last executing test programs: 2.271607838s ago: executing program 1 (id=2468): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@loopback, 0x0}, &(0x7f0000000180)=0x14) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000001c0)={@private2={0xfc, 0x2, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2, 0x5ff, 0x10, 0x3, 0x400, 0xb9bf, 0x1180118, r1}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r2}, 0x10) syz_open_procfs$namespace(0x0, 0x0) syz_emit_ethernet(0x302, &(0x7f0000001100)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}, @broadcast, @void, {@ipv6={0x86dd, @gre_packet={0x2, 0x6, 'vNq', 0x2cc, 0x2f, 0xff, @empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0xf2, 0x2, [0xe05], "3c5a154c3bbb7e23cc19ca1bc7d356528f684463ace39b6216af03181bd1d8d81a875c84bc24330a11121c534fd849be4bfc52fd6907080b1feb7707460db6fc1a7e3d5918603d108305447a84245798627dee50115578c459a118b8b9f626d81acf04fde51e074c120a220d6307f09f6eb25471edf475f913772fe1dd1cd53b0bb8d7b0e0e8cd12163c0793a814f2848b229fc9772b89cedf63b180f8940c0b0251242f5309c08af3cb7ee609a1240fde97a43167fae0cadf2fc4c5c66faeec2d02adad2273c58da853ed08bc87ef1752a0c69b48a6ad3439a6b7ed1eb05f1701d4e3e5ed9eae5be0b3a513692047679af4"}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x800, [], "32d45c9e07e54f161d9cc1ed6e5082389a2da125963db745"}, {0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x86dd, [0x0, 0x1, 0x1000], "63f77e9b0811a7ae308ae0687086c63d7f6c7af947a58996748f0bb19317161786f67f492538d624001606ed2df540fc0badabba7f7c2c7e055f606c5397696426b5dce8ed761992231481bcb8cb008665f2dbf8d4b3d54c183cfec7531cb1cc461daf5b62d4582452e9e815e9eb048fb9fc5119d7e7b7eee6fc74bb2aab9ff7244f83350f2e01e37ebea379acc7b59c713657aed68d428c7fa2"}, {0x8, 0x88be, 0x2, {{0x3, 0x1, 0x0, 0x1, 0x1, 0x1, 0x5, 0x1}, 0x1, {0x55b}}}, {0x8, 0x22eb, 0x3, {{0x4, 0x2, 0x0, 0x3, 0x0, 0x2, 0x5, 0x4}, 0x2, {0xb, 0xa, 0x2, 0x8, 0x1, 0x0, 0x3, 0x0, 0x1}}}, {0x8, 0x6558, 0x4, "cee15d0a2e112822417dce89bb57a9fdb8e883358a254bd7749aa51f6140341a4206d756a2a719c6373def571fc770ca48e6084d1171dd17800d13d8a561edb45847f35f7165f30a234cf2f52e27afa68bc5dc2ce7fa74a39d08c8753330075ae5ef16cef595fbaa0d55dca820fc59f7774eb9cb5b5f0656cb7933fc701bd769083e089cf6f03453cfccda29876f70ded2a8e72c679001a3ba2da56630cacdba41d4e87ba749a552a05032774ced1ec4bb40de2f3e906eccf6611b525ce8bc3a91d259bef85d2442f818cbcfbbe2163f117bf654f948b95f6314748e"}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0x1c, 0x20000000000000bb, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x22, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x400e, &(0x7f0000000300), 0x1, 0x440, &(0x7f0000000cc0)="$eJzs28tvG8UfAPDv2kn66+uXUJVHH0CgIMoradJSeuACAokDSEhwKMeQpFWo26AmSLSKICBUjqgSJy6IIxJ/ASe4IOCExBXuqFKFcmnhZLT2bmI7thunTlzqz0dad2Z33Jmvd8ee2ckG0LdG05ckYk9E/B4Rw9VsfYHR6j83V5am/15Zmk6iXH7zr6RS7sbK0nReNH/f7jwzEFH4NIlDTepduHT53FSpNHsxy48vnn9vfOHS5Wfnzk+dnT07e2Hy1KkTxyeePzn5XFfiTOO6cfDD+cMHXn376uvTp6++8/O3SR5/QxxdMtru4OPlcper6629NelkoIcNoSPFajeNwUr/H45irJ284Xjlk542DthS5XK5fF/rw8tl4C6WRK9bAPRG/kOfzn/zbZuGHneE6y9WJ0Bp3DezrXpkIApZmcGG+W03jUbE6eV/vkq32Jr7EAAAdb5Pxz/PNBv/FaL2vtD/szWUkYi4JyL2RcTJiNgfEfdGVMreHxEPdFh/4yLJ+vFP4dqmAtugdPz3Qra2VT/+y0d/MVLMcnsr8Q8mZ+ZKs8eyz+RoDO5I8xNt6vjh5d8+b3WsdvyXbmn9+Vgwa8e1gR3175mZWpy6nZhrXf844uBAs/iT1ZWAJCIORMTBTdYx99Q3h1sdu3X8bXRhnan8dcQT1fO/HA3x55L265Pj/4vS7LHx/KpY75dfr7zRqv7bir8L0vO/q+n1vxr/SFK7XrvQyf/+5ZPp65U/Pms5p9ns9T+UvFW374OpxcWLExFDyWvVRtfun2woN7lWPo3/6JHm/X9frH0ShyIivYgfjIiHIuLhrO2PRMSjEXGkzafw00uPvbv5+LdWGv9MR+d/LTEUjXuaJ4rnfvyurtKRTuJPz/+JSupotmcj338baVenVzMAAAD8VxUiYk8khbHVdKEwNlb9G/79satQml9YfPrM/PsXZqrPCIzEYCG/0zVccz90IpvW5/nJhvzx7L7xF8WdlfzY9HxpptfBQ5/b3aL/p/4s9rp1wJbzvBb0L/0f+pf+D/1L/4f+1aT/7+xFO4Dt1+z3/6MetAPYfg3937If9BHzf+hfm+n/vjPg7tC2Lw9tXzuAbbWwM279kLyExLpEFO6IZkhsUaLX30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADd8W8AAAD//58P56I=") r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{}, &(0x7f0000000000), &(0x7f00000005c0)=r4}, 0x20) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="180600000000000016d159d9addfe946f47111dae6024567272dd7161bf77ed48dd3f1e81ce0387091d2064c371cdd5698e9da13d38a00000000000000"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x810) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r5, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) clock_nanosleep(0x9, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1b, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$TIOCSWINSZ(r6, 0x5414, &(0x7f0000000180)={0xb, 0x0, 0x3, 0x7fff}) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000017b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000bc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 1.930924003s ago: executing program 4 (id=2481): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x64, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x34, 0x2, [@TCA_FLOW_EMATCHES={0x30, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_LIST={0x24, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x20, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x40}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}]}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014) 1.799563525s ago: executing program 0 (id=2482): r0 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000280)=ANY=[@ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) vmsplice(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8923, &(0x7f0000000cc0)='lo:\x96o8\x14d\xa1\xba\xda\xd1\xa0J\x12tQ\xb16\xe3\xd7\\b\x8b\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xeb\xe1\xde\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xfc\xfa 6(%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc50xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) (async) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) r4 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000084000100b7000000000000009500000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) (async) ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6) (async) unshare(0x40000000) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000100001000000d36e0000000000000000000a20000000000a01040000000000000000070000040900010073797a30000000004c000000090a0104000000000000000007000003cefc0a40000000000900020073797a300000000018000340000001000900020073797a3100000000080005400000003c0800034000000120140000001000010000000000000000000084"], 0x94}}, 0x20050800) (async) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000d80)={[{@mblk_io_submit}, {@dioread_nolock}, {@bh}, {@errors_continue}, {@nouid32}, {@quota}, {@nogrpid}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==") r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='kmem_cache_free\x00', r7}, 0x18) (async) r8 = socket$caif_stream(0x25, 0x1, 0x0) sendmmsg$inet(r8, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="92", 0x1}], 0x1}, 0x1000000}], 0x2, 0x0) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r10}, 0x10) r11 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r11, 0xc0105512, &(0x7f0000000200)) (async) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) write$binfmt_script(r12, &(0x7f0000000040), 0x208e24b) 1.718517626s ago: executing program 0 (id=2486): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000017c0)=@newtaction={0xe6c, 0x30, 0x25, 0x1000, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0xff}, 0x2}, [{0x0, 0x80000000}, {}, {}, {0x0, 0x2, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x800}, {}, {0x0, 0x0, 0x50f8}, {}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x7}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x200}, {}, {}, {}, {}, {}, {0x10000}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x7ff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, {}, {}, {0x0, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {0x0, 0x0, 0xfffffffc}, {0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x1}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {0x1, 0x0, 0x0, 0x6}, {0x0, 0x2e, 0x400000}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x5}, {}, {}, {0x0, 0x5}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x4000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xb14}, {0x80000000, 0x0, 0x0, 0xfb}], [{}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x2}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x40000) (fail_nth: 1) 1.646341417s ago: executing program 2 (id=2487): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) socket$kcm(0x29, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) syz_clone3(&(0x7f00000006c0)={0x4204000, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0], 0x1}, 0x58) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003"], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x8, 0x4, 0x1}]}) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000c50000000600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x18) r7 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_INITMSG(r7, 0x84, 0x2, &(0x7f0000000040)={0x400, 0x3}, 0x8) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) sendto$inet(r7, &(0x7f0000000080)="ab", 0x1, 0x40048c4, &(0x7f00000000c0)={0x2, 0x4e20, @local}, 0x10) sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="84010000100001000000000000000000fc00000000000000000000000000000000000000000000000000000000000001000000000080000000000000001d0000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004c001400636d6163286165732900"/316], 0x184}}, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000840), r8) sendmsg$NLBL_CALIPSO_C_LIST(r8, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000880)={0x14, r9, 0x1, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x24000080) r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$NFC_CMD_LLC_SDREQ(r8, &(0x7f0000000600)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x81}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, r10, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x8000) pipe2$9p(&(0x7f0000000380), 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10) socket$nl_route(0x10, 0x3, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) fcntl$lock(r11, 0x5, &(0x7f0000000140)={0x1, 0x1, 0x10800000}) 1.327742042s ago: executing program 0 (id=2490): socket(0x29, 0x5, 0xfffffffd) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000e80)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x5, &(0x7f0000000100), 0x0, 0x5aa, &(0x7f0000001940)="$eJzs3c9rHFUcAPDvm2zSpKkmFUFrDwYKtqAmTVpRRLDFevPgj4InwZikpXTbhiaCrRVTqP+B/gGCNy/isYgU9eLVm+AfIMUiNRdvkdnsbjfNbtptdzM18/nANPNmdvt9k/Dd9/bte7MBlNZE/k8WsS8iFlPEWMu5StRPTqw/7p/bV+ZWb1+ZS7G29t7fKVL9WOPxqf5ztP7k4Yj47acUTwxsjrt06fLZ2Wp14WK9PLV8bnFq6dLlF8+cmz29cHrh/Mz0y9MvHT0yc/RwT65zT0T8Mnmicu3UG/u/m/tm7+c/fHs9xbFmnVuvo1cmYqL5/7fKf6+v9DpYQQbq19P6J06VAitEVxp/v8GIeCrGYiCGmufG4ot3Cq0c0FdrKWINKKkk/6GkGv2A/P1vYyu2RwJsl1vH1wcAGmN7+RYjUTtYGxuM4drYwO7VFK3DOikiejEyl8dYfC6N5Vv0aRwOaG/lakQ83a79T7XcHK+N4uf5n23I/ywi3q7/zI+/+4DxJ+4qy3/YPg+T/x+25P9HDxhf/gMAAAAAAEDv3DgeES+0+/wva87/iTbzf0Yj4lgP4t/787/sZg/CAG3cOh7xWkSsts7/22h8oP45/2O1+QCD6dSZ6sLhiHg8Ig7F4K68PL1FjIn9vw52PNcy/y/fVocioj4XcF12s7Jr43PmZ5dnH/R6gTtuXY14ppLnf4qN+Z+a7X9q0/7nrweL9xlj7cTrP3c6tyn/b1+ZW9yQ/0C/rH0dcbBt+3/nzhVp6/tzTNX6A1ONXsFmn35w/ftO8eU/FCdv/3dvnf/jqfV+PUvdx/jsrz8eIv/b9/+H0snaLWcadyv5ZHZ5+eJ0xFB6a/Pxme7rDDtRIx8a+ZLn/6ED7fI/27L/PxIRK53DjLQWTv745rVOD9T+Q3Hy/J/vqv3vfufA+1/92yn+/bX/R2tt+qH6EeN/0FbW2LnfBC22ugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/5RFxJ5I2WRzP8smJyNGI+LJ2J1VLywtP3/qwsfn5/Nzte//zxrf9Du2Xk6N7/8fbynP3FU+EhF7I+LLgZFaeXLuQnW+6IsHAAAAAAAAAAAAAAAAAACAR8Roh/X/uT8Hiq4d0HeVoisAFEb+Q3l1l/9DfasHsM2Gu27/B/tVFWD76f9Decl/KC/5D+X1EPm/0st6ANuvsj4MCJSQ/j8AAAAAAOwoe5+98XuKiJVXR2pbtCzwMc8fdras6AoAhXGLHygvU3+gvLzHB9I9zndeHnCvZwIAAAAAAAAAAAAAvXJwn/X/UFbW/0N5Wf8P5WX9P5SX9/iA9f8AAAAAAAAAAAAA8OhbunT57Gy1unCxiJ1d9UoUE/2uneFCo9sp1U48GtXYaqfgFyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDpvwAAAP//PDTyjg==") ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x13, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59) connect$inet6(r4, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xffffffff, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r3, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000540)=[0x0], 0x0, 0xf2, &(0x7f0000000640)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f00000005c0), &(0x7f00000006c0), 