last executing test programs: 17.668308366s ago: executing program 0 (id=575): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100), 0x6, 0x4eb, &(0x7f0000000a40)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0) pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000180)='B', 0x1}], 0x1, 0x5, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42042, 0x143) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@remote}) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_mptcp_buf(r4, 0x11c, 0x3, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x80fe) ftruncate(r1, 0xffffffffffffffff) fallocate(r1, 0x8, 0x0, 0x8000) 17.411749228s ago: executing program 0 (id=577): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x7) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000300)={{0x1, 0x1, 0x18, r1, {0x6}}, './file0\x00'}) recvfrom$unix(r3, &(0x7f0000000340)=""/50, 0x32, 0x10000, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000008c0)=ANY=[@ANYRES16, @ANYRESDEC=r0, @ANYRES16, @ANYRESHEX=r1, @ANYRESHEX=r3, @ANYRESDEC, @ANYBLOB="89d745686ddaeb4358fba34ed3202d2480eb6d645c06a6a3c0b69b174a10c05b341a4487a6173d2c90ab6217f292f752cd91b825959c799d8587d4354fb5f92a42662bd2f29b6589ad3e3728f3c3458c9e73b40156ebecaf314f1ea9defa4bb8332c0dae06a79fe9b449ff280c4af713b856ca1be8b02d797e1d6502e77648bd59706bbebd520863e06a47443808f21900817d2bb800928bf24e2051"], 0x48) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0x8000) semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000000)=""/250) clock_adjtime(0x4, &(0x7f0000000040)={0x37db, 0x0, 0xfffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffc99a3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x5}) ioctl$SG_SET_TIMEOUT(0xffffffffffffffff, 0x2201, 0x0) unshare(0x68040200) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) openat$nci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) 16.422354154s ago: executing program 0 (id=583): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r0, 0x26, &(0x7f0000000000)={0x1}) fcntl$lock(r0, 0x7, &(0x7f00000006c0)={0x0, 0x0, 0xac1d}) fcntl$lock(r0, 0x25, &(0x7f00000000c0)) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="090d0000000000f0ff0014"], 0x58}}, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x84, r2, 0x1, 0x70bd2b, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_REKEY_DATA={0x70, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "828f92090310ae88"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="7020534fc8d426df6e61a6efe9b7a62775a2d136e37a703df95665e947814c21"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="43f68866f92b136aa310cf93f4e83d99"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "c92b9dbd7f8220d0"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xdd8e}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "1b2b8ce6095f6d93"}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x20810}, 0x20000000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000030000000900010073797a300000000040000000030a03000000000000000000030000000900030073797a30000000000900010073797a30000000ffff0004800800024000000000080001400000000028000000000a01040000000000000100"], 0xb0}}, 0x0) 16.059969957s ago: executing program 0 (id=586): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x2000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000540)={{0x1, 0x2}}) close(r3) sendmsg$NL80211_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x1c, r1, 0x100, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x48081}, 0x0) gettid() syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100), 0x2, 0x500, &(0x7f0000000500)="$eJzs3U9sI1cZAPBvJn/sTdMmhR4AFbqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmgMQBqSfuSBzgxqUckAqsQA0SByOP7V3njzfWbmzvxr+fNJo38+L53tvRvGd91s4LYGJdj4ijiJiNiPcjYqFzPuls8XZ7a/3dZ/fvrh3fv7uWRLP53j+TrL51Lno+0/Jc55r5iPjBOxE/Sk4F/VNE/eBwe7VSKe91ThUb1d1i/eDw1lZ1dbO8Wd4plVaWV5bevP1G6dL6+kr1N59ei4jf/+7Ln/zx6Fs/aTVrvlPX24/L1O76zIM4LdMR8b1hBBuDqU5/Zh/nw4/1IS5TGhGfi4hXs+d/Iaayu3nSydv07RG2DgAYhmZzIZoLvccAwFWXZjmwJC10cgHzkaaFQjuH91LMpZVavXFzo7a/s97OlS3GTLqxVSkvdXKFizGTbGxNl5ezcve4Ui6dOr4dES9GxM9y17Ljwlqtsj7OLz4AMMGeOzX//yfXnv8BgCsu/7CYG2c7AIDRyY+7AQDAyJn/AWDymP8BYPKY/wFg8pj/AWDymP8BYKJ8/913W1vzuPP+6/UPDva3ax/cWi/XtwvV/bXCWm1vt7BZq21m7+ypXnS9Sq22u/x67H9YbJTrjWL94PBOtba/07iTvdf7TnlmJL0CAB7lxVc+/ksSEUdvXcu26Hnf/4Vz9cvDbh0wTOm4GwCMzdS4GwCMzdnVvoBJIR8P9CzRe6/ndP5M4bSPBrp8at1QePrc+OIT5P+BZ5r8P0yux8v/+y4PV4H8P0yuZjOx5j8ATBg5fiC5oL739/+lZs/BYL//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJU0n21JWuisBT4faVooRDwfEYsxk2xsVcpLEfFCRPw5N5NrHS9HhHWDAOBZlv496az/dWPhtfnTtbO5/+ayfUT8+Bfv/fzD1UZjbzliNvnXg/ONjzrnS+NoPwBwke483Z3Huz67f3etu42yPZ9+p724aCvucWdr10zHdLbPZ7mGuX8nneO21veVqUuIf3QvIr5wXv+TLDey2Fn59HT8VuznRxo/PRE/zera+9a/xecvoS0waT5ujT9vn/f8pXE925///OezEerJdce/4zPjX/pg/JvqM/5dHzTG63/47pmTzYV23b2IL01HHHcv3jP+dOMnfeK/NmD8v778lVf71TV/GXEjzut/ciJWsVHdLdYPDm9tVVc3y5vlnVJpZXll6c3bb5SKWY662M1Un/WPt26+0C9+q/9zfeLnL+j/1wfs/6/+9/4Pv/qI+N/82vn3/6VHxG/Nid8YMP7q3G/z/epa8df79P+i+39zwPif/O1wfcA/BQBGoH5wuL1aqZT3hl1Ihx8iKyQRRyPoTruQ+/VP3xlVrCEW4ulohsLTVBj3yAQM28OHftwtAQAAAAAAAAAAAAAA+hnFfycadx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//5iA1Hs=") r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8936, &(0x7f0000000300)={@empty, 0xb}) syz_clone(0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x2000, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r4, 0x2401, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r4, 0x2401, 0x80ffff) r6 = open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x86) pwritev2(r6, 0x0, 0x0, 0x7800, 0x0, 0x3) 15.755725238s ago: executing program 0 (id=591): r0 = io_uring_setup(0x177d, &(0x7f00000002c0)={0x0, 0x698c, 0x80, 0x3, 0xfffffffe}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000000)={0x1}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112}) close_range(r0, 0xffffffffffffffff, 0x200000000000000) 15.55198071s ago: executing program 0 (id=593): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x7) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000300)={{0x1, 0x1, 0x18, r1, {0x6}}, './file0\x00'}) recvfrom$unix(r3, &(0x7f0000000340)=""/50, 0x32, 0x10000, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000008c0)=ANY=[@ANYRES16, @ANYRESDEC=r0, @ANYRES16, @ANYRESHEX=r1, @ANYRESHEX=r3, @ANYRESDEC, @ANYBLOB="89d745686ddaeb4358fba34ed3202d2480eb6d645c06a6a3c0b69b174a10c05b341a4487a6173d2c90ab6217f292f752cd91b825959c799d8587d4354fb5f92a42662bd2f29b6589ad3e3728f3c3458c9e73b40156ebecaf314f1ea9defa4bb8332c0dae06a79fe9b449ff280c4af713b856ca1be8b02d797e1d6502e77648bd59706bbebd520863e06a47443808f21900817d2bb800928bf24e2051"], 0x48) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0x8000) semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000000)=""/250) clock_adjtime(0x4, &(0x7f0000000040)={0x37db, 0x0, 0xfffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffc99a3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x5}) ioctl$SG_SET_TIMEOUT(0xffffffffffffffff, 0x2201, 0x0) unshare(0x68040200) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) openat$nci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) 15.49797054s ago: executing program 32 (id=593): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x7) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000300)={{0x1, 0x1, 0x18, r1, {0x6}}, './file0\x00'}) recvfrom$unix(r3, &(0x7f0000000340)=""/50, 0x32, 0x10000, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000008c0)=ANY=[@ANYRES16, @ANYRESDEC=r0, @ANYRES16, @ANYRESHEX=r1, @ANYRESHEX=r3, @ANYRESDEC, @ANYBLOB="89d745686ddaeb4358fba34ed3202d2480eb6d645c06a6a3c0b69b174a10c05b341a4487a6173d2c90ab6217f292f752cd91b825959c799d8587d4354fb5f92a42662bd2f29b6589ad3e3728f3c3458c9e73b40156ebecaf314f1ea9defa4bb8332c0dae06a79fe9b449ff280c4af713b856ca1be8b02d797e1d6502e77648bd59706bbebd520863e06a47443808f21900817d2bb800928bf24e2051"], 0x48) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0x8000) semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000000)=""/250) clock_adjtime(0x4, &(0x7f0000000040)={0x37db, 0x0, 0xfffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffc99a3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x5}) ioctl$SG_SET_TIMEOUT(0xffffffffffffffff, 0x2201, 0x0) unshare(0x68040200) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) openat$nci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) 5.403334995s ago: executing program 1 (id=691): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) 5.356356405s ago: executing program 1 (id=693): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x7) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000300)={{0x1, 0x1, 0x18, r1, {0x6}}, './file0\x00'}) recvfrom$unix(r3, &(0x7f0000000340)=""/50, 0x32, 0x10000, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000008c0)=ANY=[@ANYRES16, @ANYRESDEC=r0, @ANYRES16, @ANYRESHEX=r1, @ANYRESHEX=r3, @ANYRESDEC, @ANYBLOB="89d745686ddaeb4358fba34ed3202d2480eb6d645c06a6a3c0b69b174a10c05b341a4487a6173d2c90ab6217f292f752cd91b825959c799d8587d4354fb5f92a42662bd2f29b6589ad3e3728f3c3458c9e73b40156ebecaf314f1ea9defa4bb8332c0dae06a79fe9b449ff280c4af713b856ca1be8b02d797e1d6502e77648bd59706bbebd520863e06a47443808f21900817d2bb800928bf24e2051"], 0x48) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0x8000) semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000000)=""/250) clock_adjtime(0x4, &(0x7f0000000040)={0x37db, 0x0, 0xfffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffc99a3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x5}) unshare(0x68040200) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) openat$nci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) 4.441959591s ago: executing program 1 (id=703): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000300)={{0x1, 0x1, 0x18, r0, {0x6}}, './file0\x00'}) recvfrom$unix(r2, &(0x7f0000000340)=""/50, 0x32, 0x10000, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$SG_SET_TIMEOUT(0xffffffffffffffff, 0x2201, 0x0) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) getpgrp(0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) 3.546607297s ago: executing program 1 (id=713): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffd}]}) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x5051c2, 0x23) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8042, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), r1) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, r2, 0x1, 0x7ffffc, 0x25dfdbfb, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0xfd}]}, 0x28}}, 0x8000) fcntl$setlease(r0, 0x400, 0x1) fcntl$getflags(r0, 0x401) syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000000c0), 0x2, 0xbd1, &(0x7f0000002380)="$eJzs3M1rHOcZAPBnRquVbKtduZRS91KVUmwoXUsuMrUp1C4uvfRQaK8Fq/LKCK0/kFRcyTqskn8gX+dALoEkJiGH+OxLQnLNJbGvCTkETFCsBEJIFGY/pI2lleR4V6PIvx+8mvedd7TP8+ywO/PC7gbwxBrJ/qQRxyLiYhJRau5PI6JY7w1G1BrHra4sTX65sjSZxNravz5LIomIBytLk63HSprbI83BYES8/9ckfvb05rhzC4szE9VqZbY5Pjl/5frJuYXFP0xfmbhcuVy5Onb6T+Onxk+PnhnvWq1ffXTu9he/+fsnta9f/ebW58+/nMS5GGrOtdfRLSMxsv6ctCtExES3g+Wkr1lPe51JYYd/SnucFAAAHaVt93C/iFL0xcbNWyne/iDX5AAAAICuWOuLWAMAAAAOuMT6HwAAAA641ucAHqwsTbZavp9I2Fv3z0fEcKP+1WZrzBSiVt8ORn9EHH6QRPvXWpPGvz22kYj4+N6ZN7IWPfoe8nZqyxHxy63Of1Kvf7j+Le7N9acRMdqF+CMPjX9M9Z/rQvy86wfgyXTnfONCtvn6l67f/8QW17/CFteuHyLv61/r/m910/3fRv19He7//rnLGDdfefFGp7ms/j/f/tvrrZbFz7aPVdQjuL8c8avCVvUn6/UnHeq/uMsYpW9vVDrN5V3/2ksRx2Pr+luS7X+f6OTUdLUy2vi7ZYzl98Zf6xQ/7/qz83+4Q/2t33/qdP6v7zLGfy5ceHPTznsb3e3rTz8tJv+u94rNPf+fmJ+fHYsoJv/YvP/U9rm0jmk9Rlb/id9u//rfqv7sPaHWfB6ytcByc5uNn3oo5l9u3XyrUz6t9V+e5/9Sh/PfXv+7hc3n/5ldxvjdO8+d6DTXvv7NWha/tRYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJY0IoYiScvr/TQtlyOORMTP43BavTY3//upa/+7eimbixiO/nRquloZjYhSY5xk47F6f2N86qHxHyPiaES8UDpUH5cnr1Uv5V08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA645ExFAkaTki0ohYLaVpuZx3VgAAAEDXDeedAAAAANBz1v8AAABw8Fn/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0GNHf33nbhIRtbOH6i1TbM7155oZ0Gtp3gkAuenLOwEgN4W8EwBy84hrfLcLcAAlO8wPdpwZ6HouAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxfx4/duZtERO3soXrLFJtz/blmBvRa2tZPcswD2Ht9200W9i4PYO95icOTyxof2GntP7hxTO37MwM9ywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/Weo3pK0HBHF5r5yOeInETEc/cnUdLUyGhE/jYgPS/0D2Xgs55wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADovrmFxZmJarUym3XSaHbW9/Sg09eM3MMQvekkjbxr+yWfg90ZeHanY/4bjxmiGPui0n3ayfNdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvMwtLM5MVKuV2bm8MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyNrewODNRrVZme9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzXQAAAP//jAsGRw==") r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5, 0x0, 0x318a054d}, 0x18) r6 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f0000000180)={0x0, 0x2}, 0x8) sendto$inet6(r6, &(0x7f0000000040)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) shutdown(r6, 0x1) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x9100, &(0x7f0000001dc0)={0xf, 0x70, 0x100000}, 0x20) 3.248431239s ago: executing program 1 (id=717): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x880, &(0x7f0000000300)=ANY=[@ANYBLOB='shortname=lower,iocharset=iso8859-1,fmask=00000000000000000000066,uni_xlate=1,uni_xlate=0,fmask=00000000000000000000003,uid=', @ANYRESHEX=0x0, @ANYBLOB=',uni_xlate=0,utf8=1,check=strict,nonumtail=0,rodir,errors=continue,shortname=lower,umaQk=00000000000000000000007,rodir,sys_immutable,\x00'], 0x4, 0x2bf, &(0x7f0000000900)="$eJzs3U9rI2UcB/DfpMkkrmBy8CSCA3rwtGz36iVFdkHsySUH9aDF3QVpgtBCwT8Ye/LqxYMHX4Eg+EK8+A4Er4I3KxRGZjLTJG1Mk9K06n4+l/76zPOd+c3ToZ0e+vTDl0f7j7N4evzFr9HpJNHoRz9OkuhFI2pfxZz+NwEA/Jed5Hn8kU+sk0siorO5tgCADVrx5/8LZ9VPN9IWALBBj9597+2d3d0H72RZJx6Ovj4aFL/ZFx8nx3eexscxjCdxL7pxGlG+KLSifFsoyod5no+bWaEXr43GR4MiOfrg5+r8O79HlPnt6EavHDp72yjzb+0+2M4mZvLjoo871fX7Rf5+dOPFs/Bc/v6CfAzSeP3Vmf7vRjd++Sg+iWE8LpuY5r/czrI382///Pz9or0in4yPBu1y3lS+dcNfGgAAAAAAAAAAAAAAAAAAAAAA/sfuVnvntKPcv6cYqvbf2TotPmlFVuvN788zySf1iWb3B8rzfJzH9/X+OveyLMuridN8M15qRvN27hoAAAAAAAAAAAAAAAAAAAD+XQ4//Wx/bzh8cnAtRb0bQDMi/noUcdXz9GdGXonlk9vVNfeGw0ZVzs9pzo7EVj0niVjaRnET17QslxXPXei5Kn74cd0Tdi6f01p8rSsVdxavYf107e8li9ewHfVIp3pIvksjpnPSWLGN9J8O5bHO45cuPNRde1nS58tivGROJMsae+O3ycpVI8n5u0jLVV0Yb1XFTPzcs7HS8xydSfzi94rEbh0AAAAAAAAAAAAAAAAAALBR07/+XXDweGm0kbc31hYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3Kjp//9foxhX4RUmp3FweMu3CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDPg7wAAAP//Ui1bwQ==") bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003f80)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES64=0x0, @ANYRESDEC=r0, @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES32=0x0], 0x1, 0x2f4, &(0x7f0000000900)="$eJzs3M9PE1sUwPHTn7QlUBYv7+W95IUb3ehmAtW10hhIjE0kSI0/EpMBptp0bEmnwdQY0ZVb4x/hgrBkR6L8A2zc6caNOzYmLmRhrOn8oKVMKYVKEb6fhMxhzj3tvZ2SnNt02Lrz+nEhZ2k5vSLBmJKAiMi2yIgExRNwj0E7jkqzF3Jx8NvH/2/dvXcjnclMzig1lZ69lFJKDY++e/Is7g5bH5DNkQdbX1NfNv/e/Hfr5+yjvKXyliqWKkpXc6XPFX3ONNRC3ipoSk2bhm4ZKl+0jLKTLzn5nFlaXKwqvbgwlFgsG5al9GJVFYyqqpRUpVxVoYd6vqg0TVNDCUEn2ZWZGT19yOL5Hk8Gv0m5nNZDIhLfk8mu9GVCAACgr1r7/6CoXvb/q+c2KoO314bd/n896tf/X/7kPNau/j8mIr79v/f8vv2/3l3/v7cjOluO1P/jZBiN7jkVaIT1ZDmtJ9y/X9vL+6tjdkD/DwAAAAAAAAAAAAAAAAAAAADAn2C7VkvWarWkd/R+6rmYiDT/3iIkIlePf8bopXbXf6Dz9ccp0LhxLzwsYr5ayi5lnaM7YENETDFkTJLyw34/uOqxd+eRqhuR9+ayW7+8lA3ZmXRO8nb9uCQj0lpfq01dz0yOK8fu+ogkmutTkpS//OtTvvVRuXC+qV6TpHyYl5KYsmDPo1H/fFypazczLfVxexwAAAAAAKeBpnb47t81rV3eqd/ZX7d+PhBq7K/HfPfnYfkv3N+1AwAAAABwVljVpwXdNI3yPkFcOo9xgsgBxrQG4W4GdxF4Kzxolfddhh5P42CB9+S7UjH3ZM9flkAXL0ubICiHqRqtr0YddRXex0btxsj0xPFfQTv4583b7717wCtrsQ4rPXwQ2v8NEHG//gUAAADgFGk0/d6Zif5OCAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAM+g4/jtav9cIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnBS/AgAA//9p2gTn") bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x18) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000980)=[{{&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, 0x0}}], 0x1, 0x20004000) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r4, 0x0, 0x5}, 0x18) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="757466382c626c6f636b3d307830303030303030303030303030323030006e6f726f636b2c63727566742c6d61703d6f66662c646d6f64653d3078303430303030303030303030303063664173657373696f6e3d3078303030303030303030303030303033382c756e686964652c756e686964652c6769643d29e0cd5c372ab078c28fb05c6421428d066455368833565fd726743513f4466efa8d4fba06d57341875f5775ab343c0f6bc59fbde784ec3597e0e286d8d0dbf360afa3bc5c145b6e4f8b0305932fb55ff13f9fcb5035769f5fca33ac02bdeacb24c58103edc3d8b46df7614aa493952584ee662174309b11a4ad19e64dcdeeca1c148170b8d1aaf26082364b0d90d63d8502ffa63dde945e4612ac134315f389af667a04931ad25ff10b9b5107e517dbbcf5dcb60f564f54b344218d9325b53e829c38c96c69adc9e745202923a1b8124333cce0a8f1c748d42a272eb3e5502051090f1ac34fe5e8f038", @ANYRESHEX=0x0, @ANYRES64, @ANYRESOCT, @ANYRES8=r3, @ANYRESOCT, @ANYRES32=0x0], 0x2, 0x699, &(0x7f0000000140)="$eJzs3V9rG9n9x/HPyLIte3+E5dcSQsifk6QLDk2VkbxxMCl01dHInlbSiBm52FBY0o29hMjZNkmh8c3WN/0D2yfQu970og+i0Ot9Fr0pLSztXaE3KnNmJEvRv3ijOLvN+2V2NTrznTnfmaPoy9iaIwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADle1XVLjupBc2fXTOZVo7AxZX26t0XdTBduzuxXcpL/VCjoQtp04Zsnq88n/7uuS+mzSyokDwUdvXP+3XvfyOd6209J6MvQaXf49PnRo/udzv6Tl4hd0Kl3/yYp11taycZkTNCW3wziMGhUtnwTxKHZ3Nhwb2/XYlML6n68F7f9hvEiP9cOI7Pm3TSlzc114xf3wp3mVrVS93uNd79Tdt0N84PldKAlFWNvO6jXg+aWjUlWJzF3zWc/TgP8SsOYg4ed/fVZR5IElV4mqDwrqOyWy6VSuVzauLN5567r5kca3ITj9mkkYu4vWnzNzOeNG5iDXFL//+pIdRXU1I52Zcb+eKoqUqjGhPWZXv1/77Y/td/B+t+r8hek72WrL8rW/yvpsyuT6v+EXIyM3WDcGmdC++l+Fm1GRk/1XEd6pPvqqKN9PZnDvo3M1bns5Qx+tuSrqUCxQgVqqGJbTNZitKkNbcjVh9pWTbGMagpUl69Ye4rVlm9fUZ4i+aqorVCRjNbk6aaMStrUptZl5KuoPYXaUVNbqqqif3e73QM9tOd9fUqO6gWVJgQsDwaVp+xpUv3/yafp6zSr/y71/22Vvg6W04fPp8UAXwHd7Pp/UG72ZldfX0YAAAAAAGDeHPvbd8f+7f6ypK5qQd1333RaAAAAAABgjhx1l3VJTnL9L+myHK7/AQAAAAD4X+PYe+wcSav2Q/3OyZ1QL/NLgIUzSBEAAAAAALwie+f/lSWpayetuCrnVNf/AAAAAADga+A3A3Ps53tz7HZ7f9bPSYpby86f/7msaNE5bu1+yzmsJGsqh1nMyCcA2rWLzrlsol77sCTJPvP8S07WWzYJZn/ewS8OZs3170QvJLC0MLiDCQk4Sc8b+eyZPtO1dJNr2TzzD45ysmvSXlZrQd0vemH9XkmVyrlc299t//zxw19IUf84Dx529osffdJ5YHM5TpqOD5OdfjqUTm78yTjJ5Zmdb8HeczHuiFdU63X522Zj1bH9ur3jX1DlMDfY0bQBOOnzV7qejtn11TR29ag/435y/IXk+EtFO2RDRx8tOidZlF488nEDMSGLgs3iRhpzY+2Gyn9Ll/ujkHMK316QysXRMRjKojyYxexz4fxr5FwMZGEfemsGzsV6ksVfkh1NyGL9dFmMjAgAvCkHuiz7LnRZdhLzfhUqZHW3Vx56b2pfqu7Mru4fDFf3Z7/vdu0GC1I++9vE1F4KSt7R1xxbh5bSQ8pfHPOO7mZ1paAJ7+juK1S3pK8/nXwHUpb2SBb/6Xa790q239+9UFX/MNTdSL9xvbyQnMLbzw5/aifAT3y8//H+43J5fcN933XvlLVoDyN7WBC1BwAwYvZ37MyMcN7XtTTi2oN/vJcuDVW8/+9/pKCoj/SJOnqgW72vELg6fq+rAx9DuJVetWrgqtWcf/ee/V664diSbk28qrO1dCC23I9dVG+T4Up9Erv+mkcBAICzdX1GHR5f/wtD9f+W1tKItYtjr7uHa3l2ddy/pJ8UW5qd/AfzPhsAALwd/OgLZ7X9ayeKgtaHpc3NUqW97Zso9H5ooqC65Zug2fYjb7vS3PJNKwrboRfWTSvSclD1YxPvtFph1Da1MDKtMA527Te/m+yr32O/UWm2Ay9u1f1K7BsvbLYrXttUg9gzrZ3v14N424/sxnHL94Ja4FXaQdg0cbgTeX7RmNj3BwKDqt9sB7UgWWyaVhQ0KtGe+VFY32n4purHXhS02mG6w15fQbMWRg2722K+O+7zAgAAvHWePj96dL/T2X/y4sJKcmmethxrQszowpKePk+uypOWfLaKOYIAAPiKOSngp9io8BoTAgAAAAAAAAAAAAAAAAAAAAAAI2bf0nfKhcVxNwtK/Zafncta9Eud3GI4sh9H807sNAu5027VuyXi6NHnU4JX+i290z8Yc3xmB/j3/5PesS1KW/Lz72tlyuC+joXvHqRndGJMsnLsquX+WOTn/88hWXj8xwmrut1ud/rmy8PncGnaAQ4v5CU9WXqFITj79yIAZ+u/AQAA//9b5DOa") r5 = memfd_create(&(0x7f0000001cc0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc0sr\x95\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\x00\x01\x00\x00\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000003c0)='kmem_cache_free\x00', r6}, 0x18) faccessat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x2) write$binfmt_script(r5, &(0x7f0000000300)={'#! ', './file0'}, 0xb) execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) splice(r2, 0x0, r1, 0x0, 0x6, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x3ff) bpf$MAP_CREATE(0x0, 0x0, 0x48) fcntl$setstatus(r1, 0x4, 0x7c00) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7020000140000e0b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) 3.01561711s ago: executing program 4 (id=720): socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) socket(0x80000000000000a, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="000000006b840000b70800000000e7057b01739dde735cef17609f117563de8af8ff00000000bfa200000000000007020000f8ffffffb703000008020000000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000000000690000993d300c", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000008600"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000202070"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = syz_io_uring_setup(0x24fd, &(0x7f00000003c0)={0x0, 0x20, 0x14100}, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast1}}, 0x80, &(0x7f00000000c0)}, 0x0, 0x80840, 0x1}) io_uring_enter(r5, 0x1d2d, 0x0, 0x0, 0x0, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000004c0)={'veth0_to_bridge\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendto$packet(r8, &(0x7f00000002c0)="14419e5465f0006fc8afa8e40800", 0xe, 0x1, &(0x7f00000000c0)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @multicast}, 0x14) r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r10, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df}) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000003d040000000000000000ffe200000000000006"], 0x50) syz_emit_ethernet(0x8a, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaac4bc9cac008686dd600000000054060000000000000000000000ffff07000000fe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50e2000090780000080a0000000000000000030a0000000000000000fe08f989e8e82b840502000b317275"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r10, 0x40505330, &(0x7f00000001c0)={0x800000, 0x80, 0xfdfffffd, 0x5, 0x4000, 0x7}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r10, 0x40505330, &(0x7f0000000300)={0x800080, 0x810000, 0x2, 0xfff, 0xfd, 0x4}) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000180)={0x101, 0x4, 0x1f4bf1ba, 0x0, r11}, 0x10) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) 2.936821991s ago: executing program 4 (id=722): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x2, &(0x7f0000002400)) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r1, 0x0, 0x10001}, 