregistering): Port device team_slave_0 removed [ 131.170725][ T9098] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 131.180735][ T9098] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 131.193469][ T9098] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2012: Invalid inode table block 0 in block_group 0 [ 131.207196][ T9098] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 131.221422][ T9098] EXT4-fs error (device loop3): ext4_truncate:4597: inode #15: comm syz.3.2012: mark_inode_dirty error [ 131.236046][ T9098] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 131.245215][ T9098] EXT4-fs (loop3): 1 truncate cleaned up [ 131.251700][ T9098] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 131.261693][ T8983] 8021q: adding VLAN 0 to HW filter on device bond0 [ 131.268141][ T9098] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.294516][ T8983] 8021q: adding VLAN 0 to HW filter on device team0 [ 131.312388][ T9103] 9pnet: Could not find request transport: fd0x0000000000000003 [ 131.317907][ T8929] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.327263][ T8929] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.357722][ T8929] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.364938][ T8929] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.383828][ T9053] chnl_net:caif_netlink_parms(): no params data found [ 131.445607][ T9053] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.452839][ T9053] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.466826][ T9053] bridge_slave_0: entered allmulticast mode [ 131.473560][ T9053] bridge_slave_0: entered promiscuous mode [ 131.482471][ T8983] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 131.496418][ T9053] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.503661][ T9053] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.510881][ T9053] bridge_slave_1: entered allmulticast mode [ 131.517855][ T9053] bridge_slave_1: entered promiscuous mode [ 131.527147][ T23] hid-generic 0000:0004:0000.0020: unknown main item tag 0x0 [ 131.534662][ T23] hid-generic 0000:0004:0000.0020: unknown main item tag 0x0 [ 131.542202][ T23] hid-generic 0000:0004:0000.0020: unknown main item tag 0x0 [ 131.550577][ T23] hid-generic 0000:0004:0000.0020: hidraw0: HID v0.00 Device [syz0] on syz1 [ 131.603437][ T9053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 131.633096][ T9053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 131.651016][ T8983] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.684002][ T9053] team0: Port device team_slave_0 added [ 131.696101][ T9053] team0: Port device team_slave_1 added [ 131.729407][ T9053] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 131.736467][ T9053] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.762533][ T9053] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 131.807334][ T9053] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 131.814333][ T9053] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.840455][ T9053] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 131.942371][ T8983] veth0_vlan: entered promiscuous mode [ 131.952162][ T8983] veth1_vlan: entered promiscuous mode [ 131.960835][ T9053] hsr_slave_0: entered promiscuous mode [ 131.966998][ T9053] hsr_slave_1: entered promiscuous mode [ 131.973727][ T9053] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 131.981454][ T9053] Cannot create hsr debugfs directory [ 132.040698][ T8983] veth0_macvtap: entered promiscuous mode [ 132.053611][ T8983] veth1_macvtap: entered promiscuous mode [ 132.065178][ T9152] netlink: 'syz.3.2025': attribute type 29 has an invalid length. [ 132.073809][ T8983] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 132.096603][ T9152] loop3: detected capacity change from 0 to 1024 [ 132.099190][ T8983] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 132.115218][ T9152] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 132.124726][ T9152] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 132.137040][ T9152] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 132.140358][ T8983] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.145797][ T9152] EXT4-fs (loop3): orphan cleanup on readonly fs [ 132.153784][ T8983] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.164879][ T9152] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2025: Invalid inode table block 0 in block_group 0 [ 132.168773][ T8983] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.168808][ T8983] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.201721][ T9152] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 132.214916][ T9152] EXT4-fs error (device loop3): ext4_quota_write:7322: inode #3: comm syz.3.2025: mark_inode_dirty error [ 132.227457][ T9152] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.2025: Failed to acquire dquot type 0 [ 132.239495][ T9152] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2025: Invalid inode table block 0 in block_group 0 [ 132.268668][ T9053] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 132.270476][ T9152] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 132.292576][ T9053] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 132.304506][ T9053] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 132.305751][ T9152] EXT4-fs error (device loop3): ext4_ext_truncate:4475: inode #15: comm syz.3.2025: mark_inode_dirty error [ 132.328379][ T9053] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 132.335787][ T9152] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2025: Invalid inode table block 0 in block_group 0 [ 132.354095][ T9152] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 132.364655][ T9152] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 132.375628][ T9152] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2025: Invalid inode table block 0 in block_group 0 [ 132.386220][ T9169] loop5: detected capacity change from 0 to 1024 [ 132.389895][ T9152] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 132.397453][ T9169] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 132.406667][ T9152] EXT4-fs error (device loop3): ext4_truncate:4597: inode #15: comm syz.3.2025: mark_inode_dirty error [ 132.426442][ T9152] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 132.436112][ T9169] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 132.437880][ T9152] EXT4-fs (loop3): 1 truncate cleaned up [ 132.449172][ T9169] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 132.458173][ T9053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.460499][ T9169] EXT4-fs (loop5): orphan cleanup on readonly fs [ 132.470820][ T9152] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 132.479205][ T9053] 8021q: adding VLAN 0 to HW filter on device team0 [ 132.494166][ T9152] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.498821][ T9169] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.2029: Invalid inode table block 0 in block_group 0 [ 132.515728][ T9053] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 132.526474][ T9053] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 132.534381][ T9169] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 132.547963][ T8928] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.555098][ T8928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.558078][ T9169] EXT4-fs error (device loop5): ext4_quota_write:7322: inode #3: comm syz.5.2029: mark_inode_dirty error [ 132.577996][ T9169] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.2029: Failed to acquire dquot type 0 [ 132.583546][ T8928] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.596497][ T8928] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.607272][ T9169] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.2029: Invalid inode table block 0 in block_group 0 [ 132.621076][ T9169] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 132.634010][ T9169] EXT4-fs error (device loop5): ext4_ext_truncate:4475: inode #15: comm syz.5.2029: mark_inode_dirty error [ 132.646903][ T9177] netlink: 'syz.3.2030': attribute type 4 has an invalid length. [ 132.646922][ T9169] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.2029: Invalid inode table block 0 in block_group 0 [ 132.647051][ T9177] ================================================================== [ 132.647087][ T9169] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 132.647096][ T9177] BUG: KCSAN: data-race in data_push_tail / string [ 132.647155][ T9177] [ 132.647165][ T9177] write to 0xffffffff88e2e698 of 1 bytes by task 9169 on cpu 1: [ 132.647166][ T9169] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 132.647185][ T9177] string+0x187/0x220 [ 132.647222][ T9177] vsnprintf+0x532/0x890 [ 132.647257][ T9177] vscnprintf+0x41/0x90 [ 132.647293][ T9177] printk_sprint+0x30/0x2d0 [ 132.647317][ T9177] vprintk_store+0x599/0x860 [ 132.647342][ T9177] vprintk_emit+0x178/0x650 [ 132.647346][ T9169] EXT4-fs error (device loop5): __ext4_get_inode_loc:4792: comm syz.5.2029: Invalid inode table block 0 in block_group 0 [ 132.647366][ T9177] vprintk_default+0x26/0x30 [ 132.647392][ T9177] vprintk+0x1d/0x30 [ 132.647425][ T9177] _printk+0x79/0xa0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 132.647462][ T9169] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 132.647459][ T9177] __ext4_error+0x248/0x320 [ 132.647488][ T9177] __ext4_get_inode_loc+0x374/0x930 [ 132.647516][ T9177] ext4_reserve_inode_write+0xd7/0x250 [ 132.647552][ T9177] ext4_orphan_del+0x185/0x710 [ 132.647584][ T9177] ext4_truncate+0x88d/0xad0 [ 132.647604][ T9177] ext4_process_orphan+0x110/0x1c0 [ 132.647633][ T9177] ext4_orphan_cleanup+0x6a8/0xa00 [ 132.647668][ T9169] EXT4-fs error (device loop5): ext4_truncate:4597: inode #15: comm syz.5.2029: mark_inode_dirty error [ 132.647667][ T9177] ext4_fill_super+0x3171/0x34e0 [ 132.647697][ T9177] get_tree_bdev_flags+0x28e/0x300 [ 132.647725][ T9177] get_tree_bdev+0x1f/0x30 [ 132.647749][ T9177] ext4_get_tree+0x1c/0x30 [ 132.647774][ T9169] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 132.647777][ T9177] vfs_get_tree+0x57/0x1d0 [ 132.647799][ T9177] do_new_mount+0x207/0x680 [ 132.647821][ T9177] path_mount+0x4a4/0xb20 [ 132.647841][ T9177] __se_sys_mount+0x28f/0x2e0 [ 132.647861][ T9177] __x64_sys_mount+0x67/0x80 [ 132.647881][ T9177] x64_sys_call+0xd36/0x2fb0 [ 132.647910][ T9177] do_syscall_64+0xd2/0x200 [ 132.647938][ T9177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.647943][ T9169] EXT4-fs (loop5): 1 truncate cleaned up [ 132.647965][ T9177] [ 132.647973][ T9177] read to 0xffffffff88e2e698 of 8 bytes by task 9177 on cpu 0: [ 132.647995][ T9177] data_push_tail+0xfd/0x420 [ 132.648033][ T9177] data_alloc+0xbf/0x2b0 [ 132.648069][ T9177] prb_reserve+0x808/0xaf0 [ 132.648108][ T9177] vprintk_store+0x56d/0x860 [ 132.648132][ T9177] vprintk_emit+0x178/0x650 [ 132.648156][ T9177] vprintk_default+0x26/0x30 [ 132.648181][ T9177] vprintk+0x1d/0x30 [ 132.648223][ T9177] _printk+0x79/0xa0 [ 132.648256][ T9177] __nla_validate_parse+0x1227/0x1d00 [ 132.648280][ T9177] __nla_parse+0x40/0x60 [ 132.648304][ T9177] rtnl_setlink+0xd2/0x420 [ 132.648335][ T9177] rtnetlink_rcv_msg+0x5fe/0x6d0 [ 132.648363][ T9177] netlink_rcv_skb+0x120/0x220 [ 132.648391][ T9177] rtnetlink_rcv+0x1c/0x30 [ 132.648423][ T9177] netlink_unicast+0x5a1/0x670 [ 132.648429][ T9169] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 132.648448][ T9177] netlink_sendmsg+0x58b/0x6b0 [ 132.648476][ T9177] __sock_sendmsg+0x142/0x180 [ 132.648504][ T9177] sock_write_iter+0x165/0x1b0 [ 132.648531][ T9177] do_iter_readv_writev+0x421/0x4c0 [ 132.648559][ T9177] vfs_writev+0x2df/0x8b0 [ 132.648594][ T9177] do_writev+0xe7/0x210 [ 132.648624][ T9177] __x64_sys_writev+0x45/0x50 [ 132.648646][ T9177] x64_sys_call+0x2006/0x2fb0 [ 132.648670][ T9177] do_syscall_64+0xd2/0x200 [ 132.648692][ T9177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.648715][ T9177] [ 132.648722][ T9177] value changed: 0x00000000ffffef57 -> 0x393230322e352e7a [ 132.648739][ T9177] [ 132.648746][ T9177] Reported by Kernel Concurrency Sanitizer on: [ 132.648763][ T9177] CPU: 0 UID: 0 PID: 9177 Comm: syz.3.2030 Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(voluntary) [ 132.648794][ T9177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.648811][ T9177] ================================================================== [ 132.649197][ T9169] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.671439][ T9177] netlink: 'syz.3.2030': attribute type 4 has an invalid length. [ 132.724711][ T9053] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.735107][ T8925] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.389014][ T8925] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.741792][ T8925] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.791590][ T8925] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.862688][ T8925] bridge_slave_1: left allmulticast mode [ 134.868419][ T8925] bridge_slave_1: left promiscuous mode [ 134.874143][ T8925] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.881905][ T8925] bridge_slave_0: left allmulticast mode [ 134.887604][ T8925] bridge_slave_0: left promiscuous mode [ 134.893398][ T8925] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.982820][ T8925] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 134.994414][ T8925] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 135.004551][ T8925] bond0 (unregistering): Released all slaves [ 135.043912][ T8925] hsr_slave_0: left promiscuous mode [ 135.049638][ T8925] hsr_slave_1: left promiscuous mode [ 135.055550][ T8925] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 135.063130][ T8925] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 135.070878][ T8925] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 135.078369][ T8925] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 135.089559][ T8925] veth1_macvtap: left promiscuous mode [ 135.095183][ T8925] veth0_macvtap: left promiscuous mode [ 135.100671][ T8925] veth1_vlan: left promiscuous mode [ 135.106018][ T8925] veth0_vlan: left promiscuous mode [ 135.183010][ T8925] team0 (unregistering): Port device team_slave_1 removed [ 135.193338][ T8925] team0 (unregistering): Port device team_slave_0 removed [ 135.687544][ T8925] bridge_slave_1: left allmulticast mode [ 135.693230][ T8925] bridge_slave_1: left promiscuous mode [ 135.699028][ T8925] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.706946][ T8925] bridge_slave_0: left allmulticast mode [ 135.712587][ T8925] bridge_slave_0: left promiscuous mode [ 135.718305][ T8925] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.808520][ T8925] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 135.819190][ T8925] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 135.828951][ T8925] bond0 (unregistering): Released all slaves [ 135.870222][ T8925] hsr_slave_0: left promiscuous mode [ 135.875978][ T8925] hsr_slave_1: left promiscuous mode [ 135.881743][ T8925] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 135.889258][ T8925] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 135.943192][ T8925] team0 (unregistering): Port device team_slave_1 removed [ 135.952945][ T8925] team0 (unregistering): Port device team_slave_0 removed