0x8, 0x1f, 0x8, 0x8, &(0x7f0000000700)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000c40)=ANY=[@ANYBLOB="1800000022310000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="000000004e596dbc44d99954b57c2a000900000002000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000009cdfe5d17a22c5f209163422b8d2cd0000bf91100000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', r6, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "0002002000", "07f217bd74511e465bbbd5de01000000f9044677d4d588363d63af84db44be59", "00f8ff00", "8ce63ecbc640735f"}, 0x38) socket$nl_netfilter(0x10, 0x3, 0xc) sendto$inet6(r4, &(0x7f0000000280)='S', 0x1, 0x8000, 0x0, 0x0) close(r4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000c00)='ext4_sync_fs\x00', r2, 0x0, 0xfffffffffffffff8}, 0x18) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000bc0)={0x3}, 0x8) sync() r7 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="50000000120001002bbd7000ffffffff0a03000000004e2200000000ffffffff0000000000000000feffffff000000000000000001000000", @ANYRES32=0x0, @ANYBLOB="010000010300000000000000fdf0ffff04000310"], 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x20004010) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e00000011008188040f46ecdb4cb9cca7480ef410000000e3bd6efb440009000e000a000d000000ba8000001201", 0x2e}], 0x1}, 0x24000000) 1.300518252s ago: executing program 2 (id=2491): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000380), &(0x7f0000000880)=0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xea, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe61, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000006c0)='kmem_cache_free\x00', r1, 0x0, 0x2000}, 0x18) semctl$GETPID(0x0, 0x2, 0xb, &(0x7f0000000380)) 1.282437973s ago: executing program 3 (id=2492): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4b, 0x0, 0x0) (async) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r3, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8) r4 = socket$key(0xf, 0x3, 0x2) (async) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7, 0x0, 0xffffffffffffffff}, 0x18) (async) sendmsg$key(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="0212000002000000000000000000f718"], 0x10}}, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000780)=ANY=[@ANYBLOB="e099bbb932e699e6a247f23f26142949aefb020ccf6fa60f20a5f48ef1cd48a6"], 0x118) (async) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r8}, 0x10) (async) r9 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$KDFONTOP_SET(r9, 0x4b72, &(0x7f0000000080)={0x0, 0x3000040, 0x8, 0x1b, 0xfe, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r2, 0x0) (async) r10 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r10, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'none\x00', 0x3a, 0x0, 0x7f}, 0x2c) (async) write$binfmt_elf32(r1, &(0x7f0000000040)=ANY=[], 0x69) (async) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="a590af00d14c90079bf9343a31b5d9ed31cc66a9667d9d9445aa0b5be07b7812b52c61d686487d4ee963a0bba76723c49866ca5fa23fbdd7fe208ecbb8ec517d777c1c22f31c43ee7eb4dbc40595a8bba107676054a2219cb323ae9768e2c7c9a82e1b5524f367d234cad83c9c79c8f228d77d19c92fa7aa6d7f21381cbc63bc1cf530a16ce088e2cb455e7dd18afb3d55b563b4527b416637ee65f242ba5ce8e245a9e77ad558e580e37392490a187d61021b502fac8b119d886dea732da7b392182837c671ecbdbb7eaa7567c7dabbf842b9b75854ef6943e59648557434adbf203236fdf44f0d59c37870b4cc520cf73193f3b0", @ANYRESDEC=r1], 0x48) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYRESOCT=r6, @ANYRES32=r11, @ANYRES16=r11, @ANYRES16=r1], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048085) (async) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r12, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r13, @ANYBLOB="0100000000070000000009000000780003800800030004000000060007004e21000014000600fc010600000000010000000000000001060007004e2000000800010001000000140002"], 0x8c}}, 0x0) (async) sendmsg$IPVS_CMD_GET_DAEMON(r11, &(0x7f00000005c0)={&(0x7f0000000500), 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r13, 0x200, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4004800) ioctl$TIOCGRS485(r9, 0x542e, &(0x7f00000004c0)) socket$rxrpc(0x21, 0x2, 0xa) 1.167829884s ago: executing program 2 (id=2493): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f000001"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$unix(0x1, 0x1, 0x0) bind$unix(r4, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 1.167403124s ago: executing program 4 (id=2494): creat(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x18) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000200)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") 932.947317ms ago: executing program 1 (id=2495): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x64, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x34, 0x2, [@TCA_FLOW_EMATCHES={0x30, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_LIST={0x24, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x20, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x40}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}]}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014) 852.859898ms ago: executing program 2 (id=2496): r0 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000280)=ANY=[@ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) vmsplice(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8923, &(0x7f0000000cc0)='lo:\x96o8\x14d\xa1\xba\xda\xd1\xa0J\x12tQ\xb16\xe3\xd7\\b\x8b\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xeb\xe1\xde\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xfc\xfa 6(%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc50xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r2 = dup(r1) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r3}, 0x10) write$P9_RLERRORu(r2, &(0x7f0000000500)=ANY=[@ANYBLOB='S\x00\x00\x00\a'], 0x53) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[]) 702.033591ms ago: executing program 4 (id=2503): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000240), &(0x7f0000000280)=r2}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = fsopen(&(0x7f0000000080)='bpf\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) readlinkat(r4, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/204, 0xcc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r0}, 0x10) r5 = syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x11, 0x2, 0x4}, 0x0, 0x0) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000740), 0x4) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r9}, 0x10) r10 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000007c0)=@o_path={&(0x7f0000000780)='./file0\x00', 0x0, 0x4000, r5}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x1b, 0xc, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0xcdcc, 0x0, 0x0, 0x0, 0xfffffffe}, [@cb_func, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x7f}, @exit, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}]}, &(0x7f00000002c0)='GPL\x00', 0xea, 0xb8, &(0x7f0000000680)=""/184, 0x21880, 0x4, '\x00', 0x0, @fallback=0xb, r8, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r9, 0x6, &(0x7f0000000800)=[r10, r7, r7, r7], &(0x7f0000000840)=[{0x3, 0x1, 0x9, 0x8}, {0x2, 0x4, 0xc}, {0x5, 0x4, 0xa, 0xc}, {0x1, 0x4, 0xc, 0xc}, {0x4, 0x3, 0x8}, {0x4, 0x4, 0xf, 0x5}], 0x10, 0x48d, @void, @value}, 0x94) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r11}, 0x10) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xb, 0xff, 0x2, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r12, &(0x7f0000000080), &(0x7f0000001540)=""/161}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r12, &(0x7f0000000300), &(0x7f0000000340)=""/55}, 0x20) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000003c0)={0x220, r6, 0x10, 0x70bd2a, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x9c, 0x2, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}]}]}, @ETHTOOL_A_STRSET_STRINGSETS={0xd0, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8}]}, {0x4}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0xa}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}]}, @ETHTOOL_A_STRSET_STRINGSETS={0x50, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}]}]}, @ETHTOOL_A_STRSET_HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x220}, 0x1, 0x0, 0x0, 0x20004001}, 0x800) 662.448091ms ago: executing program 1 (id=2504): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) creat(&(0x7f00000002c0)='./file0\x00', 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) 661.847181ms ago: executing program 3 (id=2505): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000500)={0xdb9, 0x0}, 0x8) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1c, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10) move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a000000020000000900000008"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000380)='kfree\x00', r4}, 0x18) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x48) io_submit(0x0, 0x0, &(0x7f0000001880)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) kexec_load(0x0, 0x1, &(0x7f0000000140)=[{0x0, 0x3e00, 0x116094000, 0x41000000}], 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYRESHEX=r6], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, @fallback=0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7fffffff, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18110000", @ANYRES16=0x0, @ANYBLOB="0000000000000000b702000000000000850000008600000018200000", @ANYRES32, @ANYBLOB="000000000008000085000000c100000018190000", @ANYRES32=r6, @ANYBLOB="00000000dcbfe74f86864b38dd5f4e311d830cd40000000000", @ANYRESHEX=r7], &(0x7f0000000340)='GPL\x00', 0x5, 0x18, &(0x7f0000000580)=""/24, 0x40f00, 0x6, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x4, 0x4, 0x1000}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000440)=[0xffffffffffffffff], &(0x7f0000000c00)=[{0x3, 0x3, 0x8, 0x2}, {0x2, 0x2, 0xb, 0x1}, {0x0, 0x1, 0x8, 0xc}, {0x1, 0x7, 0xa, 0x7}, {0x5, 0x2, 0xc, 0x4}, {0x2, 0x1, 0x100000b, 0x3}], 0x10, 0x400, @void, @value}, 0x94) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a80)=@newtfilter={0x2c, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r6, {0x11, 0x4}, {}, {0x5}}, [@TCA_RATE={0x6, 0x5, {0x5, 0x7}}]}, 0x2c}, 0x1, 0xf0ffffffffffff}, 0x24000000) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) close_range(r9, 0xffffffffffffffff, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 559.733322ms ago: executing program 1 (id=2506): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@dioread_lock}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x5, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000fdffffff181100", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ptrace$ARCH_MAP_VDSO_64(0x1e, r2, 0xe9, 0x2003) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r6}, 0x4) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) syz_clone(0x40200, 0x0, 0x49, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) 484.645404ms ago: executing program 2 (id=2507): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f000001"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$unix(0x1, 0x1, 0x0) bind$unix(r4, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 484.096984ms ago: executing program 3 (id=2508): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d850000000700000085"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f00000007c0)=@o_path={0x0, 0x0, 0x4000}, 0x18) 469.391084ms ago: executing program 3 (id=2509): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x64, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x34, 0x2, [@TCA_FLOW_EMATCHES={0x30, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_LIST={0x24, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x20, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x40}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}]}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014) 411.383735ms ago: executing program 4 (id=2510): creat(&(0x7f00000000c0)='./file0\x00', 0x48) r0 = dup(0xffffffffffffffff) write$P9_RLERRORu(r0, &(0x7f0000000540)=ANY=[], 0x53) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00"/11], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) 410.698275ms ago: executing program 3 (id=2511): r0 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000280)=ANY=[@ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000008000000000000020000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) vmsplice(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8923, &(0x7f0000000cc0)='lo:\x96o8\x14d\xa1\xba\xda\xd1\xa0J\x12tQ\xb16\xe3\xd7\\b\x8b\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xeb\xe1\xde\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xfc\xfa 6(%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5 [ 158.559114][ T8660] __dump_stack+0x1d/0x30 [ 158.559134][ T8660] dump_stack_lvl+0xe8/0x140 [ 158.559163][ T8660] dump_stack+0x15/0x1b [ 158.559200][ T8660] should_fail_ex+0x265/0x280 [ 158.559225][ T8660] should_fail+0xb/0x20 [ 158.559244][ T8660] should_fail_usercopy+0x1a/0x20 [ 158.559323][ T8660] _copy_from_user+0x1c/0xb0 [ 158.559355][ T8660] kstrtouint_from_user+0x69/0xf0 [ 158.559401][ T8660] ? 