0x18) io_setup(0x5, &(0x7f0000000e80)) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000f80)={[{@sysvgroups}, {@orlov}, {@nogrpid}, {@init_itable}, {@auto_da_alloc}, {@grpjquota, 0x2e}, {@oldalloc}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4c9, &(0x7f0000001900)="$eJzs3MtrHdUfAPDvTF59J+2vv0cfPxutYrCatGnVLlyoKHQjCLrQjRDTtNSmrTQRbCm2FalL8S9Ql4Lgyo0rBRF1pbjVvQhFuml1IVfmzkw6yc29vTePRnM/H5jknHnknO+ZOfeeO+dOAuhaw9mPJGJLRPwUEYN5dv4Ow/mvWzcuTf5+49JkErXaC78l9f1u3rg0We5aHre5yIykEek7SexZpNyZCxdPT0xPT50v8mOzZ14fm7lw8ZFTZyZOTp2cOjt+9OiRw4cef2z80RWJM4vr5u63zu3ddezl95+brMWr336S1XdLsb0aR25o2WUOx/CGiKhlbq/tr/98YNl//e9layWd9K5hRehIT0Rkp6uv3v8Hoydun7zBePbtucxXa1RBYNVk703bG9b2FL/T/M0LWKcSfRy6VPmOn33+LZe7Of5Ya9efyu9VZHHfKpZ8S2+k2aah/BN7T5Pj/7PM8rdExEtX/vggW2LR+xAAACvri2z88/Bi47903thmWzGHMhQRByJiR0T8KyJ2RsS/i3HQfyPifx2WP7wg3zj++WHjkgJrUzb+e6KY28qXV+bizyVzua31+PuSE6empw4WbTISfQMn7lDDL5/58b1m24Yr479syepQjgWLevzaOzD/mOMTsxNLjXeh61cjdvdW4y/bP5mbCchaYFdE7F7C38/a7NRDH+/N0ts2N25vjD8baVfjb2EF5plqH0U8mJ//K7Eg/lKSl9RsfnJsQ0xPHRwrr4pG331/7flqvq+SzuOvRNJGTBs6D7Op7PxvisXPf13ZDcr52pnOy7j287tNP9M0nv8ka4+K4vqv9LHs+u9PXqyn+4t1b07Mzp4/FNFfrJi3fvz2sWW+3D+Lf2T/YvGn2Wvcnx8Wx+2JiOwi/n9E3BMR+4q63xsR90XE/hbxf/P0/a+1bqFW/X91ZfEfb3X+I4aS6nx9Y6I3mm7KEz2nv/68Wfntvf4dqadGijXtvP61qM68xHLaDgAAAP4p0vocdJKOlunKzamdsSmdPjcze2A43jh7PJ+rHoq+tLzTNVi5H3qouDdc5scX5A9HxPb6N4021vOjk+emt65l4ED9WZ15/T/SdHQ03/ZLsy+9AOtHR/No1acDP/1s5SsD3FWe14Tupf9D99L/oXvp/9C9Fuv/lyNurUFVgLvM+z90r876v1cLWE/0aOhe+j90pcZH4st/tNDe8/PNEjuOLevwVU/UBlflL1/p/KiemQtXV7AaEVH/9xlZIlrvXBvIv825tLIibb1P/x1KzxOX1+YCSO+4z5NLbJYOEvuKxEBEtHvU5bZadYUuJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHXgrwAAAP//UzXNfA==") socket$netlink(0x10, 0x3, 0xa) r2 = socket(0x1e, 0x80805, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x5, 0x62000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, 0x0, @perf_bp={0x0}, 0x1016c7, 0x0, 0x0, 0x6, 0x3, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) sendmmsg$inet_sctp(r2, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x10, 0x2, &(0x7f0000000100)=@raw=[@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0x32}, @jmp={0x5, 0x0, 0x9, 0x0, 0x0, 0xfffffffffffffe88}], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.589365443s ago: executing program 4 (id=727): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffd}]}) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x5051c2, 0x23) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8042, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), r1) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, r2, 0x1, 0x7ffffc, 0x25dfdbfb, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0xfd}]}, 0x28}}, 0x8000) fcntl$setlease(r0, 0x400, 0x1) fcntl$getflags(r0, 0x401) syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000000c0), 0x2, 0xbd1, &(0x7f0000002380)="$eJzs3M1rHOcZAPBnRquVbKtduZRS91KVUmwoXUsuMrUp1C4uvfRQaK8Fq/LKCK0/kFRcyTqskn8gX+dALoEkJiGH+OxLQnLNJbGvCTkETFCsBEJIFGY/pI2lleR4V6PIvx+8mvedd7TP8+ywO/PC7gbwxBrJ/qQRxyLiYhJRau5PI6JY7w1G1BrHra4sTX65sjSZxNravz5LIomIBytLk63HSprbI83BYES8/9ckfvb05rhzC4szE9VqZbY5Pjl/5frJuYXFP0xfmbhcuVy5Onb6T+Onxk+PnhnvWq1ffXTu9he/+fsnta9f/ebW58+/nMS5GGrOtdfRLSMxsv6ctCtExES3g+Wkr1lPe51JYYd/SnucFAAAHaVt93C/iFL0xcbNWyne/iDX5AAAAICuWOuLWAMAAAAOuMT6HwAAAA641ucAHqwsTbZavp9I2Fv3z0fEcKP+1WZrzBSiVt8ORn9EHH6QRPvXWpPGvz22kYj4+N6ZN7IWPfoe8nZqyxHxy63Of1Kvf7j+Le7N9acRMdqF+CMPjX9M9Z/rQvy86wfgyXTnfONCtvn6l67f/8QW17/CFteuHyLv61/r/m910/3fRv19He7//rnLGDdfefFGp7ms/j/f/tvrrZbFz7aPVdQjuL8c8avCVvUn6/UnHeq/uMsYpW9vVDrN5V3/2ksRx2Pr+luS7X+f6OTUdLUy2vi7ZYzl98Zf6xQ/7/qz83+4Q/2t33/qdP6v7zLGfy5ceHPTznsb3e3rTz8tJv+u94rNPf+fmJ+fHYsoJv/YvP/U9rm0jmk9Rlb/id9u//rfqv7sPaHWfB6ytcByc5uNn3oo5l9u3XyrUz6t9V+e5/9Sh/PfXv+7hc3n/5ldxvjdO8+d6DTXvv7NWha/tRYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJY0IoYiScvr/TQtlyOORMTP43BavTY3//upa/+7eimbixiO/nRquloZjYhSY5xk47F6f2N86qHxHyPiaES8UDpUH5cnr1Uv5V08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA645ExFAkaTki0ohYLaVpuZx3VgAAAEDXDeedAAAAANBz1v8AAABw8Fn/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0GNHf33nbhIRtbOH6i1TbM7155oZ0Gtp3gkAuenLOwEgN4W8EwBy84hrfLcLcAAlO8wPdpwZ6HouAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxfx4/duZtERO3soXrLFJtz/blmBvRa2tZPcswD2Ht9200W9i4PYO95icOTyxof2GntP7hxTO37MwM9ywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/Weo3pK0HBHF5r5yOeInETEc/cnUdLUyGhE/jYgPS/0D2Xgs55wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADovrmFxZmJarUym3XSaHbW9/Sg09eM3MMQvekkjbxr+yWfg90ZeHanY/4bjxmiGPui0n3ayfNdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvMwtLM5MVKuV2bm8MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyNrewODNRrVZme9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzXQAAAP//jAsGRw==") r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5, 0x0, 0x318a054d}, 0x18) r6 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f0000000180)={0x0, 0x2}, 0x8) sendto$inet6(r6, &(0x7f0000000040)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x9100, &(0x7f0000001dc0)={0xf, 0x70, 0x100000}, 0x20) 2.467100364s ago: executing program 2 (id=732): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="8fedcb791f6f9875f37538e486dd6317040014000400fef2000e40004d59875a65969ff57b00ff020000000000000000000000000001"], 0xfdef) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000008c0)={r2, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000600)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0xa, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xfa, &(0x7f00000006c0)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000700), &(0x7f0000000740), 0x8, 0x4a, 0x8, 0x8, &(0x7f0000000780)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x14, 0x13, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x920}, [@map_idx_val={0x18, 0x6, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x9ef}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x4}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x2}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}, @alu={0x7, 0x1, 0x1, 0x6, 0x8, 0xffffffffffffffc0, 0x1}]}, &(0x7f0000000500)='syzkaller\x00', 0xfff, 0x46, &(0x7f0000000540)=""/70, 0x40f00, 0x50, '\x00', 0x0, @fallback, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f00000005c0)={0x0, 0x7, 0x3, 0x9}, 0x10, r3, r2, 0x3, 0x0, &(0x7f0000000900)=[{0x0, 0x1, 0x2, 0xb}, {0x4, 0x1, 0xa, 0x1}, {0x4, 0x5, 0x9, 0x9}], 0x10, 0xd4b, @void, @value}, 0x94) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r0, {0xee00, 0xffffffffffffffff}}, './file0\x00'}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x12, &(0x7f0000000080)=@raw=[@printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7fff}], &(0x7f0000000140)='syzkaller\x00', 0x1, 0x7b, &(0x7f0000000180)=""/123, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x3, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000300)=[r2, r4], &(0x7f0000000340)=[{0x5, 0x2, 0x5, 0x6}, {0x1, 0x4, 0x0, 0x2}, {0x2, 0x4, 0xc, 0x5}, {0x5, 0x1, 0xf, 0x3}], 0x10, 0x2, @void, @value}, 0x94) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000ac0)={0x94, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x4}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x94}}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) symlinkat(0x0, r5, &(0x7f0000000000)='./file0\x00') 2.282373985s ago: executing program 4 (id=733): socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) socket(0x80000000000000a, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="000000006b840000b70800000000e7057b01739dde735cef17609f117563de8af8ff00000000bfa200000000000007020000f8ffffffb703000008020000000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000000000690000993d300c", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000010000008500000086000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000202070"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = syz_io_uring_setup(0x24fd, &(0x7f00000003c0)={0x0, 0x20, 0x14100}, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast1}}, 0x80, &(0x7f00000000c0)}, 0x0, 0x80840, 0x1}) io_uring_enter(r5, 0x1d2d, 0x0, 0x0, 0x0, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000004c0)={'veth0_to_bridge\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendto$packet(r8, &(0x7f00000002c0)="14419e5465f0006fc8afa8e40800", 0xe, 0x1, &(0x7f00000000c0)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @multicast}, 0x14) r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r10, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df}) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000003d040000000000000000ffe200000000000006"], 0x50) syz_emit_ethernet(0x8a, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaac4bc9cac008686dd600000000054060000000000000000000000ffff07000000fe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50e2000090780000080a0000000000000000030a0000000000000000fe08f989e8e82b840502000b317275"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r10, 0x40505330, &(0x7f00000001c0)={0x800000, 0x80, 0xfdfffffd, 0x5, 0x4000, 0x7}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r10, 0x40505330, &(0x7f0000000300)={0x800080, 0x810000, 0x2, 0xfff, 0xfd, 0x4}) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000180)={0x101, 0x4, 0x1f4bf1ba, 0x0, r11}, 0x10) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) 2.227617275s ago: executing program 4 (id=736): getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f00000002c0)={0x0, 0x167, "fd6fb1a6dc37e44825caa1c00d98a5d7394337e5f618e78de96fdfa9094093025a218c3da08d3d2ac596c7e897261e312387ae6e839b579800dbdc4311fc1f43403b8d672efe1f24ae02a12459809583966eada50267bedd2498d20fa89ec6569714108efbc1ff52f73d51e4706aaf981391decc3776b9f3c378afabdedbf924ec09dd60cb35606c1d55db814a93b8da875d25ee532465d5e25bbd6f12b93afc99d78a216f9cf6575036139e2627ec589445a08d12f38ac1d528e24b30d8db43bcaf02c75ba04315fecc60b05f4e42e32a81e48faa79ea8c020e6d3e416c08224bb1113655bee2a923a2eac1cec800525e601ac6c4032633bbd04aca66c71773adc031af72744b2298bf8dce24bf92ff172d23867e9032e3f1184fb75f5d9e8e70252880cccd763a6b92758c0d73ea1bce33fe992299583d68f1413da956acaf34c41f0bb66e22c44c73c0baca2f6b919f9d22e1c360c9a2b2ee9ca86cf883e412f1c72e1d5157"}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0xffffffffffffffff, 0xffffffffffffffff}, 0x0, &(0x7f00000002c0)}, 0x20) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip_vti0\x00', &(0x7f0000000040)={'gretap0\x00', 0x0, 0x20, 0x20, 0x2, 0x2, {{0x7, 0x4, 0x1, 0x6, 0x1c, 0x67, 0x0, 0x3, 0x29, 0x0, @multicast1, @remote, {[@noop, @generic={0x83, 0x4, "fa63"}]}}}}}) bpf$TOKEN_CREATE(0x24, &(0x7f0000000280)={0x0, r1}, 0x8) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x69, 0x69, 0x7, [@func={0xf, 0x0, 0x0, 0xc, 0x1}, @decl_tag={0x2, 0x0, 0x0, 0x11, 0x1, 0x7}, @const={0x1, 0x0, 0x0, 0xa, 0x1}, @decl_tag={0xa, 0x0, 0x0, 0x11, 0x4}, @ptr={0xfffffff8, 0x0, 0x0, 0x2, 0x4}, @datasec={0x6, 0x2, 0x0, 0xf, 0x1, [{0x5, 0x7fffffff, 0x9}, {0x1, 0x3, 0x7}], "83"}]}, {0x0, [0x2e, 0x0, 0x0, 0x5f, 0x5f]}}, &(0x7f0000000680)=""/37, 0x8b, 0x25, 0x0, 0x5, 0x0, @void, @value}, 0x28) getpeername$packet(0xffffffffffffffff, &(0x7f0000000700)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000740)=0x14) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x4, 0x1, 0x7, 0x1, r1, 0x81, '\x00', r3, r2, 0x2, 0x0, 0xfffffff7, 0x4, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000100000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008400000b704000000000000850000000100000095"], 0x0, 0x2af, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r5}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='fib6_table_lookup\x00', r6}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x1b, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='tlb_flush\x00', r9}, 0x10) perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfee, 0x0, 0x0, 0x0, 0x0, 0x100000000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89f1, &(0x7f0000000080)) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000"], 0x7c}}, 0x0) 2.146812576s ago: executing program 4 (id=738): r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x42, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_SET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, 0x0}, 0x4004815) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b70400000000000085000000010000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000f0070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d3c00128014000180090001006c617374000000000400028010000180090001006c61737400000000140001800c000100636f756e74657200040002800800034000"], 0xc8}, 0x1, 0x0, 0x0, 0x40000}, 0x20050800) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x1b) 1.875472118s ago: executing program 3 (id=739): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@minixdf}, {}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@commit={'commit', 0x3d, 0x5}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@noblock_validity}, {@nomblk_io_submit}]}, 0x1, 0x566, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9GajdN4o8KgvUiiBYLeq9LMg0lm27JbkoTC20P9uJFiiBiQfwDvHss/gP+FQUtFClBD14is5lNt81ukqYbN3U+H5j2vZnZvPnum+/bNzu7bACFNZL9U4p4OSK+SSIOt20bjHzjyOp+yw+vTWVLEisrn/2ZRJKva+2f5P8fzCsvRcSvX0WcKK1vt764NFupVtP5vD7WmLs8Vl9cOnlxrjKTzqSXJiYnT781OfHuO2/3LNbXz/39/ad3Pzr99fHl736+f+R2EmfiUL6tPY5ncKO9MhIj+XMyFGee2HG8B43tJkm/D4BtGcjzfCiyMeBwDORZD/z/XY+IFaCgEvkPBdWaB7Su7Xt0HfzcePDB6gXQ+vgHV98biX3Na6MDy8ljV0bZ9e5wD9rP2vjljzu3syU2eR/ieg/aA2i5cTMiTg0Orh//knz8275TzTePN/ZkG0V7/YF+upvNf97oNP8prc1/osP852CH3N2OzfO/dL8HzXSVzf/e6zj/XRu6hgfy2gvNOd9QcuFiNT0VES9GxGgM7c3qG93POb18b6Xbtvb5X7Zk7bfmgvlx3B/c+/hjpiuNyrPE3O7BzYhXOs5/k7X+Tzr0f/Z8nNtiG8fSO69227Z5/Dtr5aeI1zr2/6M7WsnG9yfHmufDWOusWO+vW8d+69b+6If9jT/r/wMbxz+ctN+vrT99Gz/u+yfttm275/+e5PNmeU++7mql0Zgfj9iTfLJ+/cSjx7bqrf2z+EePbzz+dTr/90fEF1uM/9bRW1137ff5n8U//VT9//SFex9/+UO39rfW/282S6P5mq2Mf1s9wGd57gAAAAAAAGC3KUXEoUhK5bVyqVQur36+42gcKFVr9caJC7WFS9PR/K7scAyVWne6D7d9HmI8/zxsqz7xRH0yIo5ExLcD+5v18lStOt3v4AEAAAAAAAAAAAAAAAAAAGCXONjl+/+Z3wf6fXTAjvOT31Bcm+Z/L37pCdiVvP5Dccl/KC75D8Ul/6G45D8Ul/yH4pL/UFzyHwAAAAAAAAAAAAAAAAAAAAAAAAAAAHrq3Nmz2bKy/PDaVFafvrK4MFu7cnI6rc+W5xamylO1+cvlmVptppqWp2pzm/29aq12eXwiFq6ONdJ6Y6y+uHR+rrZwqXH+4lxlJj2fDv0nUQEAAAAAAAAAAAAAAAAAAMDzpb64NFupVtN5ha6F92NXHMZOBrhqWw8f3C1RKHQt7NtG5/Z5YAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACANv8GAAD//04mM/E=") r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0, 0x0, 0x6}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, 0x0, 0x48) close(0xffffffffffffffff) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021bc0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000900003808c000080080003400000000280000b807c000180090001006c617374000000006c000280080001400000000508000140000000090c00024000000000000078"], 0x140}, 0x1, 0x0, 0x0, 0x84}, 0x0) 1.768901508s ago: executing program 3 (id=740): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x5, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x9c}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) (async) connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x2}, 0x18) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000059c0)='./bus\x00', 0x1400e, &(0x7f0000000540)={[{@jqfmt_vfsv0}]}, 0x1, 0x439, &(0x7f0000000100)="$eJzs28tvG8UfAPDvrp3219cvpiqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCgJC5YgqcUcckfgLOMEFASckrnBHlSqUSwsno7V3G8exncY4ccGfj7TtzO5EM1/PTjyzkw1gaI1l/yQRuyPi14gYbWRXFxhr/Hdr+crMn8tXZpKo1d74I6mXu7l8ZaYoWvzcriJTjkg/SeJgm3oXLl0+N12tzl3M8xOL59+dWLh0+Zmz56fPzJ2ZuzB18uTxY5PPnZh6ti9xZnHdPPDB/KH9r7x17bWZU9fe/vHrpIi/JY4+Get28fFarc/VDdaepnRSHmBD2JBSY5jGSH38j0YpVjpvNF7+eKCNAzZVrVar3df58lIN+A9LYtAtAAaj+KLP1r/FsUVTj7vCjRcaC6As7lv50bhSjjQvM9Kyvu2nsYg4tfTXF9kRm/McAgBglW+z+c/T7eZ/aTQ/F/p/vodSiYh7ImJvRJyIiH0RcW9Evez9EfHAButv3SRZO/9Jr/cU2B3K5n/P53tbq+d/xewvKqU8t6ce/0hy+mx17mj+mRyJke1ZfrJLHd+99Mtnna41z/+yI6u/mAvm7bhe3t6nYNu48VHEgXK7+JPbOwFJROyPiAM91nH2ya8Odbq2fvxd9GGfqfZlxBON/l+KlvgLSff9yYn/RXXu6ERxV6z1089XX+9U/z+Kvw+y/t/Z9v4v4t9TSZr3axc2XsfV3z7tuKbp5f6fnV6c3pa8uerc+9OLixcnI7Ylr9bzlebzUy3lplbKZ/EfOdx+/O+NlU/iYERkN/GDEfFQRDyct/2RiHg0Ig53if+HFx97p/f4N1cW/2zX/o+W/l9JbIvWM+0TpXPff7Oq0spG4s/6/3g9dSQ/k/X/enHdSbt6u5sBAADg3yeNiN2RpOO302k6Pt74G/59sTOtzi8sPnV6/r0Ls413BCoxkhZPukabnodO5sv6Ij/Vkj+WPzf+vLSjnh+fma/ODjp4GHK7Ooz/zO+lQbcO2HTe14LhZfzD8DL+YXgZ/zC82oz/HYNoB7D12n3/fziAdgBbr2X82/aDIWL9D8OrbL0PQ8v3PwylhR2x/kvyEhJrEpHeFc2Q6DGRRkS3MoP+zQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAffwcAAP//KvHjlA==") r3 = openat(0xffffffffffffff9c, &(0x7f0000000d80)='./file1\x00', 0x143042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_RESVSP(r4, 0x40305839, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3fffffff404}) (async) ioctl$FS_IOC_RESVSP(r4, 0x40305839, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3fffffff404}) pwritev2(r3, &(0x7f00000001c0), 0x0, 0xe7b, 0x0, 0x0) (async) pwritev2(r3, &(0x7f00000001c0), 0x0, 0xe7b, 0x0, 0x0) syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x800, 0x80000000}, &(0x7f0000000040), &(0x7f0000000080)) socket$inet_mptcp(0x2, 0x1, 0x106) (async) socket$inet_mptcp(0x2, 0x1, 0x106) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000002900000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x660}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x660}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10) socket$kcm(0x10, 0x2, 0x0) (async) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000034004000200035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a1a83", 0xd4}, {&(0x7f00000014c0)="5c9ebe30", 0x4}], 0x2}, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x0, 0x80, 0x3b}, 0x18) socket$inet6_udp(0xa, 0x2, 0x0) (async) socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) (async) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000020018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r9}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x200}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) (async) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x1, 0x0, 0x0, 0xfffffffffff7bbfe, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 1.624708009s ago: executing program 3 (id=741): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 1.57501524s ago: executing program 2 (id=743): syz_open_dev$sg(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000500)={@loopback, @broadcast, 0x0}, &(0x7f0000000280)=0xc) setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000080)={0x1, 0x1, 0xff, r2, 0x33}, 0xc) creat(&(0x7f00000000c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[], 0x43) r4 = dup(r3) write$P9_RLERRORu(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) r5 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f00000000c0)=0xc) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r8}, 0x10) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000940)={{r9}, &(0x7f0000000780), &(0x7f0000000900)='%pi6 \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x28, 0x18, 0x1, 0x70bd26, 0x0, {0x2}, [@typed={0x8, 0x7ff, 0x0, 0x0, @u32=0x4}, @nested={0xc, 0x8, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @uid=r6}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 1.57407776s ago: executing program 3 (id=744): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x41, &(0x7f0000000300)={[{@bsdgroups}, {@nodiscard}, {@dioread_nolock}, {@grpjquota}, {@grpjquota}, {@orlov}, {@discard}, {@grpid}, {@barrier}]}, 0x64, 0x510, &(0x7f0000000f80)="$eJzs3UFvG1kdAPD/OHZJ2nSTBQ6wEssuuyitoHayYduIQykSglMloNxLSJwoihNHsdM2UQWp+ABICAESJ7hwQeIDIKFKXDgipEpwBgECIWjhwAE6yPYkTVM7cVsnTuPfT5rMe29m/H/P0YznzTzNBDCw3oqIaxHxOE3TixExlpXnsim2W1NjvUcP7841piTS9MY/kkiysp3PSrJNzmWbDUfEV78U8Y3k2bi1za3l2UqlvJ7lS/WVtVJtc+vS0srsYnmxvDo9PXV55srM+zOTPWnn+Yi4+oW/fP87P/3i1V9++vYfb/7twjcb1RrNlu9tx3PKH7Sw1fRC87vYu8H6CwY7ifLNFmZG2q0x9EzJvSOuEwAA7TVO2D8YEZ+IiIsxFkMHn84CAAAAr6D0c6Px3yQibe9Mh3IAAADgFZJrjoFNcsVsLMBo5HLFYmsM74fjbK5SrdU/tVDdWJ1vjZUdj0JuYalSnszGCo9HIWnkp5rpJ/n39uWnI+L1iPje2EgzX5yrVub7ffEDAAAABsS5ff3/f4+1+v8AAADAKTPe7woAAAAAR07/HwAAAE4//X8AAAA41b58/XpjSnfefz1/a3NjuXrr0ny5tlxc2ZgrzlXX14qL1epi85l9K4d9XqVaXftMrG7cKdXLtXqptrl1c6W6sVq/ufTUK7ABAACAY/T6x+//PomI7c+ONKeGM91t2uVqwEmV300l2bzNbv2H11rzPx9TpYBjMdTvCgB9k+93BYC+KfS7AkDfJYcs7zh45zfZ/O3e1gcAAOi9iY++6P3/7dwRVw04YnZiGFzu/8Pgat7/73Ykr5MFOFUKzgBg4L30/f9DpelzVQgAAOi50eaU5IrZ5b3RyOWKxYjzzdcCFJKFpUp5MiJei4jfjRU+0MhPNbdMDu0zAAAAAAAAAAAAAAAAAAAAAAAAAAAtaZpECgAAAJxqEbm/Jr9qPct/Yuzd0f3XB84k/xmL7BWht3904wd3Zuv19alG+T93y+s/zMrf68cVDAAAABgIz/UC/51++k4/HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB65O3hiHj08O7cznScwf/++YgYbxc/H8PN+XAUIuLsv5LI79kuiYihHsQfafz5SLv4SaNauyHbxR/pQfztewfGj/HsW2gX/1wP4sMgu984/lxrt//l4q3mvP3+l494Kv+iOh//Yvf4N9Rh/z/fZYw3Hvy81DH+vYg38u2PPzvxkw7x3+ky/te/trXVaVn644iJtr8/yVOxSvWVtVJtc+vS0srsYnmxvDo9PXV55srM+zOTpYWlSjn72zbGdz/2i8cHtf9sh/jjh7T/3S7b/78Hdx5+qJUstIt/4Z028X/9k2yNZ+Pnst++T2bpxvKJnfR2K73Xmz/77ZsHtX++Q/sP+/9f6LL9F7/y7T91uSoAcAxqm1vLs5VKef3UJhq99BNQDYkTmPhWTz8wTdO0sU+9xOckcRK+lmai30cmAACg156c9Pe7JgAAAAAAAAAAAAAAAAAAADC4juDhYbG/ZH/M7d1U0otHaAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9MT/AwAA///ef9kE") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000440)='./file2\x00', 0x404, &(0x7f0000000380)={[{@errors_remount}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@resgid}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000080), &(0x7f00000004c0)=ANY=[], 0xfe37, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="021800001c000000000000000000000005000600000000000a00000000000000000000000000000000000000000000000000000000000000020012000000000000000000fcffffff0600ff0000000000000000000000000000000000000000000000000001000000fe8000000000002100000000000000bb050005002b0000000a00000000000000fc010000000200000002000000000000000000000000000008001900000000000a00000000000000fe8000000000000000000000000000bb000000000a"], 0xe0}}, 0x0) unlink(&(0x7f0000000180)='./file1\x00') bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, 0x0, &(0x7f00000002c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3, 0x0, 0x9}, 0x18) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000980)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0x6, 0x1}}]}}}]}, 0x58}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5}, 