last executing test programs: 3m50.472878924s ago: executing program 2 (id=3): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) 3m50.424803204s ago: executing program 2 (id=9): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x9100) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f00000000c0)={0xa0, 0x0, 0x80, 0x3d, 0x0, 0x4, 0x0}) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r0, &(0x7f0000000540)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14040000", @ANYRES16, @ANYBLOB="000126bd7000fedbdf257a00000008000300", @ANYRES32=0x0, @ANYBLOB="78002a001001976804ac0010002a0106720603030303030368045d0305002653a67104a47c7542db7705fd3e136ddfe1822fdd2b432a5e642cba6d7e90231fc68d6a898dc0ef830a850640f3c31375d508fa812151cd785a44795384b0ac96c64e9598ab57296bb4c0e6f35e06bcd8428f13e5250301b80329002a008c18d9055e1aae11d989215b04592e83d738040d1d4ba7ebe0fc68040300ff7f25030170040000000600fb00040000000600fb00018000003c00fc006ccf621f173c28e904e77a60c7660e48f69ec38d5046d5e0201f0d5dd1558c9238aa91886c896c31900532d40fe471f3a0f20a678ae0e1ce1d00fc00be99b5aca00ebfa183b7e25944304dc186114f5653eec6892d0000001100f9008ed4f26843bbc5725c69a3c2cf000000c100fa0078e7b872618a911a1533b31959e2992148ca28e4a7af76330023f23486e2fabee4cf454bafe14746e9566ebecd57b310c34b5da313c2f2066e33d104acf9bf835c88a84e21dabcfcb85cbaf8c2ed1310f423998926b66cdfc188005913adc054d218c220b8957bcef9181c95b38c68d229b63f18be91614ecf8eef685d795d231934ccbbf87072a077013037bc07723db9fb9c4ed8fd5aa2b35c81b31f430128750a9072fec86792ed695b333e3ab6c9d3ad2461fa5f2960f6eacf4a2d000000c400fc0050450f4abbde97884ca5edd8f4c68dc261050e0594a7284dd47b30b04024679260c1ba6e346c686256be474d084ba26fce70772d3ea7725c2a0a6eb4fdb11f69bb6b47eaf0fd3f39c4c56b6a1367fb56e27ad74b18a69fbf13daa299cbcd30dfa6218e8b2e559aac005cba0e4b626144872626e74484fcc44d9f4f86913b0775bb083f7c6084ff57f0cb396349111d782c59a7e0fdef7b6f30cdcbe8943245f111e36a30c0637235961f614359ff29412dd5797c6e2c00d4f4d842a04d7a0e730600fb0008000000ed00fc00041d50f86043e97423df28668ceccad525022395ecc30e61dbe1a21b392c8227db19e9a964c56ee4213a310648591836c1dc3e7eba3cedc51aa142f5f0983ee5388f4355d96926e3fd02ea3ad02bcd7d795688d017b1ff0e18f2b39d7fa3437ece88abbe55aecc30c865063decccd8f2b5a450974d4b0543b1b79da65e8e3a8cf3279cd7ef22d24f1d35b80c5c1ecf8636c349c4a9f7623ed9d17358466bdbef8029d870e57386e86e9f6d09659e5127ceb4414142917df30cdb7441eed4f6cde81772e33f2ffcc2eb9929f6dc31c990d9b6eac1f630a294c91267ec305f5a2a98c05a9e31e455a6bb0000004100fc0074f00f1dbf65c59bbfa14b8b526399d7b286cfa32c3921aa58067462c0b815acb60adfda4cb0bdfee13711f3385ab08554fcdc6f025774c4687488a2f70000000600fb00080000000600fb00e0020000"], 0x414}, 0x1, 0x0, 0x0, 0x4}, 0x4000814) getxattr(&(0x7f00000001c0)='./bus\x00', 0x0, 0x0, 0x0) 3m50.401282354s ago: executing program 2 (id=10): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x400, &(0x7f0000000100)={[{@errors_remount}]}, 0x5, 0x5e0, &(0x7f0000000600)="$eJzs3c9vFFUcAPDv2/6gpWgLMSoepIkxkCgtLWCI8QBXQxr8ES9erLQgUqChNVo0oSR4MTFejDHx5EH8L5TIlZOePHjxZEiIGo4mrtntTOmP2ZaWtlOZzydZdmbeDu873X77Zt6+NxtAZfU3/qlF7I2IyRTRm2bny9ojK+yfe929vz853XikqNff+DNFyrblr0/Zc0+2c1dE/PxTij1ty+udmrlyfnRiYvxytj44fWFycGrmysFzF0bPjp8dvzj80vCxo0eOHhs6tKbj6c6erxaUnbz+/oe9n428/d03/6Sh738bSXE8Xs1euPA4Nkp/9Dd/Jml5Uc+xja6sJG3Z78nCtzi1lxgQa5K/fx0R8VT0Rlvcf/N649PXSg0O2FT1FFEHKirJf6io/Dwgv7Zfeh1cK+WsBNgKd0/MdQAsz//2ub7B6Gr2Dey8l2Jht06KiLX1zBXbFRG3b41cP3Nr5HpsUj8cUGz2WkQ8XZT/qZn/fdEVfc38ry3K/8Z5wansubH99XXWv7SrWP7D1pnL/64V8z9a5P87C/L/3XXW339/8b3uRfnfvd5DAgAAAAAAgMq6eSIiXiz6/L82P/4nCsb/9ETE8Q2ov3/J+vLP/2t3NqAaoMDdExGvFI7/reWjf/vasqXHmuMBOtKZcxPjhyLi8Yg4EB07GutDK9Rx8PM9X7cq68/G/+WPRv23s7GAWRx32ncs3mdsdHr0YY8biLh7LeKZwvG/ab79TwXtf+PvweQD1rHn+RunWpWtnv/AZql/G7G/sP2/f9eKtPL9OQab5wOD+VnBcs9+/MUPrepfb/67xQQ8vEb7v3Pl/O9LC+/XM7X2Og7PtNdbla33/L8zvdm85Uxntu2j0enpy0MRnelkW2Prou3Da48ZHkV5PuT50sj/A8+t3P9XdP7fHRGzS/7v9NfiOcW5J//t+b1VPM7/oTyN/B9bU/u/9oXhG30/tqr/wdr/I822/kC2Rf8fzPkqT9POxdsL0rG9qGir4wUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAR0EtInZFqg3ML9dqAwMRPRHxROysTVyamn7hzKUPLo41yprf/1/Lv+m3d2495d//37dgfXjJ+uGI2B0RX7Z1N9cHTl+aGCv74AEAAAAAAAAAAAAAAAAAAGCb6Gkx/7/hj7ayowM2XXvZAQClKcj/X8qIA9h62n+oLvkP1SX/obrkP1TX8vzvLCUOYOtp/6G65D9Ul/wHAAAAAIBHyu59N39NETH7cnfzEQsG/3SUGhmw2WplBwCUxi1+oLoM/YHqco0PpFXKu1rutNqeK5k8/RA7AwAAAAAAAAAAAEDl7N9r/j9Ulfn/UF3m/0N15fP/95UcB7D1XOMDscpM/sL5/6vuBQAAAAAAAAAAAABspKmZK+dHJybGL1t4a3uEsZUL9Xr9auO3YLvE8z9fyIfCb5d4lizkc/0ebK/y/iYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACL/RcAAP//SNck1A==") llistxattr(&(0x7f0000000000)='./file1\x00', 0x0, 0xfffffffffffffe27) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000340)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) r1 = socket$igmp(0x2, 0x3, 0x2) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r3}, 0x10) timer_create(0x0, 0x0, &(0x7f0000000000)) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r4}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) sendmmsg$inet(r0, &(0x7f0000004bc0)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000f00)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df28a3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96af2814dbbea5a064f2ab6fc0904c07f02cbfadfb96866d962e6e21d3a0a0276a36e01b6edafd6c84", 0xc9}], 0x1}}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000b80)="1ee88f78de7d57006d8ffa3f1d92c228a43f6c86558705d98691e6344fa3745cc92c1f80fc01a77c28bb77872fc4f9be9660bb", 0x33}, {&(0x7f0000001bc0)="5c89eeb1aa86c6f680f09cc1c1d4bc5fc6a067d295afd3aa97af3d777b81db48f9ceb270e506af840503c6fbf20760e4cd8df9c220cd0728585229123d5c61507d00561b8f1a15e64fa2779be424fdeff46058eaee7acfc80b2ae9840e9ac1e33ac8378c98695a08bdb8f2a756b1704c036e3b0ff2d1e9d397a82e24debd371e6855b7dc2dea47d57a9dfbf4fb2ccb3f975c3851c6b5399ab80c4ba95604f70a69674cfe820d82fb06", 0xa9}], 0x2}}], 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21081e, &(0x7f00000002c0), 0x1, 