0xffffffff81000000 [ 158.559453][ T8660] ? selinux_file_permission+0x1e4/0x320 [ 158.559491][ T8660] proc_fail_nth_write+0x50/0x160 [ 158.559518][ T8660] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 158.559609][ T8660] vfs_write+0x269/0x8e0 [ 158.559635][ T8660] ? vfs_read+0x47f/0x6f0 [ 158.559658][ T8660] ? __rcu_read_unlock+0x4f/0x70 [ 158.559687][ T8660] ? __fget_files+0x184/0x1c0 [ 158.559768][ T8660] ksys_write+0xda/0x1a0 [ 158.559797][ T8660] __x64_sys_write+0x40/0x50 [ 158.559822][ T8660] x64_sys_call+0x2cdd/0x2fb0 [ 158.559850][ T8660] do_syscall_64+0xd2/0x200 [ 158.559915][ T8660] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 158.559948][ T8660] ? clear_bhb_loop+0x40/0x90 [ 158.560000][ T8660] ? clear_bhb_loop+0x40/0x90 [ 158.560051][ T8660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.560148][ T8660] RIP: 0033:0x7f526362d3df [ 158.560168][ T8660] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 158.560267][ T8660] RSP: 002b:00007f5261c97030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 158.560290][ T8660] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f526362d3df [ 158.560306][ T8660] RDX: 0000000000000001 RSI: 00007f5261c970a0 RDI: 0000000000000006 [ 158.560322][ T8660] RBP: 00007f5261c97090 R08: 0000000000000000 R09: 0000000000000000 [ 158.560338][ T8660] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 158.560353][ T8660] R13: 0000000000000000 R14: 00007f5263855fa0 R15: 00007ffdcd8b75f8 [ 158.560378][ T8660] [ 158.577375][ T8662] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1849'. [ 158.876604][ T8667] 9pnet: p9_errstr2errno: server reported unknown error [ 158.928476][ T8672] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1854'. [ 159.008380][ T8675] loop3: detected capacity change from 0 to 512 [ 159.144748][ T8675] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.1855: corrupted in-inode xattr: invalid ea_ino [ 159.172449][ T8675] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.1855: couldn't read orphan inode 15 (err -117) [ 159.221091][ T8675] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.240249][ T8689] loop2: detected capacity change from 0 to 1024 [ 159.250523][ T8675] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.267734][ T8689] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 159.315717][ T8689] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 159.326180][ T8689] System zones: 0-1, 3-36 [ 159.331159][ T8689] EXT4-fs (loop2): orphan cleanup on readonly fs [ 159.363287][ T8689] EXT4-fs (loop2): 1 orphan inode deleted [ 159.382053][ T8689] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 159.424868][ T8701] 9pnet_fd: Insufficient options for proto=fd [ 159.440060][ T8700] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1864'. [ 159.453708][ T8701] 9pnet_fd: Insufficient options for proto=fd [ 159.488196][ T8706] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1865'. [ 159.538777][ T8689] netlink: 'syz.2.1860': attribute type 10 has an invalid length. [ 159.550689][ T8717] SELinux: security_context_str_to_sid () failed with errno=-22 [ 159.562762][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.608010][ T8722] loop2: detected capacity change from 0 to 512 [ 159.625823][ T8725] loop0: detected capacity change from 0 to 512 [ 159.633432][ T8722] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 159.672905][ T8725] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.1874: corrupted in-inode xattr: invalid ea_ino [ 159.707440][ T8722] EXT4-fs (loop2): 1 truncate cleaned up [ 159.713755][ T8725] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.1874: couldn't read orphan inode 15 (err -117) [ 159.729077][ T8722] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 159.760399][ T8725] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.782289][ T8725] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.850441][ T8740] 9pnet_fd: Insufficient options for proto=fd [ 159.864570][ T8740] 9pnet_fd: Insufficient options for proto=fd [ 160.003688][ T36] IPVS: starting estimator thread 0... [ 160.047105][ T8749] SELinux: security_context_str_to_sid () failed with errno=-22 [ 160.129595][ T8750] IPVS: using max 2208 ests per chain, 110400 per kthread [ 160.178610][ T8755] loop0: detected capacity change from 0 to 1024 [ 160.205066][ T8755] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 160.335116][ T8761] loop4: detected capacity change from 0 to 512 [ 160.346396][ T8755] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 160.357002][ T8755] System zones: 0-1, 3-36 [ 160.363176][ T8755] EXT4-fs (loop0): orphan cleanup on readonly fs [ 160.374232][ T8761] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 160.396174][ T8755] EXT4-fs (loop0): 1 orphan inode deleted [ 160.439634][ T8755] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 160.455184][ T8761] ext4 filesystem being mounted at /367/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 160.583952][ T8755] netlink: 'syz.0.1884': attribute type 10 has an invalid length. [ 160.609758][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.770000][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.847650][ T8783] netlink: 'syz.1.1892': attribute type 10 has an invalid length. [ 160.894615][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.924777][ T8791] FAULT_INJECTION: forcing a failure. [ 160.924777][ T8791] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 160.939691][ T8791] CPU: 1 UID: 0 PID: 8791 Comm: syz.4.1896 Tainted: G W 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(voluntary) [ 160.939726][ T8791] Tainted: [W]=WARN [ 160.939732][ T8791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 160.939806][ T8791] Call Trace: [ 160.939812][ T8791] [ 160.939820][ T8791] __dump_stack+0x1d/0x30 [ 160.939843][ T8791] dump_stack_lvl+0xe8/0x140 [ 160.939926][ T8791] dump_stack+0x15/0x1b [ 160.939948][ T8791] should_fail_ex+0x265/0x280 [ 160.939975][ T8791] should_fail+0xb/0x20 [ 160.939996][ T8791] should_fail_usercopy+0x1a/0x20 [ 160.940018][ T8791] _copy_to_user+0x20/0xa0 [ 160.940043][ T8791] simple_read_from_buffer+0xb5/0x130 [ 160.940159][ T8791] proc_fail_nth_read+0x100/0x140 [ 160.940186][ T8791] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 160.940210][ T8791] vfs_read+0x19d/0x6f0 [ 160.940229][ T8791] ? __rcu_read_unlock+0x4f/0x70 [ 160.940251][ T8791] ? __fget_files+0x184/0x1c0 [ 160.940308][ T8791] ksys_read+0xda/0x1a0 [ 160.940334][ T8791] __x64_sys_read+0x40/0x50 [ 160.940409][ T8791] x64_sys_call+0x2d77/0x2fb0 [ 160.940431][ T8791] do_syscall_64+0xd2/0x200 [ 160.940470][ T8791] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 160.940505][ T8791] ? clear_bhb_loop+0x40/0x90 [ 160.940530][ T8791] ? clear_bhb_loop+0x40/0x90 [ 160.940621][ T8791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.940643][ T8791] RIP: 0033:0x7f526362d33c [ 160.940660][ T8791] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 160.940736][ T8791] RSP: 002b:00007f5261c97030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 160.940760][ T8791] RAX: ffffffffffffffda RBX: 00007f5263855fa0 RCX: 00007f526362d33c [ 160.940822][ T8791] RDX: 000000000000000f RSI: 00007f5261c970a0 RDI: 0000000000000004 [ 160.940835][ T8791] RBP: 00007f5261c97090 R08: 0000000000000000 R09: 0000000000000000 [ 160.940847][ T8791] R10: 0000000000001300 R11: 0000000000000246 R12: 0000000000000001 [ 160.940859][ T8791] R13: 0000000000000000 R14: 00007f5263855fa0 R15: 00007ffdcd8b75f8 [ 160.940879][ T8791] [ 161.214452][ T8797] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 161.323220][ T8812] 9pnet_fd: Insufficient options for proto=fd [ 161.348981][ T8818] loop2: detected capacity change from 0 to 512 [ 161.357649][ T8817] loop0: detected capacity change from 0 to 512 [ 161.358554][ T8812] 9pnet_fd: Insufficient options for proto=fd [ 161.381173][ T8818] EXT4-fs error (device loop2): ext4_iget_extra_inode:5035: inode #15: comm syz.2.1903: corrupted in-inode xattr: invalid ea_ino [ 161.405120][ T8817] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 161.440039][ T8830] loop4: detected capacity change from 0 to 1024 [ 161.440100][ T8817] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #4: comm syz.0.1895: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 2308(4), depth 0(0) [ 161.475818][ T8817] EXT4-fs error (device loop0): ext4_quota_enable:7127: comm syz.0.1895: Bad quota inode: 4, type: 1 [ 161.476839][ T8818] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.1903: couldn't read orphan inode 15 (err -117) [ 161.491565][ T8817] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 161.520550][ T8830] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 161.522886][ T8817] EXT4-fs (loop0): mount failed [ 161.538631][ T8818] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 161.561437][ T8836] loop3: detected capacity change from 0 to 1024 [ 161.575733][ T8830] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 161.597660][ T8830] System zones: 0-1, 3-36 [ 161.603316][ T8830] EXT4-fs (loop4): orphan cleanup on readonly fs [ 161.611531][ T8830] EXT4-fs (loop4): 1 orphan inode deleted [ 161.619863][ T8830] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 161.684176][ T8836] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 161.700696][ T8836] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 161.711897][ T8836] System zones: 0-1, 3-36 [ 161.717857][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.729331][ T8836] EXT4-fs (loop3): orphan cleanup on readonly fs [ 161.744940][ T8836] EXT4-fs (loop3): 1 orphan inode deleted [ 161.747471][ T8841] netlink: 'syz.4.1907': attribute type 10 has an invalid length. [ 161.768971][ T8836] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 161.848410][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.898796][ T8836] netlink: 'syz.3.1908': attribute type 10 has an invalid length. [ 161.911358][ T8851] loop2: detected capacity change from 0 to 1024 [ 161.934021][ T8851] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 161.944302][ T8859] loop4: detected capacity change from 0 to 512 [ 161.955469][ T8859] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 161.969938][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.987406][ T8859] EXT4-fs (loop4): 1 truncate cleaned up [ 161.997952][ T8859] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.035413][ T8851] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 162.094205][ T8851] netlink: 'syz.2.1912': attribute type 21 has an invalid length. [ 162.107324][ T8851] netlink: 'syz.2.1912': attribute type 1 has an invalid length. [ 162.150147][ T8867] 9pnet_fd: Insufficient options for proto=fd [ 162.172622][ T8867] 9pnet_fd: Insufficient options for proto=fd [ 162.180062][ T8869] 9pnet: p9_errstr2errno: server reported unknown error [ 162.332208][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.582996][ T8876] loop0: detected capacity change from 0 to 1024 [ 162.611354][ T8876] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 162.695290][ T8876] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 162.712387][ T8876] System zones: 0-1, 3-36 [ 162.717534][ T8876] EXT4-fs (loop0): orphan cleanup on