0x10) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000240)={0x0, 0x126e, 0x9}, 0x8) syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000003740)=@newtaction={0xeb0, 0x30, 0xb, 0x0, 0x0, {}, [{0xe9c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x80006}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_pedit={0xe50, 0x2, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x5, 0xa, 0x4, 0x1, 0x2000000}, 0x5, 0x1}, [{0x9, 0x80000001, 0x1, 0x630, 0x8, 0x1}, {0xdf, 0x4, 0x5, 0x5, 0x10, 0xe}, {0x1, 0x857, 0x5, 0xe6db, 0x3, 0xfffffffc}, {0x6, 0x400, 0x9321, 0x9, 0x6, 0x7}, {0x5, 0x5, 0xffffffc0, 0x80, 0x3}, {0xc, 0xf5, 0x3, 0x9, 0xffffbff8, 0x3}, {0x0, 0x7, 0xfff, 0x2, 0x9163ef6c, 0x80003}, {0x3, 0x3, 0x80, 0x0, 0xacc4, 0x2}, {0x8001, 0xffb, 0x9, 0xffff, 0xfffffffe, 0x81}, {0x8, 0xfff, 0x6, 0xeb84, 0x8, 0x30c4}, {0x7, 0x9, 0xfffffff9, 0x100, 0x4}, {0x8004, 0x80000001, 0xfffffeff, 0xdf, 0x4, 0x5}, {0x7, 0x80000001, 0x9, 0x7, 0x1000, 0x7}, {0x5, 0x2, 0xfffffffd, 0xa, 0x474, 0x594}, {0x7fffffff, 0x1000001, 0xb, 0xfffffff9, 0x6, 0xffffffff}, {0x24, 0x7, 0xf, 0x6, 0x6, 0x8000003}, {0xbb, 0x5, 0x2, 0x310, 0xf}, {0x9b7d, 0x52fc, 0x3, 0x3, 0x48, 0x9}, {0xbd, 0x8, 0x10, 0xe4d, 0x7f, 0x3}, {0x8, 0x8, 0x9, 0x27, 0x2, 0x5}, {0x4, 0x1000, 0x5, 0x6, 0x93f, 0x6}, {0x1, 0x7, 0x0, 0x1, 0xff, 0x3}, {0xb, 0x7f, 0xfffff419, 0x10, 0x3ff, 0x9}, {0x4, 0x8, 0x7, 0xb, 0x8, 0x80004d}, {0x34db, 0x4000ffff, 0x0, 0x3ff, 0x1, 0x400}, {0xf, 0xcb1d, 0x8, 0x1, 0x0, 0x4}, {0x5, 0x3, 0x7, 0x4, 0x3, 0x984}, {0x2, 0xffffffff, 0x3, 0x2, 0x9, 0x40}, {0x7, 0x281, 0x7fffffff, 0x381, 0x3, 0x8}, {0x5, 0x4, 0x1, 0x8, 0x4, 0x2f}, {0x6, 0x3, 0x4, 0xd1a1, 0x9, 0x7}, {0x5, 0x3, 0x8, 0x4, 0x16, 0x2}, {0x8001, 0x87, 0x6, 0x1, 0x3, 0x4}, {0x6, 0x9e4, 0x8b7f, 0x11, 0x3, 0x7}, {0x7, 0x1, 0x800, 0x70f, 0x8001, 0x3}, {0x4, 0x10, 0x6, 0x1, 0x4, 0x22ff}, {0x5, 0x10001, 0x9, 0x0, 0x10001, 0x7}, {0xf85, 0x2e, 0x100, 0x3, 0x100, 0xe60c}, {0x2, 0x5, 0x1, 0xe000000}, {0x4e2, 0x6b0, 0x2, 0x100, 0x4, 0xd}, {0x1, 0xcad, 0xa5, 0x2, 0x4d800, 0x33}, {0x20, 0x7f, 0x33, 0x2, 0x400, 0x4}, {0x4, 0x62e, 0xb, 0x219c, 0x0, 0x5}, {0x0, 0x4, 0x0, 0x1, 0x1, 0x1}, {0x7f, 0x945a, 0x0, 0x0, 0x8, 0x3}, {0xda1, 0x893, 0x2, 0x9, 0xfffffa2e, 0x6}, {0x1, 0xfffffff3, 0x7fffffff, 0x8, 0x0, 0x1}, {0x2, 0x8, 0x2, 0xe, 0x2, 0x2}, {0x6, 0x100, 0xe, 0x10000, 0x5, 0x7}, {0x0, 0x6, 0x7, 0x4, 0xc, 0x800}, {0x8, 0x10000, 0x1, 0x1, 0x7}, {0x7d5, 0x2, 0x4, 0x800, 0xf}, {0x1, 0x5, 0x6, 0x2, 0x8, 0xc}, {0x2, 0x1, 0x3, 0xc, 0x3, 0x2c3}, {0x1000, 0x3, 0xbc, 0x8001, 0xfa, 0x8}, {0x2, 0x3, 0x9, 0x50e, 0x55ac, 0xa5e2}, {0x0, 0x196680, 0xffffff91, 0x100, 0x3, 0x7}, {0x4, 0x4, 0x2, 0x1, 0x0, 0xe}, {0xfffffff5, 0x8, 0x7023, 0x8, 0x5, 0x851}, {0x3, 0x78, 0x7, 0xa, 0x5dec4cac, 0x6}, {0x4, 0x9, 0x3a, 0x2, 0x8, 0x602}, {0x4, 0x7fffffff, 0x0, 0x8, 0x8, 0xff}, {0x7, 0xfffffff1, 0x2f2c, 0x400, 0x6, 0x6}, {0x10001, 0x81, 0x40, 0x2, 0x89, 0x2}, {0x2, 0x8550, 0x4c, 0x3, 0xfffffffa, 0x736d}, {0x7f, 0x199, 0x5, 0x9, 0x7, 0x2}, {0x7, 0x1, 0x9, 0x7, 0x2, 0x7}, {0x9, 0x3f1, 0x4, 0x5, 0x5, 0x8}, {0x100, 0x3ff, 0x4, 0x7f53, 0x7, 0x1}, {0x3ff, 0xc, 0x4, 0x1, 0x4, 0x4}, {0x9, 0x1, 0xfff, 0x5d7c, 0x0, 0x8001}, {0x7, 0x0, 0x7, 0xfffffffb, 0x3ee, 0x4}, {0xbfffffe, 0x6, 0x101, 0x0, 0x400, 0x400}, {0x7fff, 0xb3, 0x2, 0x10000, 0x6, 0x14}, {0x0, 0x1, 0x4c90, 0x4, 0x7f, 0x8}, {0x5, 0x25b, 0xe9, 0x3, 0x2, 0x2}, {0x29dbdf0, 0xd, 0xfffffffd, 0x7, 0x6, 0x3}, {0x7, 0x1, 0xa, 0x8, 0x5, 0x5}, {0x473, 0x8, 0x2, 0x400, 0x4000000, 0x69b3d6e6}, {0x1, 0xb7bb, 0x22800000, 0x3, 0x10, 0x9}, {0x7f, 0x4, 0x6, 0xffffffff, 0x3, 0x8}, {0xfffffff7, 0x80000000, 0xa, 0x40, 0x863, 0x2}, {0xb, 0x9, 0xc, 0x3c1, 0x6e, 0x40}, {0x6, 0xd, 0x6, 0xfb0000, 0x5d4, 0x47}, {0xe0, 0x100, 0x1, 0x7, 0x8, 0x7}, {0xfff, 0x1, 0x0, 0x38, 0x0, 0x9}, {0x82, 0x10, 0x401, 0x0, 0x4, 0xef}, {0x7, 0x2, 0x200, 0x8, 0x9, 0x2}, {0x54, 0x5, 0x6, 0x101, 0x2, 0x10001}, {0x1, 0x4, 0x800004, 0x10001, 0x2, 0xce}, {0x4, 0x8, 0x8, 0x3, 0xf, 0x9}, {0x6, 0x5, 0x8, 0xffffffff, 0x405bc, 0x6}, {0x9, 0x0, 0x9, 0x2, 0x9}, {0x0, 0x2, 0xb, 0x7fffffff, 0xfc0, 0x7f1b4893}, {0x4, 0xd, 0xc, 0x4, 0x7, 0x4}, {0x4, 0x5, 0xe, 0x3, 0x3dcb, 0x9}, {0x200, 0x0, 0xe8, 0x1, 0x800000d4, 0x1}, {0xc651, 0x5f83, 0x2, 0x1, 0xd, 0x8}, {0xfff, 0x5, 0x1, 0x0, 0x49, 0x5}, {0x5, 0x101, 0x8, 0x97fd, 0xef, 0x206}, {0x2, 0xa, 0x1000, 0x1, 0x6, 0xe0}, {0x800, 0x4c, 0x7, 0x0, 0xfffffff7, 0x9}, {0x6, 0xffff, 0xffff8001, 0xa, 0xae36, 0x8}, {0xcfb7, 0x0, 0x101, 0x2, 0x1, 0x1aca}, {0x6, 0x800, 0xec3d, 0xffffffff, 0xea5, 0x3}, {0x9, 0x5, 0x2, 0x0, 0x0, 0xdd}, {0x6, 0x6, 0x0, 0x1e9, 0x6, 0x1}, {0x3, 0x7, 0x7, 0x3, 0x400, 0x81}, {0x970, 0x100, 0xb2eb, 0x2, 0x3, 0x9}, {0x3, 0x6, 0x8, 0x7, 0xd, 0x474c}, {0xf, 0x101, 0x9a, 0x1000, 0x2, 0xfffffffc}, {0x3, 0x98e, 0x1a5e666b, 0x10, 0x7, 0x9}, {0xfffffffb, 0x3, 0x3, 0x2ee8000, 0x8}, {0x3, 0x2, 0x2, 0x1003, 0x3, 0x2}, {0x7, 0x4, 0x1, 0x7, 0x101, 0xef}, {0x709e, 0x9, 0x425b597f, 0x1, 0x2, 0x7}, {0x6, 0xc000000, 0x3ff, 0x4, 0x8, 0x5}, {0x3, 0x6, 0x7, 0xfffffff9, 0x0, 0xffffffff}, {0x7, 0x9, 0x8, 0x0, 0x9, 0xd6}, {0x24, 0x10001, 0x6, 0x1, 0x39d6}, {0x401, 0x7d4, 0x9, 0x8000, 0xffff, 0x7}, {0x6, 0x92e4, 0x130, 0x0, 0x4, 0x9}, {0x1, 0x7fff, 0x7, 0x8001, 0x8, 0x5}, {0x7e, 0x800, 0xfffffff9, 0xa, 0x4b64, 0x80000001}, {0x2ad78a25, 0x2, 0x6, 0x6, 0x4, 0x8}, {0x2, 0x9, 0x0, 0x8a7, 0x129, 0xc}, {0x7, 0x2, 0x8, 0x3, 0xe01, 0xf933271}, {0x4a3, 0x0, 0x3, 0x514c, 0xf8b, 0x19}], [{0x5}, {0x4, 0x1}, {}, {0x1}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x1}, {0x2}, {0x0, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x4}, {}, {0x1, 0x1}, {0x5, 0x1}, {0x5}, {0x3}, {0x5, 0x1}, {}, {0x0, 0x1}, {0x3}, {0x2, 0x1}, {0x4}, {0x5}, {0x5, 0x1}, {0x4, 0x1}, {}, {0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x1, 0x1}, {0x4}, {0x5}, {0x3, 0x1}, {0x1}, {0x3}, {0x2, 0x1}, {0x5, 0x1}, {0x3}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x1, 0x1}, {0x2}, {0x3}, {0x5, 0x1}, {0x1}, {0x1}, {0x3}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x4}, {0x5}, {0x1, 0x1}, {}, {0x3}, {0x0, 0x1}, {0x1, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x2}, {0x5}, {0x9, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x3, 0x1}, {}, {0x1, 0x1}, {0x1}, {0x1}, {0x2, 0x1}, {0x6, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3}, {0x3, 0x1}, {0x1}, {0x2}, {0x2}, {0x5}, {0x3, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x2}, {0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {0x4}, {0x2, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x3}, {0x3, 0x1}, {0x0, 0x1}, {0x5}, {0x3, 0x1}, {0x4}, {0x5, 0x1}, {0x3}, {0x5, 0x1}, {0x3}, {0x4}, {0x5, 0x1}, {0x3, 0x1}, {0x4}, {0x1, 0x1}, {0x4, 0x1}, {0x6, 0x1}, {0x5, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xeb0}, 0x1, 0x0, 0x0, 0x1}, 0x0) 1.55330075s ago: executing program 2 (id=745): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00') preadv(r3, &(0x7f0000000940)=[{&(0x7f0000000880)=""/183, 0xb7}], 0x1, 0x2, 0x2081) bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e24, @empty}, 0x10) r4 = syz_open_dev$evdev(&(0x7f0000001900), 0x0, 0x0) ioctl$EVIOCREVOKE(r4, 0x40044591, 0x0) ioctl$EVIOCGBITSW(r4, 0x80404525, 0x0) sendmmsg(r2, &(0x7f0000003a80)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e24, @loopback}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000240)='7', 0x1}], 0x1}}], 0x1, 0x2c000811) close(r2) r5 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000008c0)={[{@bsdgroups}, {@nodiscard}, {@data_err_ignore}, {@grpjquota}, {@grpjquota}, {@orlov}, {@abort}, {@nombcache}, {@journal_checksum}]}, 0x64, 0x51c, &(0x7f0000001000)="$eJzs3U9rJGkZAPCnOt1jkslssupBF1xXdyUz6HSSjbsbPKy7IHpaUNf7GJNOCOmkQ7ozMwmDZvADCCIqeNKLF8EPIMiAF48iDOhZUVEGndGDB51aurs6k0m6k56ZTjqT/v2gUm+99ed53oSq1FtVVAUwsF6JiHci4mGaplciYjyrz2VD7DaH+nIP7t9aqA9JpOn7/0wiyepa20qy8cVsteGI+PpXIr6VHI5b3d5ZnS+XS5vZ9FRtbWOqur1zdWVtfrm0XFqfnZ15c+6tuTfmpnvSzksR8faX/vbD7/38y2//+nM3/nztH5e/XU9rLJu/vx1PKH/UzGbTC43fxf4VNp8y2FmUb7QwM9JuiaFDNbdPOCcAANqrn+N/OCI+HRFXYjyGjj6dBQAAAJ5D6RfH4n9JRNrehQ71AAAAwHMk13gGNskVs2cBxiKXKxabz/B+NEZz5Uq19tmlytb6YvNZ2Yko5JZWyqXp7FnhiSgk9emZRvnR9OsHpmcj4sWI+MH4SGO6uFApL/b74gcAAAAMiIsH+v//GW/2/wEAAIBzZqLfCQAAAAAnTv8fAAAAzj/9fwAAADjXvvree/UhbX3/evH69tZq5frVxVJ1tbi2tVBcqGxuFJcrleXGO/vWjtteuVLZ+Hysb92cqpWqtanq9s61tcrWeu3aSuMT2G2+BA4AAACctBc/eeeP9U757hdGGkN030m/cLKZASctv1dq7fVtdus/vdAc//WUkgJOxVC/EwD6Jt/vBIC+KfQ7AaDvjrvmN9xpxu+y8ad6mw8AANB7kx8/fP+/dQcwd+Sau0fPBs48OzEMLvf/YXA17v93+ySvkwU4VwrOAGDgPfP9/2Ol6RMlBAAA9NxYY0hyxezy3ljkcsVixKXGZwEKydJKuTQdES9ExB/GCx+qT8801ky8zA8AAAAAAAAAAAAAAAAAAAAAAAAAupSmSaQAAADAuRaR+3vym+a7/CfHXxs7eH3gQvLf8cg+EXrjJ+//6OZ8rbY5U6//11597cdZ/ev9uIIBAAAAA+GJPuDf6qe3+vEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0EsP7t9aaA2nGffeuxEx0S5+PoYb4+EoRMTov5PI71sviYihHsQfqf/4WLv4ST2tvZDt4o/0IP7u7SPjx0T2W2gX/2IP4sMgu1M//rzTbv/LxSuNcfv9Lx/x2PTTuvdu0uH4F3vHv6EO+/+lLmO8dPeXUx3j3454Kd/++NOKn3SI/2qX8b/5jZ2dTvPSn0ZMtv3/kzwWayjWNqaq2ztXV9bml0vLpfXZ2Zk3596ae2NuempppVzKfj6+8ewA/f1P/OrhUe0f7RB/4pj2v9Zl+/9/9+b9jzSLhXbxL7/aJv5vf5YtcTh+Lvvf95msXJ8/2SrvNsv7vfyL3798VPsXO7T/uL//5S7bf+Vr3/1Ll4sCAKegur2zOl8ulzbPbaF+EngG0lA4g4Xv7NWMxrNvME3TtL5PPcN2kh6k0aNCv49MAABArz066e93JgAAAAAAAAAAAAAAAAAAADC4TuN1Ygdj7u6Vkl68QhsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCc+CAAA///8NNfg") syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) r6 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0xfff7, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) ioctl$SCSI_IOCTL_SEND_COMMAND(r7, 0x1, &(0x7f0000000580)={0xe7, 0xfffffff7, 0xff, "e72f48953f963d93b59dc4e466db41146820518751b43fee7c721d0f810eb0b06d02a205aa9b55e47c2eaca4aac71a649dd3a1a1bd81650a6cf037e6ac38c2109ef597f23b53a606e97b3a6a45a1a5144aa9e57ec994179648844822d9cc8391d3d2f9cd05d8c9b089fcd4d5e18b1233d05c24c7aee980823ca5c628e4e6bd03381ac14faef8bce24f6b27bbf6aa361ca5f06cbae309d2e3fa08ef056625c2c5bdf06d4ef45fa81295cf83ff490ac13b75bd7bc49a556a0e2741bef43803f57da1335e98e30f3e5491c6a034d3c651db0388422cf3d8b77fab29ffc80a800076ba576b59ba3d8a"}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e000000080000000000180003801400038010"], 0x44}}, 0x0) getpeername$packet(r5, &(0x7f0000000180)={0x11, 0x0, 0x0}, &(0x7f00000002c0)=0x14) sendmsg$ETHTOOL_MSG_PAUSE_SET(r7, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x38, r9, 0x20, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_PAUSE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @ETHTOOL_A_PAUSE_TX={0x5, 0x4, 0x1}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000810}, 0x20000000) 1.233017842s ago: executing program 3 (id=748): capset(&(0x7f0000000380)={0x19980330}, &(0x7f0000000040)={0x200000, 0x200003, 0x3, 0x0, 0x7, 0x80}) setrlimit(0x40000000000008, &(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4008804) (fail_nth: 3) 994.231823ms ago: executing program 3 (id=749): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a50000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000100)='kfree\x00', r0, 0x0, 0x7}, 0x18) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000440)='console\x00', r2, 0x0, 0xffffffffffffffff}, 0xfffffffffffffc3e) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000005c0)='sys_enter\x00', r7}, 0x10) splice(r6, 0x0, r4, 0x0, 0xf3a, 0x0) write$binfmt_elf64(r5, &(0x7f0000000380)=ANY=[], 0x18c6) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="05000000030000008400000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000fe, &(0x7f00000004c0)=ANY=[@ANYRES64, @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095", @ANYRESOCT=r3, @ANYRES64=0x0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r8}, &(0x7f00000001c0), 0x0}, 0x20) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x74000000, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000010004b0400f4ed00000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c00028008000400000000000600060000000000060009"], 0x4c}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r13 = socket(0x1e, 0x5, 0x0) connect$tipc(r13, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) recvmmsg$unix(r13, &(0x7f0000001d80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=""/145, 0x91}], 0x1}}], 0x1, 0x10022, 0x0) write$bt_hci(r13, &(0x7f0000000100)=ANY=[@ANYBLOB="010d20198100fbffff0fe8f504000200"/29], 0x1d) sendmmsg$unix(r12, &(0x7f0000008100)=[{{&(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000640)=[@rights={{0x18, 0x1, 0x1, [r12, r11]}}], 0x18, 0x40048c1}}], 0x1, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r15 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r14) sendmsg$IEEE802154_LLSEC_SETPARAMS(r14, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)={0x20, r15, 0x5, 0x0, 0x0, {0x22}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}}, 0x4000000) 732.871045ms ago: executing program 5 (id=751): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r2, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004500)=@delchain={0x30, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0xff) close(r3) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, &(0x7f0000000040)={0x0, 0x4, [0x550, 0xe48, 0xe61, 0x3cf]}) 701.792235ms ago: executing program 2 (id=752): capset(&(0x7f0000000380)={0x19980330}, &(0x7f0000000040)={0x200000, 0x200003, 0x3, 0x0, 0x7, 0x80}) setrlimit(0x40000000000008, &(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4008804) 663.083365ms ago: executing program 2 (id=753): syz_open_dev$sg(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000500)={@loopback, @broadcast, 0x0}, &(0x7f0000000280)=0xc) setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000080)={0x1, 0x1, 0xff, r2, 0x33}, 0xc) creat(&(0x7f00000000c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[], 0x43) r4 = dup(r3) write$P9_RLERRORu(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) r5 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000040), &(0x7f00000000c0)=0xc) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r7}, 0x10) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000940)={{r8}, &(0x7f0000000780), &(0x7f0000000900)='%pi6 \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00'}, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) 630.759056ms ago: executing program 5 (id=754): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 626.773225ms ago: executing program 2 (id=755): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x2, 0x0) (async) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) (async) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) read(r3, &(0x7f0000032440)=""/102364, 0x18fdc) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)=r1}, 0x20) (async) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r6, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r7 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000080)={'vxcan1\x00', 0x0}) sendmsg$can_raw(r7, &(0x7f0000000000)={&(0x7f0000000300)={0x1d, r8}, 0x10, &(0x7f0000000140)={&(0x7f0000000180)=@can={{0x0, 0x0, 0x1}, 0xfe, 0x0, 0x4, 0x0, "ffff32ffffffffe1"}, 0x10}, 0x2, 0x0, 0x0, 0x2884}, 0x810) r9 = dup(r6) write$P9_RLERRORu(r9, &(0x7f0000000380)=ANY=[@ANYBLOB='S\x00\x00\x00\a'], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r9}, 0x2c, {[], [], 0x6b}}) 582.954226ms ago: executing program 5 (id=756): socketpair$tipc(0x1e, 0x1, 0x0, 0x0) (async) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x37) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x79, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x3c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="070800000000000600000003ee950ab319e5f8776b008410000003f4ffff170000000000000000000000000000009500000000000000bfa0890600"/70], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) sendmsg$NL80211_CMD_DEL_INTERFACE(r2, &(0x7f0000000580)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x14, r4, 0x405, 0x70bd2d, 0x25dfdbff, {{}, {@void, @void}}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x20044000) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x8, &(0x7f00000002c0)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 431.999087ms ago: executing program 5 (id=757): r0 = socket$unix(0x1, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000000c0)=0x2, 0x4) connect$unix(r0, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x0, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000080)={0x0}) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000200)={0xffffffffffffffff, 0x8000000000000000, 0x2, 0x7}) socket$kcm(0x10, 0x400000002, 0x0) r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c00000003080102000000074441980000000000050003"], 0x1c}}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) r7 = openat$cgroup_ro(r3, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r9, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r4], 0x4}}, 0x0) sendfile(r8, r7, 0x0, 0x100000002) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='freezer.parent_freezing\x00', 0x275a, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r10, 0x1, &(0x7f00000025c0)=ANY=[]) mount_setattr(r1, &(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x800, &(0x7f00000001c0)={0x100071, 0x0, 0xe0000, {r10}}, 0x20) syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) 357.999488ms ago: executing program 5 (id=758): syz_open_dev$sg(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000500)={@loopback, @broadcast, 0x0}, &(0x7f0000000280)=0xc) setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000080)={0x1, 0x1, 0xff, r2, 0x33}, 0xc) creat(&(0x7f00000000c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[], 0x43) r4 = dup(r3) write$P9_RLERRORu(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) r5 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f00000000c0)=0xc) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r8}, 0x10) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x28, 0x18, 0x1, 0x70bd26, 0x0, {0x2}, [@typed={0x8, 0x7ff, 0x0, 0x0, @u32=0x4}, @nested={0xc, 0x8, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @uid=r6}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 285.442348ms ago: executing program 5 (id=759): bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18) (fail_nth: 3) 0s ago: executing program 1 (id=760): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bond_slave_0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x3, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0], 0x0, 0xcb, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000280), &(0x7f0000000340), 0x8, 0x13, 0x8, 0x8, &(0x7f0000000380)}}, 0x10) (async) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) (async) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10) connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) (async) sendfile(r5, r4, 0x0, 0x20000023893) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x19, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@call={0x85, 0x0, 0x0, 0x1f}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x10d2e8c66c413260}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3c, '\x00', r1, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10) (async) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) kernel console output (not intermixed with test programs): 62.131714][ T4391] ? should_fail_ex+0xd7/0x260 [ 62.131745][ T4391] ? v9fs_mount+0x53/0x570 [ 62.131764][ T4391] ? should_failslab+0x8f/0xb0 [ 62.131798][ T4391] ? __kmalloc_cache_noprof+0x186/0x320 [ 62.131859][ T4391] v9fs_mount+0x69/0x570 [ 62.131882][ T4391] ? __pfx_v9fs_mount+0x10/0x10 [ 62.132014][ T4391] legacy_get_tree+0x77/0xd0 [ 62.132057][ T4391] vfs_get_tree+0x56/0x1e0 [ 62.132139][ T4391] do_new_mount+0x227/0x690 [ 62.132177][ T4391] path_mount+0x49b/0xb30 [ 62.132207][ T4391] __se_sys_mount+0x27f/0x2d0 [ 62.132307][ T4391] ? fput+0x1c4/0x200 [ 62.132330][ T4391] __x64_sys_mount+0x67/0x80 [ 62.132426][ T4391] x64_sys_call+0x2c84/0x2dc0 [ 62.132455][ T4391] do_syscall_64+0xc9/0x1c0 [ 62.132541][ T4391] ? clear_bhb_loop+0x55/0xb0 [ 62.132597][ T4391] ? clear_bhb_loop+0x55/0xb0 [ 62.132631][ T4391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.132664][ T4391] RIP: 0033:0x7ff13ddad169 [ 62.132682][ T4391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.132703][ T4391] RSP: 002b:00007ff13c417038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 62.132723][ T4391] RAX: ffffffffffffffda RBX: 00007ff13dfc5fa0 RCX: 00007ff13ddad169 [ 62.132735][ T4391] RDX: 0000400000004380 RSI: 0000400000004280 RDI: 0000000000000000 [ 62.132810][ T4391] RBP: 00007ff13c417090 R08: 00004000000045c0 R09: 0000000000000000 [ 62.132825][ T4391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 62.132876][ T4391] R13: 0000000000000000 R14: 00007ff13dfc5fa0 R15: 00007ffe61bdabf8 [ 62.132894][ T4391] [ 62.596115][ T4412] netlink: 88 bytes leftover after parsing attributes in process `syz.0.335'. [ 62.612193][ T4413] loop3: detected capacity change from 0 to 1024 [ 62.631587][ T4416] loop1: detected capacity change from 0 to 512 [ 62.639750][ T4413] EXT4-fs: Ignoring removed nomblk_io_submit option [ 62.688242][ T4413] EXT4-fs: Ignoring removed orlov option [ 62.697570][ T4413] EXT4-fs (loop3): changing journal_checksum during remount not supported; ignoring [ 62.709076][ T4413] EXT4-fs (loop3): can't enable nombcache during remount [ 64.278288][ T4457] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 64.290378][ T4457] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 64.323575][ T4458] loop0: detected capacity change from 0 to 1024 [ 64.360964][ T4458] EXT4-fs: Ignoring removed nomblk_io_submit option [ 64.363237][ T4462] loop3: detected capacity change from 0 to 512 [ 64.394863][ T4458] EXT4-fs: Ignoring removed orlov option [ 64.460523][ T4458] EXT4-fs (loop0): changing journal_checksum during remount not supported; ignoring [ 64.472125][ T4458] EXT4-fs (loop0): can't enable nombcache during remount [ 64.516692][ T4470] netlink: 88 bytes leftover after parsing attributes in process `syz.1.355'. [ 65.156992][ T30] kauditd_printk_skb: 1087 callbacks suppressed [ 65.157012][ T30] audit: type=1326 audit(1741601791.861:5409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4461 comm="syz.3.