0x4f2, &(0x7f0000000d40)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOok7E1VdQFkhhCohugSpDY4bRbHjKHZKE4qU/gckKrGCJT+AdVfs2SDYsSkLJD4iUFOJhdG9vkncxG4CSeNM/DzS1T3nXMfvOUnuOclr2SeAgXUlIrYjYjQi7kfEVNaey4643T6Sx73YeVze3XlczkWrdfcfufR60hYdX5N4K3vOQkT84DsRP84djdvY3FpZqFYr61l9pllbm2lsbl1fri0sVZYqq6XS/Nz87M0bn5TObKwf1Eaz0hef/377Gz9NujWZtXSO4yy1hz6yHyey7/n33kSwPhiKiOHs94dPn3xEvBcRH6b3/1QMpT9NAOAya7WmojXVWQcALrt8mgPL5YtZLmAy8vlisZ3Dez8m8tV6o3ntQX1jdbGdK5uOkfyD5WplNssVTsdILqnPpeWDeulQ/UZEvBsRPx8bT+vFcr262M8/fABggL11aP3/91h7/QcALrlCvzsAAJw76z8ADB7rPwAMHus/AAwe6z8ADB7rPwAMnLF+dwAAOFffv3MnOVq72edfLz7c3FipP7y+WGmsFGsb5WK5vr5WXKrXl9LP7Kkd93zVen1t7uPYeDT9zbVGc6axuXWvVt9Ybd5LP9f7XmXkXEYFALzOux88+1MuIrZvjadHdOzlYK2Gyy3f7w4AfTPU7w4AfWO3Lxhcp/gfX3oALokuW/S+ohAR44cbW61W6811CXjDrn5O/h8GVUf+37uAYMDI/8Pgkv+HwdVq5U6653+c9IEAwMUmxw/0eP3/vez8m+zFgR8tHn7E08MN3lEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA4Njb/7eY7dwxGfl8sRjxdkRMx0juwXK1MhsR70TEH8dGxpL6XJ/7DACcVv6vuWz/r6tTH00evjqaezmWniPiJ7+8+4tHC83m+h+S9n/utzefZu2lfvQfADjO3jqdnjv+kX+x87i8d5xnf/727YgotOPv7ozG7n784RhOz4UYiYiJf+WyeluuI3dxGttPIuKz3cafi8k0B9Le+fRw/CT22+caP/9K/Hx6rX1OvhefOYO+wKB5lsw/t7vdf/m4kp673/+FdIY6vWz+S56qvJvOgQfx9+a/oR7z35WTxvj4d99tl8aPXnsS8fnhiL3Yux3zz178XI/4Hx19uq7+/IUvfdjrWutXEVejM/7PygcRDkozzdraTGNz6/pybWGpslRZLZXm5+Znb974pDST5qhneq8Gf7917Z1e15LxT0T38ReOGf9XTzb8+PV/7v/wy6+J//WvdIufj/dfEz9ZE792wvgLE78t9LqWxF/sMf7jfv7XThj/+V+2jmwbDgD0T2Nza2WhWq2sKyhc/ELyK3sButG18K3zijUa/9NXtVr/V6xeM8ZZZN2Ai2D/po+Il/3uDAAAAAAAAAAAAAAA0NV5vGOp32MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg8vpvAAAA//+sXtJf") setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 3m50.054938786s ago: executing program 2 (id=13): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_TRIM(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3f6, 0x20, 0x70bd2a, 0x25dfdbff, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0x8}}}, 0x24}}, 0x0) 3m48.659723983s ago: executing program 2 (id=31): r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x34, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0xa) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="27050200590214000600002fb96dbcf706e10500000086ddffff1144ee162fd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000102821880b00000000", 0x48}], 0x1}, 0x9cdc2384056b48b8) r2 = syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_io_uring_submit(r3, r4, 0x0) fcntl$lock(r0, 0x25, &(0x7f0000000740)={0x1, 0x0, 0x8000, 0x4}) io_uring_enter(r2, 0x2d3e, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00'}, 0x18) fchownat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000d00000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000002c00)={'ip6gretap0\x00', 0x0}) r9 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000740), 0x4) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@ifindex=r8, r6, 0x2f, 0x201d, 0xffffffffffffffff, @value=r9}, 0xb) 3m48.659426653s ago: executing program 32 (id=31): r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x34, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0xa) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="27050200590214000600002fb96dbcf706e10500000086ddffff1144ee162fd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000102821880b00000000", 0x48}], 0x1}, 0x9cdc2384056b48b8) r2 = syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_io_uring_submit(r3, r4, 0x0) fcntl$lock(r0, 0x25, &(0x7f0000000740)={0x1, 0x0, 0x8000, 0x4}) io_uring_enter(r2, 0x2d3e, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00'}, 0x18) fchownat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000d00000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000002c00)={'ip6gretap0\x00', 0x0}) r9 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000740), 0x4) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@ifindex=r8, r6, 0x2f, 0x201d, 0xffffffffffffffff, @value=r9}, 0xb) 3m28.325498351s ago: executing program 5 (id=469): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x36, 0x1, 0x0, 0xff, 0x0, 0x0, 0x30900, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23, 0x4, @perf_config_ext={0x2, 0x7}, 0x800, 0x4, 0x0, 0x9, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x28f}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b70200000a000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bce5a6f087ae8f5e64be2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1c6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc952a3fd2c46f3c1cde71a19d1a2982492abaa96665372831210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddf"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x28) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x402000, 0x0) ioctl$PPPIOCSPASS(r3, 0x40107447, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{0x6, 0xb, 0x10, 0x7ff}, {0x6, 0x6, 0xdd, 0x8}]}) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r1, 0xf504, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000280)="e0b9d5a2a00a3c6ffda2e3861121", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 3m28.285282132s ago: executing program 5 (id=471): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f00000000c0)='wg0\x00', 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x275a, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x3e, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000380)='kfree\x00', r5}, 0x18) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000e80)=@newqdisc={0x9c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x6c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x4, 0x0, 0x1800]}}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x8085}, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d) sendfile(r0, r1, 0x0, 0x8000002b) 3m27.413870376s ago: executing program 5 (id=495): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x48) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0xc, 0x4, 0x4, 0x10000, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 3m27.334367257s ago: executing program 5 (id=497): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks}, {@minixdf}]}, 0x1, 