readonly fs [ 162.728749][ T8876] EXT4-fs (loop0): 1 orphan inode deleted [ 162.792446][ T8876] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 162.799158][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.906473][ T8903] loop2: detected capacity change from 0 to 512 [ 162.932236][ T8900] netlink: 'syz.0.1920': attribute type 10 has an invalid length. [ 163.004360][ T8906] 9pnet_fd: Insufficient options for proto=fd [ 163.011893][ T8903] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 163.040709][ T8906] 9pnet_fd: Insufficient options for proto=fd [ 163.059651][ T8903] EXT4-fs (loop2): 1 truncate cleaned up [ 163.068319][ T8903] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.143950][ T29] kauditd_printk_skb: 326 callbacks suppressed [ 163.143967][ T29] audit: type=1326 audit(2000002369.370:6256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8901 comm="syz.3.1930" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efc8323e929 code=0x0 [ 163.825498][ T29] audit: type=1326 audit(2000002370.088:6257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8930 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 163.851065][ T29] audit: type=1326 audit(2000002370.088:6258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8930 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 163.876658][ T29] audit: type=1326 audit(2000002370.088:6259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8930 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 163.902717][ T29] audit: type=1326 audit(2000002370.088:6260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8930 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 163.929915][ T29] audit: type=1326 audit(2000002370.088:6261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8930 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 163.957058][ T29] audit: type=1326 audit(2000002370.088:6262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8930 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 163.982799][ T29] audit: type=1326 audit(2000002370.088:6263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8930 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 164.008866][ T29] audit: type=1326 audit(2000002370.088:6264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8930 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 164.049551][ T29] audit: type=1326 audit(2000002370.151:6265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8930 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 164.147753][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.162740][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.248513][ T8952] SELinux: security_context_str_to_sid () failed with errno=-22 [ 164.281392][ T8950] loop3: detected capacity change from 0 to 512 [ 164.292361][ T8954] loop2: detected capacity change from 0 to 1024 [ 164.310911][ T8954] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 164.324150][ T8950] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.1948: corrupted in-inode xattr: invalid ea_ino [ 164.329723][ T8954] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 164.348525][ T8954] System zones: 0-1, 3-36 [ 164.356316][ T8950] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.1948: couldn't read orphan inode 15 (err -117) [ 164.363502][ T8954] EXT4-fs (loop2): orphan cleanup on readonly fs [ 164.378839][ T8954] EXT4-fs (loop2): 1 orphan inode deleted [ 164.387179][ T8950] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 164.401043][ T8954] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 164.423434][ T8950] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.437536][ T8961] loop0: detected capacity change from 0 to 512 [ 164.466530][ T8961] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 164.482777][ T8961] EXT4-fs (loop0): 1 truncate cleaned up [ 164.489380][ T8961] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.599154][ T8973] loop4: detected capacity change from 0 to 512 [ 164.607229][ T8973] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 164.624360][ T8973] EXT4-fs (loop4): 1 truncate cleaned up [ 164.643956][ T8973] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 164.665110][ T8978] netlink: 'syz.2.1949': attribute type 10 has an invalid length. [ 165.538651][ T8989] __nla_validate_parse: 9 callbacks suppressed [ 165.539828][ T8989] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1958'. [ 165.574877][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.627381][ T8991] 9pnet: Could not find request transport: fd0x0000000000000003 [ 165.659541][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.670005][ T8991] 9pnet: Could not find request transport: fd0x0000000000000003 [ 165.679464][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.743303][ T9004] loop4: detected capacity change from 0 to 1024 [ 165.757723][ T9009] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1964'. [ 165.771409][ T9004] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 165.795331][ T9004] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 165.819297][ T9004] System zones: 0-1, 3-36 [ 165.825581][ T9004] EXT4-fs (loop4): orphan cleanup on readonly fs [ 165.851437][ T9004] EXT4-fs (loop4): 1 orphan inode deleted [ 165.868878][ T9020] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1968'. [ 165.871596][ T9004] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 165.890218][ T9019] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1970'. [ 165.908637][ T9013] netlink: 'syz.1.1966': attribute type 10 has an invalid length. [ 165.936766][ T9004] netlink: 'syz.4.1965': attribute type 10 has an invalid length. [ 165.978776][ T9025] loop2: detected capacity change from 0 to 1024 [ 165.997847][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.013437][ T9023] 9pnet: Could not find request transport: fd0x0000000000000004 [ 166.030196][ T9025] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 166.049965][ T9032] loop3: detected capacity change from 0 to 1024 [ 166.086681][ T9032] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 166.101724][ T9036] loop4: detected capacity change from 0 to 512 [ 166.124214][ T9036] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.1976: corrupted in-inode xattr: invalid ea_ino [ 166.151545][ T9032] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 166.155381][ T9025] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 166.186189][ T9032] System zones: 0-1, 3-36 [ 166.191646][ T9036] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.1976: couldn't read orphan inode 15 (err -117) [ 166.207589][ T9025] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1971'. [ 166.219221][ T9036] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.236715][ T9025] netlink: 'syz.2.1971': attribute type 21 has an invalid length. [ 166.244809][ T9032] EXT4-fs (loop3): orphan cleanup on readonly fs [ 166.248441][ T9025] netlink: 'syz.2.1971': attribute type 1 has an invalid length. [ 166.265069][ T9025] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1971'. [ 166.275124][ T9036] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.287812][ T9032] EXT4-fs (loop3): 1 orphan inode deleted [ 166.299040][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.313335][ T9032] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 166.425042][ T9052] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1982'. [ 166.447372][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.518254][ T9065] loop3: detected capacity change from 0 to 1024 [ 166.558944][ T9070] loop4: detected capacity change from 0 to 1024 [ 166.578002][ T9065] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 166.619097][ T9070] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 166.641294][ T9065] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 166.694926][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.712213][ T9082] loop2: detected capacity change from 0 to 1024 [ 166.712431][ T9070] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 166.753507][ T9070] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1989'. [ 166.775677][ T9082] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 166.792219][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.815195][ T9082] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 166.837045][ T9082] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1994'. [ 166.862021][ T9090] loop3: detected capacity change from 0 to 1024 [ 166.871600][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.882061][ T9090] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 166.905163][ T9094] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1997'. [ 166.928342][ T9090] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 166.947055][ T9090] System zones: 0-1, 3-36 [ 166.951977][ T9090] EXT4-fs (loop3): orphan cleanup on readonly fs [ 166.970355][ T9090] EXT4-fs (loop3): 1 orphan inode deleted [ 166.988777][ T9090] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 167.030200][ T9107] loop4: detected capacity change from 0 to 512 [ 167.045069][ T9107] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 167.065436][ T9107] EXT4-fs (loop4): 1 truncate cleaned up [ 167.076137][ T9090] validate_nla: 1 callbacks suppressed [ 167.076155][ T9090] netlink: 'syz.3.1995': attribute type 10 has an invalid length. [ 167.569214][ T9130] netlink: 'syz.3.2010': attribute type 9 has an invalid length. [ 167.638303][ T9130] loop3: detected capacity change from 0 to 1024 [ 167.669734][ T9130] EXT4-fs: Ignoring removed oldalloc option [ 167.696486][ T9130] EXT4-fs: Ignoring removed nobh option [ 167.731673][ T9130] EXT4-fs (loop3): shut down requested (2) [ 167.778501][ T9130] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=15 [ 167.858590][ T9133] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.877172][ T9133] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.899185][ T29] kauditd_printk_skb: 175 callbacks suppressed [ 167.899200][ T29] audit: type=1326 audit(2000002374.391:6441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9129 comm="syz.3.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 167.935850][ T29] audit: type=1326 audit(2000002374.391:6442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9129 comm="syz.3.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 167.961267][ T29] audit: type=1326 audit(2000002374.391:6443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9129 comm="syz.3.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 168.023273][ T29] audit: type=1326 audit(2000002374.517:6444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9134 comm="syz.0.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 168.050034][ T29] audit: type=1326 audit(2000002374.517:6445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9134 comm="syz.0.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 168.075427][ T29] audit: type=1326 audit(2000002374.517:6446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9134 comm="syz.0.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 168.102846][ T29] audit: type=1326 audit(2000002374.517:6447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9134 comm="syz.0.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 168.120345][ T9135] loop0: detected capacity change from 0 to 512 [ 168.129931][ T29] audit: type=1326 audit(2000002374.517:6448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9134 comm="syz.0.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 168.162990][ T29] audit: type=1326 audit(2000002374.517:6449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9134 comm="syz.0.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 168.206396][ T29] audit: type=1326 audit(2000002374.517:6450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9134 comm="syz.0.