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff13dda4127 code=0x7ffc0000 [ 65.238306][ T4483] netlink: 'syz.0.357': attribute type 27 has an invalid length. [ 65.305258][ T4483] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.321345][ T4483] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.347395][ T4488] loop3: detected capacity change from 0 to 1024 [ 65.387237][ T4488] EXT4-fs: Ignoring removed nomblk_io_submit option [ 65.390283][ T4483] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.423694][ T4483] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 65.473971][ T4483] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.488900][ T4483] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.498957][ T4483] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.509243][ T4483] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.550447][ T4488] netlink: 64 bytes leftover after parsing attributes in process `syz.3.359'. [ 65.671390][ T30] audit: type=1400 audit(1741601792.371:5410): avc: denied { write } for pid=4493 comm="syz.3.360" name="hwrng" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 65.791959][ T30] audit: type=1326 audit(1741601792.491:5411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4500 comm="syz.3.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 65.856926][ T30] audit: type=1326 audit(1741601792.491:5412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4500 comm="syz.3.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 65.888192][ T30] audit: type=1326 audit(1741601792.491:5413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4500 comm="syz.3.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 65.917660][ T30] audit: type=1326 audit(1741601792.491:5414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4500 comm="syz.3.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 65.946494][ T30] audit: type=1326 audit(1741601792.491:5415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4500 comm="syz.3.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 65.979665][ T30] audit: type=1326 audit(1741601792.491:5416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4500 comm="syz.3.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 66.008734][ T30] audit: type=1326 audit(1741601792.491:5417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4500 comm="syz.3.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 66.036587][ T30] audit: type=1326 audit(1741601792.491:5418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4500 comm="syz.3.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 66.415472][ T4515] FAULT_INJECTION: forcing a failure. [ 66.415472][ T4515] name failslab, interval 1, probability 0, space 0, times 0 [ 66.436366][ T4515] CPU: 1 UID: 0 PID: 4515 Comm: syz.0.366 Not tainted 6.14.0-rc6-syzkaller #0 [ 66.436397][ T4515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 66.436413][ T4515] Call Trace: [ 66.436423][ T4515] [ 66.436434][ T4515] dump_stack_lvl+0xf2/0x150 [ 66.436533][ T4515] dump_stack+0x15/0x1a [ 66.436558][ T4515] should_fail_ex+0x24a/0x260 [ 66.436657][ T4515] should_failslab+0x8f/0xb0 [ 66.436690][ T4515] kmem_cache_alloc_noprof+0x52/0x320 [ 66.436720][ T4515] ? getname_flags+0x81/0x3b0 [ 66.436816][ T4515] getname_flags+0x81/0x3b0 [ 66.436857][ T4515] __x64_sys_linkat+0x6b/0xa0 [ 66.436888][ T4515] x64_sys_call+0x14e3/0x2dc0 [ 66.436920][ T4515] do_syscall_64+0xc9/0x1c0 [ 66.436995][ T4515] ? clear_bhb_loop+0x55/0xb0 [ 66.437036][ T4515] ? clear_bhb_loop+0x55/0xb0 [ 66.437156][ T4515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.437219][ T4515] RIP: 0033:0x7f540aa5d169 [ 66.437336][ T4515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.437355][ T4515] RSP: 002b:00007f54090c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000109 [ 66.437374][ T4515] RAX: ffffffffffffffda RBX: 00007f540ac75fa0 RCX: 00007f540aa5d169 [ 66.437386][ T4515] RDX: ffffffffffffffff RSI: 0000400000002d40 RDI: ffffffffffffffff [ 66.437401][ T4515] RBP: 00007f54090c1090 R08: 0000000000001800 R09: 0000000000000000 [ 66.437415][ T4515] R10: 0000400000001400 R11: 0000000000000246 R12: 0000000000000001 [ 66.437429][ T4515] R13: 0000000000000001 R14: 00007f540ac75fa0 R15: 00007ffce94d4508 [ 66.437499][ T4515] [ 66.731834][ T4522] loop2: detected capacity change from 0 to 512 [ 66.756325][ T4524] loop1: detected capacity change from 0 to 1024 [ 66.779410][ T4526] loop0: detected capacity change from 0 to 512 [ 66.785422][ T4527] loop3: detected capacity change from 0 to 1024 [ 66.795046][ T4526] EXT4-fs: Ignoring removed orlov option [ 66.802084][ T4524] EXT4-fs: Ignoring removed nomblk_io_submit option [ 66.816046][ T4526] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 66.818832][ T4527] EXT4-fs: Ignoring removed nomblk_io_submit option [ 66.845251][ T4524] netlink: 64 bytes leftover after parsing attributes in process `syz.1.370'. [ 66.859039][ T4526] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 66.889236][ T4527] EXT4-fs: Ignoring removed orlov option [ 66.898907][ T4526] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.909352][ T4527] EXT4-fs (loop3): changing journal_checksum during remount not supported; ignoring [ 66.910028][ T4526] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.371: bg 0: block 248: padding at end of block bitmap is not set [ 66.920051][ T4527] EXT4-fs (loop3): can't enable nombcache during remount [ 66.961510][ T4526] EXT4-fs error (device loop0): ext4_acquire_dquot:6927: comm syz.0.371: Failed to acquire dquot type 1 [ 66.976057][ T4526] EXT4-fs (loop0): 1 truncate cleaned up [ 67.057147][ T4542] loop0: detected capacity change from 0 to 128 [ 67.134582][ T4547] netlink: 146340 bytes leftover after parsing attributes in process `syz.0.374'. [ 67.144367][ T4547] netlink: zone id is out of range [ 67.149664][ T4547] netlink: zone id is out of range [ 67.155259][ T4547] netlink: zone id is out of range [ 67.161260][ T4547] netlink: zone id is out of range [ 67.181131][ T4547] netlink: zone id is out of range [ 67.188771][ T4547] netlink: zone id is out of range [ 67.197249][ T4546] netlink: 'syz.4.376': attribute type 27 has an invalid length. [ 67.211832][ T4547] netlink: zone id is out of range [ 67.220525][ T4547] netlink: zone id is out of range [ 67.225909][ T4547] netlink: zone id is out of range [ 67.232346][ T4547] netlink: zone id is out of range [ 67.245811][ T4542] netlink: 32 bytes leftover after parsing attributes in process `syz.0.374'. [ 67.443836][ T4563] loop0: detected capacity change from 0 to 512 [ 67.984656][ T4574] 9pnet_fd: Insufficient options for proto=fd [ 67.991502][ T4575] loop3: detected capacity change from 0 to 1024 [ 67.991997][ T4575] EXT4-fs: Ignoring removed nomblk_io_submit option [ 68.052168][ T4575] netlink: 64 bytes leftover after parsing attributes in process `syz.3.383'. [ 68.133052][ T4588] netlink: 20 bytes leftover after parsing attributes in process `syz.3.390'. [ 68.193869][ T4592] loop2: detected capacity change from 0 to 512 [ 68.207486][ T4592] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 68.218190][ T4592] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 68.245892][ T4592] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 68.257217][ T4597] loop3: detected capacity change from 0 to 1024 [ 68.265714][ T4597] EXT4-fs: Ignoring removed nomblk_io_submit option [ 68.277433][ T4592] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 68.287464][ T4592] System zones: 0-2, 18-18, 34-35 [ 68.289995][ T4599] loop1: detected capacity change from 0 to 512 [ 68.310700][ T4592] netlink: 196 bytes leftover after parsing attributes in process `syz.2.393'. [ 68.355664][ T4597] EXT4-fs: Ignoring removed orlov option [ 68.371989][ T4597] EXT4-fs (loop3): changing journal_checksum during remount not supported; ignoring [ 68.382011][ T4597] EXT4-fs (loop3): can't enable nombcache during remount [ 68.403680][ T4606] loop2: detected capacity change from 0 to 1024 [ 68.411267][ T4606] EXT4-fs: Ignoring removed nomblk_io_submit option [ 68.451939][ T4606] netlink: 64 bytes leftover after parsing attributes in process `syz.2.397'. [ 68.544438][ T4616] loop0: detected capacity change from 0 to 512 [ 68.561202][ T4618] loop2: detected capacity change from 0 to 1024 [ 68.570861][ T4618] EXT4-fs: Ignoring removed nomblk_io_submit option [ 68.601408][ T4618] netlink: 64 bytes leftover after parsing attributes in process `syz.2.401'. [ 68.757919][ T4628] netlink: 20 bytes leftover after parsing attributes in process `syz.2.404'. [ 69.220827][ T4636] loop4: detected capacity change from 0 to 512 [ 69.280756][ T4636] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 69.290742][ T4636] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 69.363072][ T4639] loop1: detected capacity change from 0 to 512 [ 69.378568][ T4639] EXT4-fs: Ignoring removed orlov option [ 69.400521][ T4636] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 69.413034][ T4636] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 69.421573][ T4636] System zones: 0-2, 18-18, 34-35 [ 69.424551][ T4639] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 69.451169][ T4636] netlink: 196 bytes leftover after parsing attributes in process `syz.4.406'. [ 69.472228][ T4639] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 69.481712][ T4639] EXT4-fs (loop1): orphan cleanup on readonly fs [ 69.489688][ T4639] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.408: bg 0: block 248: padding at end of block bitmap is not set [ 69.507027][ T4644] loop3: detected capacity change from 0 to 512 [ 69.517411][ T4639] EXT4-fs error (device loop1): ext4_acquire_dquot:6927: comm syz.1.408: Failed to acquire dquot type 1 [ 69.531171][ T4639] EXT4-fs (loop1): 1 truncate cleaned up [ 69.578935][ T4650] loop0: detected capacity change from 0 to 1024 [ 69.588266][ T4650] EXT4-fs: Ignoring removed nomblk_io_submit option [ 69.704661][ T4657] loop4: detected capacity change from 0 to 1024 [ 69.726174][ T4657] EXT4-fs: Ignoring removed nomblk_io_submit option [ 69.770660][ T4657] EXT4-fs: Ignoring removed orlov option [ 69.777717][ T4657] EXT4-fs (loop4): changing journal_checksum during remount not supported; ignoring [ 69.789558][ T4657] EXT4-fs (loop4): can't enable nombcache during remount [ 69.793165][ T4667] loop1: detected capacity change from 0 to 512 [ 69.811220][ T4668] loop2: detected capacity change from 0 to 1024 [ 69.832150][ T4668] EXT4-fs: Ignoring removed nomblk_io_submit option [ 69.883583][ T4668] EXT4-fs: Ignoring removed orlov option [ 69.890756][ T4668] EXT4-fs (loop2): changing journal_checksum during remount not supported; ignoring [ 69.901744][ T4668] EXT4-fs (loop2): can't enable nombcache during remount [ 70.172176][ T30] kauditd_printk_skb: 1328 callbacks suppressed [ 70.172195][ T30] audit: type=1326 audit(1741601796.871:6743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4643 comm="syz.3.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff13dda4127 code=0x7ffc0000 [ 70.202449][ T30] audit: type=1326 audit(1741601796.871:6744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4643 comm="syz.3.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff13dd49359 code=0x7ffc0000 [ 70.226956][ T30] audit: type=1326 audit(1741601796.871:6745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4643 comm="syz.3.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 70.283309][ T30] audit: type=1326 audit(1741601796.901:6746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4666 comm="syz.1.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f80d2524127 code=0x7ffc0000 [ 70.314122][ T30] audit: type=1326 audit(1741601796.901:6747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4666 comm="syz.1.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f80d24c9359 code=0x7ffc0000 [ 70.341401][ T30] audit: type=1326 audit(1741601796.901:6748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4666 comm="syz.1.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7f80d252d169 code=0x7ffc0000 [ 70.367135][ T30] audit: type=1326 audit(1741601796.901:6749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4643 comm="syz.3.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff13dda4127 code=0x7ffc0000 [ 70.395163][ T30] audit: type=1326 audit(1741601796.901:6750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4643 comm="syz.3.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff13dd49359 code=0x7ffc0000 [ 70.425123][ T30] audit: type=1326 audit(1741601796.901:6751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4643 comm="syz.3.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 70.457288][ T30] audit: type=1326 audit(1741601796.901:6752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4643 comm="syz.3.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff13dda4127 code=0x7ffc0000 [ 70.565773][ T4680] loop4: detected capacity change from 0 to 512 [ 70.605577][ T4684] loop2: detected capacity change from 0 to 512 [ 70.617018][ T4680] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 70.628998][ T4680] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 70.638994][ T4684] EXT4-fs: Ignoring removed orlov option [ 70.666626][ T4684] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 70.679532][ T4680] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 70.698431][ T4684] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 70.707363][ T4680] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 70.726819][ T4680] System zones: 0-2, 18-18, 34-35 [ 70.733239][ T4684] EXT4-fs (loop2): orphan cleanup on readonly fs [ 70.758938][ T4684] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.421: bg 0: block 248: padding at end of block bitmap is not set [ 70.765372][ T4691] loop1: detected capacity change from 0 to 1024 [ 70.785966][ T4684] EXT4-fs error (device loop2): ext4_acquire_dquot:6927: comm syz.2.421: Failed to acquire dquot type 1 [ 70.809652][ T4684] EXT4-fs (loop2): 1 truncate cleaned up [ 70.822414][ T4691] EXT4-fs: Ignoring removed nomblk_io_submit option [ 70.831447][ T4695] loop4: detected capacity change from 0 to 512 [ 70.839954][ T4695] EXT4-fs: Ignoring removed orlov option [ 70.848062][ T4695] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 70.869296][ T4695] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 70.883287][ T4695] EXT4-fs (loop4): orphan cleanup on readonly fs [ 70.890600][ T4695] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.427: bg 0: block 248: padding at end of block bitmap is not set [ 70.908539][ T4695] EXT4-fs error (device loop4): ext4_acquire_dquot:6927: comm syz.4.427: Failed to acquire dquot type 1 [ 70.941203][ T4695] EXT4-fs (loop4): 1 truncate cleaned up [ 71.062654][ T4708] loop0: detected capacity change from 0 to 1024 [ 71.074013][ T4708] EXT4-fs: Ignoring removed nomblk_io_submit option [ 71.151686][ T4708] EXT4-fs: Ignoring removed orlov option [ 71.162441][ T4708] EXT4-fs (loop0): changing journal_checksum during remount not supported; ignoring [ 71.172156][ T4708] EXT4-fs (loop0): can't enable nombcache during remount [ 71.728787][ T4734] loop4: detected capacity change from 0 to 512 [ 71.737438][ T4734] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 71.747914][ T4734] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 71.759567][ T4734] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 71.770505][ T4734] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 71.779109][ T4734] System zones: 0-2, 18-18, 34-35 [ 71.785267][ T4734] EXT4-fs mount: 91 callbacks suppressed [ 71.785289][ T4734] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 71.897254][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.933085][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.973668][ T4739] loop0: detected capacity change from 0 to 1024 [ 71.981517][ T4741] loop4: detected capacity change from 0 to 512 [ 72.000984][ T4739] EXT4-fs: Ignoring removed nomblk_io_submit option [ 72.011596][ T4741] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 72.026346][ T4743] __nla_validate_parse: 7 callbacks suppressed [ 72.026369][ T4743] netlink: 20 bytes leftover after parsing attributes in process `syz.2.441'. [ 72.052857][ T4741] EXT4-fs (loop4): orphan cleanup on readonly fs [ 72.066588][ T4739] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.106805][ T4741] EXT4-fs error (device loop4): ext4_acquire_dquot:6927: comm syz.4.440: Failed to acquire dquot type 1 [ 72.139722][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.154743][ T4741] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.440: bg 0: block 40: padding at end of block bitmap is not set [ 72.172232][ T4741] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 72.183794][ T4741] EXT4-fs (loop4): 1 truncate cleaned up [ 72.191390][ T4741] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 72.248363][ T4758] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #16: comm syz.4.440: corrupted xattr block 31: invalid header [ 72.263129][ T4758] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=16 [ 72.276273][ T4758] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #16: comm syz.4.440: corrupted xattr block 31: invalid header [ 72.292372][ T4758] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=16 [ 72.302657][ T4758] EXT4-fs error (device loop4): ext4_get_link:106: inode #16: comm syz.4.440: bad symlink. [ 72.359580][ T4764] netlink: 96 bytes leftover after parsing attributes in process `syz.1.446'. [ 72.378780][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.454386][ T4773] loop0: detected capacity change from 0 to 512 [ 72.463554][ T4773] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 72.473333][ T4773] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 72.502837][ T4773] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 72.512778][ T4773] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 72.521722][ T4773] System zones: 0-2, 18-18, 34-35 [ 72.527899][ T4773] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.542351][ T4773] netlink: 196 bytes leftover after parsing attributes in process `syz.0.450'. [ 72.589073][ T4783] netlink: 20 bytes leftover after parsing attributes in process `syz.4.453'. [ 72.598851][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.685427][ T4789] FAULT_INJECTION: forcing a failure. [ 72.685427][ T4789] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 72.698865][ T4789] CPU: 1 UID: 0 PID: 4789 Comm: syz.4.457 Not tainted 6.14.0-rc6-syzkaller #0 [ 72.698893][ T4789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 72.698908][ T4789] Call Trace: [ 72.698917][ T4789] [ 72.698926][ T4789] dump_stack_lvl+0xf2/0x150 [ 72.698995][ T4789] dump_stack+0x15/0x1a [ 72.699021][ T4789] should_fail_ex+0x24a/0x260 [ 72.699059][ T4789] should_fail_alloc_page+0xfd/0x110 [ 72.699106][ T4789] __alloc_frozen_pages_noprof+0x109/0x340 [ 72.699171][ T4789] alloc_pages_mpol+0xb4/0x260 [ 72.699200][ T4789] vma_alloc_folio_noprof+0x1a0/0x310 [ 72.699232][ T4789] handle_mm_fault+0xdd7/0x2ac0 [ 72.699325][ T4789] exc_page_fault+0x3b9/0x650 [ 72.699361][ T4789] asm_exc_page_fault+0x26/0x30 [ 72.699393][ T4789] RIP: 0033:0x7f845526a78b [ 72.699464][ T4789] Code: c0 8b 87 c0 00 00 00 66 0f 6c c0 85 c0 0f 85 44 01 00 00 c7 87 c0 00 00 00 ff ff ff ff 48 8d 84 24 20 21 00 00 48 8d 7c 24 20 <0f> 29 44 24 40 49 89 e4 48 89 44 24 50 8b 43 74 48 89 9c 24 00 01 [ 72.699484][ T4789] RSP: 002b:00007f845391ee10 EFLAGS: 00010246 [ 72.699541][ T4789] RAX: 00007f8453920f30 RBX: 00007f84554ac620 RCX: 0000000000000000 [ 72.699555][ T4789] RDX: 00007f8453920f78 RSI: 00007f845531cbd8 RDI: 00007f845391ee30 [ 72.699569][ T4789] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000 [ 72.699583][ T4789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 72.699596][ T4789] R13: 0000000000000000 R14: 00007f84554d5fa0 R15: 00007fffbf4cd748 [ 72.699617][ T4789] [ 72.699628][ T4789] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 72.907795][ T4808] loop3: detected capacity change from 0 to 512 [ 72.917723][ T4808] EXT4-fs: Ignoring removed orlov option [ 72.923878][ T4810] loop4: detected capacity change from 0 to 512 [ 72.932950][ T4810] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 72.942244][ T4810] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 72.959818][ T4808] EXT4-fs error (device loop3): dx_probe:823: inode #2: comm syz.3.463: Attempting to read directory block (0) that is past i_size (256) [ 72.986842][ T4810] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 72.988603][ T4808] EXT4-fs (loop3): Remounting filesystem read-only [ 72.996297][ T4810] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 73.013925][ T4810] System zones: 0-2, 18-18, 34-35 [ 73.020212][ T4810] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.038330][ T4810] netlink: 196 bytes leftover after parsing attributes in process `syz.4.464'. [ 73.049971][ T4808] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 73.059176][ T4808] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.074731][ T4808] SELinux: (dev loop3, type ext4) getxattr errno 5 [ 73.083928][ T4808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.103765][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.113323][ T4819] loop2: detected capacity change from 0 to 512 [ 73.124576][ T4819] EXT4-fs: Ignoring removed orlov option [ 73.134175][ T4819] EXT4-fs error (device loop2): dx_probe:823: inode #2: comm syz.2.466: Attempting to read directory block (0) that is past i_size (256) [ 73.150713][ T4819] EXT4-fs (loop2): Remounting filesystem read-only [ 73.157725][ T4819] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 73.166824][ T4819] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.181716][ T4819] SELinux: (dev loop2, type ext4) getxattr errno 5 [ 73.191396][ T4819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.211614][ T4824] netlink: 4 bytes leftover after parsing attributes in process `syz.4.467'. [ 73.220772][ T4824] netlink: 8 bytes leftover after parsing attributes in process `syz.4.467'. [ 73.294247][ T4829] FAULT_INJECTION: forcing a failure. [ 73.294247][ T4829] name failslab, interval 1, probability 0, space 0, times 0 [ 73.309419][ T4829] CPU: 0 UID: 0 PID: 4829 Comm: syz.3.470 Not tainted 6.14.0-rc6-syzkaller #0 [ 73.309503][ T4829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 73.309519][ T4829] Call Trace: [ 73.309527][ T4829] [ 73.309535][ T4829] dump_stack_lvl+0xf2/0x150 [ 73.309626][ T4829] dump_stack+0x15/0x1a [ 73.309649][ T4829] should_fail_ex+0x24a/0x260 [ 73.309697][ T4829] should_failslab+0x8f/0xb0 [ 73.309733][ T4829] __kmalloc_noprof+0xab/0x3f0 [ 73.309760][ T4829] ? memcg_list_lru_alloc+0x187/0x4e0 [ 73.309828][ T4829] memcg_list_lru_alloc+0x187/0x4e0 [ 73.309853][ T4829] ? security_compute_sid+0xdd8/0xe10 [ 73.309894][ T4829] __memcg_slab_post_alloc_hook+0x1a2/0x660 [ 73.309914][ T4826] FAULT_INJECTION: forcing a failure. [ 73.309914][ T4826] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 73.309987][ T4829] ? should_fail_ex+0xd7/0x260 [ 73.310046][ T4829] kmem_cache_alloc_lru_noprof+0x230/0x320 [ 73.310129][ T4829] ? mqueue_alloc_inode+0x34/0x50 [ 73.310160][ T4829] mqueue_alloc_inode+0x34/0x50 [ 73.310230][ T4829] ? __pfx_mqueue_alloc_inode+0x10/0x10 [ 73.310258][ T4829] alloc_inode+0x3c/0x160 [ 73.310300][ T4829] new_inode+0x1e/0x100 [ 73.310340][ T4829] mqueue_get_inode+0x27/0x660 [ 73.310418][ T4829] mqueue_create_attr+0x183/0x270 [ 73.310461][ T4829] ? __pfx_mqueue_create_attr+0x10/0x10 [ 73.310511][ T4829] vfs_mkobj+0x9e/0x1b0 [ 73.310542][ T4829] do_mq_open+0x354/0x4b0 [ 73.310587][ T4829] __x64_sys_mq_open+0xcc/0x100 [ 73.310630][ T4829] x64_sys_call+0x1d6f/0x2dc0 [ 73.310709][ T4829] do_syscall_64+0xc9/0x1c0 [ 73.310743][ T4829] ? clear_bhb_loop+0x55/0xb0 [ 73.310835][ T4829] ? clear_bhb_loop+0x55/0xb0 [ 73.310894][ T4829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.310929][ T4829] RIP: 0033:0x7ff13ddad169 [ 73.310949][ T4829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.310971][ T4829] RSP: 002b:00007ff13c417038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0 [ 73.310995][ T4829] RAX: ffffffffffffffda RBX: 00007ff13dfc5fa0 RCX: 00007ff13ddad169 [ 73.311079][ T4829] RDX: 0000000000000000 RSI: 0000000000000042 RDI: 00004000005a1ffb [ 73.311094][ T4829] RBP: 00007ff13c417090 R08: 0000000000000000 R09: 0000000000000000 [ 73.311109][ T4829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 73.311123][ T4829] R13: 0000000000000000 R14: 00007ff13dfc5fa0 R15: 00007ffe61bdabf8 [ 73.311146][ T4829] [ 73.574339][ T4826] CPU: 1 UID: 0 PID: 4826 Comm: syz.0.469 Not tainted 6.14.0-rc6-syzkaller #0 [ 73.574369][ T4826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 73.574385][ T4826] Call Trace: [ 73.574435][ T4826] [ 73.574445][ T4826] dump_stack_lvl+0xf2/0x150 [ 73.574495][ T4826] dump_stack+0x15/0x1a [ 73.574522][ T4826] should_fail_ex+0x24a/0x260 [ 73.574555][ T4826] should_fail+0xb/0x10 [ 73.574583][ T4826] should_fail_usercopy+0x1a/0x20 [ 73.574659][ T4826] _copy_to_user+0x20/0xa0 [ 73.574685][ T4826] simple_read_from_buffer+0xa0/0x110 [ 73.574729][ T4826] proc_fail_nth_read+0xf9/0x140 [ 73.574774][ T4826] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 73.574858][ T4826] vfs_read+0x19b/0x6f0 [ 73.574895][ T4826] ? __rcu_read_unlock+0x4e/0x70 [ 73.574925][ T4826] ? __fget_files+0x17c/0x1c0 [ 73.575005][ T4826] ksys_read+0xe8/0x1b0 [ 73.575093][ T4826] __x64_sys_read+0x42/0x50 [ 73.575132][ T4826] x64_sys_call+0x2874/0x2dc0 [ 73.575167][ T4826] do_syscall_64+0xc9/0x1c0 [ 73.575211][ T4826] ? clear_bhb_loop+0x55/0xb0 [ 73.575246][ T4826] ? clear_bhb_loop+0x55/0xb0 [ 73.575308][ T4826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.575335][ T4826] RIP: 0033:0x7f540aa5bb7c [ 73.575350][ T4826] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 73.575373][ T4826] RSP: 002b:00007f54090c1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 73.575396][ T4826] RAX: ffffffffffffffda RBX: 00007f540ac75fa0 RCX: 00007f540aa5bb7c [ 73.575460][ T4826] RDX: 000000000000000f RSI: 00007f54090c10a0 RDI: 0000000000000003 [ 73.575475][ T4826] RBP: 00007f54090c1090 R08: 0000000000000000 R09: 0000000000000000 [ 73.575489][ T4826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 73.575504][ T4826] R13: 0000000000000000 R14: 00007f540ac75fa0 R15: 00007ffce94d4508 [ 73.575530][ T4826] [ 73.865659][ T4837] loop1: detected capacity change from 0 to 1024 [ 73.880082][ T4837] EXT4-fs: Ignoring removed nomblk_io_submit option [ 73.967983][ T4837] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.008907][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.579952][ T4862] loop1: detected capacity change from 0 to 512 [ 74.609704][ T4861] loop0: detected capacity change from 0 to 2048 [ 74.617129][ T4861] EXT4-fs: Ignoring removed bh option [ 74.659466][ T4861] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.821860][ T4871] FAULT_INJECTION: forcing a failure. [ 74.821860][ T4871] name failslab, interval 1, probability 0, space 0, times 0 [ 74.837208][ T4871] CPU: 1 UID: 0 PID: 4871 Comm: syz.4.482 Not tainted 6.14.0-rc6-syzkaller #0 [ 74.837261][ T4871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 74.837281][ T4871] Call Trace: [ 74.837289][ T4871] [ 74.837298][ T4871] dump_stack_lvl+0xf2/0x150 [ 74.837339][ T4871] dump_stack+0x15/0x1a [ 74.837362][ T4871] should_fail_ex+0x24a/0x260 [ 74.837398][ T4871] should_failslab+0x8f/0xb0 [ 74.837494][ T4871] kmem_cache_alloc_node_noprof+0x59/0x320 [ 74.837523][ T4871] ? __alloc_skb+0x10b/0x310 [ 74.837554][ T4871] __alloc_skb+0x10b/0x310 [ 74.837609][ T4871] ? audit_log_start+0x34c/0x6b0 [ 74.837664][ T4871] audit_log_start+0x368/0x6b0 [ 74.837786][ T4871] audit_seccomp+0x4b/0x130 [ 74.837820][ T4871] __seccomp_filter+0x6fa/0x1180 [ 74.837846][ T4871] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 74.837892][ T4871] ? vfs_write+0x644/0x920 [ 74.837929][ T4871] __secure_computing+0x9f/0x1c0 [ 74.838035][ T4871] syscall_trace_enter+0xd1/0x1f0 [ 74.838066][ T4871] do_syscall_64+0xaa/0x1c0 [ 74.838172][ T4871] ? clear_bhb_loop+0x55/0xb0 [ 74.838209][ T4871] ? clear_bhb_loop+0x55/0xb0 [ 74.838239][ T4871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.838330][ T4871] RIP: 0033:0x7f84552bd169 [ 74.838350][ T4871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.838376][ T4871] RSP: 002b:00007f8453921038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bb [ 74.838402][ T4871] RAX: ffffffffffffffda RBX: 00007f84554d5fa0 RCX: 00007f84552bd169 [ 74.838417][ T4871] RDX: 0000000000000000 RSI: ffffffff80000400 RDI: ffffffffffffffff [ 74.838429][ T4871] RBP: 00007f8453921090 R08: 0000000000000000 R09: 0000000000000000 [ 74.838441][ T4871] R10: 0000400000000040 R11: 0000000000000246 R12: 0000000000000001 [ 74.838486][ T4871] R13: 0000000000000000 R14: 00007f84554d5fa0 R15: 00007fffbf4cd748 [ 74.838506][ T4871] [ 75.118126][ T4877] loop4: detected capacity change from 0 to 512 [ 75.124022][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.134402][ T4873] loop3: detected capacity change from 0 to 4096 [ 75.158754][ T4873] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.175715][ T4877] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.191627][ T30] kauditd_printk_skb: 392 callbacks suppressed [ 75.191640][ T30] audit: type=1326 audit(1741601801.871:7137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4872 comm="syz.3.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7ff13ddabeb7 code=0x7ffc0000 [ 75.194005][ T4877] ext4 filesystem being mounted at /104/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 75.198769][ T30] audit: type=1326 audit(1741601801.891:7138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4872 comm="syz.3.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff13ddabad0 code=0x7ffc0000 [ 75.258621][ T30] audit: type=1326 audit(1741601801.891:7139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4872 comm="syz.3.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 75.282088][ T30] audit: type=1326 audit(1741601801.891:7140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4872 comm="syz.3.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 75.306007][ T30] audit: type=1326 audit(1741601801.891:7141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4872 comm="syz.3.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 75.329917][ T30] audit: type=1326 audit(1741601801.891:7142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4872 comm="syz.3.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 75.354264][ T30] audit: type=1326 audit(1741601801.891:7143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4872 comm="syz.3.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 75.378501][ T30] audit: type=1326 audit(1741601801.891:7144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4872 comm="syz.3.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 75.402541][ T30] audit: type=1326 audit(1741601801.891:7145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4872 comm="syz.3.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 75.427221][ T30] audit: type=1326 audit(1741601801.891:7146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4872 comm="syz.3.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 75.458185][ T4887] netlink: 'syz.4.486': attribute type 13 has an invalid length. [ 75.499958][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.508599][ T4894] netlink: 4 bytes leftover after parsing attributes in process `syz.0.491'. [ 75.518348][ T4894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.491'. [ 76.281368][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.319849][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.327545][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.335164][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.342824][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.351325][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.359942][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.367557][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.374996][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.383774][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.391947][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.399445][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.407644][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.416613][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.427297][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.436217][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.444032][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.451573][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.459802][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.467638][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.477650][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.485337][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.493114][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.501013][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.519418][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.529662][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.537516][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.546183][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.553713][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.562928][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.571383][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.580182][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.589653][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.598766][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.607540][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.615569][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.624159][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.632271][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.641330][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.651738][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.661750][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.674544][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.685648][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.695880][ T3468] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 76.760975][ T3468] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz0 [ 76.893752][ T4922] sg_write: data in/out 768/1 bytes for SCSI command 0x0-- guessing data in; [ 76.893752][ T4922] program syz.3.499 not setting count and/or reply_len properly [ 76.922669][ T4926] loop2: detected capacity change from 0 to 512 [ 76.944531][ T4926] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 76.962504][ T4926] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 76.983513][ T4926] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 76.997198][ T4926] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 77.008984][ T4926] System zones: 0-2, 18-18, 34-35 [ 77.028690][ T4926] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.049722][ T4926] netlink: 196 bytes leftover after parsing attributes in process `syz.2.503'. [ 77.066003][ T4936] loop4: detected capacity change from 0 to 512 [ 77.109592][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.188644][ T4942] loop2: detected capacity change from 0 to 1024 [ 77.196866][ T4942] EXT4-fs: Ignoring removed nomblk_io_submit option [ 77.220914][ T4942] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.238660][ T4942] EXT4-fs: Ignoring removed orlov option [ 77.244817][ T4942] EXT4-fs (loop2): changing journal_checksum during remount not supported; ignoring [ 77.254874][ T4942] EXT4-fs (loop2): can't enable nombcache during remount [ 77.659379][ T4950] capability: warning: `syz.3.510' uses deprecated v2 capabilities in a way that may be insecure [ 77.721423][ T4954] FAULT_INJECTION: forcing a failure. [ 77.721423][ T4954] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 77.737163][ T4954] CPU: 0 UID: 0 PID: 4954 Comm: syz.1.512 Not tainted 6.14.0-rc6-syzkaller #0 [ 77.737263][ T4954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 77.737320][ T4954] Call Trace: [ 77.737327][ T4954] [ 77.737335][ T4954] dump_stack_lvl+0xf2/0x150 [ 77.737369][ T4954] dump_stack+0x15/0x1a [ 77.737393][ T4954] should_fail_ex+0x24a/0x260 [ 77.737429][ T4954] should_fail+0xb/0x10 [ 77.737514][ T4954] should_fail_usercopy+0x1a/0x20 [ 77.737596][ T4954] _copy_to_iter+0x248/0xd00 [ 77.737635][ T4954] ? traverse+0x397/0x3c0 [ 77.737714][ T4954] ? __virt_addr_valid+0x1ed/0x250 [ 77.737821][ T4954] ? __check_object_size+0x364/0x520 [ 77.737854][ T4954] seq_read_iter+0x1db/0x930 [ 77.737911][ T4954] ? path_openat+0x1a78/0x1fc0 [ 77.737940][ T4954] seq_read+0x1ed/0x230 [ 77.737977][ T4954] ? __pfx_seq_read+0x10/0x10 [ 77.738009][ T4954] proc_reg_read+0x13f/0x1d0 [ 77.738033][ T4954] vfs_readv+0x3e2/0x660 [ 77.738057][ T4954] ? __pfx_proc_reg_read+0x10/0x10 [ 77.738090][ T4954] __se_sys_preadv2+0x100/0x1c0 [ 77.738130][ T4954] __x64_sys_preadv2+0x78/0x90 [ 77.738239][ T4954] x64_sys_call+0x1eeb/0x2dc0 [ 77.738267][ T4954] do_syscall_64+0xc9/0x1c0 [ 77.738307][ T4954] ? clear_bhb_loop+0x55/0xb0 [ 77.738341][ T4954] ? clear_bhb_loop+0x55/0xb0 [ 77.738376][ T4954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.738402][ T4954] RIP: 0033:0x7f80d252d169 [ 77.738418][ T4954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.738440][ T4954] RSP: 002b:00007f80d0b91038 EFLAGS: 00000246 ORIG_RAX: 0000000000000147 [ 77.738519][ T4954] RAX: ffffffffffffffda RBX: 00007f80d2745fa0 RCX: 00007f80d252d169 [ 77.738535][ T4954] RDX: 0000000000000001 RSI: 0000400000000380 RDI: 0000000000000009 [ 77.738560][ T4954] RBP: 00007f80d0b91090 R08: 0000000000009861 R09: 0000000000000000 [ 77.738572][ T4954] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 77.738583][ T4954] R13: 0000000000000000 R14: 00007f80d2745fa0 R15: 00007ffd8909eb98 [ 77.738601][ T4954] [ 77.988971][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.058671][ T4965] loop0: detected capacity change from 0 to 512 [ 78.071315][ T4965] EXT4-fs: Ignoring removed orlov option [ 78.097283][ T4967] loop4: detected capacity change from 0 to 512 [ 78.122248][ T4967] EXT4-fs: Ignoring removed orlov option [ 78.152735][ T4965] EXT4-fs error (device loop0): dx_probe:823: inode #2: comm syz.0.516: Attempting to read directory block (0) that is past i_size (256) [ 78.171063][ T4973] loop1: detected capacity change from 0 to 512 [ 78.178108][ T4967] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.518: Attempting to read directory block (0) that is past i_size (256) [ 78.193405][ T4965] EXT4-fs (loop0): Remounting filesystem read-only [ 78.193786][ T4973] EXT4-fs: Ignoring removed orlov option [ 78.206902][ T4965] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 78.209301][ T4967] EXT4-fs (loop4): Remounting filesystem read-only [ 78.219193][ T4965] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.243775][ T4973] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 78.244651][ T4965] SELinux: (dev loop0, type ext4) getxattr errno 5 [ 78.254345][ T4967] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 78.261344][ T4965] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.271185][ T4967] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.284309][ T4973] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 78.301421][ T4967] SELinux: (dev loop4, type ext4) getxattr errno 5 [ 78.308439][ T4973] EXT4-fs (loop1): orphan cleanup on readonly fs [ 78.309673][ T4967] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.319241][ T4973] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.520: bg 0: block 248: padding at end of block bitmap is not set [ 78.368832][ T4973] EXT4-fs error (device loop1): ext4_acquire_dquot:6927: comm syz.1.520: Failed to acquire dquot type 1 [ 78.385317][ T4973] EXT4-fs (loop1): 1 truncate cleaned up [ 78.398809][ T4973] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 78.438694][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.500123][ T4987] loop2: detected capacity change from 0 to 512 [ 78.539519][ T4989] loop4: detected capacity change from 0 to 512 [ 78.549472][ T4989] EXT4-fs: Ignoring removed orlov option [ 78.559374][ T4989] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.526: Attempting to read directory block (0) that is past i_size (256) [ 78.575027][ T4989] EXT4-fs (loop4): Remounting filesystem read-only [ 78.584226][ T4989] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 78.594325][ T4989] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.614267][ T4989] SELinux: (dev loop4, type ext4) getxattr errno 5 [ 78.622205][ T4989] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.898134][ T5005] loop4: detected capacity change from 0 to 4096 [ 78.918094][ T5005] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.955270][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.074716][ T5010] loop4: detected capacity change from 0 to 512 [ 79.081923][ T5010] EXT4-fs: Ignoring removed orlov option [ 79.088987][ T5010] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 79.108968][ T5010] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 79.117530][ T5010] EXT4-fs (loop4): orphan cleanup on readonly fs [ 79.124859][ T5010] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.533: bg 0: block 248: padding at end of block bitmap is not set [ 79.140193][ T5010] EXT4-fs error (device loop4): ext4_acquire_dquot:6927: comm syz.4.533: Failed to acquire dquot type 1 [ 79.152767][ T5010] EXT4-fs (loop4): 1 truncate cleaned up [ 79.159936][ T5010] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 79.200470][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.222289][ T5013] binfmt_misc: register: failed to install interpreter file ./file2 [ 79.250455][ T5015] binfmt_misc: register: failed to install interpreter file ./file2 [ 79.474458][ T5028] xt_hashlimit: max too large, truncated to 1048576 [ 79.493324][ T5027] loop0: detected capacity change from 0 to 512 [ 79.558782][ T5027] EXT4-fs (loop0): blocks per group (95) and clusters per group (32768) inconsistent [ 79.583210][ T5037] FAULT_INJECTION: forcing a failure. [ 79.583210][ T5037] name failslab, interval 1, probability 0, space 0, times 0 [ 79.597081][ T5037] CPU: 1 UID: 0 PID: 5037 Comm: syz.2.543 Not tainted 6.14.0-rc6-syzkaller #0 [ 79.597187][ T5037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 79.597247][ T5037] Call Trace: [ 79.597256][ T5037] [ 79.597266][ T5037] dump_stack_lvl+0xf2/0x150 [ 79.597309][ T5037] dump_stack+0x15/0x1a [ 79.597331][ T5037] should_fail_ex+0x24a/0x260 [ 79.597368][ T5037] should_failslab+0x8f/0xb0 [ 79.597407][ T5037] kmem_cache_alloc_noprof+0x52/0x320 [ 79.597439][ T5037] ? audit_log_start+0x34c/0x6b0 [ 79.597475][ T5037] audit_log_start+0x34c/0x6b0 [ 79.597527][ T5037] ? copy_from_kernel_nofault+0x10c/0x1d0 [ 79.597560][ T5037] audit_seccomp+0x4b/0x130 [ 79.597649][ T5037] ? copy_from_kernel_nofault+0x186/0x1d0 [ 79.597680][ T5037] __seccomp_filter+0x6fa/0x1180 [ 79.597711][ T5037] ? __perf_event_task_sched_out+0x138/0x1010 [ 79.597746][ T5037] __secure_computing+0x9f/0x1c0 [ 79.597796][ T5037] syscall_trace_enter+0xd1/0x1f0 [ 79.597829][ T5037] do_syscall_64+0xaa/0x1c0 [ 79.597868][ T5037] ? clear_bhb_loop+0x55/0xb0 [ 79.597897][ T5037] ? clear_bhb_loop+0x55/0xb0 [ 79.597961][ T5037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.597995][ T5037] RIP: 0033:0x7f6116c4bb7c [ 79.598015][ T5037] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 79.598035][ T5037] RSP: 002b:00007f61152b7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 79.598069][ T5037] RAX: ffffffffffffffda RBX: 00007f6116e65fa0 RCX: 00007f6116c4bb7c [ 79.598081][ T5037] RDX: 000000000000000f RSI: 00007f61152b70a0 RDI: 0000000000000005 [ 79.598095][ T5037] RBP: 00007f61152b7090 R08: 0000000000000000 R09: 0000000000000000 [ 79.598109][ T5037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 79.598124][ T5037] R13: 0000000000000000 R14: 00007f6116e65fa0 R15: 00007ffc638ce378 [ 79.598146][ T5037] [ 79.947458][ T5043] FAULT_INJECTION: forcing a failure. [ 79.947458][ T5043] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 79.961105][ T5043] CPU: 1 UID: 0 PID: 5043 Comm: syz.3.544 Not tainted 6.14.0-rc6-syzkaller #0 [ 79.961134][ T5043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 79.961149][ T5043] Call Trace: [ 79.961158][ T5043] [ 79.961168][ T5043] dump_stack_lvl+0xf2/0x150 [ 79.961203][ T5043] dump_stack+0x15/0x1a [ 79.961228][ T5043] should_fail_ex+0x24a/0x260 [ 79.961384][ T5043] should_fail+0xb/0x10 [ 79.961422][ T5043] should_fail_usercopy+0x1a/0x20 [ 79.961461][ T5043] _copy_from_user+0x1c/0xa0 [ 79.961485][ T5043] bm_register_write+0xcb/0xb60 [ 79.961609][ T5043] ? __pfx_bm_register_write+0x10/0x10 [ 79.961652][ T5043] vfs_write+0x27d/0x920 [ 79.961748][ T5043] ? putname+0xcf/0xf0 [ 79.961770][ T5043] ? __fget_files+0x17c/0x1c0 [ 79.961806][ T5043] ksys_write+0xe8/0x1b0 [ 79.961839][ T5043] __x64_sys_write+0x42/0x50 [ 79.961872][ T5043] x64_sys_call+0x287e/0x2dc0 [ 79.961947][ T5043] do_syscall_64+0xc9/0x1c0 [ 79.961998][ T5043] ? clear_bhb_loop+0x55/0xb0 [ 79.962031][ T5043] ? clear_bhb_loop+0x55/0xb0 [ 79.962139][ T5043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.962171][ T5043] RIP: 0033:0x7ff13ddad169 [ 79.962190][ T5043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.962212][ T5043] RSP: 002b:00007ff13c417038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 79.962234][ T5043] RAX: ffffffffffffffda RBX: 00007ff13dfc5fa0 RCX: 00007ff13ddad169 [ 79.962269][ T5043] RDX: 0000000000000032 RSI: 0000400000000440 RDI: 0000000000000005 [ 79.962284][ T5043] RBP: 00007ff13c417090 R08: 0000000000000000 R09: 0000000000000000 [ 79.962299][ T5043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 79.962313][ T5043] R13: 0000000000000000 R14: 00007ff13dfc5fa0 R15: 00007ffe61bdabf8 [ 79.962337][ T5043] [ 80.341068][ T30] kauditd_printk_skb: 709 callbacks suppressed [ 80.341089][ T30] audit: type=1400 audit(1741601807.031:7850): avc: denied { unlink } for pid=2984 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 80.415975][ T5050] vlan2: entered allmulticast mode [ 80.521424][ T30] audit: type=1400 audit(1741601807.221:7851): avc: denied { write } for pid=5049 comm="syz.3.548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 80.675301][ T5050] infiniband syz!: set down [ 80.683606][ T5050] infiniband syz!: added team_slave_0 [ 80.776900][ T5066] FAULT_INJECTION: forcing a failure. [ 80.776900][ T5066] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 80.791928][ T5066] CPU: 1 UID: 0 PID: 5066 Comm: syz.1.553 Not tainted 6.14.0-rc6-syzkaller #0 [ 80.791957][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 80.791972][ T5066] Call Trace: [ 80.791981][ T5066] [ 80.791991][ T5066] dump_stack_lvl+0xf2/0x150 [ 80.792026][ T5066] dump_stack+0x15/0x1a [ 80.792053][ T5066] should_fail_ex+0x24a/0x260 [ 80.792159][ T5066] should_fail+0xb/0x10 [ 80.792186][ T5066] should_fail_usercopy+0x1a/0x20 [ 80.792301][ T5066] _copy_from_iter+0xd5/0xd00 [ 80.792416][ T5066] ? mntput_no_expire+0x70/0x3d0 [ 80.792445][ T5066] ? kernelmode_fixup_or_oops+0x58/0xb0 [ 80.792487][ T5066] tun_get_user+0x2b3/0x25c0 [ 80.792580][ T5066] ? _parse_integer+0x27/0x30 [ 80.792612][ T5066] ? ref_tracker_alloc+0x1f5/0x2f0 [ 80.792703][ T5066] tun_chr_write_iter+0x188/0x240 [ 80.792739][ T5066] vfs_write+0x77b/0x920 [ 80.792971][ T5066] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 80.793033][ T5066] ksys_write+0xe8/0x1b0 [ 80.793070][ T5066] __x64_sys_write+0x42/0x50 [ 80.793146][ T5066] x64_sys_call+0x287e/0x2dc0 [ 80.793176][ T5066] do_syscall_64+0xc9/0x1c0 [ 80.793215][ T5066] ? clear_bhb_loop+0x55/0xb0 [ 80.793273][ T5066] ? clear_bhb_loop+0x55/0xb0 [ 80.793405][ T5066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.793433][ T5066] RIP: 0033:0x7f80d252d169 [ 80.793448][ T5066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.793467][ T5066] RSP: 002b:00007f80d0b91038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 80.793485][ T5066] RAX: ffffffffffffffda RBX: 00007f80d2745fa0 RCX: 00007f80d252d169 [ 80.793500][ T5066] RDX: 000000000000fe3a RSI: 0000400000000000 RDI: 0000000000000003 [ 80.793514][ T5066] RBP: 00007f80d0b91090 R08: 0000000000000000 R09: 0000000000000000 [ 80.793528][ T5066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 80.793542][ T5066] R13: 0000000000000000 R14: 00007f80d2745fa0 R15: 00007ffd8909eb98 [ 80.793607][ T5066] [ 81.044334][ T5050] RDS/IB: syz!: added [ 81.050710][ T5050] smc: adding ib device syz! with port count 1 [ 81.057363][ T5050] smc: ib device syz! port 1 has pnetid [ 81.088632][ T5070] loop4: detected capacity change from 0 to 512 [ 81.099460][ T5070] EXT4-fs: Ignoring removed orlov option [ 81.126304][ T5070] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.554: Attempting to read directory block (0) that is past i_size (256) [ 81.152508][ T5070] EXT4-fs (loop4): Remounting filesystem read-only [ 81.164954][ T5070] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 81.177781][ T5070] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.261547][ T5070] SELinux: (dev loop4, type ext4) getxattr errno 5 [ 81.285373][ T5070] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.473200][ T5082] netlink: 96 bytes leftover after parsing attributes in process `syz.3.558'. [ 81.518996][ T30] audit: type=1326 audit(1741601808.221:7852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5084 comm="syz.0.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f540aa5d169 code=0x7ffc0000 [ 81.548843][ T5087] loop3: detected capacity change from 0 to 512 [ 81.558020][ T5087] EXT4-fs: Ignoring removed orlov option [ 81.568684][ T30] audit: type=1326 audit(1741601808.221:7853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5084 comm="syz.0.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f540aa5d169 code=0x7ffc0000 [ 81.593032][ T30] audit: type=1326 audit(1741601808.221:7854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5084 comm="syz.0.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f540aa5d169 code=0x7ffc0000 [ 81.625035][ T30] audit: type=1326 audit(1741601808.221:7855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5084 comm="syz.0.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f540aa5d169 code=0x7ffc0000 [ 81.650796][ T30] audit: type=1326 audit(1741601808.221:7856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5084 comm="syz.0.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f540aa5d169 code=0x7ffc0000 [ 81.678592][ T30] audit: type=1326 audit(1741601808.221:7857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5084 comm="syz.0.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f540aa5d169 code=0x7ffc0000 [ 81.712678][ T30] audit: type=1326 audit(1741601808.261:7858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5084 comm="syz.0.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f540aa5d169 code=0x7ffc0000 [ 81.738774][ T30] audit: type=1326 audit(1741601808.261:7859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5084 comm="syz.0.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f540aa5d169 code=0x7ffc0000 [ 81.797771][ T5089] rdma_op ffff8881089e1d80 conn xmit_rdma 0000000000000000 [ 81.815313][ T5087] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 81.826474][ T5087] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 81.836655][ T5087] EXT4-fs (loop3): orphan cleanup on readonly fs [ 81.846059][ T5087] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.559: bg 0: block 248: padding at end of block bitmap is not set [ 81.865092][ T5087] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.559: Failed to acquire dquot type 1 [ 81.898170][ T5087] EXT4-fs (loop3): 1 truncate cleaned up [ 81.908118][ T5087] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 82.000700][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.015060][ T5098] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 82.089607][ T5101] loop2: detected capacity change from 0 to 512 [ 82.103862][ T5101] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 82.178730][ T5101] EXT4-fs (loop2): orphan cleanup on readonly fs [ 82.188233][ T5101] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.564: bg 0: block 248: padding at end of block bitmap is not set [ 82.206378][ T5101] EXT4-fs error (device loop2): ext4_acquire_dquot:6927: comm syz.2.564: Failed to acquire dquot type 1 [ 82.221408][ T5101] EXT4-fs (loop2): 1 truncate cleaned up [ 82.231589][ T5101] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 82.440117][ T5107] loop1: detected capacity change from 0 to 512 [ 82.524487][ T5107] EXT4-fs: Ignoring removed orlov option [ 82.606385][ T5113] loop0: detected capacity change from 0 to 512 [ 82.625230][ T5107] EXT4-fs error (device loop1): dx_probe:823: inode #2: comm syz.1.567: Attempting to read directory block (0) that is past i_size (256) [ 82.679629][ T5113] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 82.689001][ T5113] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 82.784385][ T5107] EXT4-fs (loop1): Remounting filesystem read-only [ 82.800226][ T5107] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 82.818578][ T5113] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 82.829502][ T5107] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.855142][ T5113] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 82.871491][ T5107] SELinux: (dev loop1, type ext4) getxattr errno 5 [ 82.883785][ T5113] System zones: 0-2, 18-18, 34-35 [ 82.893573][ T5107] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.905663][ T5113] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.954221][ T5113] netlink: 196 bytes leftover after parsing attributes in process `syz.0.570'. [ 83.011084][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.169449][ T5128] loop0: detected capacity change from 0 to 512 [ 83.186335][ T5129] loop1: detected capacity change from 0 to 1024 [ 83.195176][ T5129] EXT4-fs: Ignoring removed nomblk_io_submit option [ 83.223907][ T5128] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.261579][ T5129] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.288740][ T5128] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.320043][ T5129] EXT4-fs: Ignoring removed orlov option [ 83.349477][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.361950][ T5129] EXT4-fs (loop1): changing journal_checksum during remount not supported; ignoring [ 83.371466][ T5129] EXT4-fs (loop1): can't enable nombcache during remount [ 83.539218][ T5139] FAULT_INJECTION: forcing a failure. [ 83.539218][ T5139] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 83.552603][ T5139] CPU: 1 UID: 0 PID: 5139 Comm: syz.4.578 Not tainted 6.14.0-rc6-syzkaller #0 [ 83.552626][ T5139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 83.552671][ T5139] Call Trace: [ 83.552677][ T5139] [ 83.552685][ T5139] dump_stack_lvl+0xf2/0x150 [ 83.552712][ T5139] dump_stack+0x15/0x1a [ 83.552733][ T5139] should_fail_ex+0x24a/0x260 [ 83.552821][ T5139] should_fail+0xb/0x10 [ 83.552848][ T5139] should_fail_usercopy+0x1a/0x20 [ 83.552888][ T5139] _copy_from_user+0x1c/0xa0 [ 83.552911][ T5139] memdup_user+0x64/0xc0 [ 83.553018][ T5139] strndup_user+0x68/0xa0 [ 83.553052][ T5139] __se_sys_mount+0x4e/0x2d0 [ 83.553089][ T5139] ? fput+0x1c4/0x200 [ 83.553161][ T5139] ? ksys_write+0x176/0x1b0 [ 83.553203][ T5139] __x64_sys_mount+0x67/0x80 [ 83.553233][ T5139] x64_sys_call+0x2c84/0x2dc0 [ 83.553263][ T5139] do_syscall_64+0xc9/0x1c0 [ 83.553418][ T5139] ? clear_bhb_loop+0x55/0xb0 [ 83.553452][ T5139] ? clear_bhb_loop+0x55/0xb0 [ 83.553484][ T5139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.553511][ T5139] RIP: 0033:0x7f84552bd169 [ 83.553527][ T5139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.553641][ T5139] RSP: 002b:00007f8453921038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 83.553662][ T5139] RAX: ffffffffffffffda RBX: 00007f84554d5fa0 RCX: 00007f84552bd169 [ 83.553723][ T5139] RDX: 0000400000000280 RSI: 00004000000002c0 RDI: 0000000000000000 [ 83.553735][ T5139] RBP: 00007f8453921090 R08: 0000400000000180 R09: 0000000000000000 [ 83.553746][ T5139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 83.553758][ T5139] R13: 0000000000000000 R14: 00007f84554d5fa0 R15: 00007fffbf4cd748 [ 83.553831][ T5139] [ 83.755448][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.274282][ T5145] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 84.427602][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.491538][ T5157] loop4: detected capacity change from 0 to 512 [ 84.530057][ T5159] netlink: 68 bytes leftover after parsing attributes in process `syz.0.583'. [ 84.554642][ T5157] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 84.564444][ T5157] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 84.613001][ T5159] netlink: 20 bytes leftover after parsing attributes in process `syz.0.583'. [ 84.657189][ T5159] netlink: 20 bytes leftover after parsing attributes in process `syz.0.583'. [ 84.667736][ T5157] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 84.685709][ T5157] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 84.731377][ T5157] System zones: 0-2, 18-18, 34-35 [ 84.752563][ T5157] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.774654][ T5165] loop3: detected capacity change from 0 to 512 [ 84.793681][ T5157] netlink: 196 bytes leftover after parsing attributes in process `syz.4.582'. [ 84.802856][ T5167] loop0: detected capacity change from 0 to 512 [ 84.806491][ T5165] EXT4-fs: Ignoring removed orlov option [ 84.839385][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.864886][ T5167] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 84.913715][ T5167] ext4 filesystem being mounted at /128/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 84.927833][ T5165] EXT4-fs error (device loop3): dx_probe:823: inode #2: comm syz.3.585: Attempting to read directory block (0) that is past i_size (256) [ 84.946581][ T5174] netlink: 4 bytes leftover after parsing attributes in process `syz.2.588'. [ 84.956492][ T5174] netlink: 8 bytes leftover after parsing attributes in process `syz.2.588'. [ 84.972756][ T5165] EXT4-fs (loop3): Remounting filesystem read-only [ 84.980719][ T5165] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 84.989673][ T5165] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.002938][ T5165] SELinux: (dev loop3, type ext4) getxattr errno 5 [ 85.012130][ T5165] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.080212][ T5182] loop1: detected capacity change from 0 to 512 [ 85.091970][ T5182] EXT4-fs: Ignoring removed orlov option [ 85.103566][ T5182] EXT4-fs error (device loop1): dx_probe:823: inode #2: comm syz.1.589: Attempting to read directory block (0) that is past i_size (256) [ 85.143665][ T5182] EXT4-fs (loop1): Remounting filesystem read-only [ 85.155616][ T5178] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 85.184917][ T5182] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 85.224400][ T5182] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.290856][ T5182] SELinux: (dev loop1, type ext4) getxattr errno 5 [ 85.317291][ T5182] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.331663][ T5190] loop3: detected capacity change from 0 to 512 [ 85.349477][ T5190] EXT4-fs: Ignoring removed orlov option [ 85.367162][ T5190] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 85.410685][ T5190] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 85.422888][ T30] kauditd_printk_skb: 56 callbacks suppressed [ 85.422903][ T30] audit: type=1400 audit(1741601812.121:7912): avc: denied { mounton } for pid=5192 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 85.427089][ T5190] EXT4-fs (loop3): orphan cleanup on readonly fs [ 85.464029][ T5190] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.595: bg 0: block 248: padding at end of block bitmap is not set [ 85.467392][ T181] bridge_slave_1: left allmulticast mode [ 85.484468][ T181] bridge_slave_1: left promiscuous mode [ 85.490280][ T181] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.507035][ T5190] Quota error (device loop3): write_blk: dquota write failed [ 85.514480][ T5190] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 85.524538][ T5190] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.595: Failed to acquire dquot type 1 [ 85.562392][ T5190] EXT4-fs (loop3): 1 truncate cleaned up [ 85.569277][ T181] bridge_slave_0: left allmulticast mode [ 85.575700][ T181] bridge_slave_0: left promiscuous mode [ 85.581468][ T181] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.588004][ T5190] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 85.670771][ T181] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 85.687042][ T181] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 85.697436][ T181] bond0 (unregistering): Released all slaves [ 85.798158][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.866890][ T181] hsr_slave_0: left promiscuous mode [ 86.006845][ T181] hsr_slave_1: left promiscuous mode [ 86.012563][ T181] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 86.025116][ T181] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 86.547409][ T181] team0 (unregistering): Port device team_slave_1 removed [ 86.575773][ T181] team0 (unregistering): Port device team_slave_0 removed [ 86.847589][ T5222] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 87.056680][ T30] audit: type=1400 audit(1741601813.751:7913): avc: denied { create } for pid=5176 comm="syz.4.590" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 87.095382][ T5239] netlink: 4 bytes leftover after parsing attributes in process `syz.3.601'. [ 87.104871][ T5239] netlink: 8 bytes leftover after parsing attributes in process `syz.3.601'. [ 87.153268][ T5242] random: crng reseeded on system resumption [ 87.174194][ T30] audit: type=1400 audit(1741601813.811:7914): avc: denied { setopt } for pid=5176 comm="syz.4.590" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 87.194720][ T30] audit: type=1400 audit(1741601813.851:7915): avc: denied { write } for pid=5241 comm="syz.1.602" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 87.219990][ T30] audit: type=1400 audit(1741601813.851:7916): avc: denied { open } for pid=5241 comm="syz.1.602" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 87.340365][ T5192] chnl_net:caif_netlink_parms(): no params data found [ 87.514080][ T30] audit: type=1400 audit(1741601814.211:7917): avc: denied { create } for pid=5262 comm="syz.1.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 87.551781][ T5192] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.558970][ T5192] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.577713][ T5192] bridge_slave_0: entered allmulticast mode [ 87.584818][ T5192] bridge_slave_0: entered promiscuous mode [ 87.612591][ T30] audit: type=1400 audit(1741601814.241:7918): avc: denied { write } for pid=5262 comm="syz.1.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 87.677294][ T5192] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.685759][ T5192] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.704346][ T5267] loop1: detected capacity change from 0 to 1024 [ 87.753099][ T5192] bridge_slave_1: entered allmulticast mode [ 87.753314][ T5267] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.763668][ T5192] bridge_slave_1: entered promiscuous mode [ 87.827828][ T30] audit: type=1326 audit(1741601814.521:7919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5274 comm="syz.4.