0x4ff, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvndhx0uwmu+wBEOwuuwsFVXUSdzda7QGWEwK0EmKPIHVD4kZR7DiKndKEHtIzVyQqcYIjfwDnnrhzQXDjUg5I/IhADRIHoxlPUje1m6hJ7Cj+fKTRvDdv6u97Tee9+pvEL4CR9XZE7EVEMSI+i4iZ7HouO+LjzpHc92T//vLB/v3lXLTbn/4zl7Yn16LrzySuZa9ZiogffifiJ7nn4zZ3dteXarXqVlafa9U355o7uzfX6kur1dXqRqWyuLA4/+GtDyrnNta36sWs9OXHf9j7xs+Sbk1nV7rHcZ46Qy8cxUmMR8T3LyLYEIxl4ykOuyO8lHxEvB4R76TP/0yMpV9NAOAqa7dnoj3TXQcArrp8mgPL5ctZLmA68vlyuZPDeyOm8rVGs3XjTmN7Y6WTK5uNQv7OWq06n+UKZ6OQS+oLaflpvXKsfisiXouIX0xMpvXycqO2Msz/+ADACLt2bP3/z0Rn/QcArrjSsDsAAAyc9R8ARo/1HwBGj/UfAEZPZ/2fHHY3AIAB8v4fAEaP9R8ARsoPPvkkOdoH2edfr9zd2V5v3L25Um2ul+vby+XlxtZmebXRWE0/s6d+0uvVGo3Nhfdj+97sNzebrbnmzu7temN7o3U7/Vzv29VCetfeAEYGAPTz2luP/pxLVuSPJtMjuvZyKAy1Z8BFyw+7A8DQjA27A8DQ2O0LRtcZ3uNLD8AV0WOL3meUev2CULvdbl9cl4ALdv0L8v8wqrry/34KGEaM/D+MLvl/GF3tdu60e/7HaW8EAC43OX6gz/f/X8/Ov82+OfDjleN3PLzIXgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDldrj/bznbC3w68vlyOeKViJiNQu7OWq06HxGvRsSfJgoTSX1hyH0GAM4q/7dctv/X9Zn3pp9pevPaUbEYET/91ae/vLfUam39MaKY+9fE4fXWw+x6ZfC9BwBOdrhOJ+dHXW/kn+zfXz48Btmfv387Ikqd+Af7xTg4ij8e4+m5FIWImPp3Lqt35LpyF2ex9yAiPt9r/LmYTnMgnZ1Pj8dPYr8y0Pj5Z+Ln07bOOfm7+Nw59AVGzaNk/vm41/OXj7fTc+/nv5TOUGeXzX/JSy0fpHPg0/iH899Yn/nv1DHe//13O6XJ59seRHxxPOIw9kHX/HMYP9cn/nunjP+XL735Tr+29q8jrkfv+N2x5lr1zbnmzu7NtfrSanW1ulGpLC4szn9464PKXJqjnuu/Gvzjoxuv9mtLxj/VJ37phPF/9ZTj/83/PvvRV14Q/+vv9oqfjzdeED9ZE792yvhLU78r9WtL4q/0Gf9JX/8bLw77vWJWePzX3ee2DQcAhqe5s7u+VKtVtxQULn8h+Sd7CbrRs/CtQcUqRu+mn7/beaaPNbXbLxWr34xxHlk34DI4eugj4r/D7gwAAAAAAAAAAAAAANDTIH5jadhjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Or6fwAAAP//sUPPoQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x107042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x187842, 0x147) bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0) socket$inet(0x2, 0x3, 0x5) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0b000000080000000c000000ffbfffff01000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000032f80000000000000000000000000000000000000000000000008ab92a0f48c6b2a0faa39e65a89ee0348b36138582f6b332c36eb7028b1db344cfdf5a2074198efa812af2015b5d70ead2b685b727918f7e0006a115e39d26f52a709c70f9f0abd680ff6b105a945d5f348e0e57911be37b473bc82495eaae24fe4c209553c76d5ce836f0afffa7f941293f7dc7c704b1b78a7b430bbe3b1189936a4082af5f4357f377236380723fdb897ac1a5fe0eb6679e301bb2db0adb57c6e8afb0b6fa7513b0858129e07cb77bc804c27d75ef73f1b16b38d05c5f45"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r3}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r4, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f00000004c0)="9e84a9884a71bd46f30fc7730000000000001281ee3c1fd4b6e0cc761a9467f8a99942075c700c479908154199fbe471bd842a5f54f936a6e8cfbc914578728adaada25fed9f1fae5325e761d1dcfddf201432be5a1f3f9009376771226fd9328391a2f4d0a3f69127f8066d53134af3380f4830aaa0954cff7eeeac369710897e9deb6d1d94072172ac7f6a8ed76df3e0b07ed20d0772e7cd99998982", 0x9d}, {&(0x7f0000000800)="767cdf447c1a65ada9cefafff41823044875e5df6780cdd4e52a5c0f34f729c66c40a1e921cb431cab7973bfbb35a45c2d0d1f67d2ce7df6b711309d6ae806349b3db500eb274a57f5fbb09a14fdc21176dfae339db2f0d3d42ba220f586d09613187a5e349e33b522c3695d0e", 0x6d}, {0x0}, {0x0}, {&(0x7f0000000b40)="51796fc27fcc6a81df02339253453f9bff6902550581f805ba7db8d98c133e83b5fd9a7534fb6315b76aa9ccc2b7f616bb989cc6930c82b1d8f0215f073722a750a6de36aaa1eb3d49b53e06969df61e3bad674c01722f1dfa1f1d95f82a05e602fa95437cd74b91682b9d2fb4bdd9e0bd7e84705ed61a119a5aa29d95746e26fa21c0053f3fe572f64987ca7bfbbd7a74a4e7b00a4233683e30ab8dd705c140b241479193d4fbaeeacd7b9dcee5a6aebd1a1e86c1a497ba1e59f0ca2035e0b0471523f278688b38467e3718", 0xcc}, {&(0x7f0000000300)="94cc30dbbb", 0x5}, {0x0}, {&(0x7f0000000980)}], 0x8}, 0x80) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3, 0x1}}) close_range(r2, 0xffffffffffffffff, 0x0) r6 = socket$inet6_dccp(0xa, 0x6, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff7a, 0x10, 0x0, 0x45, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) syz_clone(0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x550, 0x1c0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x480, 0xffffffff, 0xffffffff, 0x480, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x2c0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x4, 0x0, 'syz0\x00'}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000240)={0x3920e, r0, 0x4, 0xe4, 0x0, 0x2000003}) 3m27.163032418s ago: executing program 5 (id=503): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x402c5342, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) tkill(0x0, 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x1c}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000000ff0100000000", @ANYRES32, @ANYBLOB="01000000002200001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) setsockopt(0xffffffffffffffff, 0x8, 0xd62, &(0x7f0000000300)="baf18e911cbadfc5b997277c9cd5e3568fb60bf4f38959d00cd2e7090da09bb3793600a7dbee2d4405b0cf940cfd3649661a83780dd7a7baa85807974c4ec0029aebb40a76e79ab70617d4e6f87d69d735012ca69af32a6a71de59627e5f162c76085a870ba3032a49f31a088e29", 0x6e) sched_setscheduler(0x0, 0x1, 0x0) pipe2$9p(&(0x7f0000000400), 0x84880) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r2}, &(0x7f0000000540), &(0x7f0000000580)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r2, 0x0}, 0x20) r3 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f0000000080)={0x0, 0x6}) 3m26.864689509s ago: executing program 5 (id=511): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140"], 0xfc}}, 0x0) signalfd(0xffffffffffffffff, &(0x7f00000003c0)={[0x862]}, 0x8) 3m26.853724759s ago: executing program 33 (id=511): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140"], 0xfc}}, 0x0) signalfd(0xffffffffffffffff, &(0x7f00000003c0)={[0x862]}, 0x8) 3m15.856733628s ago: executing program 1 (id=716): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0xc, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='rss_stat\x00', r1}, 0x10) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 3m15.823412848s ago: executing program 1 (id=717): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x248, &(0x7f00000002c0), 0xfd, 