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 168.228185][ T9147] 9pnet: Could not find request transport: fd0x0000000000000004 [ 168.241268][ T9142] loop2: detected capacity change from 0 to 1024 [ 168.242754][ T9135] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.2011: corrupted in-inode xattr: invalid ea_ino [ 168.262666][ T9135] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.2011: couldn't read orphan inode 15 (err -117) [ 168.396595][ T9160] loop4: detected capacity change from 0 to 512 [ 168.405278][ T9160] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 168.426148][ T9160] EXT4-fs (loop4): 1 truncate cleaned up [ 168.490252][ T9171] loop2: detected capacity change from 0 to 1024 [ 168.576440][ T9177] 9pnet: Could not find request transport: fd0x0000000000000004 [ 168.624009][ T9184] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 168.656866][ T9185] loop3: detected capacity change from 0 to 512 [ 168.668884][ T9185] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.2028: corrupted in-inode xattr: invalid ea_ino [ 168.700617][ T9185] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.2028: couldn't read orphan inode 15 (err -117) [ 168.887517][ T9208] 9pnet_fd: Insufficient options for proto=fd [ 168.894507][ T9208] 9pnet_fd: Insufficient options for proto=fd [ 168.936026][ T9210] 9pnet: Could not find request transport: fd0x0000000000000004 [ 169.137302][ T9221] loop0: detected capacity change from 0 to 512 [ 169.348944][ T9228] 9pnet_fd: Insufficient options for proto=fd [ 169.363706][ T9221] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.2044: corrupted in-inode xattr: invalid ea_ino [ 169.446415][ T9221] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.2044: couldn't read orphan inode 15 (err -117) [ 169.812739][ T9236] loop0: detected capacity change from 0 to 1024 [ 169.885345][ T9236] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 169.955094][ T9249] 9pnet_fd: Insufficient options for proto=fd [ 169.963345][ T9249] 9pnet_fd: Insufficient options for proto=fd [ 170.040625][ T9261] FAULT_INJECTION: forcing a failure. [ 170.040625][ T9261] name failslab, interval 1, probability 0, space 0, times 0 [ 170.054911][ T9261] CPU: 0 UID: 0 PID: 9261 Comm: syz.2.2054 Tainted: G W 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(voluntary) [ 170.054949][ T9261] Tainted: [W]=WARN [ 170.054955][ T9261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.055020][ T9261] Call Trace: [ 170.055028][ T9261] [ 170.055036][ T9261] __dump_stack+0x1d/0x30 [ 170.055061][ T9261] dump_stack_lvl+0xe8/0x140 [ 170.055086][ T9261] dump_stack+0x15/0x1b [ 170.055182][ T9261] should_fail_ex+0x265/0x280 [ 170.055205][ T9261] should_failslab+0x8c/0xb0 [ 170.055252][ T9261] kmem_cache_alloc_node_noprof+0x57/0x320 [ 170.055290][ T9261] ? __alloc_skb+0x101/0x320 [ 170.055312][ T9261] ? __rtnl_unlock+0x95/0xb0 [ 170.055340][ T9261] __alloc_skb+0x101/0x320 [ 170.055373][ T9261] netlink_ack+0xfd/0x500 [ 170.055499][ T9261] netlink_rcv_skb+0x192/0x220 [ 170.055534][ T9261] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 170.055592][ T9261] rtnetlink_rcv+0x1c/0x30 [ 170.055644][ T9261] netlink_unicast+0x59e/0x670 [ 170.055681][ T9261] netlink_sendmsg+0x58b/0x6b0 [ 170.055722][ T9261] ? __pfx_netlink_sendmsg+0x10/0x10 [ 170.055764][ T9261] __sock_sendmsg+0x145/0x180 [ 170.055785][ T9261] ____sys_sendmsg+0x31e/0x4e0 [ 170.055823][ T9261] ___sys_sendmsg+0x17b/0x1d0 [ 170.055877][ T9261] __x64_sys_sendmsg+0xd4/0x160 [ 170.055975][ T9261] x64_sys_call+0x2999/0x2fb0 [ 170.055996][ T9261] do_syscall_64+0xd2/0x200 [ 170.056077][ T9261] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 170.056105][ T9261] ? clear_bhb_loop+0x40/0x90 [ 170.056130][ T9261] ? clear_bhb_loop+0x40/0x90 [ 170.056198][ T9261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.056219][ T9261] RIP: 0033:0x7f7963cfe929 [ 170.056261][ T9261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.056329][ T9261] RSP: 002b:00007f7962346038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 170.056392][ T9261] RAX: ffffffffffffffda RBX: 00007f7963f26080 RCX: 00007f7963cfe929 [ 170.056409][ T9261] RDX: 0000000020000000 RSI: 0000200000000200 RDI: 0000000000000007 [ 170.056425][ T9261] RBP: 00007f7962346090 R08: 0000000000000000 R09: 0000000000000000 [ 170.056479][ T9261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.056586][ T9261] R13: 0000000000000001 R14: 00007f7963f26080 R15: 00007ffc4c449f18 [ 170.056608][ T9261] [ 170.350564][ T9268] 9pnet_fd: Insufficient options for proto=fd [ 170.364057][ T9263] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 170.459862][ T9275] loop2: detected capacity change from 0 to 512 [ 170.485736][ T9275] EXT4-fs error (device loop2): ext4_iget_extra_inode:5035: inode #15: comm syz.2.2060: corrupted in-inode xattr: invalid ea_ino [ 170.533367][ T9275] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.2060: couldn't read orphan inode 15 (err -117) [ 170.564172][ T9282] SELinux: security_context_str_to_sid () failed with errno=-22 [ 170.715711][ T9292] __nla_validate_parse: 7 callbacks suppressed [ 170.715728][ T9292] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2068'. [ 170.737527][ T9295] 9pnet: Could not find request transport: fd0x0000000000000004 [ 170.766482][ T9300] loop0: detected capacity change from 0 to 512 [ 170.853175][ T9300] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.2070: corrupted in-inode xattr: invalid ea_ino [ 170.893852][ T9300] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.2070: couldn't read orphan inode 15 (err -117) [ 170.913980][ T9312] SELinux: security_context_str_to_sid () failed with errno=-22 [ 170.937943][ T9308] loop4: detected capacity change from 0 to 1024 [ 171.022641][ T9308] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 171.139584][ T9333] loop4: detected capacity change from 0 to 512 [ 171.150801][ T9333] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 171.166688][ T9333] EXT4-fs (loop4): 1 truncate cleaned up [ 171.575014][ T9350] SELinux: security_context_str_to_sid () failed with errno=-22 [ 171.674328][ T9353] loop0: detected capacity change from 0 to 1024 [ 171.724571][ T9353] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 171.756053][ T9353] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 171.777915][ T9353] System zones: 0-1, 3-36 [ 171.811904][ T9353] EXT4-fs (loop0): orphan cleanup on readonly fs [ 171.842179][ T9353] EXT4-fs (loop0): 1 orphan inode deleted [ 171.989923][ T9367] loop2: detected capacity change from 0 to 512 [ 172.003524][ T9371] Q6\bY4: renamed from lo (while UP) [ 172.012090][ T9367] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 172.032322][ T9374] netlink: 'syz.0.2088': attribute type 10 has an invalid length. [ 172.050935][ T9367] EXT4-fs (loop2): 1 truncate cleaned up [ 172.109002][ T9382] SELinux: security_context_str_to_sid () failed with errno=-22 [ 172.281408][ T9380] netlink: 'syz.3.2097': attribute type 10 has an invalid length. [ 172.560861][ T9401] loop4: detected capacity change from 0 to 512 [ 172.590681][ T9401] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 172.625442][ T9401] EXT4-fs (loop4): 1 truncate cleaned up [ 172.787076][ T9414] Q6\bY4 speed is unknown, defaulting to 1000 [ 173.025974][ T29] kauditd_printk_skb: 236 callbacks suppressed [ 173.026040][ T29] audit: type=1400 audit(2000002379.789:6687): avc: denied { read } for pid=9413 comm="syz.0.2108" lport=8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 173.121710][ T29] audit: type=1400 audit(2000002379.841:6688): avc: denied { execute } for pid=9413 comm="syz.0.2108" path="/390/file1" dev="tmpfs" ino=2145 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 173.464098][ T9420] netlink: 'syz.3.2110': attribute type 10 has an invalid length. [ 173.496092][ T9427] SELinux: security_context_str_to_sid () failed with errno=-22 [ 173.615497][ T29] audit: type=1326 audit(2000002380.358:6689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9437 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 173.640247][ T29] audit: type=1326 audit(2000002380.358:6690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9437 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 173.665319][ T29] audit: type=1326 audit(2000002380.358:6691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9437 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 173.690843][ T29] audit: type=1326 audit(2000002380.358:6692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9437 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 173.716660][ T29] audit: type=1326 audit(2000002380.358:6693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9437 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 173.742230][ T29] audit: type=1326 audit(2000002380.358:6694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9437 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 173.767160][ T29] audit: type=1326 audit(2000002380.358:6695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9437 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 173.793177][ T29] audit: type=1326 audit(2000002380.358:6696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9437 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 173.972663][ T9453] loop0: detected capacity change from 0 to 1024 [ 174.134163][ T9453] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 174.243307][ T9453] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 174.378989][ T9453] System zones: 0-1, 3-36 [ 174.397186][ T9453] EXT4-fs (loop0): orphan cleanup on readonly fs [ 174.411287][ T9461] loop2: detected capacity change from 0 to 512 [ 174.428082][ T9453] EXT4-fs (loop0): 1 orphan inode deleted [ 174.437455][ T9461] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 174.471628][ T9461] EXT4-fs (loop2): 1 truncate cleaned up [ 174.658881][ T9469] netlink: 'syz.0.2121': attribute type 10 has an invalid length. [ 174.880078][ T9481] loop4: detected capacity change from 0 to 1024 [ 174.894765][ T9481] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 174.932577][ T9481] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 174.969826][ T9481] System zones: 0-1, 3-36 [ 174.988187][ T9481] EXT4-fs (loop4): orphan cleanup on readonly fs [ 175.015982][ T9481] EXT4-fs (loop4): 1 orphan inode deleted [ 175.037205][ T9484] SELinux: security_context_str_to_sid () failed with errno=-22 [ 175.206666][ T9479] netlink: 'syz.4.2125': attribute type 10 has an invalid length. [ 175.269370][ T9490] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2128'. [ 175.488623][ T9500] loop4: detected capacity change from 0 to 512 [ 175.508275][ T9500] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.2133: corrupted in-inode xattr: invalid ea_ino [ 175.546205][ T9500] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.2133: couldn't read orphan inode 15 (err -117) [ 175.643041][ T9514] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2138'. [ 175.674631][ T9514] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2138'. [ 175.684473][ T9514] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2138'. [ 175.698106][ T9516] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2139'. [ 175.765164][ T9521] loop4: detected capacity change from 0 to 512 [ 175.819078][ T9521] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.2141: corrupted in-inode xattr: invalid ea_ino [ 175.873330][ T9521] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.2141: couldn't read orphan inode 15 (err -117) [ 176.029244][ T9528] loop4: detected capacity change from 0 to 1024 [ 176.049757][ T9528] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 176.069289][ T9528] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 176.077866][ T9528] System zones: 0-1, 3-36 [ 176.082619][ T9528] EXT4-fs (loop4): orphan cleanup on readonly fs [ 176.102060][ T9528] EXT4-fs (loop4): 1 orphan inode deleted [ 176.256010][ T9528] netlink: 'syz.4.2143': attribute type 10 has an invalid length. [ 176.279080][ T9544] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2147'. [ 177.053918][ T9557] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2151'. [ 177.081582][ T9557] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2151'. [ 177.092264][ T9557] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2151'. [ 177.176924][ T9563] 9pnet: p9_errstr2errno: server reported unknown error [ 177.233945][ T9567] loop4: detected capacity change from 0 to 1024 [ 177.283283][ T9567] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 177.297019][ T9576] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 177.348301][ T9581] loop2: detected capacity change from 0 to 1024 [ 177.375430][ T9581] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 177.412314][ T9581] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 177.434189][ T9581] System zones: 0-1, 3-36 [ 177.447188][ T9581] EXT4-fs (loop2): orphan cleanup on readonly fs [ 177.466224][ T9581] EXT4-fs (loop2): 1 orphan inode deleted [ 177.486031][ T9590] loop4: detected capacity change from 0 to 512 [ 177.493755][ T9590] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 177.524214][ T9590] EXT4-fs (loop4): 1 truncate cleaned up [ 177.612735][ T9596] netlink: 'syz.2.2159': attribute type 10 has an invalid length. [ 177.968610][ T29] kauditd_printk_skb: 94 callbacks suppressed [ 177.968624][ T29] audit: type=1326 audit(2000002384.995:6791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9604 comm="syz.2.2166" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7963cfe929 code=0x0 [ 178.489774][ T29] audit: type=1400 audit(2000002385.543:6792): avc: denied { setopt } for pid=9613 comm="syz.1.2169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 178.526782][ T29] audit: type=1326 audit(2000002385.585:6793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.3.