last executing test programs: 12.60279518s ago: executing program 4 (id=3437): r0 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) renameat2(r1, &(0x7f0000000480)='./bus\x00', r1, &(0x7f0000000280)='./file0\x00', 0x0) unlinkat(r1, &(0x7f0000000040)='./file0\x00', 0x0) 12.541877555s ago: executing program 4 (id=3439): bpf$MAP_CREATE(0x0, 0x0, 0x0) creat(0x0, 0x0) r0 = open(0x0, 0x16d43e, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x3, 0x800) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) umount2(&(0x7f0000000240)='./file0\x00', 0x6) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_freezer_state(r5, &(0x7f0000000140), 0x2, 0x0) r7 = openat$cgroup_procs(r5, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f00000000c0), 0x12) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mknod$loop(0x0, 0x0, 0x1) write$cgroup_freezer_state(r6, &(0x7f0000000400)='FROZEN\x00', 0x7) unshare(0x40400) sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x3c, r3, 0x1, 0x0, 0x0, {}, [@GTPA_LINK={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r4}, @GTPA_I_TEI={0x8}, @GTPA_O_TEI={0x8}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x3c}}, 0x0) ioctl$MON_IOCG_STATS(r0, 0x80089203, &(0x7f00000001c0)) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) sendmsg$FOU_CMD_GET(0xffffffffffffffff, 0x0, 0x20000098) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x3000000000000, 0x46822, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x700, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x8001}, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000800)={'\x00', 0x11, 0x8, 0x9ff2, 0x2000003, 0x5}) 2.246322054s ago: executing program 3 (id=3601): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00'}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) 2.220326296s ago: executing program 3 (id=3602): futex(&(0x7f000000cffc), 0xb, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0x1, 0x10b, 0x1, 0x0, &(0x7f0000000040), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000048000), 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf7cf39e3100c8acaa47684f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d7559f3b14820ed58b15627c95aa0b784625704f07372c29184ff7f4a7c0000070015006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e000000000000041201baa80b0b8ed8fb1ec577c377f627daaf787a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bdeda7be586602d985430cea080000000000fb1a26abfb0767192361448279b05d96a703a660587a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aab926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb155481ef836eb0f8c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaed2b25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec0271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761036eafed1fb2b98b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe514283707c70600000000000000b7561301bb997316db01ee601f2c9659db9bc04f7089a660d8dcc3ae83169cf331efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a515d83129cd857c775f9e7d6101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbe3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562e00e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb2214209ed2d5d776e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b55ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f608ce27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e30400000000000000000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a95d32f46ed9bd1f00fb8191bbab2dc599dda61ee2010000294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bfe2777e808fcba821a00e8c5c39609ff854256cb490000000000c1fee30a3f7a85d1b2b458c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd210819203828b202779d386ed295f023c67d867014d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff00004043060000005dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df40600000000000000e9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b0600b805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1202000000b59fed817072a0da60160761fd3dffda0f7c742eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7000000000000000542954c167dd9b4acd946ffffffffffffffff1389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c9e281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b630500163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f700400fa0c61d5fe6d8ff353f631080405547d65375ae04f44f0c2543c772c5ccb137be7dc87746e1785a8214454d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b036e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e010000005a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb3985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1428c0805b4031a667e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a9cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab9100781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c1227c8bed10591958c906321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b863af34bac64c247672a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c39132a0f27080ece2a94c360b002c77f82662675a7713c7067081cac1599a998c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc215a18ca0265400abf38e90000000000000000008faf2cddffbfa66bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942ce18e57bb7f337df5435bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de286553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c03f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c872a4882d21db2046a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265441d513a1294b8439276394945d94a589708e32a1cb30a8b07b391201385e0b92ecbb7b13d7a87284164018ace6ce58a82c5de321452461089cdd69259f5390f5f508646a524490583c30630bedb47e158ad41c0a653e86a4f4f255cd2a6e95f33b586823aef5564d9de1f5bdd8c80e193f0597b8003860302cd243c00bc5a82c52afb115d16258d507937966bb89409d6d47b8b652d0761d7c72875ae1efb9bc7c6807c2d783e31fd9cd7e84d3d50d8fc44ab8ac9ccd2c0d42e3bd4c029241320446bbf47e23d1320de30fbdf7ed13f80c28fb5c13fccc2e3f73509bdcddad8a2fe48cdd61f2f43611704af64eed8b0cbbd08754f93b8f3d6347aad5cde1ccc5cbd5eaa87e52cea257c856a4af5243eeb5e89f0000000000000000f420df5e4c6d856b3d55e455c08110b2ef4255a38f81555e8e1f22d59c0bc3c9013e66a1f5bda1b695e1602c0afb5c35b2f68f3b151b1e869f40ff4d1bef5e926e1ff95f6321131e4cb797f53455a093a95e67605222d6acc29c46e5db1ef3b8b07e2169fb24ced4b3ae87ebeca06df93212e465bbd1a7e41df2e1a0d508f86cfc7a469ac682685c44692877d03c34c23a65d2677acc73b5d276fdebd685c9b7a079eae228d8426188cb19b083548f5f29e493ab079f33d1965dcbb165015c46998ad410d60cc65fcfa73bd65a43fc024455c4bf530d663976cf71490577251780ab6b1cf8d397444b5be575229f687a3d95ea6b2aa62fce8acb3d4a6a130b4fefa55d0c1d6f3fa448ee24e588e2965c9a442f0baf90923dda91a6850fb7b9c7f432b63001423fedcf053fa28024cc9a178a07042dabc07176fc524032c2edb340c9c18a83565c431aeb0c869683507255254430f90f61e4eca9c8fa98c000b35fec357ee1ebd08439bd95c1ab0753dfd2603d1608bd8c589a1e160000a6ee0ad13346e08738c2d7b00b5d121d918f1dc8bceded939fa8605b54b37cdfcea0bf2bc63e655dc04a2e50212ff89d6587d49896ce18916cf3adc12839c345ca91bb232b891fae2fdd68aaa38281c0feb2c107af3e080d6cdd1c6646ec6804d7e9960c02aa0db9eda24bbcb287fd2a890fa7f9d6ae0c0b1f8dd1603c9ea2f66b572276f96a28b5b6dd9f9bf6ad4bdaa2139b90faf1f40b0f141258578bd825daaaf718d21b7ac05fe5d1b699e5422ca341fe1c944f68fe3a6d783dcf30b0e09d7688f696883b61cb64464b04d351a0a69b0733c348049b0430ed40e200f4ff0000000000000000000000996bcc1b721b152c892fab887e7d20466d90c049c0fdf51dcc16d226a2619c6f47bc25b7f5df5c09fed638922ed127ab36aa7b0c58a2ce5894b1b0f5375d340d96b69b966b05daaf585121a9c7605ed8e9964eef1f14b74cbb2ccdadc6d0b77cf0492b75e1cd11bfdcfddde91b20366715ba0cbe1041be2a65c25d7ca15ef8b71bd2ab9a4294899a1964b0152518fc2ac15a728bcb9e2bc4b551dfdf9011a2a607bc39ad2c4d7c64dcf967724e9b63c397d5265ad3f1da4395a5a800d8845257dcbf210d4f00fe0bd3deed05e506736e6bb6d40ee6cb960bcdb33633ee87f82beb665a9a4c2d4d2b06479ade3a4cd6bba765c9f52b52a0bdd0849ab92baae3775570accb5a57ee9f0035fc6d3df4eebec2e7eb4ff863d3979a20f4428ddca471037b49d4fd130743a97faa02c293b721e52bf53d64c6585e138162331ef98792e1e9b21a6a084fb7b42c64062ef1323a8a65a8ed6038f274f28ff4f78136a1ef108efbe8c4f4e347d50dcdbc33bf3ade4c3a39d316061930d7dd39b8acdecc3f27830e3eda40e648328d95a9aee65a9dd09fd4e96d5b852025dc53ec3f30cc753e6a796084b4e34f521dbb230ae0f3b79142073d437e1fd22d3b7503ffa95b1d5c7740b0ecbfd35dc0f8af895583dfcc2689f6e02c2dd4b57f3dcac54f40da013eb221fa3d65de760576031052c25a96ed4b20230b36d46d3d3fd6bb1d77cc8a48a6b10fa0149e55ccde4a2b26cca2d1ca9191c74ab006a602543fc24d1283e353cfb917620000000024bf3eed258c02a591ec4cd295212d9a98d38745f6f6c4530900000000000000f184f239098bf32551c7cf454e2865974f6520112743f73c619c3cab5609e00178f7393e53462f31559220c026bbde09837bf1b3ffe748a3247c9569f0c5e99f4494f93e0fa1badca90c888616eca97bddabd8003fc12a084d4b11d841979e161b998ddda92f194c4ec7947b7b303be11e0962d429a2c542a28c4932e14c123dfe2b8ec47a11cce134fd6e42a9f4e00ab6de6b45"], &(0x7f0000000100)='GPL\x00'}, 0x41) bind$llc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='nodots,allow_utime=000000000034,usefree,check=strict,dots,\x00'/70], 0x1, 0x1e9, &(0x7f00000002c0)="$eJzs2k1rVFcYB/Bz05SkCXkppS3Jpoe2i3ZzabIsXSSUBEoHFM0IKkhuyESHGWfC3FnMiItZu/IjuBaX7gTJF8h3cOEuCNFVVl7R0bwRFyrJCPn9NvOHPwPn4cDhWdydf+7frm3k6UbWDkNJEoYWQi/sJWE6DIUPeuHP3/9+ee/y1Wv/L5ZKS5diXF5cmZuPMU7+8vT63Ue/brXHrzyefDIStqdv7OzOP9/+aXtm5/XKrWoeq3lsNNsxi2vNZjtbq1fiejWvpTFerFeyvBKrjbzSOtJv1Jubm92YNdYnxjZblTyPWaMba5VubDdju9WN2c2s2ohpmsaJscCXKD/cK4qwW3y7Goqi+O5BGN8KE8/CVEi+j8kPC8mPq8nPvWRmtyimBn1UToX7P98OPeqjIbzodcqdcv+33y//V1r6K74zffCvV51O+Zv9fq7fx6P9SBh738+f2I+GP37r92+7fy+UjvWzYf30xwcAOHfSuO/E/S5NP9b306H98Nj+Nhxmh89sDD5T3r1Ty+r1SksQBGE/DPpl4iwcXPqgTwIAAAAAAAAAAMCnOIvPCQc9IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HV7EwAA///n0Xgk") rename(&(0x7f0000000240)='./file1\x00', &(0x7f0000000a00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) 1.676789474s ago: executing program 2 (id=3605): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x17, 0x0, 0x8400, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000020000000000000000018010000756c6c2500000800002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000072000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500", @ANYRES32, @ANYRES64=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x43}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x58}}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa1"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20) 1.649900746s ago: executing program 2 (id=3607): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0) read$ptp(0xffffffffffffffff, &(0x7f0000000200)=""/199, 0xc7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 1.402129748s ago: executing program 0 (id=3611): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18402, &(0x7f0000000540)=ANY=[], 0x8, 0x2fd, &(0x7f0000000e40)="$eJzs3MtrE18UwPGTR9MkpU0XP36iIL3oRjdDG11Lg7QgBiy1ER8gTNuJhoxJyYRKRGwFwa34R7goXXZX0P4D3bjTjRt33Qgu7EIcyWQmafNobZpHtd8PlDnMuWdyb6Yp54YmO3ffPMmmLS2tF8UfVuITEdkVGRW/eHzu0e/EIdlrVS4Pff90/va9+zcTyeTUrFLTibkrcaXUyNj7p88j7rDNQdkefbjzLf51+//tszu/5h5nLJWxVC5fVLqaz38p6vOmoRYzVlZTasY0dMtQmZxlFCr5fCWfNvNLSyWl5xaHo0sFw7KUniuprFFSxbwqFkoq8EjP5JSmaWo4KjhMam12Vk+0WbzQ4cmgSwqFhB4QkUhDJrXWlwkBAIC+qu///aI62f+vX9gqDt3ZGHH7/81Qs/7/6ufKtfb1/2ERadr/e4/ftP/Xj9b/N3ZEp8ux+n+cDGOhhlO+WlhOFhJ61H39Ol4+WB93Avp/AAAAAAAAAAAAAAAAAAAAAAD+Bru2HbNtO+Yeg+7p2KCIhEXEdvMNhXbFSs9njE6qu//Vn+r9l9V+TxFdVPvgXnBExHy9nFpOVY7ugC0RMcWQcYnJz+rL3rbtcux98kiVjcoHc8WtX1lOBZxMIi0Zp35CYgNSX2/b0zeSUxOqYn/9gET31sclJv81r483rQ/JpYt76jWJyccFyYspi848avUvJpS6fitZVx9xxgEAAAAA8C/QVFXT/bumtcpX6qv76/r3BwK1/fV40/15UM4F+7t2AAAAAABOC6v0LKubplE4IIjI4WPaD4JdurK3wj+t8v6XoXsrPSDwHnxfKuye7PjT4jvC09Ii8Es7VWPl1ajjrsJ726jVGJmZ7P0ddIIzb9/96NwFr22ED1lp+0Hg4F+AgZ79AQIAAADQM7Wm3zsz2d8JAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABwCrX+hrBX9V9H13bQ7zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ8XvAAAA///zVACC") r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400a685b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) unlink(&(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 1.361963532s ago: executing program 3 (id=3612): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0), 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r2}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) ppoll(&(0x7f0000000040)=[{}], 0x1, 0x0, 0x0, 0x0) 1.270597379s ago: executing program 0 (id=3613): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000080)={[{@nogrpid}, {@resuid={'resuid', 0x3d, 0xee01}}, {@resgid}, {@data_journal}, {@grpquota}, {@journal_dev={'journal_dev', 0x3d, 0x6}}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") chdir(&(0x7f00000001c0)='./file0\x00') link(&(0x7f0000001240)='./file0\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 1.074767807s ago: executing program 0 (id=3614): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000048000000030a01010000000000000000020000000900010073797a30000000000900030073797a3200000000080007006e61740014000480080001400000000108000240"], 0xa4}}, 0x0) 1.047573479s ago: executing program 2 (id=3615): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) writev(r2, &(0x7f0000000200)=[{0x0}, {&(0x7f00000005c0)="c2c10b270d21c75ca6ebfb5b0800", 0xe}, {&(0x7f0000000280)="56dd8bfb840884b800672e3515ff6bf57b0d86eaaabfa4ab6eca814bc7dbd9d4b81104b0002444f747b3a5a8784ec0db8f511598875542", 0x37}], 0x3) 1.046981099s ago: executing program 0 (id=3616): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000080)={[{@nogrpid}, {@resuid={'resuid', 0x3d, 0xee01}}, {@resgid}, {@data_journal}, {@grpquota}, {@journal_dev={'journal_dev', 0x3d, 0x6}}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") chdir(&(0x7f00000001c0)='./file0\x00') link(&(0x7f0000001240)='./file0\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 1.02476478s ago: executing program 0 (id=3617): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x800448d2, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x0, 0x3}, 0x4) r3 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) fcntl$setstatus(r7, 0x4, 0x4400) dup3(r7, r6, 0x0) io_setup(0x6, &(0x7f0000000240)=0x0) io_submit(r8, 0x3f0a, &(0x7f0000000540)=[&(0x7f00000000c0)={0xf04aef, 0x3d8, 0x4, 0x0, 0x0, r6, &(0x7f0000000000), 0x200a00, 0x2200}]) ioctl$PTP_EXTTS_REQUEST2(r6, 0x40103d0b, &(0x7f0000000400)={0x1911fb62, 0x5}) sendmsg$NL80211_CMD_GET_WIPHY(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="59bb22bd7000000020001100000008002b01"], 0x28}}, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_AUTORATE={0x8, 0x9, 0x8}]}}]}, 0x3c}}, 0x48004) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) r11 = socket$inet_udp(0x2, 0x2, 0x0) close(r11) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r10, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r9, 0x0, r11, 0x0, 0x4ffe6, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_RADAR_DETECT(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB="38f0ff008dcec4e56dc96bd0115e87ed4be1edb81cf7c0c77a7a79c831567ddad1ccba94a168b23d5c14ea98925c4c91a67987912d40611075cba2bb6249c68294107c3ec86f5030d30e910f19119d4ed6ede46102fcb5be3a6f270536a30882ea5b94a4272fa02c547bbc385d795436bc5a2cc317b666cbc343198101f3", @ANYRES16=r5, @ANYBLOB="000328bd7000fddbdf255e00000008000300", @ANYRES32=r12, @ANYBLOB="0c0099000800000030000000080026006c0900000800270000000000"], 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x4) 994.209913ms ago: executing program 2 (id=3618): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000065415d1107f5611", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffde3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x68, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f0000000500)={[{@data_err_abort}, {@noblock_validity}, {@dioread_lock}, {@init_itable}, {@auto_da_alloc}, {@grpjquota, 0x2e}, {@noload}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x1, 0x4bf, &(0x7f0000000740)="$eJzs3E1oHGUfAPD/TD763aR9+76v/dCuVjFYTZq0ag8eVBR6EQQ9VPAS01hq01aaCLYUG0XqUTx5VI+C4MmLJwUR9aR41bsIRXpp9SArszuT7Ca7280m29ju7we7+zzzsc/8Z54n88w8mQ2gZ5WytyRia0T8EhFD1Wz9AqXqx41rl6b+vHZpKoly+YU/kspy169dmioWLdbbkmdG0oj03ST2Nih39sLF05MzM9Pn8/zY3JnXx2YvXHzk1JnJk9Mnp89OHD165PD4449NPLomcWZxXd/z1rl9u4+99MFzU+V45fvPsu3dms+vjaNqeNVllqIU5dzi1MHK+wOr/vZ/l2016aR/HTeEFemLiOxwDVTa/1D0xeLBG4pn31nIfLNOGwh0TXZu2rFsal/+mS6cv4A7UaKNQ48qzvjZ9W/xupX9j/V29ansfboS/438VZ3TH2l2LTtcvWLva7L+/9osp7wkP5h/bo2I4/N/fZS9ouF9CACAtfVV1v95uFH/L63r22zPx1CGI+JgROyMiP9ExK6I+G/eD/p/RNy1wvJLS/LL+z8/beoosDZl/b8n8rGt+v5fmi+RLOS2VeIfSF49NTN9KN8nIzGwIcuPtyjj62d+fr/ZvFJN/y97ZeUXfcF8O37v31C/zonJuclVhFzn6tsRe/obxZ8sjARke2B3ROzp4PuzfXbqoU/3ZentW5bPv0n8rY/9GowzlT+JeLB6/OdjSfyFpFpSs/HJsY0xM31orKgVy/3w45Xna/MDNem6+De2F9PGToNtIDv+mxvW/zz+ohkU47WzKy/jyq/vNb2mWX78kzg+X7tEXv9rakJW/weTFyvp4jrqzcm5ufPjEYP5hLrpE4vrFvli+Sz+kQON2//OiL8/ztfbGxFZJb47Iu6JiP35tt8bEfdFxIEW8X/39P2vtd5Drdp/d2Xxn2h1/COGk9rx+g4Sfae//bJZ+e39/TtSSY3kU9r5+5cXXpyOmm5gp/sNAAAAbidpZQw6SUeLdM3NqV2xOZ05Nzt3sBRvnD1RHasejoG0uNM1VHM/dDy/N1zkJ5bkD0fEjsp/Gm2q5Eenzs1sW8/AgcqzOnXtP9J0dLQ677dm//QC3DlWNI5W+3Tg51+s/cYAt5TnNaF3af/Qu7R/6F3aP/SuRu3/csSNddgU4BZz/ofepf1D79L+oXdp/9CTlj8SX/zQQidP+i8mdh5b1epdT5SHuvLN8ytfq69LkUbtj3Y0TSStfhyhZSLS1ssMtlF6k8TLH1arYPcqQHrTZZ7sYul5Yn+e2BAR7a51ufO92kH9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuP39EwAA///xS9f+") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, 