0x4a0, &(0x7f0000000e00)="$eJzs3MtrXNUfAPDvnZkkfSe//uqjtdpoFYuPpEmrFhR8gOBCQdBFXUlM0lKbNtJEsCXYKKVuBC24F8GN4F/gypWoK8Gt7qVQpJtWVyM3c+90kszk0Ztkms7nAzdzzsy5c873Ps89d24C6Fj96Z8kYkdE/BERvRFRaiywtTal5W5enxn95/rMaBLV6lt/J+lsceP6zGheNMlet9cylfSLSpeSeKlJvVPnL5wemZgYP5flB6fPfDA4df7C06fOjJwcPzl+dvjYsaNHhp57dviZNYkzbdONfR9P7t/72jtX3hg9fuW9X75PGhrdGEdBz/fWkzP1ZbLQY2tU2Z1iZ0M6qbSxIaxKT0Skq6trbv/vjfKlXfXPeuPVT9vaOGBdVavV6nDrj2erwF0siXa3AGiP/ESfXv/m0wZ1Pe4I116uXQClcd/Mptonldo4SE/t2mjnOtXfHxHHZ//9Op1i1eMQXevUKgDgbvZj2v95qkn/rxJxb0O5Xdm9ob6I+F9E7I6I/0fEnoi4J2pl74uI+5tX0/9ui/r7F+QX939KVwuEt6y0//dCdm9rfv+vfhesr5zlds7F35WcODUxfjhbJoeiqyfNDzX99iRiNn39/YtW9Tf2/9IprT/vC2btuFrpmT/P2Mj0SOHAM9c+idhXaRZ/EpVbUcTeiNh3m3WceuK7/fPfKddTy8e/hDW4z1T9JuLx2vqfjQXx55Kl708ObomJ8cOD+Vax2K+/XX6zVf21+EuxdPxbiwfaQrr+tzXb/l+sx9+XNN6vnVr0Fd3L1XH5z89aXtPcWv8RW+beWdn23528Pa/yj0amp88NRXQnry9+v2GAO8/n5dP4Dx1svv/vzuZJ438gItKN+MGIeCgiDmRtfzgiHomIg0vE//Mrj77fMv4DBbb/NZDGP9b0+Ndq/a8+UT790w+t6l/Z8e9onplr1EqOfyttYJFlBwAAAJtFKSJ2RFIaqKdLpYGB2u/l98S20sTk1PSTJyY/PDtWe0agL7pK+UhXb8N46FA2Npznh7P8xSx/JBs3/qq8dS4/MDo5Mdbu4KHDbW+x/6f+KjeZYf2GooF28LwWdK7V7//L3vMFNonbP//rOcBmt8xeXNqodgAbz1kcOlez/f9iYyaJ2q/kgbuO8z90rvr+/+UKCjcM/S98eBPYfJY6/1d7N7AhwIbT/4eOVOS5/jwRUWj2Yon4NmLpMkl7GlYw8XmR2Ssb0MIotXH5dLdlpQyX27qpV1b6Xy3ifPVi4UrbfWQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYG/8FAAD//64O3bE=") (fail_nth: 24) 3m15.51004991s ago: executing program 1 (id=719): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1600000000000000040000000100000000000000", @ANYRES32=0x1, @ANYBLOB="000000dfff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x8401) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000003c0)='kfree\x00', r3}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10) (async) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) (async) r9 = dup(r8) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r9}, 0x2c, {[], [], 0x6b}}) (async) ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522) (async) r10 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r10, 0x0, 0x8008000000010, &(0x7f0000000640)="1700000002d101000003d68c5ee17688a2003208030300ecff3f0078013ad8c68d7e3c000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000200000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ff0000dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0aaa3", 0xba) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000005f008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0xa, 0x0, 0x0, 0x0, 0x90, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r11}, 0x10) r12 = socket$inet(0xa, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r12, 0x0, 0x40, &(0x7f0000000480)=@mangle={'mangle\x00', 0x44, 0x6, 0x418, 0x2b0, 0x2b0, 0x2b0, 0x138, 0x98, 0x380, 0x380, 0x380, 0x380, 0x380, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x600, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @ECN={0x28}}, {{@ip={@loopback, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@broadcast, @empty, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x478) 3m15.324966191s ago: executing program 1 (id=729): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) (async) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) (async) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) (async) mount$bind(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x891018, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000280)='./file1\x00', 0x0, 0x40000, 0x0) (async) mount$bind(&(0x7f00000004c0)='./file0/../file0\x00', &(0x7f0000000180)='./file0/../file0\x00', 0x0, 0x297881, 0x0) (async) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$sock_int(r0, 0x1, 0x12, 0x0, &(0x7f0000000400)=0x21) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x2183057, 0x0) r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000140)='./file0/file0\x00', &(0x7f00000001c0), 0x0, 0x0) 3m15.290400951s ago: executing program 1 (id=730): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{}, 0x0, 0x0}, 0x20) r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000380)=0xffffffff00000041, 0x8) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)={0x28, r2, 0x301, 0x70bd29, 0x0, {{}, {@val={0x8, 0x7}, @void, @val={0xc}}}}, 0x28}}, 0x0) listen(r0, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000080000000600000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0040000000000000001000"/28], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r5}, &(0x7f0000000800), &(0x7f0000000840)=r6}, 0x20) writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYRESHEX=r7], 0x98}, 0x1, 0x0, 0x0, 0x8045}, 0x1) sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0) 3m15.076003482s ago: executing program 1 (id=738): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r4 = dup(r3) write$P9_RLERRORu(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYRESHEX=r4]) lstat(&(0x7f0000000500)='./file0\x00', 0x0) 3m15.075665262s ago: executing program 34 (id=738): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r4 = dup(r3) write$P9_RLERRORu(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYRESHEX=r4]) lstat(&(0x7f0000000500)='./file0\x00', 0x0) 2.367615478s ago: executing program 3 (id=4440): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x29, 0x5, 0x2, 0x8001, 0x6c, @remote, @ipv4={'\x00', '\xff\xff', @local}, 0x40, 0xe0e3ef9d4255d6b4, 0x0, 0x800}}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00'}) r2 = syz_open_dev$sg(&(0x7f0000000440), 0x0, 0x2001) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000040)=ANY=[]) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) r3 = syz_open_pts(0xffffffffffffffff, 0x0) r4 = dup3(r3, 0xffffffffffffffff, 0x0) read$watch_queue(r4, &(0x7f0000000e00)=""/4096, 0x1000) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/stat\x00', 0x0, 0x0) sendfile(r0, r5, 0x0, 0x20000023896) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETSF(r6, 0x5404, &(0x7f0000000000)={0x8000b29, 0x8, 0x7, 0xb9, 0x0, "7a58beca39ed2d5a99bbc4bff0ebd3e9bd5a8e"}) 2.244948478s ago: executing program 3 (id=4444): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r2 = syz_open_dev$sg(&(0x7f0000000440), 0x0, 0x2001) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000040)=ANY=[]) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) r3 = syz_open_pts(0xffffffffffffffff, 0x0) r4 = dup3(r3, 0xffffffffffffffff, 0x0) read$watch_queue(r4, &(0x7f0000000e00)=""/4096, 0x1000) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/stat\x00', 0x0, 0x0) sendfile(r0, r5, 0x0, 0x20000023896) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) ioctl$TCSETSF(r6, 0x5404, &(0x7f0000000000)={0x8000b29, 0x8, 0x7, 0xb9, 0x0, "7a58beca39ed2d5a99bbc4bff0ebd3e9bd5a8e"}) 1.421083473s ago: executing program 3 (id=4447): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="03", 0x1, 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f00000002c0)="f9", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={0x0, 0xdc, 0xfd5, 0x4000001, 0xff, 0x180e}, 0x14) 1.386530043s ago: executing program 3 (id=4448): r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_TRIM(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x10}, 0x10}}, 0x0) recvmmsg(r0, &(0x7f00000021c0)=[{{&(0x7f0000000100)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2) r4 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000380)=0xff) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000080)=0x9) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x7f) sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)={0x30, r3, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x7}, @val={0x8}, @val={0xc}}}}, 0x30}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_LEAVE_OCB(r1, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0x1c, r3, 0x8, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000002}, 0x80) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x6c, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0xffff, 0x0, @loopback={0x2e0000000000005f, 0x5f}}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r6, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000002dcec4b01bf0807baafb944e1b9c929790ceb5700115461803dfc3805f137070c715b2960637c96836130e382664b0142ea0ee36c7e5fe2b6cf5a8466fcda4c463838bbc452e3768445a00", @ANYRES16=r7, @ANYBLOB="08002cbd7000fedbdf25200000000c0006000300000000000000"], 0x20}}, 0x4090) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRES64=r5], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r10}, 0x10) r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x105e0a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r12 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0xea042, 0x0) ioctl$TIOCSETD(r12, 0x5423, &(0x7f00000003c0)=0x14) ioctl$TIOCVHANGUP(r12, 0x5437, 0x2) ioctl$TUNSETIFF(r11, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) 1.260189404s ago: executing program 4 (id=4451): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 1.254517824s ago: executing program 4 (id=4452): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed2, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b03d25a806c8c6f94f90624fc601000127a0a000600093582c137153e37080c188001ac0f000300", 0x33fe0}], 0x1}, 0x0) 1.191956324s ago: executing program 4 (id=4456): r0 = socket$unix(0x1, 0x5, 0x0) recvmmsg$unix(r0, &(0x7f0000002080)=[{{&(0x7f0000000400)=@abs, 0x6e, &(0x7f0000001b00)=[{&(0x7f0000000740)=""/4096, 0x1000}, {&(0x7f0000000000)=""/35, 0x23}, {&(0x7f0000001800)=""/220, 0xdc}, {&(0x7f0000001740)=""/122, 0x7a}, {&(0x7f0000001900)=""/83, 0x53}, {&(0x7f0000001980)=""/128, 0x80}, {&(0x7f0000000240)}, {&(0x7f0000000340)=""/10, 0xa}, {&(0x7f0000001a00)=""/199, 0xc7}], 0x9, &(0x7f0000001bc0)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0xe8}}, {{&(0x7f0000001cc0), 0x6e, &(0x7f0000000480)=[{&(0x7f0000001d40)=""/170, 0xaa}, {&(0x7f0000001e00)=""/94, 0x5e}, {&(0x7f0000001e80)=""/122, 0x7a}, {&(0x7f0000001f00)=""/216, 0xd8}], 0x4, &(0x7f0000002000)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x48}}], 0x2, 0x40000142, &(0x7f0000000500)={0x0, 0x989680}) prctl$PR_SET_IO_FLUSHER(0x39, 0x1) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = socket(0x10, 0x803, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') fchdir(r5) r6 = memfd_create(&(0x7f0000002280)='\xcaB\x89O\xb4\x80[\xe2`@', 0x0) write(r6, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x1010, r6, 0xffffc000) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r4) getsockname$packet(r4, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newlink={0x40, 0x10, 0x437, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, 0x40c89}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @multicast1}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x3}]}}}]}, 0x40}}, 0x0) sendmmsg$inet(r3, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @remote}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @empty}}}], 0x20}}], 0x1, 0x0) prctl$PR_SET_IO_FLUSHER(0x39, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000090000000000000000000000850000004100000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000000000000850000000700000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) connect$inet(r1, &(0x7f0000000240)={0x2, 0x4e23, @multicast1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='mm_page_free\x00', r10}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r11}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000400000001000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/17], 0x48) 1.103791154s ago: executing program 4 (id=4458): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="03", 0x1, 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f00000002c0)="f9", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={0x0, 0xdc, 0xfd5, 0x4000001, 0xff, 0x180e}, 0x14) 1.103658344s ago: executing program 4 (id=4459): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000"], 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x1e8, 0xc, 0x5002004a, 0xb, 0x310, 0xea02, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x248) 813.370136ms ago: executing program 7 (id=4467): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="090200000000000000000f00000008000300", @ANYRES32=r1, @ANYBLOB="05002e000000000005002f00"], 0x58}, 0x1, 0x0, 0x0, 0x40080}, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23, 0x4, @perf_config_ext={0x9, 0x1}, 0x0, 0x0, 0x0, 0x8, 