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 178.551872][ T29] audit: type=1326 audit(2000002385.585:6794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.3.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 178.577693][ T29] audit: type=1326 audit(2000002385.585:6795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.3.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 178.601378][ T29] audit: type=1326 audit(2000002385.585:6796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.3.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 178.625919][ T29] audit: type=1326 audit(2000002385.585:6797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.3.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 178.650288][ T29] audit: type=1326 audit(2000002385.585:6798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.3.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 178.675931][ T29] audit: type=1326 audit(2000002385.585:6799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.3.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 178.700400][ T29] audit: type=1326 audit(2000002385.585:6800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.3.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8323e929 code=0x7ffc0000 [ 178.826200][ T9638] loop4: detected capacity change from 0 to 512 [ 178.832394][ T9639] loop2: detected capacity change from 0 to 512 [ 178.842769][ T9639] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 178.865732][ T9639] EXT4-fs (loop2): 1 truncate cleaned up [ 178.872041][ T9638] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.2177: corrupted in-inode xattr: invalid ea_ino [ 178.905952][ T9638] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.2177: couldn't read orphan inode 15 (err -117) [ 178.990884][ T9653] loop4: detected capacity change from 0 to 1024 [ 179.007795][ T9651] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2183'. [ 179.047569][ T9653] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 179.118853][ T9653] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 179.149054][ T9653] System zones: 0-1, 3-36 [ 179.154026][ T9653] EXT4-fs (loop4): orphan cleanup on readonly fs [ 179.194861][ T9653] EXT4-fs (loop4): 1 orphan inode deleted [ 179.302874][ T9653] netlink: 'syz.4.2184': attribute type 10 has an invalid length. [ 179.384891][ T9676] loop4: detected capacity change from 0 to 1024 [ 179.399644][ T9679] SELinux: security_context_str_to_sid () failed with errno=-22 [ 179.402048][ T9676] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 179.420067][ T9676] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 179.429090][ T9676] System zones: 0-1, 3-36 [ 179.435319][ T9676] EXT4-fs (loop4): orphan cleanup on readonly fs [ 179.460139][ T9676] EXT4-fs (loop4): 1 orphan inode deleted [ 179.517818][ T9676] netlink: 'syz.4.2191': attribute type 10 has an invalid length. [ 179.587219][ T9695] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2198'. [ 179.787336][ T9714] loop0: detected capacity change from 0 to 1024 [ 179.807963][ T9714] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 179.829615][ T9714] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 179.862836][ T9714] System zones: 0-1, 3-36 [ 179.875066][ T9714] EXT4-fs (loop0): orphan cleanup on readonly fs [ 179.886566][ T9714] EXT4-fs (loop0): 1 orphan inode deleted [ 179.961552][ T9714] netlink: 'syz.0.2207': attribute type 10 has an invalid length. [ 180.651042][ T9767] mmap: syz.4.2225 (9767) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 181.121900][ T9777] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2226'. [ 181.282606][ T9788] loop0: detected capacity change from 0 to 1024 [ 181.319406][ T9788] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 181.358885][ T9788] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 181.392072][ T9788] System zones: 0-1, 3-36 [ 181.409100][ T9788] EXT4-fs (loop0): orphan cleanup on readonly fs [ 181.449436][ T9788] EXT4-fs (loop0): 1 orphan inode deleted [ 181.568944][ T9802] loop4: detected capacity change from 0 to 512 [ 181.576851][ T9788] netlink: 'syz.0.2233': attribute type 10 has an invalid length. [ 181.601658][ T9802] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 181.624939][ T9802] EXT4-fs (loop4): 1 truncate cleaned up [ 181.757174][ T9816] rdma_op ffff88812b780180 conn xmit_rdma 0000000000000000 [ 181.818418][ T9822] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2242'. [ 181.912998][ T9827] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2245'. [ 182.134226][ T9854] netlink: 'syz.3.2255': attribute type 10 has an invalid length. [ 182.203216][ T9868] loop0: detected capacity change from 0 to 1024 [ 182.214436][ T9868] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 182.236450][ T9868] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 182.253207][ T9868] System zones: 0-1, 3-36 [ 182.261765][ T9868] EXT4-fs (loop0): orphan cleanup on readonly fs [ 182.276582][ T9868] EXT4-fs (loop0): 1 orphan inode deleted [ 182.394148][ T9878] netlink: 'syz.0.2261': attribute type 10 has an invalid length. [ 182.428705][ T9880] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2265'. [ 182.651949][ T9891] loop0: detected capacity change from 0 to 512 [ 182.688096][ T9891] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 182.706142][ T9891] EXT4-fs (loop0): 1 truncate cleaned up [ 182.759304][ T9896] loop4: detected capacity change from 0 to 1024 [ 182.801211][ T9896] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 182.876861][ T9896] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 182.885183][ T9896] System zones: 0-1, 3-36 [ 182.923176][ T9896] EXT4-fs (loop4): orphan cleanup on readonly fs [ 182.950596][ T9896] EXT4-fs (loop4): 1 orphan inode deleted [ 183.078698][ T9905] netlink: 'syz.4.2271': attribute type 10 has an invalid length. [ 183.535585][ T29] kauditd_printk_skb: 219 callbacks suppressed [ 183.535604][ T29] audit: type=1400 audit(2000002390.864:7020): avc: denied { create } for pid=9907 comm="syz.4.2273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 183.567560][ T29] audit: type=1400 audit(2000002390.896:7021): avc: denied { ioctl } for pid=9907 comm="syz.4.2273" path="socket:[22782]" dev="sockfs" ino=22782 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 183.616637][ T29] audit: type=1400 audit(2000002390.959:7022): avc: denied { write } for pid=9907 comm="syz.4.2273" name="001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 183.712872][ T9912] vhci_hcd: invalid port number 96 [ 183.718320][ T9912] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 183.761498][ T9908] futex_wake_op: syz.4.2273 tries to shift op by -1; fix this program [ 183.777266][ T29] audit: type=1326 audit(2000002391.117:7023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9907 comm="syz.4.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f526362e929 code=0x7ffc0000 [ 183.802369][ T29] audit: type=1326 audit(2000002391.117:7024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9907 comm="syz.4.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f526362e929 code=0x7ffc0000 [ 183.826133][ T29] audit: type=1326 audit(2000002391.117:7025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9907 comm="syz.4.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f526362e929 code=0x7ffc0000 [ 183.940140][ T29] audit: type=1326 audit(2000002391.254:7026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9907 comm="syz.4.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f526362e929 code=0x7ffc0000 [ 183.963842][ T29] audit: type=1326 audit(2000002391.254:7027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9907 comm="syz.4.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f526362e929 code=0x7ffc0000 [ 184.032361][ T29] audit: type=1326 audit(2000002391.391:7028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9935 comm="syz.0.2283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 184.062132][ T9936] loop0: detected capacity change from 0 to 512 [ 184.167673][ T9946] loop4: detected capacity change from 0 to 512 [ 184.188816][ T29] audit: type=1326 audit(2000002391.391:7029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9935 comm="syz.0.2283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 184.188970][ T9936] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.2283: corrupted in-inode xattr: invalid ea_ino [ 184.256053][ T9936] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.2283: couldn't read orphan inode 15 (err -117) [ 184.268606][ T9946] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 184.301901][ T9946] EXT4-fs (loop4): 1 truncate cleaned up [ 185.142096][ T9977] loop2: detected capacity change from 0 to 512 [ 185.169512][ T9977] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 185.214363][ T9977] EXT4-fs (loop2): 1 truncate cleaned up [ 185.230219][ T9977] EXT4-fs mount: 74 callbacks suppressed [ 185.230238][ T9977] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 185.394555][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.406222][ T9992] netlink: 'syz.3.2300': attribute type 10 has an invalid length. [ 185.608188][T10018] rdma_op ffff8881045a0180 conn xmit_rdma 0000000000000000 [ 185.786026][T10025] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2312'. [ 186.008676][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.018113][T10039] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2320'. [ 186.129508][T10054] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2325'. [ 186.188488][T10057] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2326'. [ 186.222174][T10061] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 186.293230][T10069] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2332'. [ 186.377931][T10077] loop2: detected capacity change from 0 to 1024 [ 186.405484][T10077] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 186.460795][T10077] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 186.494321][T10077] System zones: 0-1, 3-36 [ 186.505370][T10077] EXT4-fs (loop2): orphan cleanup on readonly fs [ 186.529427][T10077] EXT4-fs (loop2): 1 orphan inode deleted [ 186.545778][T10077] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 186.641158][T10077] netlink: 'syz.2.2336': attribute type 10 has an invalid length. [ 186.670957][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.754772][T10109] loop2: detected capacity change from 0 to 512 [ 186.761442][T10107] Q6\bY4 speed is unknown, defaulting to 1000 [ 186.769472][T10109] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 186.835502][T10109] EXT4-fs (loop2): 1 truncate cleaned up [ 186.844131][T10109] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.889265][T10117] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 186.932510][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.049591][T10130] loop2: detected capacity change from 0 to 128 [ 187.086695][T10136] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2358'. [ 