0x0) 803.95678ms ago: executing program 2 (id=3619): dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") mkdir(&(0x7f0000000080)='./file1\x00', 0x0) lsetxattr$system_posix_acl(0x0, &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="02000000010000000000f400040000000000000020"], 0x1c, 0x0) llistxattr(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0) 783.012532ms ago: executing program 2 (id=3620): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000016000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3, 0x0, 0x5, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000400)={{r1}, 0x0, 0x0}, 0x20) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x10) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0), 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r4}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) quotactl_fd$Q_GETNEXTQUOTA(0xffffffffffffffff, 0xffffffff80000900, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x9}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = syz_io_uring_setup(0x10e, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x13, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r6, 0x47f9, 0x0, 0x0, 0x0, 0x0) rt_sigsuspend(&(0x7f0000000040)={[0x20000001]}, 0x8) 702.214669ms ago: executing program 1 (id=3621): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) sendto$inet6(r1, &(0x7f0000000000)="7800000018002507b9409b14ffff00000204be04020506050e0204094300080004000000040010000d0068d0bf46d32345653600648d0a0012000200000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f25232500000", 0x78, 0x0, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$EXT4_IOC_GETSTATE(r2, 0x40046629, &(0x7f0000000080)) iopl(0x3) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000880)={@ifindex, 0xffffffffffffffff, 0xc, 0x8, 0x0, @prog_fd}, 0x20) r3 = open(0x0, 0x60840, 0x1e0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYRES16=r4], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRESHEX=r3], 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x35, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x3, &(0x7f0000000600)=ANY=[@ANYRES32=r2], &(0x7f0000000200)='GPL\x00', 0x0, 0xfffffffffffffc65, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5}, 0x10) r6 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r6, &(0x7f00000005c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r7 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r6, 0x5) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e20, @dev}, 0x10) close_range(r6, 0xffffffffffffffff, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x10) r9 = socket(0x10, 0x3, 0x0) r10 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000040)=@newqdisc={0x40, 0x24, 0xd03, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}, @TCA_RATE={0x6}]}, 0x40}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x3b9, 0x80000000, 0x1000, 0x884, r3, 0xc3, '\x00', r11, r3, 0x1, 0x4, 0x1}, 0x48) r12 = socket$kcm(0x29, 0x2, 0x0) sendmmsg$inet(r12, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000002c0)="89", 0x1}], 0x1, &(0x7f0000000e40)=ANY=[], 0xd0}}], 0x1, 0x0) 619.643236ms ago: executing program 1 (id=3622): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18402, &(0x7f0000000540)=ANY=[], 0x8, 0x2fd, &(0x7f0000000e40)="$eJzs3MtrE18UwPGTR9MkpU0XP36iIL3oRjdDG11Lg7QgBiy1ER8gTNuJhoxJyYRKRGwFwa34R7goXXZX0P4D3bjTjRt33Qgu7EIcyWQmafNobZpHtd8PlDnMuWdyb6Yp54YmO3ffPMmmLS2tF8UfVuITEdkVGRW/eHzu0e/EIdlrVS4Pff90/va9+zcTyeTUrFLTibkrcaXUyNj7p88j7rDNQdkefbjzLf51+//tszu/5h5nLJWxVC5fVLqaz38p6vOmoRYzVlZTasY0dMtQmZxlFCr5fCWfNvNLSyWl5xaHo0sFw7KUniuprFFSxbwqFkoq8EjP5JSmaWo4KjhMam12Vk+0WbzQ4cmgSwqFhB4QkUhDJrXWlwkBAIC+qu///aI62f+vX9gqDt3ZGHH7/81Qs/7/6ufKtfb1/2ERadr/e4/ftP/Xj9b/N3ZEp8ux+n+cDGOhhlO+WlhOFhJ61H39Ol4+WB93Avp/AAAAAAAAAAAAAAAAAAAAAAD+Bru2HbNtO+Yeg+7p2KCIhEXEdvMNhXbFSs9njE6qu//Vn+r9l9V+TxFdVPvgXnBExHy9nFpOVY7ugC0RMcWQcYnJz+rL3rbtcux98kiVjcoHc8WtX1lOBZxMIi0Zp35CYgNSX2/b0zeSUxOqYn/9gET31sclJv81r483rQ/JpYt76jWJyccFyYspi848avUvJpS6fitZVx9xxgEAAAAA8C/QVFXT/bumtcpX6qv76/r3BwK1/fV40/15UM4F+7t2AAAAAABOC6v0LKubplE4IIjI4WPaD4JdurK3wj+t8v6XoXsrPSDwHnxfKuye7PjT4jvC09Ii8Es7VWPl1ajjrsJ726jVGJmZ7P0ddIIzb9/96NwFr22ED1lp+0Hg4F+AgZ79AQIAAADQM7Wm3zsz2d8JAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABwCrX+hrBX9V9H13bQ7zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ8XvAAAA///zVACC") r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400a685b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) unlink(&(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 618.910036ms ago: executing program 1 (id=3623): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000080)={[{@nogrpid}, {@resuid={'resuid', 0x3d, 0xee01}}, {@resgid}, {@data_journal}, {@grpquota}, {@journal_dev={'journal_dev', 0x3d, 0x6}}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") chdir(&(0x7f00000001c0)='./file0\x00') link(&(0x7f0000001240)='./file0\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 454.526681ms ago: executing program 1 (id=3624): r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000b80000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x800}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, r3, 0x0, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=[{0x28, 0x102, 0xed1c, "83895178fa1900be3d51c2e3aff89a5ffa"}], 0x28}, 0x0, 0x40800, 0x1}) io_uring_enter(r4, 0x47f4, 0x1386, 0xc, 0x0, 0x0) r7 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r5 = dup(r4) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0)=0x0) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9) sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010000000000000000400200000008000100", @ANYRES32=r8], 0x1c}}, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f0000000180)=0x0) sendmsg$NFC_CMD_GET_DEVICE(r6, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r10, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r11}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x801) write$P9_RLERRORu(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r5, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) write$binfmt_elf64(r5, &(0x7f0000000280)=ANY=[@ANYBLOB="7f450700000053c407cd"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5]) chdir(&(0x7f0000000100)='./file0\x00') open(&(0x7f0000000300)='.\x00', 0xc00, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 207.973152ms ago: executing program 4 (id=3627): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x5, 0x6, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) writev(r1, &(0x7f0000000200)=[{0x0}, {&(0x7f00000005c0)="c2c10b270d21c75ca6ebfb5b0800", 0xe}, {&(0x7f0000000280)="56dd8bfb840884b800672e3515ff6bf57b0d86eaaabfa4ab6eca814bc7dbd9d4b81104b0002444f747b3a5a8784ec0db8f511598875542", 0x37}], 0x3) 132.317219ms ago: executing program 1 (id=3628): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) setrlimit(0x40000000000008, &(0x7f0000000000)) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(0x0, r3, 0xee01) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) sendto$inet6(r4, 0x0, 0x0, 0x404c844, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c) 132.061918ms ago: executing program 3 (id=3629): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000065415d1107f5611", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffde3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x68, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f0000000500)={[{@data_err_abort}, {@noblock_validity}, {@dioread_lock}, {@init_itable}, {@auto_da_alloc}, {@grpjquota, 0x2e}, {@noload}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x1, 0x4bf, &(0x7f0000000740)="$eJzs3E1oHGUfAPD/TD763aR9+76v/dCuVjFYTZq0ag8eVBR6EQQ9VPAS01hq01aaCLYUG0XqUTx5VI+C4MmLJwUR9aR41bsIRXpp9SArszuT7Ca7280m29ju7we7+zzzsc/8Z54n88w8mQ2gZ5WytyRia0T8EhFD1Wz9AqXqx41rl6b+vHZpKoly+YU/kspy169dmioWLdbbkmdG0oj03ST2Nih39sLF05MzM9Pn8/zY3JnXx2YvXHzk1JnJk9Mnp89OHD165PD4449NPLomcWZxXd/z1rl9u4+99MFzU+V45fvPsu3dms+vjaNqeNVllqIU5dzi1MHK+wOr/vZ/l2016aR/HTeEFemLiOxwDVTa/1D0xeLBG4pn31nIfLNOGwh0TXZu2rFsal/+mS6cv4A7UaKNQ48qzvjZ9W/xupX9j/V29ansfboS/438VZ3TH2l2LTtcvWLva7L+/9osp7wkP5h/bo2I4/N/fZS9ouF9CACAtfVV1v95uFH/L63r22zPx1CGI+JgROyMiP9ExK6I+G/eD/p/RNy1wvJLS/LL+z8/beoosDZl/b8n8rGt+v5fmi+RLOS2VeIfSF49NTN9KN8nIzGwIcuPtyjj62d+fr/ZvFJN/y97ZeUXfcF8O37v31C/zonJuclVhFzn6tsRe/obxZ8sjARke2B3ROzp4PuzfXbqoU/3ZentW5bPv0n8rY/9GowzlT+JeLB6/OdjSfyFpFpSs/HJsY0xM31orKgVy/3w45Xna/MDNem6+De2F9PGToNtIDv+mxvW/zz+ohkU47WzKy/jyq/vNb2mWX78kzg+X7tEXv9rakJW/weTFyvp4jrqzcm5ufPjEYP5hLrpE4vrFvli+Sz+kQON2//OiL8/ztfbGxFZJb47Iu6JiP35tt8bEfdFxIEW8X/39P2vtd5Drdp/d2Xxn2h1/COGk9rx+g4Sfae//bJZ+e39/TtSSY3kU9r5+5cXXpyOmm5gp/sNAAAAbidpZQw6SUeLdM3NqV2xOZ05Nzt3sBRvnD1RHasejoG0uNM1VHM/dDy/N1zkJ5bkD0fEjsp/Gm2q5Eenzs1sW8/AgcqzOnXtP9J0dLQ677dm//QC3DlWNI5W+3Tg51+s/cYAt5TnNaF3af/Qu7R/6F3aP/SuRu3/csSNddgU4BZz/ofepf1D79L+oXdp/9CTlj8SX/zQQidP+i8mdh5b1epdT5SHuvLN8ytfq69LkUbtj3Y0TSStfhyhZSLS1ssMtlF6k8TLH1arYPcqQHrTZZ7sYul5Yn+e2BAR7a51ufO92kH9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuP39EwAA///xS9f+") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, 0x0) 131.793988ms ago: executing program 1 (id=3630): dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") mkdir(&(0x7f0000000080)='./file1\x00', 0x0) lsetxattr$system_posix_acl(0x0, &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="02000000010000000000f400040000000000000020"], 0x1c, 0x0) llistxattr(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0) 127.812989ms ago: executing program 4 (id=3631): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) 68.566614ms ago: executing program 4 (id=3632): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$inet(0xa, 0x801, 0x84) connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @private=0xa010101}, 0x10) listen(r3, 0x8) r4 = accept4(r3, 0x0, 0x0, 0x0) sendto$inet(r4, &(0x7f0000000100)="e4", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x2}, 0x8) close(r4) r5 = syz_io_uring_setup(0x38a9, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3, r1}) io_uring_enter(r5, 0x353, 0x0, 0x0, 0x0, 0x0) unshare(0x40000000) 0s ago: executing program 0 (id=3633): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000080)={[{@nogrpid}, {@resuid={'resuid', 0x3d, 0xee01}}, {@resgid}, {@data_journal}, {@grpquota}, {@journal_dev={'journal_dev', 0x3d, 0x6}}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") chdir(&(0x7f00000001c0)='./file0\x00') link(&(0x7f0000001240)='./file0\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') kernel console output (not intermixed with test programs): =root:sysadm_r:sysadm_t pid=15723 comm="syz.1.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd8e4bcef9 code=0x7ffc0000 [ 219.921073][T15725] FAULT_INJECTION: forcing a failure. [ 219.921073][T15725] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 219.977144][T15724] EXT4-fs (loop1): 1 truncate cleaned up [ 219.990124][T15725] CPU: 0 UID: 0 PID: 15725 Comm: syz.0.3005 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 219.990149][T15725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 219.990159][T15725] Call Trace: [ 219.990166][T15725] [ 219.990174][T15725] dump_stack_lvl+0xf2/0x150 [ 219.990200][T15725] dump_stack+0x15/0x20 [ 220.015643][T15724] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.026908][T15725] should_fail_ex+0x229/0x230 [ 220.026938][T15725] should_fail+0xb/0x10 [ 220.090134][T15725] should_fail_usercopy+0x1a/0x20 [ 220.095620][T15725] _copy_from_iter+0xd3/0xb00 [ 220.100436][T15725] ? kmalloc_reserve+0x16e/0x190 [ 220.105356][T15725] ? __build_skb_around+0x196/0x1f0 [ 220.110538][T15725] ? __alloc_skb+0x21f/0x310 [ 220.115108][T15725] ? __virt_addr_valid+0x1ed/0x250 [ 220.120253][T15725] ? __check_object_size+0x35b/0x510 [ 220.125567][T15725] netlink_sendmsg+0x460/0x6e0 [ 220.130509][T15725] ? __pfx_netlink_sendmsg+0x10/0x10 [ 220.135947][T15725] __sock_sendmsg+0x140/0x180 [ 220.140651][T15725] ____sys_sendmsg+0x312/0x410 [ 220.145484][T15725] __sys_sendmsg+0x1e9/0x280 [ 220.150095][T15725] __x64_sys_sendmsg+0x46/0x50 [ 220.154859][T15725] x64_sys_call+0x2689/0x2d60 [ 220.159581][T15725] do_syscall_64+0xc9/0x1c0 [ 220.164066][T15725] ? clear_bhb_loop+0x55/0xb0 [ 220.168999][T15725] ? clear_bhb_loop+0x55/0xb0 [ 220.173728][T15725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.179620][T15725] RIP: 0033:0x7fcde751cef9 [ 220.184022][T15725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 220.203655][T15725] RSP: 002b:00007fcde6197038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 220.212069][T15725] RAX: ffffffffffffffda RBX: 00007fcde76d5f80 RCX: 00007fcde751cef9 [ 220.220055][T15725] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000006 [ 220.228148][T15725] RBP: 00007fcde6197090 R08: 0000000000000000 R09: 0000000000000000 [ 220.236307][T15725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 220.244311][T15725] R13: 0000000000000000 R14: 00007fcde76d5f80 R15: 00007ffe428cd448 [ 220.252355][T15725] [ 220.256283][ T6925] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.278442][T12673] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.291621][T15732] loop4: detected capacity change from 0 to 128 [ 220.302816][T15734] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3011'. [ 220.354180][T15734] netlink: 'syz.2.3011': attribute type 21 has an invalid length. [ 220.362320][T15734] netlink: 'syz.2.3011': attribute type 4 has an invalid length. [ 220.370117][T15734] netlink: 'syz.2.3011': attribute type 5 has an invalid length. [ 220.461242][T15768] FAULT_INJECTION: forcing a failure. [ 220.461242][T15768] name failslab, interval 1, probability 0, space 0, times 0 [ 220.474050][T15768] CPU: 0 UID: 0 PID: 15768 Comm: syz.0.3022 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 220.484949][T15768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 220.495061][T15768] Call Trace: [ 220.498375][T15768] [ 220.501283][T15768] dump_stack_lvl+0xf2/0x150 [ 220.505921][T15768] dump_stack+0x15/0x20 [ 220.510068][T15768] should_fail_ex+0x229/0x230 [ 220.514736][T15768] ? sidtab_sid2str_get+0xb8/0x140 [ 220.520031][T15768] should_failslab+0x8f/0xb0 [ 220.524638][T15768] __kmalloc_node_track_caller_noprof+0xa6/0x380 [ 220.530960][T15768] kmemdup_noprof+0x2a/0x60 [ 220.535470][T15768] sidtab_sid2str_get+0xb8/0x140 [ 220.540560][T15768] security_sid_to_context_core+0x1eb/0x2f0 [ 220.546809][T15768] security_sid_to_context+0x27/0x30 [ 220.552157][T15768] selinux_secid_to_secctx+0x22/0x30 [ 220.557451][T15768] security_secid_to_secctx+0x4a/0x80 [ 220.562838][T15768] audit_log_task_context+0x8c/0x1b0 [ 220.568130][T15768] audit_log_task+0xfb/0x180 [ 220.572849][T15768] audit_seccomp+0x68/0x130 [ 220.577360][T15768] __seccomp_filter+0x6fa/0x1180 [ 220.582503][T15768] ? proc_fail_nth_write+0x130/0x160 [ 220.587819][T15768] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 220.593433][T15768] ? vfs_write+0x5a5/0x900 [ 220.597994][T15768] ? __fget_files+0x1da/0x210 [ 220.602724][T15768] __secure_computing+0x9f/0x1c0 [ 220.607791][T15768] syscall_trace_enter+0xd1/0x1f0 [ 220.612984][T15768] ? fpregs_assert_state_consistent+0x83/0xa0 [ 220.619337][T15768] do_syscall_64+0xaa/0x1c0 [ 220.624129][T15768] ? clear_bhb_loop+0x55/0xb0 [ 220.628795][T15768] ? clear_bhb_loop+0x55/0xb0 [ 220.633469][T15768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.639466][T15768] RIP: 0033:0x7fcde751cef9 [ 220.643879][T15768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 220.663588][T15768] RSP: 002b:00007fcde6197038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 220.672054][T15768] RAX: ffffffffffffffda RBX: 00007fcde76d5f80 RCX: 00007fcde751cef9 [ 220.680032][T15768] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 220.688067][T15768] RBP: 00007fcde6197090 R08: 0000000020001500 R09: 0000000000000000 [ 220.696039][T15768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 220.704021][T15768] R13: 0000000000000000 R14: 00007fcde76d5f80 R15: 00007ffe428cd448 [ 220.711993][T15768] [ 220.796987][T15789] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 220.836144][T15797] loop1: detected capacity change from 0 to 512 [ 220.844846][T15797] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 220.860571][T15797] EXT4-fs (loop1): Remounting filesystem read-only [ 220.867292][T15797] EXT4-fs (loop1): 1 truncate cleaned up [ 220.869903][T15802] loop3: detected capacity change from 0 to 512 [ 220.873953][T15797] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.891896][T15797] SELinux: (dev loop1, type ext4) getxattr errno 5 [ 220.899853][T15802] EXT4-fs: Ignoring removed orlov option [ 220.907282][T15797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.919904][T15803] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 220.930156][T15803] SELinux: failed to load policy [ 220.937222][T15802] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.939111][T15803] ªªªªª: renamed from bond_slave_1 (while UP) [ 220.957160][T15802] ext4 filesystem being mounted at /102/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 220.971201][T15802] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.3035: corrupted xattr block 33: invalid ea_ino [ 220.985370][T15802] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 220.994606][T15802] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.3035: corrupted xattr block 33: invalid ea_ino [ 221.008077][T15802] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 221.018259][T15802] EXT4-fs error (device loop3): ext4_xattr_block_find:1877: inode #15: comm syz.3.3035: corrupted xattr block 33: invalid ea_ino [ 221.058115][T13636] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.086318][T15797] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 221.183142][T15852] sd 0:0:1:0: device reset [ 221.247398][T15864] FAULT_INJECTION: forcing a failure. [ 221.247398][T15864] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 221.260538][T15864] CPU: 1 UID: 0 PID: 15864 Comm: syz.0.3056 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 221.271426][T15864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 221.281570][T15864] Call Trace: [ 221.284911][T15864] [ 221.287861][T15864] dump_stack_lvl+0xf2/0x150 [ 221.292503][T15864] dump_stack+0x15/0x20 [ 221.296766][T15864] should_fail_ex+0x229/0x230 [ 221.301435][T15864] should_fail+0xb/0x10 [ 221.305594][T15864] should_fail_usercopy+0x1a/0x20 [ 221.310703][T15864] _copy_from_user+0x1e/0xd0 [ 221.315365][T15864] simple_transaction_get+0xf3/0x120 [ 221.320654][T15864] selinux_transaction_write+0x8c/0x100 [ 221.326940][T15864] ? __pfx_selinux_transaction_write+0x10/0x10 [ 221.333254][T15864] vfs_write+0x28b/0x900 [ 221.337531][T15864] ? __fget_files+0x1da/0x210 [ 221.342371][T15864] ksys_write+0xeb/0x1b0 [ 221.346632][T15864] __x64_sys_write+0x42/0x50 [ 221.351235][T15864] x64_sys_call+0x27dd/0x2d60 [ 221.356009][T15864] do_syscall_64+0xc9/0x1c0 [ 221.360613][T15864] ? clear_bhb_loop+0x55/0xb0 [ 221.365381][T15864] ? clear_bhb_loop+0x55/0xb0 [ 221.370066][T15864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.375975][T15864] RIP: 0033:0x7fcde751cef9 [ 221.380380][T15864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 221.400112][T15864] RSP: 002b:00007fcde6197038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 221.408772][T15864] RAX: ffffffffffffffda RBX: 00007fcde76d5f80 RCX: 00007fcde751cef9 [ 221.416776][T15864] RDX: 0000000000000022 RSI: 0000000020000180 RDI: 0000000000000006 [ 221.424791][T15864] RBP: 00007fcde6197090 R08: 0000000000000000 R09: 0000000000000000 [ 221.432850][T15864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 221.441317][T15864] R13: 0000000000000000 R14: 00007fcde76d5f80 R15: 00007ffe428cd448 [ 221.451059][T15864] [ 221.464463][T15857] loop1: detected capacity change from 0 to 764 [ 221.571266][T15887] sd 0:0:1:0: device reset [ 221.571330][T15892] syz.4.3066[15892] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 221.581254][T15895] loop1: detected capacity change from 0 to 128 [ 221.584001][T15892] syz.4.3066[15892] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 221.653826][T15905] __nla_validate_parse: 5 callbacks suppressed [ 221.653840][T15905] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3069'. [ 221.722615][T15905] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3069'. [ 221.748824][T15915] loop3: detected capacity change from 0 to 512 [ 221.780077][T15915] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 221.829518][T15915] EXT4-fs (loop3): 1 truncate cleaned up [ 221.847290][T15915] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.912441][T15934] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3077'. [ 221.921592][T15934] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3077'. [ 221.957064][T13636] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.977155][T15937] sd 0:0:1:0: device reset [ 222.565086][T15999] loop4: detected capacity change from 0 to 128 [ 222.584346][T16002] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 222.648803][T15999] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 222.695448][T16014] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 222.706321][T15999] ext4 filesystem being mounted at /538/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 222.758588][T16014] SELinux: failed to load policy [ 222.780608][T16014] ªªªªª: renamed from bond_slave_1 (while UP) [ 222.811190][T16020] loop2: detected capacity change from 0 to 1024 [ 222.827971][T16020] EXT4-fs: Ignoring removed bh option [ 222.833662][T16020] EXT4-fs: Ignoring removed oldalloc option [ 222.860097][T16020] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 222.916294][T16020] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 222.937161][ T6925] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 222.954340][T16031] tmpfs: Bad value for 'mpol' [ 223.045391][T16020] tmpfs: Bad value for 'mpol' [ 223.167751][T13690] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.207738][T16058] loop3: detected capacity change from 0 to 512 [ 223.219043][T16059] loop1: detected capacity change from 0 to 512 [ 223.224784][T16058] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 223.243093][T16059] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 223.255330][T16058] EXT4-fs (loop3): 1 truncate cleaned up [ 223.261383][T16058] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 223.290823][T13636] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.301996][T16059] EXT4-fs (loop1): 1 truncate cleaned up [ 223.315854][T16059] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 223.325558][T16063] loop2: detected capacity change from 0 to 512 [ 223.356411][T16070] loop3: detected capacity change from 0 to 128 [ 223.365725][T16063] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 223.393418][T12673] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.479515][T16063] EXT4-fs (loop2): 1 truncate cleaned up [ 223.521927][T16063] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 223.630776][T16091] delete_channel: no stack [ 223.631016][T13690] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.678558][T16091] bridge0: port 3(bond0) entered blocking state [ 223.685122][T16091] bridge0: port 3(bond0) entered disabled state [ 223.699547][T16091] bond0: entered allmulticast mode [ 223.704733][T16091] bond_slave_0: entered allmulticast mode [ 223.710503][T16091] ªªªªª: entered allmulticast mode [ 223.721170][T16091] bond0: entered promiscuous mode [ 223.726263][T16091] bond_slave_0: entered promiscuous mode [ 223.732038][T16091] ªªªªª: entered promiscuous mode [ 223.738427][T16091] bridge0: port 3(bond0) entered blocking state [ 223.744895][T16091] bridge0: port 3(bond0) entered forwarding state [ 223.762442][T16102] loop2: detected capacity change from 0 to 512 [ 223.770516][T16102] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 223.781833][T16102] EXT4-fs (loop2): 1 truncate cleaned up [ 223.789215][T16102] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 223.819314][T13690] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.854459][T16115] FAULT_INJECTION: forcing a failure. [ 223.854459][T16115] name failslab, interval 1, probability 0, space 0, times 0 [ 223.867213][T16115] CPU: 0 UID: 0 PID: 16115 Comm: syz.4.3145 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 223.878673][T16115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 223.888800][T16115] Call Trace: [ 223.890156][T16111] loop3: detected capacity change from 0 to 128 [ 223.892072][T16115] [ 223.892083][T16115] dump_stack_lvl+0xf2/0x150 [ 223.905905][T16115] dump_stack+0x15/0x20 [ 223.910198][T16115] should_fail_ex+0x229/0x230 [ 223.914891][T16115] ? bpf_test_init+0xc7/0x170 [ 223.919655][T16115] should_failslab+0x8f/0xb0 [ 223.920871][T16119] IPv6: NLM_F_CREATE should be specified when creating new route [ 223.924367][T16115] __kmalloc_noprof+0xa5/0x370 [ 223.924396][T16115] ? _parse_integer+0x27/0x30 [ 223.924423][T16115] bpf_test_init+0xc7/0x170 [ 223.924443][T16115] bpf_prog_test_run_skb+0x151/0xba0 [ 223.924537][T16115] ? __rcu_read_unlock+0x4e/0x70 [ 223.956756][T16115] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 223.962551][T16115] bpf_prog_test_run+0x26d/0x3e0 [ 223.967553][T16115] __sys_bpf+0x400/0x7a0 [ 223.971822][T16115] __x64_sys_bpf+0x43/0x50 [ 223.976302][T16115] x64_sys_call+0x2625/0x2d60 [ 223.981113][T16115] do_syscall_64+0xc9/0x1c0 [ 223.985735][T16115] ? clear_bhb_loop+0x55/0xb0 [ 223.990396][T16115] ? clear_bhb_loop+0x55/0xb0 [ 223.995057][T16115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.001075][T16115] RIP: 0033:0x7f9ac19dcef9 [ 224.005769][T16115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.025449][T16115] RSP: 002b:00007f9ac0657038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 224.033880][T16115] RAX: ffffffffffffffda RBX: 00007f9ac1b95f80 RCX: 00007f9ac19dcef9 [ 224.041913][T16115] RDX: 0000000000000048 RSI: 0000000020000540 RDI: 000000000000000a [ 224.050176][T16115] RBP: 00007f9ac0657090 R08: 0000000000000000 R09: 0000000000000000 [ 224.058456][T16115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 224.067012][T16115] R13: 0000000000000000 R14: 00007f9ac1b95f80 R15: 00007ffee86eb1a8 [ 224.075324][T16115] [ 224.100640][T16110] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000401) [ 224.108883][T16110] FAT-fs (loop3): Filesystem has been set read-only [ 224.131370][T16125] loop4: detected capacity change from 0 to 512 [ 224.141919][T16125] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 224.158958][T16125] EXT4-fs (loop4): 1 truncate cleaned up [ 224.165762][T16125] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.197402][T16133] sd 0:0:1:0: device reset [ 224.203357][T16135] loop2: detected capacity change from 0 to 512 [ 224.211058][T16135] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 224.222061][ T6925] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.251150][T16135] EXT4-fs (loop2): 1 truncate cleaned up [ 224.257439][T16135] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.281591][T16137] syzkaller0: entered promiscuous mode [ 224.288218][T16137] syzkaller0: entered allmulticast mode [ 224.307203][T13690] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.356658][T16156] FAULT_INJECTION: forcing a failure. [ 224.356658][T16156] name failslab, interval 1, probability 0, space 0, times 0 [ 224.369436][T16156] CPU: 1 UID: 0 PID: 16156 Comm: syz.4.3162 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 224.380197][T16156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 224.390322][T16156] Call Trace: [ 224.393672][T16156] [ 224.396590][T16156] dump_stack_lvl+0xf2/0x150 [ 224.401248][T16156] dump_stack+0x15/0x20 [ 224.405389][T16156] should_fail_ex+0x229/0x230 [ 224.410052][T16156] ? security_inode_alloc+0x32/0xd0 [ 224.415386][T16156] should_failslab+0x8f/0xb0 [ 224.420169][T16156] kmem_cache_alloc_noprof+0x4c/0x290 [ 224.425551][T16156] security_inode_alloc+0x32/0xd0 [ 224.430663][T16156] inode_init_always+0x439/0x480 [ 224.435781][T16156] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 224.441235][T16156] alloc_inode+0x7d/0x160 [ 224.445632][T16156] new_inode+0x1e/0x100 [ 224.449806][T16156] shmem_get_inode+0x258/0x740 [ 224.454630][T16156] __shmem_file_setup+0x127/0x1f0 [ 224.459660][T16156] shmem_file_setup+0x3b/0x50 [ 224.464348][T16156] __se_sys_memfd_create+0x31d/0x600 [ 224.469674][T16156] __x64_sys_memfd_create+0x31/0x40 [ 224.474856][T16156] x64_sys_call+0x2891/0x2d60 [ 224.479590][T16156] do_syscall_64+0xc9/0x1c0 [ 224.484079][T16156] ? clear_bhb_loop+0x55/0xb0 [ 224.488767][T16156] ? clear_bhb_loop+0x55/0xb0 [ 224.493441][T16156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.499343][T16156] RIP: 0033:0x7f9ac19dcef9 [ 224.503747][T16156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.523683][T16156] RSP: 002b:00007f9ac0656e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 224.532082][T16156] RAX: ffffffffffffffda RBX: 000000000000063f RCX: 00007f9ac19dcef9 [ 224.540213][T16156] RDX: 00007f9ac0656ef0 RSI: 0000000000000000 RDI: 00007f9ac1a4f839 [ 224.548757][T16156] RBP: 0000000020001280 R08: 00007f9ac0656bb7 R09: 00007f9ac0656e40 [ 224.556888][T16156] R10: 000000000000000a R11: 0000000000000202 R12: 00000000200005c0 [ 224.564847][T16156] R13: 00007f9ac0656ef0 R14: 00007f9ac0656eb0 R15: 0000000020000040 [ 224.572900][T16156] [ 224.621055][T16163] loop4: detected capacity change from 0 to 1024 [ 224.629460][T16163] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 224.640641][T16163] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 224.648799][T16163] EXT4-fs (loop4): too many log groups per flexible block group [ 224.656844][T16163] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 224.663821][T16163] EXT4-fs (loop4): mount failed [ 224.686540][ T29] kauditd_printk_skb: 455 callbacks suppressed [ 224.686554][ T29] audit: type=1326 audit(1725796567.151:12477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16170 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 224.725470][ T29] audit: type=1326 audit(1725796567.181:12478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16170 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=154 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 224.749298][ T29] audit: type=1326 audit(1725796567.181:12479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16170 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 224.773268][ T29] audit: type=1326 audit(1725796567.181:12480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16170 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 224.797667][ T29] audit: type=1326 audit(1725796567.181:12481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16170 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 224.821828][ T29] audit: type=1326 audit(1725796567.181:12482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16170 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 224.845581][ T29] audit: type=1326 audit(1725796567.181:12483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16170 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 224.869322][ T29] audit: type=1326 audit(1725796567.181:12484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16170 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 224.893615][ T29] audit: type=1326 audit(1725796567.181:12485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16170 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 224.917510][ T29] audit: type=1326 audit(1725796567.181:12486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16170 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 224.969351][T16182] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 224.996953][T16185] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 225.033949][T16189] loop2: detected capacity change from 0 to 128 [ 225.042324][T16189] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 225.056413][T16188] sd 0:0:1:0: device reset [ 225.071646][T16189] ext4 filesystem being mounted at /181/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 225.183568][T16198] syz.2.3171[16198] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 225.183628][T16198] syz.2.3171[16198] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 225.238996][T16200] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3178'. [ 225.331026][T16199] ------------[ cut here ]------------ [ 225.336596][T16199] name '69550' [ 225.340235][T16199] WARNING: CPU: 1 PID: 16199 at fs/proc/generic.c:711 remove_proc_entry+0x194/0x340 [ 225.349784][T16199] Modules linked in: [ 225.353676][T16199] CPU: 1 UID: 0 PID: 16199 Comm: syz.4.3178 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 225.364701][T16199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 225.374964][T16199] RIP: 0010:remove_proc_entry+0x194/0x340 [ 225.381036][T16199] Code: b6 ff eb 05 e8 4d df b6 ff 48 8b 1c 24 48 c7 c7 78 d1 bb 88 e8 9d 68 b4 03 90 48 c7 c7 fb dd 19 86 48 89 de e8 ed fc 98 ff 90 <0f> 0b 90 90 65 48 8b 04 25 28 00 00 00 48 3b 44 24 30 0f 85 89 01 [ 225.401126][T16199] RSP: 0018:ffffc9000177fd20 EFLAGS: 00010246 [ 225.407662][T16199] RAX: 3cb843ae066e1a00 RBX: ffff88810b3f0748 RCX: ffff8881035b5280 [ 225.415703][T16199] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 225.423778][T16199] RBP: ffff888111cd7d80 R08: ffffffff8111f297 