0x10000000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x28f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r3, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000000)=0x200, 0x4) bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r4 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r4, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) listen(r4, 0x2) listen(r3, 0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) pipe2$watch_queue(&(0x7f00000001c0), 0x80) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xe, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="8b030496ea00000000000000003254000027b23588ef5b2232c09cf54cf666d500eee3646f378f0ba105b4d4cc9c04bfaba20138f12d8e2532a5d18a7230f49839cec88f2c56b210790008f96ab31e99d5565fae8c972ccddb661cfbcaf60c288caec235b18ca7aa48c9cc6a66fb995910de3e431818e1f6784ac1fb739f713f9db21c4a3dad85bc12eaf6d1a2df507fbe3b83d8f539dbf0bc8635fe95e9da35de0c56c9f079eaf38c000000006d7e8c752879bdd4449efcb273066a1834a21a63f546ccef3881355d042d15b40ea1c1d65a55b315c2d9ecb74fd88d6c4c7d10e769e7fa8cd777b16c4e3a66ad87f3c7a176b4febca9e0e202ee132cdf84c6d1ca04a729231f7b22c5e56ffe3c7baca12d3b61eee0a535b7f276a779937565c98b7f4b5aab82f2dd3f9dbcb5e2782139cada08d558643b014af0e045f045ac507f50e31fbece2f369890c4a6f967b33404be8d93f7fc5a51eaf4e82d86615c1f682b3a662ef2798ee889877c43de8a1b0cfc99cfffd0abe32d01f67dd13b1ec19b9aef2c17ed20ca8402c4ed84f5d80feb6d4e00000000000000"], 0x14}}, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r8}, 0x10) ioctl$EXT4_IOC_SETFSUUID(r8, 0x4008662c, &(0x7f0000000240)={0x0, 0x0, "870b288c4edbe2d26ee94f0b92f2fe7e"}) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 790.128926ms ago: executing program 7 (id=4468): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x29, 0x5, 0x2, 0x8001, 0x6c, @remote, @ipv4={'\x00', '\xff\xff', @local}, 0x40, 0xe0e3ef9d4255d6b4, 0x0, 0x800}}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00'}) r2 = syz_open_dev$sg(&(0x7f0000000440), 0x0, 0x2001) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000040)=ANY=[]) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) r3 = syz_open_pts(0xffffffffffffffff, 0x0) r4 = dup3(r3, 0xffffffffffffffff, 0x0) read$watch_queue(r4, &(0x7f0000000e00)=""/4096, 0x1000) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/stat\x00', 0x0, 0x0) sendfile(r0, r5, 0x0, 0x20000023896) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x8000b29, 0x8, 0x7, 0xb9, 0x0, "7a58beca39ed2d5a99bbc4bff0ebd3e9bd5a8e"}) 719.450157ms ago: executing program 7 (id=4469): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=ANY=[@ANYRES32], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$TIPC_CMD_GET_NODES(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r6, 0x1, 0x0, 0x0, {{}, {0x0, 0x6}}}, 0xfd53}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 616.091557ms ago: executing program 7 (id=4472): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x29, 0x5, 0x2, 0x8001, 0x6c, @remote, @ipv4={'\x00', '\xff\xff', @local}, 0x40, 0xe0e3ef9d4255d6b4, 0x0, 0x800}}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r2 = syz_open_dev$sg(&(0x7f0000000440), 0x0, 0x2001) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000040)=ANY=[]) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) r3 = syz_open_pts(0xffffffffffffffff, 0x0) r4 = dup3(r3, 0xffffffffffffffff, 0x0) read$watch_queue(r4, &(0x7f0000000e00)=""/4096, 0x1000) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/stat\x00', 0x0, 0x0) sendfile(r0, r5, 0x0, 0x20000023896) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) ioctl$TCSETSF(r6, 0x5404, &(0x7f0000000000)={0x8000b29, 0x8, 0x7, 0xb9, 0x0, "7a58beca39ed2d5a99bbc4bff0ebd3e9bd5a8e"}) 611.706597ms ago: executing program 7 (id=4473): pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r1, 0x0, r0, 0x0, 0x6, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x3ff) fcntl$setstatus(r0, 0x4, 0x7c00) dup3(r1, r0, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000002060103000006000000000000000000"], 0x14}}, 0x0) 533.905568ms ago: executing program 6 (id=4474): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x18) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000011c0)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000380)={0x1f000000}) 533.591358ms ago: executing program 4 (id=4475): syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) timer_create(0xfffffffd, 0x0, 0x0) clock_gettime(0x0, &(0x7f00000003c0)) keyctl$set_reqkey_keyring(0xe, 0x3) request_key(&(0x7f00000000c0)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000280)=')\x00\x86\xd0=\x16\xcf\xea\xa6\x01\x00\xceO\xbam[AT !\x88x\xba\xc6H\xb3k\xaf\xbau\xc5\xe6\xd6\x96Q\x0e5\x88\xa1\xcf\x89\x19\xd3\xb7\xc4u\x99Ml5\xc2\x17\x87\xa2\xdd\vK\x05\x06t\xf9Fr@|\x93\xe6\xbe\x00\xaf\x98M\fE\xe1\xf1P\xa5\x916\xcf\xe7\x95\xa4\xab\xd2w?\xd8;5f\xa2\xf9\v{@\xf6 \x94\xe58\x1fs\xb3/Q\xd7\xc8\xa9\xbd=\xf6\x010\x8b\x1dfIA\xa1\x96\xc1\xb9\xc4\'G\xe5\x81-\xed|o\x95PXC\xe0h\x06F\x98\xd5\xf8Q\xe7T:?X\xc49\xcc\x16\x8d\xd0\x17\x96\xcf\xf0\x01\xc9V\xb3\x0e\xca!\x83\x88#\xe7\xc4\xbb\r6^\xb7$\xf5@\xb6\xc4\x84BMw)m\xda\xb0\'\xef\xea\xcf\xd2\xbf\xacJ\xa6\x96\xed', 0x0) (fail_nth: 6) 529.289658ms ago: executing program 0 (id=4476): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000007c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xdfff}, 0x50) (async) r0 = syz_open_dev$evdev(&(0x7f00000001c0), 0x1, 0xc0000) ioctl$EVIOCRMFF(r0, 0x40044581, 0x0) (async, rerun: 32) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bond0\x00', 0x800}) (rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f0061104e0000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb54470000010000feff8f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0xfffffffffffffd93, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async) socketpair(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8946, &(0x7f0000000080)) (async) ioctl$sock_SIOCDELDLCI(r1, 0x8981, &(0x7f00000000c0)={'ip6erspan0\x00', 0x80}) (async) r2 = syz_io_uring_setup(0x5331, &(0x7f0000000300)={0x0, 0x4449, 0x200, 0x3, 