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84552bd169 code=0x7ffc0000 [ 87.866200][ T5275] netlink: 'syz.4.605': attribute type 1 has an invalid length. [ 87.894978][ T5275] 8021q: adding VLAN 0 to HW filter on device bond1 [ 87.928786][ T5192] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.016927][ T5275] 8021q: adding VLAN 0 to HW filter on device bond1 [ 88.024353][ T5275] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address [ 88.056872][ T5275] bond1: (slave wireguard0): Error -95 calling set_mac_address [ 88.083594][ T5192] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.135421][ T5297] loop1: detected capacity change from 0 to 128 [ 88.145749][ T5192] team0: Port device team_slave_0 added [ 88.174556][ T5192] team0: Port device team_slave_1 added [ 88.259620][ T5192] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.266801][ T5192] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.299697][ T5192] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.313710][ T5311] netlink: 88 bytes leftover after parsing attributes in process `syz.1.609'. [ 88.373913][ T5319] loop2: detected capacity change from 0 to 1024 [ 88.390201][ T5319] EXT4-fs: Ignoring removed nomblk_io_submit option [ 88.408851][ T5192] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.416047][ T5192] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.444251][ T5192] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.501274][ T5192] hsr_slave_0: entered promiscuous mode [ 88.509831][ T5192] hsr_slave_1: entered promiscuous mode [ 88.515962][ T5192] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.523936][ T5192] Cannot create hsr debugfs directory [ 88.663664][ T5341] bond2: entered promiscuous mode [ 88.670123][ T5341] bond2: entered allmulticast mode [ 88.677574][ T5341] 8021q: adding VLAN 0 to HW filter on device bond2 [ 88.705403][ T5346] loop2: detected capacity change from 0 to 512 [ 88.717142][ T5341] bond2 (unregistering): Released all slaves [ 88.734932][ T5346] EXT4-fs: Ignoring removed orlov option [ 88.780839][ T5346] EXT4-fs error (device loop2): dx_probe:823: inode #2: comm syz.2.618: Attempting to read directory block (0) that is past i_size (256) [ 88.813512][ T5346] EXT4-fs (loop2): Remounting filesystem read-only [ 88.844119][ T5346] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 89.067573][ T5192] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 89.112950][ T5346] SELinux: (dev loop2, type ext4) getxattr errno 5 [ 89.176530][ T5192] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 89.209793][ T5192] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 89.265464][ T5192] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 89.373090][ T5192] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.406212][ T5192] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.425002][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.432554][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.490920][ T5373] loop4: detected capacity change from 0 to 512 [ 89.558318][ T2151] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.565449][ T2151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.606649][ T5373] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.620: corrupted in-inode xattr: invalid ea_ino [ 89.624662][ T5378] SELinux: Context system_u:object_r:apm_bios_t:s0 is not valid (left unmapped). [ 89.694136][ T5373] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.620: couldn't read orphan inode 15 (err -117) [ 89.713379][ T5381] loop1: detected capacity change from 0 to 1024 [ 89.726866][ T5192] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 89.737582][ T5192] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.751517][ T5382] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.762170][ T5382] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.784942][ T5381] EXT4-fs: Ignoring removed nomblk_io_submit option [ 89.796824][ T5378] mmap: syz.2.622 (5378) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 89.846159][ T5378] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.895772][ T5192] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.935568][ T5378] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.982405][ T5391] loop3: detected capacity change from 0 to 512 [ 90.025455][ T5391] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 90.035038][ T5391] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 90.054966][ T5391] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 90.316471][ T5413] FAULT_INJECTION: forcing a failure. [ 90.316471][ T5413] name failslab, interval 1, probability 0, space 0, times 0 [ 90.331932][ T5413] CPU: 1 UID: 0 PID: 5413 Comm: syz.4.626 Not tainted 6.14.0-rc6-syzkaller #0 [ 90.331957][ T5413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 90.331969][ T5413] Call Trace: [ 90.331977][ T5413] [ 90.331987][ T5413] dump_stack_lvl+0xf2/0x150 [ 90.332102][ T5413] dump_stack+0x15/0x1a [ 90.332161][ T5413] should_fail_ex+0x24a/0x260 [ 90.332193][ T5413] should_failslab+0x8f/0xb0 [ 90.332223][ T5413] kmem_cache_alloc_node_noprof+0x59/0x320 [ 90.332323][ T5413] ? __alloc_skb+0x10b/0x310 [ 90.332433][ T5413] __alloc_skb+0x10b/0x310 [ 90.332454][ T5413] netlink_alloc_large_skb+0xad/0xe0 [ 90.332485][ T5413] netlink_sendmsg+0x3b4/0x6e0 [ 90.332536][ T5413] ? __pfx_netlink_sendmsg+0x10/0x10 [ 90.332569][ T5413] __sock_sendmsg+0x140/0x180 [ 90.332673][ T5413] ____sys_sendmsg+0x326/0x4b0 [ 90.332708][ T5413] __sys_sendmsg+0x19d/0x230 [ 90.332775][ T5413] __x64_sys_sendmsg+0x46/0x50 [ 90.332852][ T5413] x64_sys_call+0x2734/0x2dc0 [ 90.332892][ T5413] do_syscall_64+0xc9/0x1c0 [ 90.332933][ T5413] ? clear_bhb_loop+0x55/0xb0 [ 90.332962][ T5413] ? clear_bhb_loop+0x55/0xb0 [ 90.333024][ T5413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.333058][ T5413] RIP: 0033:0x7f84552bd169 [ 90.333077][ T5413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.333098][ T5413] RSP: 002b:00007f8453921038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 90.333117][ T5413] RAX: ffffffffffffffda RBX: 00007f84554d5fa0 RCX: 00007f84552bd169 [ 90.333129][ T5413] RDX: 0000000000000000 RSI: 00004000000002c0 RDI: 0000000000000007 [ 90.333140][ T5413] RBP: 00007f8453921090 R08: 0000000000000000 R09: 0000000000000000 [ 90.333153][ T5413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 90.333193][ T5413] R13: 0000000000000000 R14: 00007f84554d5fa0 R15: 00007fffbf4cd748 [ 90.333258][ T5413] [ 90.569837][ T5391] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 90.593307][ T5391] System zones: 0-2, 18-18, 34-35 [ 90.623102][ T5391] netlink: 196 bytes leftover after parsing attributes in process `syz.3.625'. [ 90.693564][ T5192] veth0_vlan: entered promiscuous mode [ 90.709736][ T5192] veth1_vlan: entered promiscuous mode [ 90.722955][ T5430] loop4: detected capacity change from 0 to 1024 [ 90.733470][ T5430] EXT4-fs: Ignoring removed nomblk_io_submit option [ 90.808521][ T5192] veth0_macvtap: entered promiscuous mode [ 90.821265][ T5192] veth1_macvtap: entered promiscuous mode [ 90.844453][ T5192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.848889][ T30] kauditd_printk_skb: 72 callbacks suppressed [ 90.848913][ T30] audit: type=1326 audit(1741601817.551:7992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5434 comm="syz.3.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 90.858294][ T5192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.864569][ T30] audit: type=1326 audit(1741601817.551:7993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5434 comm="syz.3.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 90.927722][ T5192] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.948920][ T30] audit: type=1326 audit(1741601817.631:7994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5434 comm="syz.3.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 90.973219][ T30] audit: type=1326 audit(1741601817.631:7995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5434 comm="syz.3.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 91.003086][ T5192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.004732][ T30] audit: type=1326 audit(1741601817.631:7996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5434 comm="syz.3.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 91.016398][ T5192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.040626][ T30] audit: type=1326 audit(1741601817.631:7997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5434 comm="syz.3.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 91.040699][ T30] audit: type=1326 audit(1741601817.631:7998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5434 comm="syz.3.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 91.101033][ T30] audit: type=1326 audit(1741601817.631:7999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5434 comm="syz.3.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff13ddad169 code=0x7ffc0000 [ 91.102854][ T5436] loop3: detected capacity change from 0 to 4096 [ 91.125370][ T30] audit: type=1326 audit(1741601817.631:8000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5434 comm="syz.3.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff13ddabad0 code=0x7ffc0000 [ 91.133216][ T5430] EXT4-fs: Ignoring removed orlov option [ 91.155963][ T30] audit: type=1326 audit(1741601817.631:8001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5434 comm="syz.3.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7ff13ddae997 code=0x7ffc0000 [ 91.187859][ T5192] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.200156][ T5192] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.211133][ T5192] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.221198][ T5192] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.231354][ T5192] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.241312][ T5430] EXT4-fs (loop4): changing journal_checksum during remount not supported; ignoring [ 91.253387][ T5430] EXT4-fs (loop4): can't enable nombcache during remount [ 91.304923][ T5441] loop1: detected capacity change from 0 to 512 [ 91.321068][ T5441] EXT4-fs: Ignoring removed orlov option [ 91.407228][ T5441] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 91.416482][ T5450] loop5: detected capacity change from 0 to 1024 [ 91.429681][ T5441] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 91.442826][ T5450] EXT4-fs: inline encryption not supported [ 91.479337][ T5450] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 91.494259][ T5441] EXT4-fs (loop1): orphan cleanup on readonly fs [ 91.547411][ T5456] lo speed is unknown, defaulting to 1000 [ 91.555425][ T5456] lo speed is unknown, defaulting to 1000 [ 91.567395][ T5450] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 91.567884][ T5441] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.631: bg 0: block 248: padding at end of block bitmap is not set [ 91.616182][ T5456] lo speed is unknown, defaulting to 1000 [ 91.631996][ T5450] EXT4-fs error (device loop5): ext4_map_blocks:671: inode #3: block 2: comm syz.5.594: lblock 2 mapped to illegal pblock 2 (length 1) [ 91.659523][ T5450] EXT4-fs error (device loop5): ext4_map_blocks:671: inode #3: block 48: comm syz.5.594: lblock 0 mapped to illegal pblock 48 (length 1) [ 91.684198][ T5450] EXT4-fs error (device loop5): ext4_acquire_dquot:6927: comm syz.5.594: Failed to acquire dquot type 0 [ 91.696366][ T5463] loop4: detected capacity change from 0 to 1024 [ 91.709790][ T5450] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5838: Corrupt filesystem [ 91.731710][ T5441] EXT4-fs error (device loop1): ext4_acquire_dquot:6927: comm syz.1.631: Failed to acquire dquot type 1 [ 91.748261][ T5450] EXT4-fs error (device loop5): ext4_evict_inode:256: inode #11: comm syz.5.594: mark_inode_dirty error [ 91.761859][ T5467] loop2: detected capacity change from 0 to 512 [ 91.770697][ T5463] EXT4-fs: Ignoring removed nomblk_io_submit option [ 91.794465][ T5450] EXT4-fs warning (device loop5): ext4_evict_inode:259: couldn't mark inode dirty (err -117) [ 91.806800][ T5450] EXT4-fs (loop5): 1 orphan inode deleted [ 91.813845][ T5441] EXT4-fs (loop1): 1 truncate cleaned up [ 91.819774][ T12] EXT4-fs error (device loop5): ext4_map_blocks:671: inode #3: block 1: comm kworker/u8:0: lblock 1 mapped to illegal pblock 1 (length 1) [ 91.839795][ T5456] infiniband syz2: set down [ 91.840380][ T5467] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.635: corrupted in-inode xattr: e_value size too large [ 91.844359][ T5456] infiniband syz2: added lo [ 91.844401][ T3377] lo speed is unknown, defaulting to 1000 [ 91.879085][ T12] EXT4-fs error (device loop5): ext4_release_dquot:6950: comm kworker/u8:0: Failed to release dquot type 0 [ 91.892319][ T5467] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.635: couldn't read orphan inode 15 (err -117) [ 91.901544][ T5456] RDS/IB: syz2: added [ 91.920885][ T5456] smc: adding ib device syz2 with port count 1 [ 91.927610][ T5456] smc: ib device syz2 port 1 has pnetid [ 91.933613][ T3468] lo speed is unknown, defaulting to 1000 [ 91.940816][ T5450] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: none. [ 91.944167][ T5456] lo speed is unknown, defaulting to 1000 [ 92.009572][ T5481] loop4: detected capacity change from 0 to 512 [ 92.050248][ T5450] EXT4-fs error (device loop5): ext4_map_blocks:671: inode #2: block 16: comm syz.5.594: lblock 0 mapped to illegal pblock 16 (length 1) [ 92.070773][ T5456] lo speed is unknown, defaulting to 1000 [ 92.098700][ T5481] EXT4-fs: Ignoring removed orlov option [ 92.112420][ T5490] EXT4-fs error (device loop5): ext4_map_blocks:671: inode #2: block 16: comm syz.5.594: lblock 0 mapped to illegal pblock 16 (length 1) [ 92.128970][ T5481] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 92.144250][ T5481] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 92.154968][ T5467] EXT4-fs error (device loop2): ext4_inlinedir_to_tree:1404: inode #12: block 7: comm syz.2.635: path /106/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=259, inode=4278190093, rec_len=255, size=60 fake=0 [ 92.187017][ T5481] EXT4-fs (loop4): orphan cleanup on readonly fs [ 92.200918][ T5456] lo speed is unknown, defaulting to 1000 [ 92.211109][ T5481] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.636: bg 0: block 248: padding at end of block bitmap is not set [ 92.233294][ T5493] netlink: 12 bytes leftover after parsing attributes in process `syz.2.635'. [ 92.244102][ T5481] EXT4-fs error (device loop4): ext4_acquire_dquot:6927: comm syz.4.636: Failed to acquire dquot type 1 [ 92.257053][ T5450] netlink: 28 bytes leftover after parsing attributes in process `syz.5.594'. [ 92.283406][ T5481] EXT4-fs (loop4): 1 truncate cleaned up [ 92.315737][ T5456] lo speed is unknown, defaulting to 1000 [ 92.611758][ T5456] lo speed is unknown, defaulting to 1000 [ 92.799876][ T5517] loop5: detected capacity change from 0 to 256 [ 92.859971][ T5516] lo speed is unknown, defaulting to 1000 [ 93.031323][ T5506] FAULT_INJECTION: forcing a failure. [ 93.031323][ T5506] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 93.043748][ T5527] loop3: detected capacity change from 0 to 1024 [ 93.045969][ T5506] CPU: 1 UID: 0 PID: 5506 Comm: syz.2.640 Not tainted 6.14.0-rc6-syzkaller #0 [ 93.046055][ T5506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 93.046074][ T5506] Call Trace: [ 93.046083][ T5506] [ 93.046094][ T5506] dump_stack_lvl+0xf2/0x150 [ 93.046132][ T5506] dump_stack+0x15/0x1a [ 93.046169][ T5506] should_fail_ex+0x24a/0x260 [ 93.046433][ T5506] should_fail+0xb/0x10 [ 93.046552][ T5506] should_fail_usercopy+0x1a/0x20 [ 93.046774][ T5506] _copy_from_iter+0xd5/0xd00 [ 93.046828][ T5506] ? ___kmalloc_large_node+0xba/0x120 [ 93.046865][ T5506] ? __kmalloc_large_node_noprof+0x17/0xa0 [ 93.046898][ T5506] ? down_read+0x171/0x4b0 [ 93.047003][ T5506] copy_page_from_iter+0x14f/0x280 [ 93.047050][ T5506] process_vm_rw+0x59c/0x890 [ 93.047107][ T5506] __x64_sys_process_vm_writev+0x7a/0x90 [ 93.047143][ T5506] x64_sys_call+0x2c48/0x2dc0 [ 93.047263][ T5506] do_syscall_64+0xc9/0x1c0 [ 93.047310][ T5506] ? clear_bhb_loop+0x55/0xb0 [ 93.047348][ T5506] ? clear_bhb_loop+0x55/0xb0 [ 93.047469][ T5506] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.047514][ T5506] RIP: 0033:0x7f6116c4d169 [ 93.047537][ T5506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.047668][ T5506] RSP: 002b:00007f61152b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 93.047699][ T5506] RAX: ffffffffffffffda RBX: 00007f6116e65fa0 RCX: 00007f6116c4d169 [ 93.047716][ T5506] RDX: 0000000000000001 RSI: 0000400000000000 RDI: 0000000000000113 [ 93.047732][ T5506] RBP: 00007f61152b7090 R08: 000000000000023a R09: 0000000000000000 [ 93.047750][ T5506] R10: 0000400000121000 R11: 0000000000000246 R12: 0000000000000001 [ 93.047766][ T5506] R13: 0000000000000000 R14: 00007f6116e65fa0 R15: 00007ffc638ce378 [ 93.047791][ T5506] [ 93.291039][ T5527] EXT4-fs: Ignoring removed nomblk_io_submit option [ 93.322778][ T5532] loop2: detected capacity change from 0 to 512 [ 93.330298][ T5532] EXT4-fs: Ignoring removed orlov option [ 93.339996][ T5532] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 93.383339][ T5535] loop5: detected capacity change from 0 to 512 [ 93.392360][ T5535] EXT4-fs: Ignoring removed orlov option [ 93.402730][ T5532] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 93.427120][ T5532] EXT4-fs (loop2): orphan cleanup on readonly fs [ 93.440306][ T5527] netlink: 96 bytes leftover after parsing attributes in process `syz.3.646'. [ 93.464081][ T5532] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.648: bg 0: block 248: padding at end of block bitmap is not set [ 93.489564][ T5535] EXT4-fs error (device loop5): dx_probe:823: inode #2: comm syz.5.649: Attempting to read directory block (0) that is past i_size (256) [ 93.509524][ T5535] EXT4-fs (loop5): Remounting filesystem read-only [ 93.516654][ T5535] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 93.524970][ T5532] EXT4-fs error (device loop2): ext4_acquire_dquot:6927: comm syz.2.648: Failed to acquire dquot type 1 [ 93.525927][ T5535] SELinux: (dev loop5, type ext4) getxattr errno 5 [ 93.547198][ T5546] loop3: detected capacity change from 0 to 512 [ 93.557419][ T5546] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 93.567006][ T5546] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 93.578003][ T5532] EXT4-fs (loop2): 1 truncate cleaned up [ 93.597472][ T5546] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 93.618237][ T5546] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 93.627145][ T5546] System zones: 0-2, 18-18, 34-35 [ 93.640852][ T5546] netlink: 196 bytes leftover after parsing attributes in process `syz.3.652'. [ 93.681891][ T5552] loop3: detected capacity change from 0 to 512 [ 93.713494][ T5552] EXT4-fs error (device loop3): ext4_orphan_get:1415: comm syz.3.653: bad orphan inode 15 [ 93.734189][ T5559] loop2: detected capacity change from 0 to 128 [ 93.740089][ T5552] ext4_test_bit(bit=14, block=5) = 0 [ 93.742026][ T5559] EXT4-fs: Ignoring removed nobh option [ 93.760880][ T5552] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7987 vs 220 free clusters [ 93.794709][ T5552] EXT4-fs error (device loop3): ext4_free_inode:354: comm syz.3.653: bit already cleared for inode 13 [ 93.810812][ T5559] ext4 filesystem being mounted at /111/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 93.964431][ T5578] loop2: detected capacity change from 0 to 512 [ 93.971175][ T5578] EXT4-fs: Ignoring removed orlov option [ 93.985887][ T5580] loop5: detected capacity change from 0 to 1024 [ 93.998901][ T5578] EXT4-fs error (device loop2): dx_probe:823: inode #2: comm syz.2.663: Attempting to read directory block (0) that is past i_size (256) [ 94.000551][ T5580] EXT4-fs: Ignoring removed nomblk_io_submit option [ 94.029873][ T5583] loop3: detected capacity change from 0 to 512 [ 94.032603][ T5578] EXT4-fs (loop2): Remounting filesystem read-only [ 94.043100][ T5583] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 94.053173][ T5578] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 94.053440][ T5583] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 94.063369][ T5578] SELinux: (dev loop2, type ext4) getxattr errno 5 [ 94.071511][ T5583] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 94.086442][ T5583] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 94.094823][ T5583] System zones: 0-2, 18-18, 34-35 [ 94.102350][ T5580] netlink: 96 bytes leftover after parsing attributes in process `syz.5.662'. [ 94.121034][ T5583] netlink: 196 bytes leftover after parsing attributes in process `syz.3.664'. [ 94.214245][ T5597] loop2: detected capacity change from 0 to 512 [ 94.222251][ T5597] EXT4-fs: Ignoring removed orlov option [ 94.251965][ T5597] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 94.264421][ T5595] loop5: detected capacity change from 0 to 1024 [ 94.273792][ T5597] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 94.292143][ T5597] EXT4-fs (loop2): orphan cleanup on readonly fs [ 94.295218][ T5604] bridge_slave_0: left allmulticast mode [ 94.301504][ T5595] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 94.307032][ T5604] bridge_slave_0: left promiscuous mode [ 94.307148][ T5604] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.319410][ T5595] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869) [ 94.342904][ T5595] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 94.354931][ T5595] EXT4-fs (loop5): invalid journal inode [ 94.355517][ T5597] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.669: bg 0: block 248: padding at end of block bitmap is not set [ 94.363501][ T5595] EXT4-fs (loop5): can't get journal size [ 94.377756][ T5604] bridge_slave_1: left allmulticast mode [ 94.386859][ T5604] bridge_slave_1: left promiscuous mode [ 94.392716][ T5604] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.397597][ T5597] EXT4-fs error (device loop2): ext4_acquire_dquot:6927: comm syz.2.669: Failed to acquire dquot type 1 [ 94.410082][ T5595] EXT4-fs error (device loop5): ext4_protect_reserved_inode:182: inode #3: comm syz.5.668: blocks 2-2 from inode overlap system zone [ 94.412393][ T5597] EXT4-fs (loop2): 1 truncate cleaned up [ 94.426409][ T5595] EXT4-fs (loop5): failed to initialize system zone (-117) [ 94.439860][ T5595] EXT4-fs (loop5): mount failed [ 94.444131][ T5604] bond0: (slave bond_slave_0): Releasing backup interface [ 94.469144][ T5604] bond0: (slave bond_slave_1): Releasing backup interface [ 94.487270][ T5604] team0: Port device team_slave_0 removed [ 94.494469][ T5604] team0: Port device team_slave_1 removed [ 94.502292][ T5604] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 94.513298][ T5604] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 94.526114][ T5608] netlink: 28 bytes leftover after parsing attributes in process `syz.1.672'. [ 94.575200][ T5595] xt_CT: No such helper "pptp" [ 94.582430][ T5618] 9pnet_fd: Insufficient options for proto=fd [ 94.615985][ T5620] loop4: detected capacity change from 0 to 1024 [ 94.619865][ T5622] loop5: detected capacity change from 0 to 512 [ 94.626672][ T5620] EXT4-fs: Ignoring removed nomblk_io_submit option [ 94.651118][ T5622] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 94.660759][ T5622] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 94.674845][ T5622] EXT4-fs (loop5): warning: mounting unchecked fs, running e2fsck is recommended [ 94.685527][ T5622] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 94.693850][ T5622] System zones: 0-2, 18-18, 34-35 [ 94.702601][ T5622] netlink: 196 bytes leftover after parsing attributes in process `syz.5.676'. [ 94.704486][ T5620] netlink: 96 bytes leftover after parsing attributes in process `syz.4.675'. [ 94.750174][ T5631] loop5: detected capacity change from 0 to 1024 [ 94.757117][ T5631] EXT4-fs: Ignoring removed nomblk_io_submit option [ 94.809518][ T5637] loop4: detected capacity change from 0 to 512 [ 94.828223][ T5637] EXT4-fs: Ignoring removed orlov option [ 94.839774][ T5639] loop5: detected capacity change from 0 to 1024 [ 94.840562][ T5637] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.680: Attempting to read directory block (0) that is past i_size (256) [ 94.847778][ T5639] EXT4-fs: Ignoring removed nomblk_io_submit