R09: 0000000000000000 [ 225.431883][T16199] R10: 0001ffffffffffff R11: ffff8881035b5280 R12: ffff88810b3f0748 [ 225.440463][T16199] R13: 0000000000000005 R14: ffff88810b3f0b08 R15: ffff88810b3f0400 [ 225.448549][T16199] FS: 0000555586b4f500(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 [ 225.457580][T16199] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 225.464202][T16199] CR2: fffffffff7000000 CR3: 000000010d3a4000 CR4: 00000000003506f0 [ 225.472443][T16199] DR0: 0000000020000300 DR1: 0000000020000300 DR2: 0000000000000000 [ 225.480485][T16199] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 225.488587][T16199] Call Trace: [ 225.491937][T16199] [ 225.494891][T16199] ? __warn+0x13c/0x350 [ 225.499136][T16199] ? report_bug+0x315/0x420 [ 225.503910][T16199] ? remove_proc_entry+0x194/0x340 [ 225.509200][T16199] ? handle_bug+0x3e/0x70 [ 225.513794][T16199] ? exc_invalid_op+0x1a/0x50 [ 225.518513][T16199] ? asm_exc_invalid_op+0x1a/0x20 [ 225.523639][T16199] ? __warn_printk+0x167/0x1b0 [ 225.528452][T16199] ? remove_proc_entry+0x194/0x340 [ 225.533748][T16199] ? lock_sock_nested+0x10f/0x140 [ 225.538913][T16199] ? __rcu_read_unlock+0x4e/0x70 [ 225.543923][T16199] bcm_release+0x19c/0x5d0 [ 225.548382][T16199] sock_close+0x68/0x150 [ 225.552677][T16199] ? __pfx_sock_close+0x10/0x10 [ 225.557920][T16199] __fput+0x192/0x6f0 [ 225.562006][T16199] ____fput+0x15/0x20 [ 225.566142][T16199] task_work_run+0x13a/0x1a0 [ 225.570804][T16199] syscall_exit_to_user_mode+0xbe/0x130 [ 225.576486][T16199] do_syscall_64+0xd6/0x1c0 [ 225.580993][T16199] ? clear_bhb_loop+0x55/0xb0 [ 225.585819][T16199] ? clear_bhb_loop+0x55/0xb0 [ 225.590773][T16199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.596853][T16199] RIP: 0033:0x7f9ac19dcef9 [ 225.601424][T16199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.621410][T16199] RSP: 002b:00007ffee86eb308 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 225.630017][T16199] RAX: 0000000000000000 RBX: 0000000000036faf RCX: 00007f9ac19dcef9 [ 225.638150][T16199] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 225.646255][T16199] RBP: 00007f9ac1b97a80 R08: 0000000000000001 R09: 00007ffee86eb5ff [ 225.654286][T16199] R10: 00007f9ac1860000 R11: 0000000000000246 R12: 0000000000037054 [ 225.662609][T16199] R13: 00007ffee86eb410 R14: 0000000000000032 R15: ffffffffffffffff [ 225.670796][T16199] [ 225.674225][T16199] ---[ end trace 0000000000000000 ]--- [ 225.700201][T13690] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 225.726943][T16206] loop2: detected capacity change from 0 to 128 [ 225.736712][T16207] sd 0:0:1:0: device reset [ 225.804330][T16216] loop4: detected capacity change from 0 to 128 [ 225.819077][T16216] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 225.833324][T16219] sd 0:0:1:0: device reset [ 225.833992][T16216] ext4 filesystem being mounted at /559/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 225.884113][ T6925] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 225.906178][T16223] loop2: detected capacity change from 0 to 128 [ 225.924036][T16224] sd 0:0:1:0: device reset [ 225.931929][T16226] loop4: detected capacity change from 0 to 512 [ 225.959157][T16226] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 225.986682][T16226] EXT4-fs (loop4): 1 truncate cleaned up [ 226.004248][T16226] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 226.093229][ T6925] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.101528][T16235] syzkaller0: entered promiscuous mode [ 226.107926][T16235] syzkaller0: entered allmulticast mode [ 226.242049][T16248] loop2: detected capacity change from 0 to 128 [ 226.268347][T16248] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 226.299408][T16248] ext4 filesystem being mounted at /187/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 226.388816][T16258] loop3: detected capacity change from 0 to 512 [ 226.404570][T13690] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 226.413585][T16258] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 226.419929][T16262] loop4: detected capacity change from 0 to 128 [ 226.438884][T16258] EXT4-fs (loop3): 1 truncate cleaned up [ 226.454414][T16258] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 226.511968][T13636] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.688533][T16274] loop2: detected capacity change from 0 to 128 [ 226.712910][T16274] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 226.731041][T16274] ext4 filesystem being mounted at /189/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 226.875636][T13690] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 226.915480][T16291] loop2: detected capacity change from 0 to 736 [ 227.277781][T16309] loop2: detected capacity change from 0 to 256 [ 227.319626][T16313] syzkaller0: entered promiscuous mode [ 227.325187][T16313] syzkaller0: entered allmulticast mode [ 227.378473][T16317] sd 0:0:1:0: device reset [ 227.502457][T16337] loop4: detected capacity change from 0 to 512 [ 227.507760][T16339] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 227.520723][T16342] sd 0:0:1:0: device reset [ 227.521595][T16339] batman_adv: batadv0: Adding interface: ip6gretap1 [ 227.531902][T16339] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.533646][T16337] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 227.559441][T16339] batman_adv: batadv0: Interface activated: ip6gretap1 [ 227.573169][T16337] ext4 filesystem being mounted at /572/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 227.590635][T16348] FAULT_INJECTION: forcing a failure. [ 227.590635][T16348] name failslab, interval 1, probability 0, space 0, times 0 [ 227.603575][T16348] CPU: 0 UID: 0 PID: 16348 Comm: syz.2.3240 Tainted: G W 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 227.616038][T16348] Tainted: [W]=WARN [ 227.619923][T16348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 227.629973][T16348] Call Trace: [ 227.633329][T16348] [ 227.636269][T16348] dump_stack_lvl+0xf2/0x150 [ 227.640861][T16348] dump_stack+0x15/0x20 [ 227.645073][T16348] should_fail_ex+0x229/0x230 [ 227.649840][T16348] ? dst_alloc+0xc0/0x100 [ 227.654175][T16348] should_failslab+0x8f/0xb0 [ 227.658944][T16348] kmem_cache_alloc_noprof+0x4c/0x290 [ 227.664327][T16348] ? mod_objcg_state+0x2ea/0x4f0 [ 227.669260][T16348] dst_alloc+0xc0/0x100 [ 227.673457][T16348] ip_route_output_key_hash_rcu+0xb90/0x12d0 [ 227.679487][T16348] ip_route_output_flow+0x76/0x120 [ 227.684685][T16348] udp_sendmsg+0xe5d/0x12f0 [ 227.689246][T16348] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 227.695046][T16348] ? avc_has_perm+0xd4/0x160 [ 227.699640][T16348] ? __pfx_udp_sendmsg+0x10/0x10 [ 227.704743][T16348] inet_sendmsg+0xaf/0xd0 [ 227.709069][T16348] __sock_sendmsg+0x102/0x180 [ 227.713818][T16348] ____sys_sendmsg+0x312/0x410 [ 227.718597][T16348] __sys_sendmmsg+0x269/0x500 [ 227.723287][T16348] ? trace_sys_enter+0x65/0xa0 [ 227.728143][T16348] __x64_sys_sendmmsg+0x57/0x70 [ 227.732987][T16348] x64_sys_call+0xa49/0x2d60 [ 227.737572][T16348] do_syscall_64+0xc9/0x1c0 [ 227.742103][T16348] ? clear_bhb_loop+0x55/0xb0 [ 227.746785][T16348] ? clear_bhb_loop+0x55/0xb0 [ 227.751543][T16348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.757444][T16348] RIP: 0033:0x7f561315cef9 [ 227.761878][T16348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.781834][T16348] RSP: 002b:00007f5611dd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 227.790498][T16348] RAX: ffffffffffffffda RBX: 00007f5613315f80 RCX: 00007f561315cef9 [ 227.798545][T16348] RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003 [ 227.806608][T16348] RBP: 00007f5611dd7090 R08: 0000000000000000 R09: 0000000000000000 [ 227.815369][T16348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.823419][T16348] R13: 0000000000000000 R14: 00007f5613315f80 R15: 00007ffc546ace48 [ 227.831668][T16348] [ 227.876999][T16352] syzkaller0: entered promiscuous mode [ 227.882570][T16352] syzkaller0: entered allmulticast mode [ 227.909663][ T6925] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.179118][T16391] netlink: 'syz.0.3260': attribute type 1 has an invalid length. [ 228.199226][T16391] 8021q: adding VLAN 0 to HW filter on device bond1 [ 228.219621][T16393] SELinux: policydb version -570608695 does not match my version range 15-33 [ 228.235378][T16391] 8021q: adding VLAN 0 to HW filter on device bond1 [ 228.243000][T16389] syz.2.3259[16389] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 228.243059][T16389] syz.2.3259[16389] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 228.260920][T16393] SELinux: failed to load policy [ 228.279264][T16391] bond1: (slave ip6tnl1): The slave device specified does not support setting the MAC address [ 228.316748][T16391] bond1: (slave ip6tnl1): Error -95 calling set_mac_address [ 228.397691][T16403] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3265'. [ 228.518876][T16426] FAULT_INJECTION: forcing a failure. [ 228.518876][T16426] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 228.532022][T16426] CPU: 1 UID: 0 PID: 16426 Comm: syz.4.3274 Tainted: G W 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 228.544405][T16426] Tainted: [W]=WARN [ 228.548256][T16426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 228.558356][T16426] Call Trace: [ 228.561668][T16426] [ 228.564599][T16426] dump_stack_lvl+0xf2/0x150 [ 228.569251][T16426] dump_stack+0x15/0x20 [ 228.573402][T16426] should_fail_ex+0x229/0x230 [ 228.578137][T16426] should_fail+0xb/0x10 [ 228.582313][T16426] should_fail_usercopy+0x1a/0x20 [ 228.587339][T16426] _copy_from_user+0x1e/0xd0 [ 228.591922][T16426] memdup_user+0x64/0xc0 [ 228.596235][T16426] sctp_getsockopt_connectx3+0x1c0/0x350 [ 228.601955][T16426] sctp_getsockopt+0x805/0xab0 [ 228.606854][T16426] sock_common_getsockopt+0x5b/0x70 [ 228.612065][T16426] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 228.617970][T16426] do_sock_getsockopt+0x1ca/0x260 [ 228.622994][T16426] __sys_getsockopt+0x19a/0x210 [ 228.627865][T16426] __x64_sys_getsockopt+0x66/0x80 [ 228.632930][T16426] x64_sys_call+0x11cd/0x2d60 [ 228.637665][T16426] do_syscall_64+0xc9/0x1c0 [ 228.642202][T16426] ? clear_bhb_loop+0x55/0xb0 [ 228.646869][T16426] ? clear_bhb_loop+0x55/0xb0 [ 228.651547][T16426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.657560][T16426] RIP: 0033:0x7f9ac19dcef9 [ 228.662068][T16426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.681765][T16426] RSP: 002b:00007f9ac0657038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 228.690172][T16426] RAX: ffffffffffffffda RBX: 00007f9ac1b95f80 RCX: 00007f9ac19dcef9 [ 228.698237][T16426] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000006 [ 228.706219][T16426] RBP: 00007f9ac0657090 R08: 0000000020000100 R09: 0000000000000000 [ 228.714184][T16426] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000001 [ 228.722283][T16426] R13: 0000000000000000 R14: 00007f9ac1b95f80 R15: 00007ffee86eb1a8 [ 228.730287][T16426] [ 228.788493][T16442] atomic_op ffff8881092c0528 conn xmit_atomic 0000000000000000 [ 228.858592][T16436] loop4: detected capacity change from 0 to 2048 [ 228.871080][T16452] loop2: detected capacity change from 0 to 512 [ 228.880457][T16452] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 228.892341][T16436] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.901452][T16452] EXT4-fs (loop2): 1 truncate cleaned up [ 228.905077][T16436] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.921421][T16452] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.952577][T13690] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.005839][T16466] loop2: detected capacity change from 0 to 512 [ 229.023756][T16466] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 229.035498][T16480] Invalid ELF section header size [ 229.046431][T16480] loop4: detected capacity change from 0 to 764 [ 229.057603][T16476] netlink: 'syz.3.3295': attribute type 3 has an invalid length. [ 229.064874][T16466] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.3288: iget: bad extended attribute block 19 [ 229.081099][T16466] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.3288: couldn't read orphan inode 15 (err -117) [ 229.084578][T16486] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3299'. [ 229.093523][T16466] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 229.120028][T16487] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3298'. [ 229.142122][T16466] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3288: bg 0: block 65: padding at end of block bitmap is not set [ 229.163118][T16466] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.3288: Failed to acquire dquot type 0 [ 229.206110][T16492] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3301'. [ 229.238141][T16494] loop3: detected capacity change from 0 to 512 [ 229.246448][T16466] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.3288: Failed to acquire dquot type 0 [ 229.259801][T16494] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 229.270337][T16494] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 229.279562][T16494] EXT4-fs (loop3): orphan cleanup on readonly fs [ 229.287612][T16494] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3302: bg 0: block 361: padding at end of block bitmap is not set [ 229.303290][T16494] EXT4-fs (loop3): Remounting filesystem read-only [ 229.320176][T16494] EXT4-fs (loop3): 1 truncate cleaned up [ 229.326779][T13690] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.339717][T16494] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 229.357287][T16494] SELinux: (dev loop3, type ext4) getxattr errno 5 [ 229.366507][T16494] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 229.378652][T16498] loop2: detected capacity change from 0 to 512 [ 229.393363][T16494] loop3: detected capacity change from 0 to 512 [ 229.403737][T16498] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 229.417603][T16494] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 229.427783][T16498] ext4 filesystem being mounted at /214/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 229.440668][T16494] EXT4-fs (loop3): 1 truncate cleaned up [ 229.448065][T16494] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 229.473444][T13690] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.513375][T13636] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.842437][T16515] syzkaller0: entered promiscuous mode [ 229.847971][T16515] syzkaller0: entered allmulticast mode [ 230.009163][T16533] loop4: detected capacity change from 0 to 256 [ 230.071283][T16540] sd 0:0:1:0: device reset [ 230.095961][T16544] sd 0:0:1:0: device reset [ 230.140742][T16548] syzkaller0: entered promiscuous mode [ 230.146460][T16548] syzkaller0: entered allmulticast mode [ 230.221504][T16557] loop4: detected capacity change from 0 to 128 [ 230.230273][T16559] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3329'. [ 230.267059][T16566] sd 0:0:1:0: device reset [ 230.283810][ T29] kauditd_printk_skb: 5813 callbacks suppressed [ 230.283824][ T29] audit: type=1326 audit(1725796572.741:18294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16567 comm="syz.4.3333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac19dcef9 code=0x7ffc0000 [ 230.316129][ T29] audit: type=1326 audit(1725796572.741:18295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16567 comm="syz.4.3333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac19dcef9 code=0x7ffc0000 [ 230.328179][T16570] netlink: 'syz.4.3334': attribute type 4 has an invalid length. [ 230.340112][ T29] audit: type=1326 audit(1725796572.751:18296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16567 comm="syz.4.3333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f9ac19dcef9 code=0x7ffc0000 [ 230.350438][T16570] netlink: 'syz.4.3334': attribute type 4 has an invalid length. [ 230.372381][ T29] audit: type=1326 audit(1725796572.751:18297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16567 comm="syz.4.3333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac19dcef9 code=0x7ffc0000 [ 230.372424][ T29] audit: type=1326 audit(1725796572.751:18298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16567 comm="syz.4.3333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f9ac19dcef9 code=0x7ffc0000 [ 230.429413][ T29] audit: type=1326 audit(1725796572.751:18299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16567 comm="syz.4.3333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac19dcef9 code=0x7ffc0000 [ 230.429472][ T29] audit: type=1326 audit(1725796572.751:18300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16567 comm="syz.4.3333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac19dcef9 code=0x7ffc0000 [ 230.499898][T16577] loop3: detected capacity change from 0 to 512 [ 