0xa4}, &(0x7f0000000100), &(0x7f0000000380)) syz_io_uring_setup(0x70a2, &(0x7f0000000240)={0x0, 0x274b, 0x4, 0x0, 0x2c7, 0x0, r2}, &(0x7f0000000040), &(0x7f00000002c0)) (async, rerun: 64) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={0x1}, 0x4) (async, rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xc, 0x0, &(0x7f0000000180), &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 424.868098ms ago: executing program 6 (id=4477): bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000c00)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) lremovexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='trusted.syz\x00') r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x3, &(0x7f0000000240)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) syz_clone3(&(0x7f00000008c0)={0x14860000, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[r2], 0x1}, 0x58) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmmsg(r0, &(0x7f00000005c0)=[{{&(0x7f0000000500)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x4, 0x0, 0x3, 0x2, {0xa, 0x4e21, 0x5, @empty}}}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000780)="84dc70d0bedb4f423d3716a37ac627b75a62a67516ab55068bbc64d9eb35c9d292a1c9cdea47f682d2d0605c12c76c6021ad18fb9ee8b697843099e955fffec089732a8280fa9a31bd77d280e37d843bad74f3eb664052d69312cfe62d52fe903c87070b8f8c3e6f034c1375a41a284fee75e9f3f2cd7bb48c54a909f13114a72fd7fc2828e04f3d19173d303cd1fd00f04ac9641cc8f16f385a5d12d983cc30d3f0be97178186d1ddfb5f", 0xab}, {&(0x7f0000000a40)="141fe09feb8b50f9319dd3e559cf8ea64a23c407ad49b4005cfc2f6edff182717e0e90de5dc9438458607727894be7fc1da7525c6339bfbae13bd9147c2c86e4f0c76ce6e7c847d27ff492671d8ca30a0174ad29a5af2227b5a4436cdbe52bd8aeb1a4437574aa85c7f16525d49798eb170bb8aee25f339492d8d9856a16d6e9de1796d1ebfa015819ae51188f7d", 0x8e}], 0x2, &(0x7f0000001680)=ANY=[@ANYBLOB="20000000000000001601000002000000d20a7d1c7d5f1df45c2e000000000000e00000000000000016010000060000005c429ff418cbd34f982dde1cdf2e582ec0e0f2f2360c91ca7180cb9c9a032eb0fa74f9af762885ee4352ee5148ad3933072f6445a48fbcf308e96012935d0dc2a6b4bbcace8f0b1449c06531ec03d9c50aea8497533f4962d8119648634ee043f5fbb7caf3a1a6bb89b84008d88a153113b7f175a038f6f1a7aee4f720483e126e0b177d1df4bd90f9f043422d7dd351368e09a46135e3b0e6db284f215b28a886eaeef57e4e9c156bdd759b7b70bd21c4d3ebbb781f02d673f2deec807122e555db88a9f2e2da02abb31a0000000000100100000000000007010000040000001eb9b6b3b10fd0dd4c15665ff601c24a16fc6331b47d56e75bd3d227e225b4a30d07d9f01e48af9845cc4d92de50200d365b31f9e0ba95d6df047276f041f3b49ed647f55a106a2a2bc0d03cbc9a2859bce1b826f9addcb17d2b48e96e0d3f0774142fe9b015b679fcdd181392993f2672e61fdcbb3c771b930d1db4359363b27941cd7ea623f059d998496fc0dbea52cd40c93d479e998218dfa328813b6aa6809dd721a8c416662b4555c55afa088498f1d1a8fece91f213cb0746ebfde6400277fed4208b4617d68eee80cceb80cbad04827bab8595e8626726c80afa7b22fa5ca5e181633804f343c77d2296aca6e175678c162620440d0a8000000000001010000000000000010000000100000003ad09d7359831fd907128e636c56e62936e0371dfed40e560179833f413f9039f77573f7582233f72a324ae2928ed003c302aff41a635cef8453da307508002342a7d184495c886f1c57baddbb5d6e2bad844e317c3e798c55d4e29dbc64f4e8e0a20461d06630d84dcd8dd181f02f42d3233d819d17542d254e5cb171ecf806007d45e3201358008e2fbe0575eadacff52b03acb8b7f7b51a65cd398dc6440754e94f7118e19510729adf96fee20cfe2f71d968f8bf95417ed116ef90365060c9037a6ce96d6d6f7112f0067a9ead7f95151015a2542c0154d59dd444ce6ca8bc88be319321969b1b604da3a647d6c97954cbce4b968b518885354c56c88d454388f4f24879dc0d35ec1f61f9c933c1854e397e1dafa67e14057040f86e7ca8a3cf4ee60d56b8f81768376a98f8f69c1c03c2a2a30fb43424917168d16a85e2222860688ea9818a9faf1f1be09deb961869824e31c51a217ece435638f66e5b39825594a76b9e85b0f734a8d0d7acca57666f41844e889c127e9dfb7093d4aa4c578ff26acafc562e08a40fc10ff8a1637e7d8d0a9f27773bd80d2274db9bd16297e700b084719a4aa623d8cbed6111d27cbbf40fbfd27900f9dc229589e36855bf3fbaea31e93933d60f78dd6bfa17d282345c383cb6939a98a71cee54f0ec8532ae94bcae61eaa681a99a7819484630ee06a8742b454d45837a1b25c0c4182fec09211a91462bd9d2144256d6b5666474c5a576b739ba6136038f4f3bd1f822f2b728662a6e5e8adee5b868a316c60729f5c1528e0660aa470df1b8a11f3a2c5b37ff2a75291efe82a8c7e192ccf7f662f9186540066e0afd64b567d4de1676a5ecebd1519e11340d21bfad1f1fa53b60a04468b5c1900f343685e87101a43fcb5db773c845b2de6d61307a50a797bcfc5b9a55b7ba80ba08492907d1333b4934f2b6e992fe33def6a5c87fd3074965a0d9534f2a00c77f2d43e04db0d651b3e6ee8c5a409820468ecb6e12b4dcc69b8330dcd24e5f0e7780978155d5720a951865646f903d44b3489e2d07b914e60788ef574ca4637c4063bb3760bc209d3f706f2f9a193bb7e8151a690d32bee39a094501d0bfd2b50ce0b1a488b7478e69eee1af12d416bacd614c8e2dfcbb770d4318598c922bc32418a32a86d54bd34eb56b88f2e92911c0e7eab4498f6a988ee8298395a5d6b19433ceff907ed81070fb653182414d3c4a2a6f5e8e9b965364b0240a8b77cfb226a44e1a1e19c7c3647a46ad9b21ade908369ecf8edf0d2db8027e00c7280c6a444fc6429b0042c9c01d54da43e7425a3fc91429b6e3774ba4cb73347bf3b47cf2124cdebeee3e30cbbb4580ceedbfb1cea3c624b7ea7b2db8233872dae2dcba9ee48a4c01f75f292e1b85aba7dea48d172b9068914e76d57902a570038717791cc07b1308938a778dee999fdbbe4eae22744c7724d1de0319eb746edf6c924ca1c447bff2f09b0492c9b43f33b9e9069b0c698f1082df1a00ae3b29ebd967a153748e2ad31ed930b9abd7c507fe7cc244dda31b43cf1b7cb1455ddfb438366ea53b0310750da79a8498093424dbd1b083a88625d655d54c8536a0dbe8cbfbbe725db9ae8a6093c9561be89a24e9c64a810c6cb6cd34efcefd6a4b993ba192483006385770ae093978eff1a885f036fafced17b7d557f8393cb925ba1a5a554d47948e8c0e9509ede181a744861a14e87a23d1f9fdce8369916bffbe36808dbef5f539ae95c99ebaf905daac3b1095bb180015049ca99f1c1579a5db63525f5e8560549849c489b00a7bc98f0301cae66fc288eaf60fdcf0285731e8b9ec85bdcb76548a27fb2391f9f877debf678cd8db7d226a64cfb72697d3a6867d82c86097228dcf64829d64226612aaba291e1af9e1a185d3f804d0c9990324696b6acd26000513d7646c5afd2074f7f8eff02e83cfa4104333f13193c999e9f3f780de91355d1eed1dd44f2b66e5b3bfff76c92fbedbd7ab45d7910c6e75652c40acfa533426f38c09082e7458e33e8254b353301aba71d6eb369811a273975e5ca1db3ebbeca826bd68793491eab80b6786af67b6e30d27a4e86e9e159c32cc55dc3b9cb84de013b591f7e3e8099adfd47985f594c4b88da2e746bd7716a1c4378ad9faee42a014df635f397a43f9c2a5ac8f27a99a0b8bc1102e8b8da04582c77ebd08bca137c92430a8ab6dd7f0c679ae4461919b0c64a328dbb5