option [ 94.867941][ T5637] EXT4-fs (loop4): Remounting filesystem read-only [ 94.874628][ T5637] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 94.883823][ T5637] SELinux: (dev loop4, type ext4) getxattr errno 5 [ 94.992544][ T5647] loop4: detected capacity change from 0 to 512 [ 94.999412][ T5647] EXT4-fs: Ignoring removed orlov option [ 95.017899][ T5647] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.683: Attempting to read directory block (0) that is past i_size (256) [ 95.033400][ T5647] EXT4-fs (loop4): Remounting filesystem read-only [ 95.049357][ T5647] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 95.057705][ T5651] loop3: detected capacity change from 0 to 256 [ 95.059324][ T5647] SELinux: (dev loop4, type ext4) getxattr errno 5 [ 95.066551][ T5651] FAT-fs (loop3): bogus number of FAT sectors [ 95.078135][ T5651] FAT-fs (loop3): Can't find a valid FAT filesystem [ 95.184278][ T5657] loop3: detected capacity change from 0 to 512 [ 95.191230][ T5657] EXT4-fs: Ignoring removed orlov option [ 95.198981][ T5657] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 95.208840][ T5657] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 95.217373][ T5657] EXT4-fs (loop3): orphan cleanup on readonly fs [ 95.224513][ T5657] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.685: bg 0: block 248: padding at end of block bitmap is not set [ 95.251755][ T5657] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.685: Failed to acquire dquot type 1 [ 95.273915][ T5662] 9pnet_fd: Insufficient options for proto=fd [ 95.277420][ T5657] EXT4-fs (loop3): 1 truncate cleaned up [ 95.317104][ T5666] loop4: detected capacity change from 0 to 512 [ 95.328683][ T5666] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 95.338189][ T5666] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 95.355827][ T5665] netlink: 12 bytes leftover after parsing attributes in process `syz.1.688'. [ 95.369737][ T5665] netlink: 1010 bytes leftover after parsing attributes in process `syz.1.688'. [ 95.379165][ T5666] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 95.390968][ T5666] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 95.400039][ T5666] System zones: 0-2, 18-18, 34-35 [ 95.600837][ T5684] loop4: detected capacity change from 0 to 1024 [ 95.744405][ T5686] lo speed is unknown, defaulting to 1000 [ 95.904864][ T5684] EXT4-fs (loop4): can't mount with data=, fs mounted w/o journal [ 96.150584][ T30] kauditd_printk_skb: 139 callbacks suppressed [ 96.150603][ T30] audit: type=1400 audit(1741601822.851:8128): avc: denied { sqpoll } for pid=5683 comm="syz.4.697" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 96.176614][ T30] audit: type=1400 audit(1741601822.851:8129): avc: denied { bind } for pid=5683 comm="syz.4.697" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 96.197046][ T30] audit: type=1400 audit(1741601822.851:8130): avc: denied { name_bind } for pid=5683 comm="syz.4.697" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 96.197108][ T30] audit: type=1400 audit(1741601822.851:8131): avc: denied { node_bind } for pid=5683 comm="syz.4.697" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 96.197192][ T30] audit: type=1400 audit(1741601822.851:8132): avc: denied { listen } for pid=5683 comm="syz.4.697" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 96.254108][ T5704] loop4: detected capacity change from 0 to 512 [ 96.283288][ T5704] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 96.293012][ T5704] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 96.309404][ T5707] loop5: detected capacity change from 0 to 512 [ 96.336116][ T5707] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 96.349724][ T5707] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 96.363926][ T5704] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 96.377068][ T5707] EXT4-fs (loop5): warning: mounting unchecked fs, running e2fsck is recommended [ 96.388214][ T5704] System zones: 0-2, 18-18, 34-34 [ 96.404867][ T5707] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 96.421169][ T5704] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1145: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 96.452330][ T5704] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.697: bg 0: block 18: invalid block bitmap [ 96.465309][ T5707] System zones: 0-2, 18-18, 34-35 [ 96.475446][ T5704] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 96.484827][ T5704] EXT4-fs (loop4): 1 truncate cleaned up [ 96.522773][ T30] audit: type=1400 audit(1741601823.221:8133): avc: denied { watch } for pid=5716 comm="syz.3.705" path="/134/file0" dev="tmpfs" ino=763 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 96.745883][ T30] audit: type=1400 audit(1741601823.441:8134): avc: denied { map } for pid=5722 comm="syz.5.706" path="socket:[12135]" dev="sockfs" ino=12135 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 96.983736][ T30] audit: type=1400 audit(1741601823.631:8135): avc: denied { unmount } for pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 97.139985][ T5735] loop2: detected capacity change from 0 to 1024 [ 97.149125][ T5735] EXT4-fs: inline encryption not supported [ 97.175019][ T5735] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 97.199954][ T5739] loop3: detected capacity change from 0 to 512 [ 97.209435][ T5739] EXT4-fs: Ignoring removed orlov option [ 97.216375][ T5739] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 97.266064][ T30] audit: type=1326 audit(1741601823.961:8136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5741 comm="syz.1.713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80d252d169 code=0x7ffc0000 [ 97.289719][ T30] audit: type=1326 audit(1741601823.961:8137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5741 comm="syz.1.713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80d252d169 code=0x7ffc0000 [ 97.314409][ T5739] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 97.332255][ T5742] loop1: detected capacity change from 0 to 4096 [ 97.350591][ T5735] EXT4-fs error (device loop2): ext4_map_blocks:705: inode #3: block 1: comm syz.2.709: lblock 1 mapped to illegal pblock 1 (length 1) [ 97.365047][ T5746] loop4: detected capacity change from 0 to 1024 [ 97.370660][ T5739] EXT4-fs (loop3): orphan cleanup on readonly fs [ 97.377188][ T5746] EXT4-fs: Ignoring removed nomblk_io_submit option [ 97.393735][ T5735] EXT4-fs error (device loop2): ext4_acquire_dquot:6927: comm syz.2.709: Failed to acquire dquot type 0 [ 97.406197][ T5735] EXT4-fs error (device loop2): ext4_free_blocks:6589: comm syz.2.709: Freeing blocks not in datazone - block = 0, count = 4096 [ 97.425170][ T5739] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.711: bg 0: block 248: padding at end of block bitmap is not set [ 97.440843][ T5735] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.709: Invalid inode bitmap blk 0 in block_group 0 [ 97.447337][ T5746] netlink: 76 bytes leftover after parsing attributes in process `syz.4.712'. [ 97.462820][ T5739] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.711: Failed to acquire dquot type 1 [ 97.476944][ T12] EXT4-fs error (device loop2): ext4_map_blocks:671: inode #3: block 1: comm kworker/u8:0: lblock 1 mapped to illegal pblock 1 (length 1) [ 97.497438][ T5735] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem [ 97.507243][ T5739] EXT4-fs (loop3): 1 truncate cleaned up [ 97.515570][ T5735] EXT4-fs (loop2): 1 orphan inode deleted [ 97.538041][ T12] EXT4-fs error (device loop2): ext4_release_dquot:6950: comm kworker/u8:0: Failed to release dquot type 0 [ 97.553426][ T5735] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 97.570191][ T5755] loop1: detected capacity change from 0 to 256 [ 97.604827][ T5755] random: crng reseeded on system resumption [ 97.631439][ T5753] loop5: detected capacity change from 0 to 4096 [ 97.654784][ T5760] Driver unsupported XDP return value 0 on prog (id 607) dev N/A, expect packet loss! [ 97.691107][ T5763] netlink: 'syz.4.719': attribute type 3 has an invalid length. [ 97.721763][ T5735] EXT4-fs error (device loop2): ext4_search_dir:1505: inode #2: block 16: comm syz.2.709: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 97.772474][ T5757] loop3: detected capacity change from 0 to 164 [ 97.794620][ T5735] EXT4-fs error (device loop2): ext4_search_dir:1505: inode #2: block 16: comm syz.2.709: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 97.819697][ T5757] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 97.823652][ T5735] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 97.836525][ T5735] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 97.845173][ T5735] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 97.854434][ T5735] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 97.863767][ T5735] geneve2: entered promiscuous mode [ 97.870323][ T5735] geneve2: entered allmulticast mode [ 97.882987][ T5773] loop4: detected capacity change from 0 to 512 [ 97.893846][ T5773] EXT4-fs: Ignoring removed orlov option [ 97.900296][ T5770] loop5: detected capacity change from 0 to 512 [ 97.915107][ T5770] EXT4-fs: Ignoring removed orlov option [ 97.930873][ T5773] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.722: Attempting to read directory block (0) that is past i_size (256) [ 97.931193][ T5770] EXT4-fs error (device loop5): dx_probe:823: inode #2: comm syz.5.721: Attempting to read directory block (0) that is past i_size (256) [ 97.968568][ T5770] EXT4-fs (loop5): Remounting filesystem read-only [ 97.975267][ T5770] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 97.987272][ T5770] SELinux: (dev loop5, type ext4) getxattr errno 5 [ 98.009480][ T5773] EXT4-fs (loop4): Remounting filesystem read-only [ 98.016494][ T5773] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 98.033440][ T5773] SELinux: (dev loop4, type ext4) getxattr errno 5 [ 98.065940][ T5783] loop2: detected capacity change from 0 to 512 [ 98.073923][ T5783] EXT4-fs: Ignoring removed orlov option [ 98.081979][ T5783] EXT4-fs error (device loop2): dx_probe:823: inode #2: comm syz.2.724: Attempting to read directory block (0) that is past i_size (256) [ 98.097816][ T5783] EXT4-fs (loop2): Remounting filesystem read-only [ 98.104777][ T5783] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 98.114339][ T5783] SELinux: (dev loop2, type ext4) getxattr errno 5 [ 98.151689][ T5786] loop3: detected capacity change from 0 to 4096 [ 98.200358][ T5789] loop5: detected capacity change from 0 to 1024 [ 98.227382][ T5789] EXT4-fs: Ignoring removed nomblk_io_submit option [ 98.249763][ T5793] loop3: detected capacity change from 0 to 512 [ 98.269903][ T5793] EXT4-fs: Ignoring removed orlov option [ 98.290195][ T5791] loop4: detected capacity change from 0 to 4096 [ 98.346530][ T5793] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 98.348140][ T5803] loop5: detected capacity change from 0 to 256 [ 98.367153][ T5793] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 98.376183][ T5793] EXT4-fs (loop3): orphan cleanup on readonly fs [ 98.388595][ T5803] FAT-fs (loop5): Directory bread(block 64) failed [ 98.391982][ T5793] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.728: bg 0: block 248: padding at end of block bitmap is not set [ 98.395679][ T5803] FAT-fs (loop5): Directory bread(block 65) failed [ 98.420279][ T5803] FAT-fs (loop5): Directory bread(block 66) failed [ 98.426985][ T5793] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.728: Failed to acquire dquot type 1 [ 98.427180][ T5803] FAT-fs (loop5): Directory bread(block 67) failed [ 98.440393][ T5793] EXT4-fs (loop3): 1 truncate cleaned up [ 98.446132][ T5803] FAT-fs (loop5): Directory bread(block 68) failed [ 98.463618][ T5803] FAT-fs (loop5): Directory bread(block 69) failed [ 98.471803][ T5803] FAT-fs (loop5): Directory bread(block 70) failed [ 98.481234][ T5803] FAT-fs (loop5): Directory bread(block 71) failed [ 98.493699][ T5803] FAT-fs (loop5): Directory bread(block 72) failed [ 98.501594][ T5803] FAT-fs (loop5): Directory bread(block 73) failed [ 98.561409][ T5812] loop3: detected capacity change from 0 to 512 [ 98.591463][ T5812] EXT4-fs: inline encryption not supported [ 98.597658][ T5812] EXT4-fs: Ignoring removed nomblk_io_submit option [ 98.618592][ T5812] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 98.640689][ T5812] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e842e01c, mo2=0002] [ 98.665158][ T5812] System zones: 1-12 [ 98.669701][ T5812] EXT4-fs (loop3): orphan cleanup on readonly fs [ 98.678438][ T5812] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #11: comm syz.3.734: attempt to clear invalid blocks 1024 len 1 [ 98.693772][ T5812] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.734: bg 0: block 361: padding at end of block bitmap is not set [ 98.711770][ T5812] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 98.712645][ T5822] loop5: detected capacity change from 0 to 512 [ 98.729807][ T5812] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.734: invalid indirect mapped block 1811939328 (level 0) [ 98.745280][ T5822] EXT4-fs: Ignoring removed orlov option [ 98.765705][ T5822] EXT4-fs error (device loop5): dx_probe:823: inode #2: comm syz.5.737: Attempting to read directory block (0) that is past i_size (256) [ 98.799474][ T5812] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.734: invalid indirect mapped block 2 (level 2) [ 98.837930][ T5822] EXT4-fs (loop5): Remounting filesystem read-only [ 98.844497][ T5822] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 98.853398][ T5812] EXT4-fs (loop3): 1 truncate cleaned up [ 98.862110][ T5812] __nla_validate_parse: 1 callbacks suppressed [ 98.862129][ T5812] netlink: 20 bytes leftover after parsing attributes in process `syz.3.734'. [ 98.893697][ T5822] SELinux: (dev loop5, type ext4) getxattr errno 5 [ 98.895352][ T5812] netlink: 20 bytes leftover after parsing attributes in process `syz.3.734'. [ 98.942717][ T5834] loop3: detected capacity change from 0 to 1024 [ 98.960471][ T5834] EXT4-fs: Ignoring removed nomblk_io_submit option [ 99.010564][ T5834] netlink: 76 bytes leftover after parsing attributes in process `syz.3.739'. [ 99.061290][ T5840] loop3: detected capacity change from 0 to 512 [ 99.098644][ T5840] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 99.127257][ T5840] EXT4-fs (loop3): 1 truncate cleaned up [ 99.137541][ T5840] netlink: 'syz.3.740': attribute type 21 has an invalid length. [ 99.145637][ T5840] netlink: 132 bytes leftover after parsing attributes in process `syz.3.740'. [ 99.270326][ T5852] loop3: detected capacity change from 0 to 512 [ 99.281652][ T5852] EXT4-fs: Ignoring removed orlov option [ 99.304840][ T5852] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 99.317174][ T5854] loop2: detected capacity change from 0 to 512 [ 99.331009][ T5854] EXT4-fs: Ignoring removed orlov option [ 99.346122][ T5852] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 99.355448][ T5852] EXT4-fs (loop3): orphan cleanup on readonly fs [ 99.368350][ T5854] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 99.390452][ T5852] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.744: bg 0: block 248: padding at end of block bitmap is not set [ 99.419845][ T5854] EXT4-fs (loop2): can't mount with journal_checksum, fs mounted w/o journal [ 99.448200][ T5852] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.744: Failed to acquire dquot type 1 [ 99.482870][ T5858] loop5: detected capacity change from 0 to 512 [ 99.508975][ T5852] EXT4-fs (loop3): 1 truncate cleaned up [ 99.523561][ T5858] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 99.577387][ T5863] capability: warning: `syz.3.748' uses 32-bit capabilities (legacy support in use) [ 99.589254][ T5863] FAULT_INJECTION: forcing a failure. [ 99.589254][ T5863] name failslab, interval 1, probability 0, space 0, times 0 [ 99.603158][ T5863] CPU: 0 UID: 0 PID: 5863 Comm: syz.3.748 Not tainted 6.14.0-rc6-syzkaller #0 [ 99.603210][ T5863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 99.603224][ T5863] Call Trace: [ 99.603232][ T5863] [ 99.603241][ T5863] dump_stack_lvl+0xf2/0x150 [ 99.603271][ T5863] dump_stack+0x15/0x1a [ 99.603294][ T5863] should_fail_ex+0x24a/0x260 [ 99.603363][ T5863] should_failslab+0x8f/0xb0 [ 99.603478][ T5863] __kmalloc_noprof+0xab/0x3f0 [ 99.603507][ T5863] ? sock_kmalloc+0x83/0xc0 [ 99.603543][ T5863] sock_kmalloc+0x83/0xc0 [ 99.603574][ T5863] ____sys_sendmsg+0x127/0x4b0 [ 99.603607][ T5863] __sys_sendmmsg+0x227/0x4b0 [ 99.603720][ T5863] __x64_sys_sendmmsg+0x57/0x70 [ 99.603814][ T5863] x64_sys_call+0x29aa/0x2dc0 [ 99.603902][ T5863] do_syscall_64+0xc9/0x1c0 [ 99.603939][ T5863] ? clear_bhb_loop+0x55/0xb0 [ 99.603988][ T5863] ? clear_bhb_loop+0x55/0xb0 [ 99.604019][ T5863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.604128][ T5863] RIP: 0033:0x7ff13ddad169 [ 99.604144][ T5863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.604166][ T5863] RSP: 002b:00007ff13c417038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 99.604186][ T5863] RAX: ffffffffffffffda RBX: 00007ff13dfc5fa0 RCX: 00007ff13ddad169 [ 99.604249][ T5863] RDX: 0000000000000001 RSI: 0000400000000780 RDI: 0000000000000003 [ 99.604264][ T5863] RBP: 00007ff13c417090 R08: 0000000000000000 R09: 0000000000000000 [ 99.604278][ T5863] R10: 0000000004008804 R11: 0000000000000246 R12: 0000000000000001 [ 99.604304][ T5863] R13: 0000000000000000 R14: 00007ff13dfc5fa0 R15: 00007ffe61bdabf8 [ 99.604324][ T5863] [ 99.967806][ T5869] loop5: detected capacity change from 0 to 1024 [ 99.999581][ T5869] EXT4-fs: Ignoring removed nomblk_io_submit option [ 100.037807][ T5869] netlink: 76 bytes leftover after parsing attributes in process `syz.5.750'. [ 100.534985][ T5894] FAULT_INJECTION: forcing a failure. [ 100.534985][ T5894] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 100.548746][ T5894] CPU: 1 UID: 0 PID: 5894 Comm: syz.5.759 Not tainted 6.14.0-rc6-syzkaller #0 [ 100.548777][ T5894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 100.548793][ T5894] Call Trace: [ 100.548801][ T5894] [ 100.548811][ T5894] dump_stack_lvl+0xf2/0x150 [ 100.548849][ T5894] dump_stack+0x15/0x1a [ 100.548956][ T5894] should_fail_ex+0x24a/0x260 [ 100.548997][ T5894] should_fail+0xb/0x10 [ 100.549029][ T5894] should_fail_usercopy+0x1a/0x20 [ 100.549216][ T5894] strncpy_from_user+0x25/0x210 [ 100.549246][ T5894] ? kmem_cache_alloc_noprof+0x18e/0x320 [ 100.549276][ T5894] ? getname_flags+0x81/0x3b0 [ 100.549362][ T5894] getname_flags+0xb0/0x3b0 [ 100.549408][ T5894] getname+0x17/0x20 [ 100.549429][ T5894] do_sys_openat2+0x67/0x120 [ 100.549455][ T5894] __se_sys_openat2+0x19c/0x1f0 [ 100.549539][ T5894] __x64_sys_openat2+0x55/0x70 [ 100.549568][ T5894] x64_sys_call+0x2928/0x2dc0 [ 100.549653][ T5894] do_syscall_64+0xc9/0x1c0 [ 100.549692][ T5894] ? clear_bhb_loop+0x55/0xb0 [ 100.549773][ T5894] ? clear_bhb_loop+0x55/0xb0 [ 100.549851][ T5894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.549885][ T5894] RIP: 0033:0x7f56fcb0d169 [ 100.549905][ T5894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.549929][ T5894] RSP: 002b:00007f56fb177038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b5 [ 100.549955][ T5894] RAX: ffffffffffffffda RBX: 00007f56fcd25fa0 RCX: 00007f56fcb0d169 [ 100.549971][ T5894] RDX: 0000400000000080 RSI: 00004000000000c0 RDI: ffffffffffffff9c [ 100.549985][ T5894] RBP: 00007f56fb177090 R08: 0000000000000000 R09: 0000000000000000 [ 100.550070][ T5894] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001 [ 100.550085][ T5894] R13: 0000000000000000 R14: 00007f56fcd25fa0 R15: 00007fffb10822d8 [ 100.550109][ T5894] [ 100.799772][ T5897] ================================================================== [ 100.810293][ T5897] BUG: KCSAN: data-race in clockevents_program_min_delta / print_tickdevice [ 100.819467][ T5897] [ 100.822041][ T5897] read-write to 0xffff888237d1c240 of 8 bytes by task 5825 on cpu 1: [ 100.831540][ T5897] clockevents_program_min_delta+0xb6/0x260 [ 100.838603][ T5897] clockevents_program_event+0x180/0x1f0 [ 100.844398][ T5897] tick_program_event+0x7c/0xd0 [ 100.849790][ T5897] hrtimer_reprogram+0x1cf/0x220 [ 100.855034][ T5897] hrtimer_start_range_ns+0x699/0x720 [ 100.860522][ T5897] common_hrtimer_rearm+0xa9/0xc0 [ 100.865564][ T5897] posixtimer_deliver_signal+0x10c/0x2e0 [ 100.871918][ T5897] dequeue_signal+0x2a5/0x370 [ 100.876624][ T5897] get_signal+0x376/0x1000 [ 100.881053][ T5897] arch_do_signal_or_restart+0x95/0x4b0 [ 100.886622][ T5897] syscall_exit_to_user_mode+0x62/0x120 [ 100.892771][ T5897] do_syscall_64+0xd6/0x1c0 [ 100.897706][ T5897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.903899][ T5897] [ 100.906497][ T5897] read to 0xffff888237d1c240 of 8 bytes by task 5897 on cpu 0: [ 100.914058][ T5897] print_tickdevice+0x2ae/0x340 [ 100.919129][ T5897] timer_list_show+0x79/0x180 [ 100.923835][ T5897] seq_read_iter+0x2d1/0x930 [ 100.928798][ T5897] proc_reg_read_iter+0x118/0x190 [ 100.935706][ T5897] copy_splice_read+0x383/0x5b0 [ 100.940948][ T5897] splice_direct_to_actor+0x269/0x670 [ 100.946651][ T5897] do_splice_direct+0xd7/0x150 [ 100.956085][ T5897] do_sendfile+0x398/0x660 [ 100.961087][ T5897] __x64_sys_sendfile64+0x110/0x150 [ 100.966365][ T5897] x64_sys_call+0xfbd/0x2dc0 [ 100.971209][ T5897] do_syscall_64+0xc9/0x1c0 [ 100.976012][ T5897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.982091][ T5897] [ 100.984875][ T5897] value changed: 0x000000000003d3f7 -> 0x000000000003d3f8 [ 100.992025][ T5897] [ 100.994374][ T5897] Reported by Kernel Concurrency Sanitizer on: [ 101.000530][ T5897] CPU: 0 UID: 0 PID: 5897 Comm: syz.1.760 Not tainted 6.14.0-rc6-syzkaller #0 [ 101.009436][ T5897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 101.021707][ T5897] ================================================================== [ 101.050365][ T5896] vlan2: entered allmulticast mode [ 101.057922][ T5896] bond_slave_0: entered allmulticast mode [ 101.086831][ T5896] bond_slave_0: left allmulticast mode