230.508875][T16577] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 230.512287][T16575] syzkaller0: entered promiscuous mode [ 230.521620][T16577] EXT4-fs (loop3): 1 truncate cleaned up [ 230.524337][T16575] syzkaller0: entered allmulticast mode [ 230.537173][T16577] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 230.564193][T13636] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.599224][T16586] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3341'. [ 230.623404][T16589] sd 0:0:1:0: device reset [ 230.671961][T16602] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3348'. [ 230.742018][ T29] audit: type=1400 audit(1725796573.201:18301): avc: denied { mounton } for pid=16608 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 230.767073][T16607] sd 0:0:1:0: device reset [ 230.784846][T16613] xt_cgroup: path and classid specified [ 230.831702][T16622] loop2: detected capacity change from 0 to 1024 [ 230.875001][T16618] syzkaller0: entered promiscuous mode [ 230.880652][T16618] syzkaller0: entered allmulticast mode [ 230.951066][T16635] sd 0:0:1:0: device reset [ 230.964899][T16608] chnl_net:caif_netlink_parms(): no params data found [ 231.007963][T16642] loop2: detected capacity change from 0 to 128 [ 231.022595][T16608] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.030032][T16608] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.037549][T16608] bridge_slave_0: entered allmulticast mode [ 231.044950][T16608] bridge_slave_0: entered promiscuous mode [ 231.051809][T16608] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.059108][T16608] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.067384][T16608] bridge_slave_1: entered allmulticast mode [ 231.070897][T16658] loop2: detected capacity change from 0 to 1024 [ 231.074068][T16608] bridge_slave_1: entered promiscuous mode [ 231.096620][T16658] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 231.109386][T16658] ext4 filesystem being mounted at /227/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 231.122483][T16608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 231.133954][ T29] audit: type=1400 audit(1725796573.591:18302): avc: denied { read } for pid=16657 comm="syz.2.3364" name="ptp0" dev="devtmpfs" ino=221 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 231.135083][T16608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 231.157214][ T29] audit: type=1400 audit(1725796573.591:18303): avc: denied { open } for pid=16657 comm="syz.2.3364" path="/dev/ptp0" dev="devtmpfs" ino=221 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 231.202609][T16608] team0: Port device team_slave_0 added [ 231.211017][T16608] team0: Port device team_slave_1 added [ 231.227103][T16608] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 231.234186][T16608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 231.260153][T16608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 231.271483][T16608] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 231.278566][T16608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 231.304595][T16608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 231.331958][T13690] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.345026][T16608] hsr_slave_0: entered promiscuous mode [ 231.352217][T16608] hsr_slave_1: entered promiscuous mode [ 231.360450][T16670] sd 0:0:1:0: device reset [ 231.366050][T16608] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 231.373623][T16608] Cannot create hsr debugfs directory [ 231.466623][T16685] loop2: detected capacity change from 0 to 128 [ 231.477175][T16685] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 231.492263][T16685] ext4 filesystem being mounted at /230/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 231.562923][T13690] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 231.572749][T16608] team0: Port device netdevsim1 removed [ 231.622977][T16690] loop3: detected capacity change from 0 to 1024 [ 231.631146][T16690] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 231.642893][T16690] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 231.651556][T16690] EXT4-fs (loop3): orphan cleanup on readonly fs [ 231.663726][T16695] loop2: detected capacity change from 0 to 512 [ 231.664253][T16690] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.3373: Invalid block bitmap block 0 in block_group 0 [ 231.672371][T16695] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 231.695320][T16608] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 231.695701][T16690] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.3373: Failed to acquire dquot type 0 [ 231.702782][T16695] EXT4-fs (loop2): 1 truncate cleaned up [ 231.713840][T16690] EXT4-fs error (device loop3): ext4_free_blocks:6590: comm syz.3.3373: Freeing blocks not in datazone - block = 0, count = 4096 [ 231.720630][T16608] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 231.735513][T16690] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.3373: Invalid inode bitmap blk 0 in block_group 0 [ 231.739482][T16695] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 231.753120][T16690] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem [ 231.765227][ T1708] EXT4-fs error (device loop3): ext4_release_dquot:6871: comm kworker/u8:6: Failed to release dquot type 0 [ 231.777073][T16608] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 231.791431][T16690] EXT4-fs (loop3): 1 orphan inode deleted [ 231.800136][T16608] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 231.800479][T16690] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 231.808897][T13690] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.828940][T16608] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.836300][T16608] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.843593][T16608] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.850809][T16608] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.886390][T16702] sd 0:0:1:0: device reset [ 231.896532][T16608] 8021q: adding VLAN 0 to HW filter on device bond0 [ 231.911238][ T1667] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.924405][T16706] loop2: detected capacity change from 0 to 512 [ 231.931164][ T1667] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.940075][T16706] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 231.957346][T16608] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.959589][T16706] EXT4-fs (loop2): 1 truncate cleaned up [ 231.970974][ T3365] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.975610][T16706] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 231.978050][ T3365] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.999918][ T3365] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.007032][ T3365] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.100051][T16608] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.230236][T16608] veth0_vlan: entered promiscuous mode [ 232.239076][T16608] veth1_vlan: entered promiscuous mode [ 232.259816][T16608] veth0_macvtap: entered promiscuous mode [ 232.268602][T16608] veth1_macvtap: entered promiscuous mode [ 232.281671][T16746] loop2: detected capacity change from 0 to 512 [ 232.283202][T16608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.288775][T16746] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349) [ 232.298658][T16608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.310910][T16746] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e01c, mo2=0002] [ 232.318091][T16608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.336923][T16608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.347061][T16608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.348539][T16746] System zones: [ 232.357703][T16608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.357718][T16608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.361350][T16746] 1-12 [ 232.371578][T16608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.381976][T16746] [ 232.382222][T16746] EXT4-fs (loop2): orphan cleanup on readonly fs [ 232.403547][T16746] EXT4-fs error (device loop2): ext4_read_inode_bitmap:168: comm syz.2.3390: Inode bitmap for bg 0 marked uninitialized [ 232.417001][T16608] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 232.433659][T16746] loop2: detected capacity change from 0 to 512 [ 232.435254][T16608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.444681][T16746] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 232.450889][T16608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.463124][T16746] EXT4-fs (loop2): orphan cleanup on readonly fs [ 232.469277][T16608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.477688][T16746] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3390: bg 0: block 248: padding at end of block bitmap is not set [ 232.486251][T16608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.486288][T16608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.486301][T16608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.486314][T16608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.502583][T16746] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.3390: Failed to acquire dquot type 1 [ 232.510343][T16608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.511539][T16608] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 232.545769][T16746] EXT4-fs (loop2): 1 truncate cleaned up [ 232.555355][T16608] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.584246][T16608] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.592967][T16608] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.601735][T16608] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.707463][T16767] loop3: detected capacity change from 0 to 512 [ 232.714512][T16767] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 232.726423][T16767] EXT4-fs (loop3): 1 truncate cleaned up [ 232.768297][T16776] sd 0:0:1:0: device reset [ 232.787216][T16781] loop2: detected capacity change from 0 to 128 [ 232.788805][T16782] sd 0:0:1:0: device reset [ 232.815308][T16784] FAULT_INJECTION: forcing a failure. [ 232.815308][T16784] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 232.828617][T16784] CPU: 0 UID: 0 PID: 16784 Comm: syz.3.3406 Tainted: G W 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 232.841031][T16784] Tainted: [W]=WARN [ 232.844818][T16784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 232.854889][T16784] Call Trace: [ 232.858204][T16784] [ 232.861167][T16784] dump_stack_lvl+0xf2/0x150 [ 232.865842][T16784] dump_stack+0x15/0x20 [ 232.869987][T16784] should_fail_ex+0x229/0x230 [ 232.874651][T16784] should_fail_alloc_page+0xfd/0x110 [ 232.880050][T16784] __alloc_pages_noprof+0x109/0x360 [ 232.885252][T16784] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 232.890673][T16784] vma_alloc_folio_noprof+0x1a0/0x2f0 [ 232.896074][T16784] do_wp_page+0x62b/0x22c0 [ 232.900506][T16784] ? __rcu_read_lock+0x36/0x50 [ 232.905311][T16784] ? __rcu_read_lock+0x36/0x50 [ 232.906378][T16791] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3407'. [ 232.910193][T16784] handle_mm_fault+0xc4d/0x2a30 [ 232.910234][T16784] exc_page_fault+0x3b9/0x650 [ 232.923966][T16791] netlink: 'syz.2.3407': attribute type 29 has an invalid length. [ 232.924093][T16784] asm_exc_page_fault+0x26/0x30 [ 232.941604][T16784] RIP: 0033:0x7fb442c50c13 [ 232.946024][T16784] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 232.965734][T16784] RSP: 002b:00007fb441a063f0 EFLAGS: 00010202 [ 232.971792][T16784] RAX: 00000000000001c0 RBX: 00007fb441a06490 RCX: 00007fb4395e7000 [ 232.979866][T16784] RDX: 00007fb441a06630 RSI: 0000000000000000 RDI: 00007fb441a06530 [ 232.987827][T16784] RBP: 00000000000000bd R08: 0000000000000007 R09: 0000000000000036 [ 232.995833][T16784] R10: 000000000000004e R11: 00007fb441a06490 R12: 0000000000000001 [ 233.003792][T16784] R13: 00007fb442e13620 R14: 0000000000000002 R15: 00007fb441a06530 [ 233.011820][T16784] [ 233.014964][T16784] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 233.033471][T16784] loop3: detected capacity change from 0 to 2048 [ 233.056735][T16795] loop2: detected capacity change from 0 to 128 [ 233.092573][T16795] syz.2.3409: attempt to access beyond end of device [ 233.092573][T16795] loop2: rw=0, sector=121, nr_sectors = 119 limit=128 [ 233.376524][T16818] syzkaller0: entered promiscuous mode [ 233.382116][T16818] syzkaller0: entered allmulticast mode [ 233.391331][T16797] chnl_net:caif_netlink_parms(): no params data found [ 233.437409][T16797] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.444564][T16797] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.451832][T16797] bridge_slave_0: entered allmulticast mode [ 233.459291][T16797] bridge_slave_0: entered promiscuous mode [ 233.466215][T16797] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.473371][T16797] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.480717][T16797] bridge_slave_1: entered allmulticast mode [ 233.487963][T16797] bridge_slave_1: entered promiscuous mode [ 233.514578][T16797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.520535][T16833] loop4: detected capacity change from 0 to 128 [ 233.525547][T16797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.569479][T16797] team0: Port device team_slave_0 added [ 233.580453][T16797] team0: Port device team_slave_1 added [ 233.606434][ T1708] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.636287][T16797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 233.643395][T16797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.658811][T16848] loop4: detected capacity change from 0 to 512 [ 233.669464][T16797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 233.678757][T16848] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 233.691552][T16853] loop3: detected capacity change from 0 to 256 [ 233.699179][T16848] EXT4-fs (loop4): 1 truncate cleaned up [ 233.723346][ T1708] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.741335][T16797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 233.744316][T16858] loop3: detected capacity change from 0 to 128 [ 233.748332][T16797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.780825][T16797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 233.808317][ T1708] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.848643][T16869] sd 0:0:1:0: device reset [ 233.866878][T16797] hsr_slave_0: entered promiscuous mode [ 233.878181][T16871] loop2: detected capacity change from 0 to 512 [ 233.886385][T16797] hsr_slave_1: entered promiscuous mode [ 233.893076][T16797] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 233.901467][T16797] Cannot create hsr debugfs directory [ 233.903330][T16871] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 233.923130][ T1708] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.924449][T16871] EXT4-fs (loop2): 1 truncate cleaned up [ 233.969616][T16884] loop3: detected capacity change from 0 to 512 [ 233.977273][T16884] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 233.997958][T16884] EXT4-fs (loop3): 1 truncate cleaned up [ 234.063559][ T1708] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 234.127937][ T1708] batman_adv: batadv0: Removing interface: ip6gretap1 [ 234.236589][ T1708] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 234.248402][ T1708] bond0 (unregistering): (slave ªªªªª): Releasing backup interface [ 234.258960][ T1708] bond0 (unregistering): Released all slaves [ 234.267767][ T1708] bond1 (unregistering): Released all slaves [ 234.279873][T16901] netlink: 'syz.3.3445': attribute type 4 has an invalid length. [ 234.306319][T16906] sd 0:0:1:0: device reset [ 234.311056][T16903] netlink: 'syz.3.3445': attribute type 4 has an invalid length. [ 234.389378][T16861] chnl_net:caif_netlink_parms(): no params data found [ 234.432606][T16918] loop2: detected capacity change from 0 to 4096 [ 234.455339][T16918] ucma_write: process 599 (syz.2.3451) changed security contexts after opening file descriptor, this is not allowed. [ 234.499864][ T1708] hsr_slave_0: left promiscuous mode [ 234.510765][ T1708] hsr_slave_1: left promiscuous mode [ 234.521288][ T1708] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 234.528887][ T1708] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 234.547256][ T1708] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 234.554893][ T1708] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 234.585800][ T1708] veth1_macvtap: left promiscuous mode [ 234.591419][ T1708] veth0_macvtap: left promiscuous mode [ 234.597159][ T1708] veth1_vlan: left promiscuous mode [ 234.602514][ T1708] veth0_vlan: left promiscuous mode [ 234.609770][T16927] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.618317][T16927] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.663683][T16926] netlink: 100 bytes