187.139955][T10140] syz.2.2356: attempt to access beyond end of device [ 187.139955][T10140] loop2: rw=2049, sector=145, nr_sectors = 16 limit=128 [ 187.179566][T10140] syz.2.2356: attempt to access beyond end of device [ 187.179566][T10140] loop2: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 187.228563][T10140] syz.2.2356: attempt to access beyond end of device [ 187.228563][T10140] loop2: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 187.356245][T10150] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 187.451469][T10163] loop2: detected capacity change from 0 to 512 [ 187.478386][T10163] EXT4-fs error (device loop2): ext4_iget_extra_inode:5035: inode #15: comm syz.2.2369: corrupted in-inode xattr: invalid ea_ino [ 187.505604][T10168] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2371'. [ 187.508642][T10163] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.2369: couldn't read orphan inode 15 (err -117) [ 187.545331][T10163] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.574883][T10163] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.799850][T10180] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2376'. [ 187.951882][T10201] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2383'. [ 188.006769][T10204] loop4: detected capacity change from 0 to 512 [ 188.065596][T10204] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.2384: corrupted in-inode xattr: invalid ea_ino [ 188.096985][T10206] loop2: detected capacity change from 0 to 1024 [ 188.103382][T10204] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.2384: couldn't read orphan inode 15 (err -117) [ 188.126283][T10206] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 188.132031][T10204] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.152002][T10206] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 188.154266][T10204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.168966][T10206] System zones: 0-1, 3-36 [ 188.176525][T10206] EXT4-fs (loop2): orphan cleanup on readonly fs [ 188.188139][T10206] EXT4-fs (loop2): 1 orphan inode deleted [ 188.197341][T10206] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 188.245812][T10218] FAULT_INJECTION: forcing a failure. [ 188.245812][T10218] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 188.255738][T10221] loop0: detected capacity change from 0 to 1024 [ 188.259041][T10218] CPU: 0 UID: 0 PID: 10218 Comm: syz.4.2388 Tainted: G W 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(voluntary) [ 188.259143][T10218] Tainted: [W]=WARN [ 188.259151][T10218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 188.259165][T10218] Call Trace: [ 188.259175][T10218] [ 188.259186][T10218] __dump_stack+0x1d/0x30 [ 188.259243][T10218] dump_stack_lvl+0xe8/0x140 [ 188.259308][T10218] dump_stack+0x15/0x1b [ 188.259330][T10218] should_fail_ex+0x265/0x280 [ 188.259425][T10218] should_fail+0xb/0x20 [ 188.259447][T10218] should_fail_usercopy+0x1a/0x20 [ 188.259477][T10218] strncpy_from_user+0x25/0x230 [ 188.259549][T10218] ? __fget_files+0x184/0x1c0 [ 188.259663][T10218] __se_sys_request_key+0x57/0x290 [ 188.259699][T10218] ? fput+0x8f/0xc0 [ 188.259801][T10218] __x64_sys_request_key+0x55/0x70 [ 188.259838][T10218] x64_sys_call+0x2f19/0x2fb0 [ 188.259911][T10218] do_syscall_64+0xd2/0x200 [ 188.260049][T10218] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 188.260084][T10218] ? clear_bhb_loop+0x40/0x90 [ 188.260112][T10218] ? clear_bhb_loop+0x40/0x90 [ 188.260179][T10218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.260260][T10218] RIP: 0033:0x7f526362e929 [ 188.260286][T10218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.260310][T10218] RSP: 002b:00007f5261c97038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9 [ 188.260337][T10218] RAX: ffffffffffffffda RBX: 00007f5263855fa0 RCX: 00007f526362e929 [ 188.260354][T10218] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000200000000340 [ 188.260434][T10218] RBP: 00007f5261c97090 R08: 0000000000000000 R09: 0000000000000000 [ 188.260450][T10218] R10: 000000001ca48881 R11: 0000000000000246 R12: 0000000000000001 [ 188.260466][T10218] R13: 0000000000000000 R14: 00007f5263855fa0 R15: 00007ffdcd8b75f8 [ 188.260494][T10218] [ 188.331187][T10223] netlink: 'syz.2.2386': attribute type 10 has an invalid length. [ 188.481926][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.505988][T10221] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.555128][T10221] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 188.606984][ T29] kauditd_printk_skb: 145 callbacks suppressed [ 188.607025][ T29] audit: type=1326 audit(2000002396.205:7175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10235 comm="syz.1.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 188.636877][ T29] audit: type=1326 audit(2000002396.205:7176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10235 comm="syz.1.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 188.660458][ T29] audit: type=1326 audit(2000002396.205:7177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10235 comm="syz.1.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 188.670213][T10238] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2394'. [ 188.683966][ T29] audit: type=1326 audit(2000002396.205:7178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10235 comm="syz.1.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 188.692866][T10238] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2394'. [ 188.716281][ T29] audit: type=1326 audit(2000002396.205:7179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10235 comm="syz.1.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 188.748932][ T29] audit: type=1326 audit(2000002396.205:7180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10235 comm="syz.1.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 188.840174][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.840801][ T29] audit: type=1326 audit(2000002396.268:7181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10235 comm="syz.1.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 188.872881][ T29] audit: type=1326 audit(2000002396.268:7182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10235 comm="syz.1.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 188.896407][ T29] audit: type=1326 audit(2000002396.268:7183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10235 comm="syz.1.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f3b0b93e929 code=0x7ffc0000 [ 188.919991][ T29] audit: type=1326 audit(2000002396.268:7184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10235 comm="syz.1.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f3b0b93e963 code=0x7ffc0000 [ 188.992399][T10250] loop0: detected capacity change from 0 to 512 [ 189.031343][T10250] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 189.056099][T10250] EXT4-fs (loop0): 1 truncate cleaned up [ 189.070468][T10250] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 189.102433][T10262] loop4: detected capacity change from 0 to 1024 [ 189.122279][T10262] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 189.142846][T10262] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 189.160365][T10262] System zones: 0-1, 3-36 [ 189.164889][T10262] EXT4-fs (loop4): orphan cleanup on readonly fs [ 189.199135][T10262] EXT4-fs (loop4): 1 orphan inode deleted [ 189.215502][T10262] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 189.360462][T10278] netlink: 'syz.4.2403': attribute type 10 has an invalid length. [ 189.429470][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.594893][T10295] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 189.606836][T10295] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 189.827063][T10311] loop2: detected capacity change from 0 to 1024 [ 189.848552][T10311] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 189.883837][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.915832][T10323] FAULT_INJECTION: forcing a failure. [ 189.915832][T10323] name failslab, interval 1, probability 0, space 0, times 0 [ 189.928585][T10323] CPU: 1 UID: 0 PID: 10323 Comm: syz.2.2416 Tainted: G W 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(voluntary) [ 189.928633][T10323] Tainted: [W]=WARN [ 189.928640][T10323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 189.928656][T10323] Call Trace: [ 189.928703][T10323] [ 189.928713][T10323] __dump_stack+0x1d/0x30 [ 189.928739][T10323] dump_stack_lvl+0xe8/0x140 [ 189.928761][T10323] dump_stack+0x15/0x1b [ 189.928837][T10323] should_fail_ex+0x265/0x280 [ 189.928863][T10323] should_failslab+0x8c/0xb0 [ 189.928900][T10323] kmem_cache_alloc_noprof+0x50/0x310 [ 189.928932][T10323] ? dst_alloc+0xbd/0x100 [ 189.928977][T10323] ? __rcu_read_unlock+0x4f/0x70 [ 189.929006][T10323] dst_alloc+0xbd/0x100 [ 189.929037][T10323] ip_route_output_key_hash_rcu+0xf16/0x1440 [ 189.929072][T10323] ip_route_output_flow+0x7b/0x130 [ 189.929101][T10323] udp_sendmsg+0x1197/0x13b0 [ 189.929209][T10323] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 189.929234][T10323] ? avc_has_perm+0xd3/0x150 [ 189.929272][T10323] ? __pfx_udp_sendmsg+0x10/0x10 [ 189.929338][T10323] inet_sendmsg+0xac/0xd0 [ 189.929369][T10323] __sock_sendmsg+0x102/0x180 [ 189.929435][T10323] __sys_sendto+0x268/0x330 [ 189.929472][T10323] __x64_sys_sendto+0x76/0x90 [ 189.929499][T10323] x64_sys_call+0x2eb6/0x2fb0 [ 189.929521][T10323] do_syscall_64+0xd2/0x200 [ 189.929577][T10323] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 189.929604][T10323] ? clear_bhb_loop+0x40/0x90 [ 189.929626][T10323] ? clear_bhb_loop+0x40/0x90 [ 189.929648][T10323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.929678][T10323] RIP: 0033:0x7f7963cfe929 [ 189.929694][T10323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.929752][T10323] RSP: 002b:00007f7962346038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 189.929771][T10323] RAX: ffffffffffffffda RBX: 00007f7963f26080 RCX: 00007f7963cfe929 [ 189.929783][T10323] RDX: 000000000000ffe3 RSI: 00002000000000c0 RDI: 0000000000000005 [ 189.929796][T10323] RBP: 00007f7962346090 R08: 0000000000000000 R09: 0000000000000000 [ 189.929830][T10323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 189.929842][T10323] R13: 0000000000000000 R14: 00007f7963f26080 R15: 00007ffc4c449f18 [ 189.929862][T10323] [ 190.167646][T10324] loop0: detected capacity change from 0 to 1024 [ 190.185709][T10324] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 190.215089][T10324] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 190.224803][T10324] System zones: 0-1, 3-36 [ 190.229365][T10324] EXT4-fs (loop0): orphan cleanup on readonly fs [ 190.243300][T10324] EXT4-fs (loop0): 1 orphan inode deleted [ 190.249631][T10324] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 190.284488][T10329] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10329 comm=syz.3.2423 [ 190.375747][T10338] netlink: 'syz.0.2420': attribute type 10 has an invalid length. [ 190.424007][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.484819][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.511443][T10349] pim6reg1: entered promiscuous mode [ 190.534571][T10355] loop2: detected capacity change from 0 to 512 [ 190.553084][T10355] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 190.596947][T10355] EXT4-fs (loop2): 1 truncate cleaned up [ 190.604362][T10355] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 190.655384][T10363] loop4: detected capacity change from 0 to 1024 [ 190.723019][T10363] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 190.783177][T10363] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 190.825365][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.922490][T10376] loop0: detected capacity change from 0 to 512 [ 190.932280][T10376] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 190.951513][T10376] EXT4-fs (loop0): 1 truncate cleaned up [ 190.961021][T10376] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.000978][T10382] __nla_validate_parse: 6 callbacks suppressed [ 191.000993][T10382] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2440'. [ 191.050900][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.094430][T10392] loop0: detected capacity change from 0 to 1024 [ 191.102233][T10392] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 191.113513][T10392] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 191.122406][T10392] System zones: 0-1, 3-36 [ 191.127344][T10392] EXT4-fs (loop0): orphan cleanup on readonly fs [ 191.136499][T10392] EXT4-fs (loop0): 1 orphan inode deleted [ 191.144733][T10392] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 191.243096][T10392] netlink: 'syz.0.2443': attribute type 10 has an invalid length. [ 191.279333][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.301145][T10409] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2451'. [ 191.311054][T10409] caif0: entered promiscuous mode [ 191.316229][T10409] caif0: entered allmulticast mode [ 191.368306][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.376089][T10415] hub 1-0:1.0: USB hub found [ 191.378964][T10411] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2452'. [ 191.382387][T10415] hub 1-0:1.0: 8 ports detected [ 191.435749][T10423] loop0: detected capacity change from 0 to 512 [ 191.447868][T10423] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.2457: corrupted in-inode xattr: invalid ea_ino [ 191.466351][T10429] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2455'. [ 191.485461][T10423] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.2457: couldn't read orphan inode 15 (err -117) [ 191.500959][T10423] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.553233][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.611938][T10448] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 191.795030][T10474] loop4: detected capacity change from 0 to 512 [ 191.842622][T10474] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.2475: corrupted in-inode xattr: invalid ea_ino [ 191.874377][T10474] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.2475: couldn't read orphan inode 15 (err -117) [ 191.898101][T10474] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.982612][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.005837][T10487] loop2: detected capacity change from 0 to 512 [ 192.019349][T10487] EXT4-fs error (device loop2): ext4_iget_extra_inode:5035: inode #15: comm syz.2.2480: corrupted in-inode xattr: invalid ea_ino [ 192.047950][T10487] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.2480: couldn't read orphan inode 15 (err -117) [ 192.076026][T10487] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.094439][T10487] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.164895][T10496] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 192.307629][T10504] FAULT_INJECTION: forcing a failure. [ 192.307629][T10504] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 192.320788][T10504] CPU: 0 UID: 0 PID: 10504 Comm: syz.0.2486 Tainted: G W 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(voluntary) [ 192.320866][T10504] Tainted: [W]=WARN [ 192.320872][T10504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 192.320885][T10504] Call Trace: [ 192.320892][T10504] [ 192.320901][T10504] __dump_stack+0x1d/0x30 [ 192.320922][T10504] dump_stack_lvl+0xe8/0x140 [ 192.320944][T10504] dump_stack+0x15/0x1b [ 192.321013][T10504] should_fail_ex+0x265/0x280 [ 192.321039][T10504] should_fail+0xb/0x20 [ 192.321060][T10504] should_fail_usercopy+0x1a/0x20 [ 192.321133][T10504] _copy_from_user+0x1c/0xb0 [ 192.321158][T10504] ___sys_sendmsg+0xc1/0x1d0 [ 192.321206][T10504] __x64_sys_sendmsg+0xd4/0x160 [ 192.321296][T10504] x64_sys_call+0x2999/0x2fb0 [ 192.321366][T10504] do_syscall_64+0xd2/0x200 [ 192.321394][T10504] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 192.321421][T10504] ? clear_bhb_loop+0x40/0x90 [ 192.321447][T10504] ? clear_bhb_loop+0x40/0x90 [ 192.321482][T10504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.321509][T10504] RIP: 0033:0x7f102819e929 [ 192.321601][T10504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.321673][T10504] RSP: 002b:00007f1026807038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 192.321697][T10504] RAX: ffffffffffffffda RBX: 00007f10283c5fa0 RCX: 00007f102819e929 [ 192.321736][T10504] RDX: 0000000000040000 RSI: 0000200000000000 RDI: 0000000000000003 [ 192.321752][T10504] RBP: 00007f1026807090 R08: 0000000000000000 R09: 0000000000000000 [ 192.321768][T10504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 192.321783][T10504] R13: 0000000000000000 R14: 00007f10283c5fa0 R15: 00007ffc26a45a68 [ 192.321807][T10504] [ 192.556798][T10513] loop0: detected capacity change from 0 to 1024 [ 192.590817][T10513] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 192.614971][T10513] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002] [ 192.633454][T10513] System zones: 0-1, 3-36 [ 192.638286][T10513] EXT4-fs (loop0): orphan cleanup on readonly fs [ 192.647023][T10513] EXT4-fs (loop0): 1 orphan inode deleted [ 192.695986][T10513] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 192.796908][T10527] loop4: detected capacity change from 0 to 512 [ 192.845652][T10527] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.2494: corrupted in-inode xattr: invalid ea_ino [ 192.867289][T10527] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.2494: couldn't read orphan inode 15 (err -117) [ 192.890729][T10531] netlink: 'syz.0.2490': attribute type 10 has an invalid length. [ 192.903863][T10527] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.931242][T10527] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.079106][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.150323][T10548] loop2: detected capacity change from 0 to 512 [ 193.168069][T10548] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 193.218779][T10548] EXT4-fs (loop2): 1 truncate cleaned up [ 193.233696][T10548] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.302472][T10562] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2505'. [ 193.471611][ T3319] EXT4-fs error (device loop2): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /486/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 193.507829][ T29] kauditd_printk_skb: 567 callbacks suppressed [ 193.507854][ T29] audit: type=1400 audit(2000002401.365:7752): avc: denied { remove_name } for pid=3319 comm="syz-executor" name="lost+found" dev="loop2" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 193.537562][ T29] audit: type=1400 audit(2000002401.365:7753): avc: denied { rmdir } for pid=3319 comm="syz-executor" name="lost+found" dev="loop2" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 193.560690][ T3319] EXT4-fs error (device loop2): ext4_empty_dir:3116: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 193.582177][ T3319] EXT4-fs error (device loop2): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /486/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 193.604293][ T3319] EXT4-fs error (device loop2): ext4_empty_dir:3116: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 193.625285][ T3319] EXT4-fs error (device loop2): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /486/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 193.647474][ T3319] EXT4-fs error (device loop2): ext4_empty_dir:3116: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 193.667603][ T3319] EXT4-fs error (device loop2): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /486/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 193.690743][ T3319] EXT4-fs error (device loop2): ext4_empty_dir:3116: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 193.710862][ T3319] EXT4-fs error (device loop2): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /486/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 193.733198][ T3319] EXT4-fs error (device loop2): ext4_empty_dir:3116: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 193.845947][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.873175][ T29] audit: type=1326 audit(2000002401.755:7754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10580 comm="syz.0.2512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 193.919360][ T29] audit: type=1326 audit(2000002401.786:7755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10580 comm="syz.0.2512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 193.943060][ T29] audit: type=1326 audit(2000002401.786:7756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10580 comm="syz.0.2512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 193.966654][ T29] audit: type=1326 audit(2000002401.786:7757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10580 comm="syz.0.2512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 193.990205][ T29] audit: type=1326 audit(2000002401.786:7758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10580 comm="syz.0.2512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 194.013803][ T29] audit: type=1326 audit(2000002401.786:7759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10580 comm="syz.0.2512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 194.037343][ T29] audit: type=1326 audit(2000002401.786:7760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10580 comm="syz.0.2512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 194.061066][ T29] audit: type=1326 audit(2000002401.786:7761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10580 comm="syz.0.2512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f102819e929 code=0x7ffc0000 [ 194.127147][ T3314] ================================================================== [ 194.135291][ T3314] BUG: KCSAN: data-race in shmem_getattr / shmem_recalc_inode [ 194.142801][ T3314] [ 194.145136][ T3314] read-write to 0xffff88810455b460 of 8 bytes by task 10579 on cpu 1: [ 194.153310][ T3314] shmem_recalc_inode+0x36/0x1c0 [ 194.158287][ T3314] shmem_get_folio_gfp+0x7a3/0xd60 [ 194.163443][ T3314] shmem_write_begin+0xa8/0x190 [ 194.168341][ T3314] generic_perform_write+0x181/0x490 [ 194.173656][ T3314] shmem_file_write_iter+0xc5/0xf0 [ 194.178797][ T3314] __kernel_write_iter+0x253/0x4c0 [ 194.183932][ T3314] dump_user_range+0x407/0x8c0 [ 194.188724][ T3314] elf_core_dump+0x1dc2/0x1f80 [ 194.193520][ T3314] do_coredump+0x1dfd/0x27b0 [ 194.198126][ T3314] get_signal+0xd85/0xf70 [ 194.202504][ T3314] arch_do_signal_or_restart+0x96/0x480 [ 194.208132][ T3314] irqentry_exit_to_user_mode+0x5e/0xa0 [ 194.213717][ T3314] irqentry_exit+0x12/0x50 [ 194.218167][ T3314] asm_exc_page_fault+0x26/0x30 [ 194.223035][ T3314] [ 194.225371][ T3314] read to 0xffff88810455b460 of 8 bytes by task 3314 on cpu 0: [ 194.232924][ T3314] shmem_getattr+0x41/0x200 [ 194.237453][ T3314] vfs_getattr_nosec+0x143/0x1e0 [ 194.242438][ T3314] vfs_statx+0x113/0x390 [ 194.246725][ T3314] vfs_fstatat+0x115/0x170 [ 194.251184][ T3314] __se_sys_newfstatat+0x55/0x260 [ 194.256240][ T3314] __x64_sys_newfstatat+0x55/0x70 [ 194.261383][ T3314] x64_sys_call+0x2c22/0x2fb0 [ 194.266093][ T3314] do_syscall_64+0xd2/0x200 [ 194.270622][ T3314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.276534][ T3314] [ 194.278870][ T3314] value changed: 0x0000000000003719 -> 0x000000000000371c [ 194.285999][ T3314] [ 194.288336][ T3314] Reported by Kernel Concurrency Sanitizer on: [ 194.294520][ T3314] CPU: 0 UID: 0 PID: 3314 Comm: syz-executor Tainted: G W 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(voluntary) [ 194.308359][ T3314] Tainted: [W]=WARN [ 194.312173][ T3314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 194.322241][ T3314] ================================================================== [ 194.405373][T10585] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 194.632636][ T31] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.690282][ T31] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.765561][ T31] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.831764][ T31] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.983580][ T31] bond0 (unregistering): Released all slaves [ 194.992558][ T31] b (unregistering): Released all slaves [ 195.042615][ T31] hsr_slave_0: left promiscuous mode [ 195.048383][ T31] hsr_slave_1: left promiscuous mode [ 195.056343][ T31] veth1_macvtap: left promiscuous mode [ 195.061888][ T31] veth0_macvtap: left promiscuous mode [ 195.068353][ T31] veth1_vlan: left promiscuous mode [ 195.073698][ T31] veth0_vlan: left promiscuous mode