leftover after parsing attributes in process `syz.2.3452'. [ 234.750958][ T1708] team0 (unregistering): Port device team_slave_1 removed [ 234.765024][ T1708] team0 (unregistering): Port device team_slave_0 removed [ 234.843474][T16861] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.850779][T16861] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.859763][T16861] bridge_slave_0: entered allmulticast mode [ 234.866741][T16861] bridge_slave_0: entered promiscuous mode [ 234.873765][T16861] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.880935][T16861] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.888923][T16861] bridge_slave_1: entered allmulticast mode [ 234.896585][T16861] bridge_slave_1: entered promiscuous mode [ 234.924703][T16861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.938548][T16797] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 234.949978][T16861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.960735][T16797] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 234.969611][T16797] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 234.993150][T16861] team0: Port device team_slave_0 added [ 235.000305][T16797] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 235.012181][T16861] team0: Port device team_slave_1 added [ 235.035872][T16861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 235.044376][T16861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.071622][T16861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 235.086219][T16861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 235.093596][T16861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.120858][T16861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 235.180944][T16861] hsr_slave_0: entered promiscuous mode [ 235.187569][T16861] hsr_slave_1: entered promiscuous mode [ 235.194861][T16861] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 235.202891][T16861] Cannot create hsr debugfs directory [ 235.236091][T16797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.272693][T16797] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.308282][T16861] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.321045][ T3362] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.328399][ T3362] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.380136][ T1708] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.387253][ T1708] bridge0: port 2(bridge_slave_1) entered forwarding state [ 235.415703][T16861] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.495803][T16861] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.521141][T16944] sd 0:0:1:0: device reset [ 235.537683][T16797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 235.546224][ T29] kauditd_printk_skb: 151 callbacks suppressed [ 235.546237][ T29] audit: type=1326 audit(1725796578.011:18450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16945 comm="syz.2.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 235.585048][T16861] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.613894][ T29] audit: type=1326 audit(1725796578.041:18451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16945 comm="syz.2.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 235.637919][ T29] audit: type=1326 audit(1725796578.041:18452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16945 comm="syz.2.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 235.662619][ T29] audit: type=1326 audit(1725796578.041:18453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16945 comm="syz.2.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 235.687354][ T29] audit: type=1326 audit(1725796578.041:18454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16945 comm="syz.2.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 235.711482][ T29] audit: type=1326 audit(1725796578.041:18455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16945 comm="syz.2.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 235.736038][ T29] audit: type=1326 audit(1725796578.041:18456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16945 comm="syz.2.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 235.763379][ T29] audit: type=1326 audit(1725796578.041:18457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16945 comm="syz.2.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 235.791703][ T29] audit: type=1326 audit(1725796578.041:18458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16945 comm="syz.2.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 235.816337][ T29] audit: type=1326 audit(1725796578.041:18459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16945 comm="syz.2.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 235.861997][T16953] loop2: detected capacity change from 0 to 512 [ 235.870701][T16953] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 235.897813][T16953] EXT4-fs (loop2): 1 truncate cleaned up [ 235.914082][T16861] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 235.934913][T16861] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 235.945352][T16861] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 235.965661][T16861] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 235.980227][T16797] veth0_vlan: entered promiscuous mode [ 236.006616][T16797] veth1_vlan: entered promiscuous mode [ 236.043986][T16861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.068529][T16797] veth0_macvtap: entered promiscuous mode [ 236.078591][T16861] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.089746][T16797] veth1_macvtap: entered promiscuous mode [ 236.103107][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.110243][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.127383][ T1708] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.134491][ T1708] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.147727][T16797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.158921][T16797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.169325][T16797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.180671][T16797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.191860][T16797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.202650][T16797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.212593][T16797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.223214][T16797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.238358][T16797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 236.261875][T16963] loop2: detected capacity change from 0 to 512 [ 236.270517][T16797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.282471][T16797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.293453][T16797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.303894][T16797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.313737][T16797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.324312][T16797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.334280][T16797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.345267][T16797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.360218][T16797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 236.369467][T16963] ext4 filesystem being mounted at /271/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 236.386732][T16797] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.395625][T16797] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.404640][T16797] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.413509][T16797] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.423246][T16963] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #2: comm syz.2.3461: corrupted inode contents [ 236.437177][T16963] EXT4-fs error (device loop2): ext4_dirty_inode:6014: inode #2: comm syz.2.3461: mark_inode_dirty error [ 236.451685][T16963] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #2: comm syz.2.3461: corrupted inode contents [ 236.523519][T16966] EXT4-fs error (device loop2): ext4_add_entry:2435: inode #2: comm syz.2.3461: Directory hole found for htree leaf block 0 [ 236.571121][T16861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.671399][T16861] veth0_vlan: entered promiscuous mode [ 236.684668][T16861] veth1_vlan: entered promiscuous mode [ 236.709226][T16861] veth0_macvtap: entered promiscuous mode [ 236.720769][T16861] veth1_macvtap: entered promiscuous mode [ 236.740288][T16861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.753069][T16861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.764058][T16861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.765783][T16987] sd 0:0:1:0: device reset [ 236.774904][T16861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.790154][T16861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.800753][T16861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.810966][T16861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.821627][T16861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.831592][T16861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.842480][T16861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.858771][T16861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 236.872678][T16861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.883494][T16861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.893385][T16861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.904036][T16861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.914378][T16861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.924949][T16861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.934805][T16861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.945571][T16861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.955972][T16861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.966455][T16861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.979452][T16861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 236.996355][T16861] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.005602][T16861] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.014362][T16861] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.023562][T16861] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.091232][T16997] loop2: detected capacity change from 0 to 128 [ 237.131511][T17000] loop2: detected capacity change from 0 to 128 [ 237.179105][T16998] syzkaller0: entered promiscuous mode [ 237.184867][T16998] syzkaller0: entered allmulticast mode [ 237.197670][T17003] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 237.207051][T17003] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 237.292050][T17007] FAULT_INJECTION: forcing a failure. [ 237.292050][T17007] name failslab, interval 1, probability 0, space 0, times 0 [ 237.304968][T17007] CPU: 1 UID: 0 PID: 17007 Comm: syz.1.3471 Tainted: G W 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 237.317309][T17007] Tainted: [W]=WARN [ 237.321111][T17007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 237.331710][T17007] Call Trace: [ 237.335078][T17007] [ 237.338068][T17007] dump_stack_lvl+0xf2/0x150 [ 237.342720][T17007] dump_stack+0x15/0x20 [ 237.346879][T17007] should_fail_ex+0x229/0x230 [ 237.351582][T17007] ? audit_log_d_path+0x96/0x250 [ 237.356883][T17007] should_failslab+0x8f/0xb0 [ 237.361516][T17007] __kmalloc_cache_noprof+0x4b/0x2a0 [ 237.366820][T17007] audit_log_d_path+0x96/0x250 [ 237.371601][T17007] ? get_file_rcu+0xf4/0x110 [ 237.377251][T17007] ? __rcu_read_unlock+0x4e/0x70 [ 237.382272][T17007] audit_log_d_path_exe+0x45/0x80 [ 237.387589][T17007] audit_log_task+0x155/0x180 [ 237.392496][T17007] audit_seccomp+0x68/0x130 [ 237.397194][T17007] __seccomp_filter+0x6fa/0x1180 [ 237.402222][T17007] ? __se_sys_keyctl+0x112/0xbb0 [ 237.407399][T17007] ? bpf_get_current_ancestor_cgroup_id+0xce/0xe0 [ 237.414218][T17007] ? __rcu_read_unlock+0x4e/0x70 [ 237.419259][T17007] __secure_computing+0x9f/0x1c0 [ 237.424563][T17007] syscall_trace_enter+0xd1/0x1f0 [ 237.429638][T17007] ? fpregs_assert_state_consistent+0x83/0xa0 [ 237.435914][T17007] do_syscall_64+0xaa/0x1c0 [ 237.440438][T17007] ? clear_bhb_loop+0x55/0xb0 [ 237.445213][T17007] ? clear_bhb_loop+0x55/0xb0 [ 237.449936][T17007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.456122][T17007] RIP: 0033:0x7fce0e2db93c [ 237.460727][T17007] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 237.480496][T17007] RSP: 002b:00007fce0cf57030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 237.489367][T17007] RAX: ffffffffffffffda RBX: 00007fce0e495f80 RCX: 00007fce0e2db93c [ 237.497392][T17007] RDX: 000000000000000f RSI: 00007fce0cf570a0 RDI: 0000000000000006 [ 237.505529][T17007] RBP: 00007fce0cf57090 R08: 0000000000000000 R09: 0000000000000000 [ 237.513573][T17007] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002 [ 237.521674][T17007] R13: 0000000000000000 R14: 00007fce0e495f80 R15: 00007ffde4a3fb88 [ 237.529645][T17007] [ 237.717209][T17023] sd 0:0:1:0: device reset [ 238.563944][T17037] loop1: detected capacity change from 0 to 128 [ 238.610839][T17043] team0: entered promiscuous mode [ 238.615993][T17043] team_slave_0: entered promiscuous mode [ 238.621697][T17043] team_slave_1: entered promiscuous mode [ 238.628460][T17043] team0: left promiscuous mode [ 238.633607][T17043] team_slave_0: left promiscuous mode [ 238.639198][T17043] team_slave_1: left promiscuous mode [ 238.671118][T17043] 9pnet_fd: Insufficient options for proto=fd [ 238.688559][T17055] sd 0:0:1:0: device reset [ 238.712244][T17059] serio: Serial port ptm0 [ 238.839646][T17069] loop1: detected capacity change from 0 to 128 [ 238.899539][T17075] syzkaller0: entered promiscuous mode [ 238.905163][T17075] syzkaller0: entered allmulticast mode [ 238.936252][T17077] FAULT_INJECTION: forcing a failure. [ 238.936252][T17077] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 238.949458][T17077] CPU: 0 UID: 0 PID: 17077 Comm: syz.2.3500 Tainted: G W 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 238.961952][T17077] Tainted: [W]=WARN [ 238.965774][T17077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 238.975959][T17077] Call Trace: [ 238.979840][T17077] [ 238.982787][T17077] dump_stack_lvl+0xf2/0x150 [ 238.987520][T17077] dump_stack+0x15/0x20 [ 238.991858][T17077] should_fail_ex+0x229/0x230 [ 238.996717][T17077] should_fail+0xb/0x10 [ 239.001050][T17077] should_fail_usercopy+0x1a/0x20 [ 239.006143][T17077] _copy_to_user+0x1e/0xa0 [ 239.010681][T17077] simple_read_from_buffer+0xa0/0x110 [ 239.016050][T17077] proc_fail_nth_read+0xff/0x140 [ 239.021005][T17077] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 239.026557][T17077] vfs_read+0x1a2/0x6e0 [ 239.030782][T17077] ? __rcu_read_unlock+0x4e/0x70 [ 239.035723][T17077] ? __fget_files+0x1da/0x210 [ 239.040606][T17077] ksys_read+0xeb/0x1b0 [ 239.045253][T17077] __x64_sys_read+0x42/0x50 [ 239.049987][T17077] x64_sys_call+0x27d3/0x2d60 [ 239.054797][T17077] do_syscall_64+0xc9/0x1c0 [ 239.059694][T17077] ? clear_bhb_loop+0x55/0xb0 [ 239.064367][T17077] ? clear_bhb_loop+0x55/0xb0 [ 239.069335][T17077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.075234][T17077] RIP: 0033:0x7f561315b93c [ 239.079717][T17077] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 239.099670][T17077] RSP: 002b:00007f5611dd7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 239.108172][T17077] RAX: ffffffffffffffda RBX: 00007f5613315f80 RCX: 00007f561315b93c [ 239.116129][T17077] RDX: 000000000000000f RSI: 00007f5611dd70a0 RDI: 0000000000000008 [ 239.124130][T17077] RBP: 00007f5611dd7090 R08: 0000000000000000 R09: 0000000000000000 [ 239.132760][T17077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 239.140734][T17077] R13: 0000000000000000 R14: 00007f5613315f80 R15: 00007ffc546ace48 [ 239.148833][T17077] [ 239.220890][T17079] loop2: detected capacity change from 0 to 1024 [ 239.267847][T17088] sd 0:0:1:0: device reset [ 239.312412][T17096] loop1: detected capacity change from 0 to 128 [ 239.474764][T17107] syzkaller0: entered promiscuous mode [ 239.480331][T17107] syzkaller0: entered allmulticast mode [ 239.552548][T17109] loop2: detected capacity change from 0 to 512 [ 239.561127][T17109] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #2: comm syz.2.3514: corrupted xattr block 255: invalid header [ 239.574934][T17109] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 239.584426][T17109] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #2: comm syz.2.3514: corrupted xattr block 255: invalid header [ 239.598457][T17109] SELinux: (dev loop2, type ext4) getxattr errno 117 [ 239.652963][T17118] sd 0:0:1:0: device reset [ 239.737735][T17129] loop2: detected capacity change from 0 to 128 [ 239.886816][T17145] syzkaller0: entered promiscuous mode [ 239.892308][T17145] syzkaller0: entered allmulticast mode [ 239.993374][T17149] FAULT_INJECTION: forcing a failure. [ 239.993374][T17149] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 240.006551][T17149] CPU: 1 UID: 0 PID: 17149 Comm: syz.3.3528 Tainted: G W 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 240.019131][T17149] Tainted: [W]=WARN [ 240.022913][T17149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 240.033178][T17149] Call Trace: [ 240.036464][T17149] [ 240.039413][T17149] dump_stack_lvl+0xf2/0x150 [ 240.044259][T17149] dump_stack+0x15/0x20 [ 240.048768][T17149] should_fail_ex+0x229/0x230 [ 240.053583][T17149] should_fail+0xb/0x10 [ 240.057814][T17149] should_fail_usercopy+0x1a/0x20 [ 240.063139][T17149] strncpy_from_user+0x25/0x270 [ 240.068075][T17149] ? rep_movs_alternative+0x22/0x70 [ 240.073293][T17149] strncpy_from_user_nofault+0x66/0xe0 [ 240.078845][T17149] bpf_probe_read_compat_str+0xb3/0x130 [ 240.084692][T17149] bpf_prog_e42f6260c1b72fb3+0x3d/0x3f [ 240.090600][T17149] bpf_trace_run3+0x10c/0x1d0 [ 240.095468][T17149] ? putname+0xc5/0xe0 [ 240.099542][T17149] ? putname+0xc5/0xe0 [ 240.103663][T17149] __traceiter_kmem_cache_free+0x33/0x50 [ 240.109295][T17149] ? putname+0xc5/0xe0 [ 240.113348][T17149] kmem_cache_free+0x1fe/0x280 [ 240.118155][T17149] putname+0xc5/0xe0 [ 240.122160][T17149] do_sys_openat2+0xe7/0x120 [ 240.126799][T17149] __x64_sys_openat+0xf3/0x120 [ 240.131918][T17149] x64_sys_call+0x1025/0x2d60 [ 240.136619][T17149] do_syscall_64+0xc9/0x1c0 [ 240.141158][T17149] ? clear_bhb_loop+0x55/0xb0 [ 240.145983][T17149] ? clear_bhb_loop+0x55/0xb0 [ 240.150648][T17149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.156604][T17149] RIP: 0033:0x7fb442d8b890 [ 240.161174][T17149] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8f 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8f 02 00 8b 44 [ 240.181611][T17149] RSP: 002b:00007fb441a04ef0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 240.190235][T17149] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fb442d8b890 [ 240.198283][T17149] RDX: 0000000000000002 RSI: 00007fb442dfeddc RDI: 00000000ffffff9c [ 240.206463][T17149] RBP: 00007fb442dfeddc R08: 0000000000000000 R09: 0000000000000000 [ 240.214444][T17149] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 240.222411][T17149] R13: 0000000000000036 R14: 0000000020000640 R15: 00007ffdecb10ca8 [ 240.230372][T17149] [ 240.234098][T17149] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 240.242960][T17149] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 240.263987][T17152] sd 0:0:1:0: device reset [ 240.765861][T17164] loop3: detected capacity change from 0 to 128 [ 240.839550][T17162] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 240.842374][T17168] syzkaller0: entered promiscuous mode [ 240.853508][T17168] syzkaller0: entered allmulticast mode [ 240.859543][T17162] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 240.880715][ T29] kauditd_printk_skb: 248 callbacks suppressed [ 240.880730][ T29] audit: type=1400 audit(1725796583.341:18708): avc: denied { name_bind } for pid=17161 comm="syz.0.3534" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 240.909272][ T29] audit: type=1400 audit(1725796583.341:18709): avc: denied { node_bind } for pid=17161 comm="syz.0.3534" saddr=224.0.0.2 src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 240.951547][T17172] loop2: detected capacity change from 0 to 128 [ 240.961549][T17172] ext4 filesystem being mounted at /301/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 241.008347][ T29] audit: type=1400 audit(1725796583.471:18710): avc: denied { create } for pid=17171 comm="syz.2.3539" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 241.029163][ T29] audit: type=1400 audit(1725796583.471:18711): avc: denied { setattr } for pid=17171 comm="syz.2.3539" name="file1" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 241.053993][T17175] FAULT_INJECTION: forcing a failure. [ 241.053993][T17175] name failslab, interval 1, probability 0, space 0, times 0 [ 241.067041][T17175] CPU: 1 UID: 0 PID: 17175 Comm: syz.3.3540 Tainted: G W 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 241.079305][T17175] Tainted: [W]=WARN [ 241.083114][T17175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 241.093179][T17175] Call Trace: [ 241.096506][T17175] [ 241.099441][T17175] dump_stack_lvl+0xf2/0x150 [ 241.104035][T17175] dump_stack+0x15/0x20 [ 241.108290][T17175] should_fail_ex+0x229/0x230 [ 241.113034][T17175] ? __vmalloc_node_range_noprof+0x43d/0xec0 [ 241.119054][T17175] should_failslab+0x8f/0xb0 [ 241.123666][T17175] __kmalloc_node_noprof+0xa8/0x380 [ 241.128944][T17175] __vmalloc_node_range_noprof+0x43d/0xec0 [ 241.134779][T17175] ? avc_has_perm+0x129/0x160 [ 241.136152][ T29] audit: type=1400 audit(1725796583.521:18712): avc: denied { load_policy } for pid=17174 comm="syz.3.3540" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 241.139500][T17175] ? sel_write_load+0x152/0x370 [ 241.166490][T17175] vmalloc_noprof+0x5e/0x70 [ 241.171074][T17175] ? sel_write_load+0x152/0x370 [ 241.176409][T17175] sel_write_load+0x152/0x370 [ 241.181161][T17175] ? __pfx_sel_write_load+0x10/0x10 [ 241.186470][T17175] vfs_write+0x28b/0x900 [ 241.190722][T17175] ? __fget_files+0x1da/0x210 [ 241.195409][T17175] ksys_write+0xeb/0x1b0 [ 241.199664][T17175] __x64_sys_write+0x42/0x50 [ 241.204249][T17175] x64_sys_call+0x27dd/0x2d60 [ 241.208936][T17175] do_syscall_64+0xc9/0x1c0 [ 241.213435][T17175] ? clear_bhb_loop+0x55/0xb0 [ 241.218103][T17175] ? clear_bhb_loop+0x55/0xb0 [ 241.222772][T17175] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.228715][T17175] RIP: 0033:0x7fb442d8cef9 [ 241.233509][T17175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.253500][T17175] RSP: 002b:00007fb441a07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 241.262494][T17175] RAX: ffffffffffffffda RBX: 00007fb442f45f80 RCX: 00007fb442d8cef9 [ 241.270491][T17175] RDX: 0000000000000020 RSI: 0000000020000140 RDI: 0000000000000006 [ 241.278460][T17175] RBP: 00007fb441a07090 R08: 0000000000000000 R09: 0000000000000000 [ 241.286428][T17175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 241.294410][T17175] R13: 0000000000000000 R14: 00007fb442f45f80 R15: 00007ffdecb10ca8 [ 241.302439][T17175] [ 241.305525][T17175] syz.3.3540: vmalloc error: size 4096, failed to allocated page array size 8, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=syz3,mems_allowed=0 [ 241.322303][T17175] CPU: 1 UID: 0 PID: 17175 Comm: syz.3.3540 Tainted: G W 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 241.334559][T17175] Tainted: [W]=WARN [ 241.338374][T17175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 241.348528][T17175] Call Trace: [ 241.351816][T17175] [ 241.354756][T17175] dump_stack_lvl+0xf2/0x150 [ 241.359421][T17175] dump_stack+0x15/0x20 [ 241.363587][T17175] warn_alloc+0x145/0x1b0 [ 241.367971][T17175] ? dump_stack+0x15/0x20 [ 241.372307][T17175] ? should_fail_ex+0x198/0x230 [ 241.377191][T17175] __vmalloc_node_range_noprof+0x4c3/0xec0 [ 241.383090][T17175] ? avc_has_perm+0x129/0x160 [ 241.387780][T17175] ? sel_write_load+0x152/0x370 [ 241.392643][T17175] vmalloc_noprof+0x5e/0x70 [ 241.397234][T17175] ? sel_write_load+0x152/0x370 [ 241.402204][T17175] sel_write_load+0x152/0x370 [ 241.406890][T17175] ? __pfx_sel_write_load+0x10/0x10 [ 241.412274][T17175] vfs_write+0x28b/0x900 [ 241.416531][T17175] ? __fget_files+0x1da/0x210 [ 241.421259][T17175] ksys_write+0xeb/0x1b0 [ 241.425517][T17175] __x64_sys_write+0x42/0x50 [ 241.430125][T17175] x64_sys_call+0x27dd/0x2d60 [ 241.434877][T17175] do_syscall_64+0xc9/0x1c0 [ 241.439466][T17175] ? clear_bhb_loop+0x55/0xb0 [ 241.444141][T17175] ? clear_bhb_loop+0x55/0xb0 [ 241.448846][T17175] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.454846][T17175] RIP: 0033:0x7fb442d8cef9 [ 241.459286][T17175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.479066][T17175] RSP: 002b:00007fb441a07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 241.487569][T17175] RAX: ffffffffffffffda RBX: 00007fb442f45f80 RCX: 00007fb442d8cef9 [ 241.495531][T17175] RDX: 0000000000000020 RSI: 0000000020000140 RDI: 0000000000000006 [ 241.503534][T17175] RBP: 00007fb441a07090 R08: 0000000000000000 R09: 0000000000000000 [ 241.512074][T17175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 241.520206][T17175] R13: 0000000000000000 R14: 00007fb442f45f80 R15: 00007ffdecb10ca8 [ 241.528245][T17175] [ 241.531310][T17175] Mem-Info: [ 241.534552][T17175] active_anon:28786 inactive_anon:128 isolated_anon:0 [ 241.534552][T17175] active_file:8586 inactive_file:18476 isolated_file:0 [ 241.534552][T17175] unevictable:0 dirty:169 writeback:0 [ 241.534552][T17175] slab_reclaimable:6296 slab_unreclaimable:17706 [ 241.534552][T17175] mapped:28595 shmem:25631 pagetables:688 [ 241.534552][T17175] sec_pagetables:0 bounce:0 [ 241.534552][T17175] kernel_misc_reclaimable:0 [ 241.534552][T17175] free:1820923 free_pcp:2727 free_cma:0 [ 241.581166][T17175] Node 0 active_anon:115144kB inactive_anon:512kB active_file:34344kB inactive_file:73904kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:116352kB dirty:676kB writeback:0kB shmem:102524kB writeback_tmp:0kB kernel_stack:3088kB pagetables:2752kB sec_pagetables:0kB all_unreclaimable? no [ 241.610050][T17175] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 241.637251][T17175] lowmem_reserve[]: 0 2866 7844 0 [ 241.642300][T17175] Node 0 DMA32 free:2950336kB boost:0kB min:4136kB low:7068kB high:10000kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953968kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:3532kB free_cma:0kB [ 241.671594][T17175] lowmem_reserve[]: 0 0 4978 0 [ 241.676867][T17175] Node 0 Normal free:4312112kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB active_anon:115216kB inactive_anon:512kB active_file:34344kB inactive_file:73912kB unevictable:0kB writepending:616kB present:5242880kB managed:5098208kB mlocked:0kB bounce:0kB free_pcp:7884kB local_pcp:6932kB free_cma:0kB [ 241.707424][T17175] lowmem_reserve[]: 0 0 0 0 [ 241.712112][T17175] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 241.725482][T17175] Node 0 DMA32: 2*4kB (M) 1*8kB (M) 3*16kB (M) 2*32kB (M) 3*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 3*1024kB (M) 2*2048kB (M) 718*4096kB (M) = 2950336kB [ 241.742639][T17175] Node 0 Normal: 1277*4kB (ME) 1358*8kB (ME) 1031*16kB (ME) 797*32kB (ME) 457*64kB (UME) 139*128kB (ME) 84*256kB (UME) 37*512kB (ME) 25*1024kB (M) 11*2048kB (ME) 1005*4096kB (UM) = 4310068kB [ 241.761798][T17175] Node 0 hugepages_total=6 hugepages_free=0 hugepages_surp=2 hugepages_size=2048kB [ 241.771223][T17175] 52825 total pagecache pages [ 241.775938][T17175] 128 pages in swap cache [ 241.781034][T17175] Free swap = 124388kB [ 241.785382][T17175] Total swap = 124996kB [ 241.789530][T17175] 2097051 pages RAM [ 241.793430][T17175] 0 pages HighMem/MovableOnly [ 241.798276][T17175] 80167 pages reserved [ 241.923267][T17190] IPv6: NLM_F_CREATE should be specified when creating new route [ 242.080149][T17201] loop1: detected capacity change from 0 to 1024 [ 242.087058][T17201] EXT4-fs: Ignoring removed oldalloc option [ 242.094102][T17201] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 242.120509][ T29] audit: type=1400 audit(1725796584.531:18713): avc: denied { append } for pid=17194 comm="syz.1.3548" name="event0" dev="devtmpfs" ino=218 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 242.156331][ T29] audit: type=1400 audit(1725796584.621:18714): avc: denied { read write } for pid=17194 comm="syz.1.3548" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 242.179514][ T29] audit: type=1400 audit(1725796584.621:18715): avc: denied { open } for pid=17194 comm="syz.1.3548" path="/24/file1/file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 242.217620][T17206] syzkaller0: entered promiscuous mode [ 242.223153][T17206] syzkaller0: entered allmulticast mode [ 242.310004][T17209] loop3: detected capacity change from 0 to 128 [ 242.369695][T17215] loop3: detected capacity change from 0 to 128 [ 242.377966][T17215] ext4 filesystem being mounted at /241/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 242.696930][ T29] audit: type=1326 audit(1725796585.161:18716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17232 comm="syz.3.3562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb442d8cef9 code=0x7ffc0000 [ 242.721566][ T29] audit: type=1326 audit(1725796585.191:18717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17232 comm="syz.3.3562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb442d8cef9 code=0x7ffc0000 [ 242.897627][T17242] loop1: detected capacity change from 0 to 128 [ 242.905798][T17242] ext4 filesystem being mounted at /25/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 242.949632][T17245] netlink: 'syz.2.3567': attribute type 4 has an invalid length. [ 242.986688][T17245] netlink: 'syz.2.3567': attribute type 4 has an invalid length. [ 243.156083][T17255] loop2: detected capacity change from 0 to 512 [ 243.166068][T17255] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #2: comm syz.2.3572: corrupted xattr block 255: invalid header [ 243.179683][T17255] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 243.189784][T17255] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #2: comm syz.2.3572: corrupted xattr block 255: invalid header [ 243.203528][T17255] SELinux: (dev loop2, type ext4) getxattr errno 117 [ 243.263323][T17262] loop2: detected capacity change from 0 to 512 [ 243.271698][T17262] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 243.283289][T17262] EXT4-fs (loop2): 1 truncate cleaned up [ 243.314001][T17265] loop2: detected capacity change from 0 to 512 [ 243.320845][T17265] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 243.332172][T17265] EXT4-fs (loop2): 1 truncate cleaned up [ 243.377715][T17270] loop2: detected capacity change from 0 to 512 [ 243.384743][T17270] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 243.396385][T17270] EXT4-fs (loop2): 1 truncate cleaned up [ 243.745516][T17284] loop3: detected capacity change from 0 to 512 [ 243.753556][T17284] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #2: comm syz.3.3584: corrupted xattr block 255: invalid header [ 243.773045][T17284] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 243.782636][T17284] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #2: comm syz.3.3584: corrupted xattr block 255: invalid header [ 243.796423][T17284] SELinux: (dev loop3, type ext4) getxattr errno 117 [ 243.811669][T17289] loop2: detected capacity change from 0 to 128 [ 243.854795][T17291] loop3: detected capacity change from 0 to 512 [ 243.865006][T17291] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 243.878234][T17291] EXT4-fs (loop3): 1 truncate cleaned up [ 243.979275][T17306] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 243.997775][T17308] netlink: 'syz.0.3593': attribute type 4 has an invalid length. [ 244.022102][T17308] netlink: 'syz.0.3593': attribute type 4 has an invalid length. [ 244.203043][T17326] loop3: detected capacity change from 0 to 128 [ 244.322201][T17309] chnl_net:caif_netlink_parms(): no params data found [ 244.357806][T17309] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.364970][T17309] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.372515][T17309] bridge_slave_0: entered allmulticast mode [ 244.379994][T17309] bridge_slave_0: entered promiscuous mode [ 244.387890][T17309] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.389653][T17334] loop3: detected capacity change from 0 to 128 [ 244.395099][T17309] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.409260][T17309] bridge_slave_1: entered allmulticast mode [ 244.415802][T17309] bridge_slave_1: entered promiscuous mode [ 244.432963][T17309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 244.444046][T17309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 244.463290][T17309] team0: Port device team_slave_0 added [ 244.470418][T17309] team0: Port device team_slave_1 added [ 244.486434][T17309] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 244.494395][T17309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 244.521095][T17309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 244.532426][T17309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 244.539418][T17309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 244.566189][T17309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 244.594523][T17309] hsr_slave_0: entered promiscuous mode [ 244.600955][T17309] hsr_slave_1: entered promiscuous mode [ 244.607810][T17309] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 244.615558][T17309] Cannot create hsr debugfs directory [ 244.673517][T17309] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.727135][T17309] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.788746][T17309] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.858722][T17354] loop1: detected capacity change from 0 to 256 [ 244.875268][T17309] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.920495][T17358] loop1: detected capacity change from 0 to 256 [ 244.927374][T17358] msdos: Bad value for 'umask' [ 244.940968][T17358] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3610'. [ 244.952675][T17358] geneve2: entered promiscuous mode [ 244.989397][T17309] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 244.998870][T17309] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 245.035875][T17309] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 245.045646][T17309] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 245.177197][T17309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.200565][T17309] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.275150][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.282263][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.418838][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.426048][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.519748][T17380] loop2: detected capacity change from 0 to 512 [ 245.528736][T17309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 245.530302][T17380] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #2: comm syz.2.3618: corrupted xattr block 255: invalid header [ 245.550190][T17384] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3617'. [ 245.550544][T17380] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 245.568435][T17380] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #2: comm syz.2.3618: corrupted xattr block 255: invalid header [ 245.571726][T17384] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 245.583203][T17380] SELinux: (dev loop2, type ext4) getxattr errno 117 [ 245.590945][T17384] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 245.606893][T17384] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 245.616192][T17384] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 245.625788][T17384] vxlan0: entered promiscuous mode [ 245.648091][T17391] loop2: detected capacity change from 0 to 128 [ 245.659545][T17391] ext4 filesystem being mounted at /331/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 245.758115][T17309] veth0_vlan: entered promiscuous mode [ 245.768817][T17309] veth1_vlan: entered promiscuous mode [ 245.787296][T17309] veth0_macvtap: entered promiscuous mode [ 245.799597][T17309] veth1_macvtap: entered promiscuous mode [ 245.807008][T17406] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3621'. [ 245.829681][T17309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.840433][T17309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.850288][T17309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.853421][T17409] loop1: detected capacity change from 0 to 128 [ 245.860745][T17309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.860762][T17309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.887819][T17309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.897798][T17309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.908310][T17309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.918636][T17309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.929069][T17309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.939051][T17309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.949495][T17309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.960460][T17309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 245.973477][T17309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 245.979175][T17411] loop1: detected capacity change from 0 to 512 [ 245.984013][T17309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.994368][T17411] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 246.000142][T17309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 246.012804][T17411] EXT4-fs (loop1): 1 truncate cleaned up [ 246.020719][T17309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 246.020736][T17309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 246.020750][T17309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 246.057757][T17309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 246.068446][T17309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 246.078455][T17309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 246.089007][T17309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 246.099026][T17309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 246.109660][T17309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 246.122236][T17309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 246.131285][T17309] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.140053][T17309] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.149050][T17309] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.157879][T17309] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.185481][T17417] loop3: detected capacity change from 0 to 512 [ 246.193471][T17417] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 246.207361][T17417] EXT4-fs (loop3): 1 orphan inode deleted [ 246.213201][T17417] EXT4-fs (loop3): 1 truncate cleaned up [ 246.221895][ T29] kauditd_printk_skb: 151 callbacks suppressed [ 246.221910][ T29] audit: type=1400 audit(1725796588.681:18869): avc: denied { create } for pid=17416 comm="syz.3.3625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 246.252410][ T29] audit: type=1400 audit(1725796588.711:18870): avc: denied { write } for pid=17416 comm="syz.3.3625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 246.300413][ T29] audit: type=1400 audit(1725796588.761:18871): avc: denied { mount } for pid=17422 comm="syz.3.3626" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 246.337915][ T29] audit: type=1400 audit(1725796588.801:18872): avc: denied { unmount } for pid=13636 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 246.382303][T17437] loop1: detected capacity change from 0 to 128 [ 246.383500][T17433] loop3: detected capacity change from 0 to 512 [ 246.391269][T17437] ext4 filesystem being mounted at /40/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 246.429000][T17433] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #2: comm syz.3.3629: corrupted xattr block 255: invalid header [ 246.450860][ T29] audit: type=1400 audit(1725796588.911:18873): avc: denied { listen } for pid=17439 comm="syz.4.3632" lport=45525 faddr=::ffff:10.1.1.1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 246.457816][T17433] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 246.487050][T17433] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #2: comm syz.3.3629: corrupted xattr block 255: invalid header [ 246.541263][ T29] audit: type=1400 audit(1725796588.941:18874): avc: denied { accept } for pid=17439 comm="syz.4.3632" lport=45525 faddr=::ffff:10.1.1.1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 246.564314][ T29] audit: type=1400 audit(1725796588.941:18875): avc: denied { write } for pid=17439 comm="syz.4.3632" lport=45525 faddr=::ffff:10.1.1.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 246.588448][ T29] audit: type=1400 audit(1725796588.941:18876): avc: denied { setopt } for pid=17439 comm="syz.4.3632" lport=45525 faddr=::ffff:10.1.1.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 246.612136][ T29] audit: type=1326 audit(1725796588.971:18877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17401 comm="syz.2.3620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f561315cef9 code=0x7ffc0000 [ 246.636707][ T29] audit: type=1326 audit(1725796588.971:18878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17401 comm="syz.2.3620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5613153ea7 code=0x7ffc0000 [ 246.694616][T17433] SELinux: (dev loop3, type ext4) getxattr errno 117 [ 246.989470][ T40] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 247.000580][ T40] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.088330][ T40] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 247.100287][ T40] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.138209][ T40] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 247.148998][ T40] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.187842][ T40] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 247.198426][ T40] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.275261][ T40] bridge_slave_1: left allmulticast mode [ 247.280940][ T40] bridge_slave_1: left promiscuous mode [ 247.286721][ T40] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.294583][ T40] bridge_slave_0: left allmulticast mode [ 247.300400][ T40] bridge_slave_0: left promiscuous mode [ 247.306140][ T40] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.406890][ T40] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 247.418295][ T40] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 247.429582][ T40] bond0 (unregistering): Released all slaves [ 247.527085][ T40] hsr_slave_0: left promiscuous mode [ 247.533325][ T40] hsr_slave_1: left promiscuous mode [ 247.539271][ T40] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 247.546857][ T40] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 247.555246][ T40] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 247.562685][ T40] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 247.572488][ T40] veth1_macvtap: left promiscuous mode [ 247.578130][ T40] veth0_macvtap: left promiscuous mode [ 247.584401][ T40] veth1_vlan: left promiscuous mode [ 247.590049][ T40] veth0_vlan: left promiscuous mode [ 247.674319][ T40] team0 (unregistering): Port device team_slave_1 removed [ 247.684820][ T40] team0 (unregistering): Port device team_slave_0 removed [ 248.098126][ T40] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.148315][ T40] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.196980][ T40] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.256456][ T40] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.338863][ T40] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.386787][ T40] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.476661][ T40] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.520543][ T40] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.584926][ T40] bridge_slave_1: left allmulticast mode [ 248.590612][ T40] bridge_slave_1: left promiscuous mode [ 248.596656][ T40] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.605040][ T40] bridge_slave_0: left allmulticast mode [ 248.610953][ T40] bridge_slave_0: left promiscuous mode [ 248.616666][ T40] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.625298][ T40] bond0: left allmulticast mode [ 248.630264][ T40] bond_slave_0: left allmulticast mode [ 248.636393][ T40] ªªªªª: left allmulticast mode [ 248.641347][ T40] bond0: left promiscuous mode [ 248.646411][ T40] bond_slave_0: left promiscuous mode [ 248.652090][ T40] ªªªªª: left promiscuous mode [ 248.657188][ T40] bridge0: port 3(bond0) entered disabled state [ 248.664234][ T40] bridge_slave_1: left allmulticast mode [ 248.669917][ T40] bridge_slave_1: left promiscuous mode [ 248.675715][ T40] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.683483][ T40] bridge_slave_0: left allmulticast mode [ 248.689475][ T40] bridge_slave_0: left promiscuous mode [ 248.695140][ T40] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.896386][ T40] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 248.907041][ T40] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 248.917279][ T40] bond0 (unregistering): Released all slaves [ 248.926244][ T40] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 248.936575][ T40] bond0 (unregistering): (slave ªªªªª): Releasing backup interface [ 248.946095][ T40] bond0 (unregistering): Released all slaves [ 249.057251][ T40] hsr_slave_0: left promiscuous mode [ 249.063144][ T40] hsr_slave_1: left promiscuous mode [ 249.069051][ T40] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 249.076642][ T40] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 249.084734][ T40] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 249.092165][ T40] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 249.101527][ T40] hsr_slave_0: left promiscuous mode [ 249.107543][ T40] hsr_slave_1: left promiscuous mode [ 249.113476][ T40] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 249.120971][ T40] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 249.128502][ T40] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 249.135904][ T40] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 249.146208][ T40] veth1_macvtap: left promiscuous mode [ 249.151753][ T40] veth0_macvtap: left promiscuous mode [ 249.157429][ T40] veth1_vlan: left promiscuous mode [ 249.162686][ T40] veth0_vlan: left promiscuous mode [ 249.168385][ T40] veth1_macvtap: left promiscuous mode [ 249.173939][ T40] veth0_macvtap: left promiscuous mode [ 249.179449][ T40] veth1_vlan: left promiscuous mode [ 249.184751][ T40] veth0_vlan: left promiscuous mode [ 249.299669][ T40] team0 (unregistering): Port device team_slave_1 removed [ 249.309564][ T40] team0 (unregistering): Port device team_slave_0 removed [ 249.368226][ T40] team0 (unregistering): Port device team_slave_1 removed [ 249.378640][ T40] team0 (unregistering): Port device team_slave_0 removed [ 249.887504][ T40] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.256884][ T40] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.317615][ T40] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.377814][ T40] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.435966][ T40] bridge_slave_1: left allmulticast mode [ 251.441671][ T40] bridge_slave_1: left promiscuous mode [ 251.449464][ T40] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.457565][ T40] bridge_slave_0: left allmulticast mode [ 251.463215][ T40] bridge_slave_0: left promiscuous mode [ 251.468987][ T40] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.538093][ T40] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 251.549110][ T40] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 251.559233][ T40] bond0 (unregistering): Released all slaves [ 251.687593][ T40] hsr_slave_0: left promiscuous mode [ 251.693641][ T40] hsr_slave_1: left promiscuous mode [ 251.699556][ T40] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 251.707055][ T40] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 251.714935][ T40] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 251.722514][ T40] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 251.731856][ T40] veth1_macvtap: left promiscuous mode [ 251.737380][ T40] veth0_macvtap: left promiscuous mode [ 251.742939][ T40] veth1_vlan: left promiscuous mode [ 251.748339][ T40] veth0_vlan: left promiscuous mode [ 251.828925][ T40] team0 (unregistering): Port device team_slave_1 removed [ 251.839475][ T40] team0 (unregistering): Port device team_slave_0 removed [ 253.634099][ T0] ================================================================== [ 253.642272][ T0] BUG: KCSAN: data-race in __tmigr_cpu_activate / tmigr_update_events [ 253.650425][ T0] [ 253.652826][ T0] write to 0xffff888237d205a4 of 1 bytes by task 0 on cpu 1: [ 253.660176][ T0] __tmigr_cpu_activate+0x55/0x200 [ 253.665381][ T0] tmigr_cpu_activate+0x8a/0xc0 [ 253.670338][ T0] timer_clear_idle+0x28/0x100 [ 253.675375][ T0] tick_nohz_restart_sched_tick+0x22/0x110 [ 253.681456][ T0] tick_nohz_idle_exit+0xfe/0x1d0 [ 253.686475][ T0] do_idle+0x1ee/0x230 [ 253.690551][ T0] cpu_startup_entry+0x25/0x30 [ 253.695387][ T0] start_secondary+0x94/0xa0 [ 253.699958][ T0] common_startup_64+0x12c/0x137 [ 253.704926][ T0] [ 253.707247][ T0] read to 0xffff888237d205a4 of 1 bytes by task 0 on cpu 0: [ 253.714589][ T0] tmigr_update_events+0x41d/0x5d0 [ 253.719701][ T0] __tmigr_cpu_deactivate+0x2b1/0x410 [ 253.725313][ T0] tmigr_cpu_deactivate+0x66/0x180 [ 253.730416][ T0] __get_next_timer_interrupt+0x137/0x530 [ 253.736752][ T0] timer_base_try_to_set_idle+0x54/0x60 [ 253.742468][ T0] tick_nohz_idle_stop_tick+0x15b/0x650 [ 253.748087][ T0] do_idle+0x178/0x230 [ 253.752330][ T0] cpu_startup_entry+0x25/0x30 [ 253.757115][ T0] rest_init+0xef/0xf0 [ 253.761191][ T0] start_kernel+0x581/0x5e0 [ 253.765805][ T0] x86_64_start_reservations+0x2a/0x30 [ 253.771261][ T0] x86_64_start_kernel+0x9a/0xa0 [ 253.776212][ T0] common_startup_64+0x12c/0x137 [ 253.781270][ T0] [ 253.783605][ T0] value changed: 0x00 -> 0x01 [ 253.788306][ T0] [ 253.790612][ T0] Reported by Kernel Concurrency Sanitizer on: [ 253.796740][ T0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 253.808858][ T0] Tainted: [W]=WARN [ 253.812727][ T0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 253.822760][ T0] ==================================================================