226b42c19c122bbd65b92451c3f8d5421d8f4e55121fef9c379b1f1ddb680666d7e61631d1923adb6504aa196e7f82cf5328dee2a8099d31627739e5b5777636718f44548b2ca1e2cb7f9700de48840b57f8cda3ed0e2beb0ac47d91bc27d4ed5680d18d17a0ca4dadd9bef67476913ce4337d63a902f1d8064f6ac2a785c973d238a766c8c3689e432b3f8f7e75bb202ae69863200d2583b4e1b30e0c09fdbfd57dd383f72608fd21657d6dbb6e4e8a76afb11c82905d48096f0b14f3748f522f81353c622ca98c3dec355696dc6036bf1f9c920b3277c7029627f81d1890086f346e4427f2f413a62598a095aef1b032d2365f97afe8e0dab69f065c9dd204ab1c0e814428a4499b4020d6035e21e19fcea66357473a3bc26a45cde0d01e5ee7f8e2a0b470954ff0dfd4d3979b62823056e917fcc7f1fd644ffaa9f65e97d9f14be2cb6865d51395fcaf250947616ebe404ebbe154081f0525d466c804d067a1ee76506c5da55e68da39002f105a4b0ff14afaab329abbef33ada6fb55402a3008acd8ce6638f1ed1a26df3ef272e9e8ca218766e7472842537e7370a00984ba14da8ff40eae6ae0c3ced0d24b255495992dd30ab045b7d8f900c3454c7aacffebcbf1c98ce3917f0ceb041d21f8d8456e1399ffc56cc446bfc3109d3efe02aa466df933e66123a3bacce560864d31f3173fc5dac76aab06b34d3d88f44d174c659e8c3bd33ca12ecada54985481ca1e35fbe2fada2e390e43ddc3bd4a1b98f83192edee3132188e628f253140098892e1bb984d33983eda0c5b95e3c616e03275e9a086b9d0beae9c191eda9efa05b1f2025c69bcc766aea251425dd4fc93d9f101dade0d016dd83987a85fad46ede6f03398605be9dce987e814683587323116232c8ce61dffb0995d1c167e14a3531efb44e26ba7ab7916ffdc56a538f4793d1eacb408da12a7d9545cbc04ab618d87b8b79e1fe9b93f5e657b08b7388be577164573c4fdf38187ef8539d6895ee07d4f7504cb54f9e0d9cf9289e695cb10ecc4ec5d6863afff763f3186585f18e932b99e06696a261566c8c8ef5e4622bfd6ab26fbd3c48c008420f8abc78ec3b6fd82212c992b460029dfddd917a6a14b53726e0fa4565c2533aa74901d80cab884c39e20560844aea66a9c3dd14878bcf125e38b41574e5472ace144e57649b268d581507f9abb653da275acbca39521b07356850df652b6df7864a08fb69c52705469120838d3d82e0778786dfc3ed6d990f808f59bdaacce6b8fafcac7b7991a3e2fe48ee3724fab33436abe5815ef45da53aab77f3d98184c0923b813e744b7e90000cc17ef488c302c518c7c5d4ff3d81515336e5283785e948b5302387d3061c1880e80ed273f2eeada8a00c9678d561ddb3dbd320407b8fe850cd08e9542742bd3a490a6036df9bfe19fdd093dc3c2ad9cb4d45af9d4379b0404b2dbbbdda9a5e7318b9d851147763516748ebf82ff4bae002a9a42fb2dfcffc1fffc1f6eed72336c68ad1be85437a39e102b11268e07748189ac0f7b9bcb128b134b8ffcc6f0aae5fc6df1a1a025e5920cb2bf50f501649d10b9763f924aca2e76c1db1d937e20a346f496849325bebc18becdf55e42aa5410c746574348b881f68f209261ee2b913475e708644f45c6bafa2d72cac4d9c53d821e58ca1de264b40a07f1a23410721e2deff96aa9ee205bede85682c70d1229f018d0249fc9a87a635d838c38710f1057da7b8cb6da0295335ea06ceea7960e4176745b4558ff2d63d862c2388972e9365903e40fa3bdf149bbb3ef3834adc7388f57baa5c49d016a90e68b60cd866e13a95f5f30523c80a842c2232d7ad5351d156496815cce7554fc0ef7f41702fa0b74028db7d3959d00e8e44b4ada971c68234b29ea8ff2b6f95dcab48470eeb79f02d8347b2958adc3123b13b2c47f720ce2229a4bfd7465b3b03172119a8fd320d3460d7b6270dfc2154d7ba312870f6c3830f933333f86d14391837e98a2a8cf6da0e3811a00faa3804675ed2f82df98e883e9a934bc107d62f3042b346470a2cfc0de76ca9609d5ca7b48274206c4d4fd585e0b2994bcae6e4cbfa4df45e5f21e20489cfdb5e7413cee7b953e1ce9bd1635fb3c8191ca2e5d8cc0416d8b184decb9c7b5f3b1050ca9a2b67ce008b0714e950d07c7b7953601a4b3fff44c8d0fb4bf841c3230fa416e690b90943bd8f18c07e3da9354750dd8b493ab2bfbc25c5c444f710b5d87ecd2422cd331d4450e132d0102b4a41432435d001eff6b4d1fc61d0b0b8a6d0be4cd207851494539a1634a73388fdc3459a0cbd10af4500cf71e3998df6271f32546bf7d2021c51a262c01430d4d527cff2102bfbf0f8b241b448c789cc1535a97f7c1990800124eb83b097bf61c3d4c8a90474720d31bf0d13a98b9df4b417ecfce67f468b8551de6e2520ba8a53157d4f36de968da890b6b59908e0cc742437aa3cc8f59f8e00d2c495169012ee43507e39edca7267282c0b57a8530f33c8be7912841aa06ab1d36a6b6c7aa2ab7cb0cfe4be6d6ff0e26906ab93eeb2813a57d8c846bc1022e3c95dfe94f4db4ac9447c4faa17c9fb483b36d18cecded2897c3be35933b413a4d38d0a799a86028b1504fa47ab6461b0a9e01f72ca4c0b5fdcfe6329544bcb6a3cc7770b2cfa88bc79ccb488135d7a768e2f0b27ac5751084872bc3e95bd0296d226ba4bae59dd7d6ef244ea394232bc08e38a9c92692da6355d37c4d9a461be347666e76f89f784cb862ac5609f6b7a151807f74955eb9f06eb5b40a0b905518e2f3d4e4b743b0f53ef130799ee89b85f13cffcd6e1985036d227f010bffd9f533ac42c3b14c4e13870c373b180c91bf7add2ce283021997cdab2ffc613757d54e598bfc2a061b7b44af23c9fd13a9eeea9543860e874ddcf7752d9240248d8588467338ddb3d323f8c8c4588fe4c203ca4c293b16e8105ac628764cf3abfdd136308fef89796199e95845405fa746e5408e8700c6697839e2986d8d6965356b0306215abf068c59231f0ef46c65ebff749a32998149c6588bfb9ce4f092cd2605c6d92561b0a8f4eae49d0e29ea2e6d3bbf6f1557a275c976bb15c64315c4a9315111d5686839d3bb39bc8dcaa70cb6b2e39b3cf5932ba9546179f1659b5d19e8dafd9f5f306914abf3b804719313912a96befe6bad5c371c9ca4472936d64bee7e50ab5402b1a2027ffd0ac08674247fe22e108713f539c014ef950496e60b58a53f4b2a5b49fa844922feb05e94380c957a6f181ae74603fe8e7f0b7bd36846df0e0beb2c6e303f031dd2d397f980f371af4dc1d91f2cb476d58b9ad35f65c049a6222b241469bc3f29a53128a3d17002d7b6521c3a27147e99487cdb9ee80d92289dbbe3901ee0ba428835247233a6f9dd1058e5a6f702620a370801e37883d05b34b7cdefa631db39519194da9220a73368d9e564061da9b28a36b1bdec92defab04f94db4661005385fef476045dbc0767e062f64bdae7ee8d33c876f2f9582857e3996f9"], 0x1220}}], 0x1, 0x4000) getsockname$packet(0xffffffffffffffff, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000004c0)=0x14) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) accept4$nfc_llcp(r6, 0x0, &(0x7f0000000240), 0x80800) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000880)={0x395, 0x0}, 0x8) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYRESHEX=0x0, @ANYRESDEC=r1, @ANYRESOCT=r5], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0xff9d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000ff0000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c000280050003001b000000080002400000001108000440000000040900010073797a30000000000900020073797a32"], 0x80}}, 0x0) 420.219698ms ago: executing program 7 (id=4478): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x402c5342, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000005c0)={0x0, 0x0}) tkill(r1, 0x7) syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r2, &(0x7f0000000d40)=[{{&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000001c00)='{', 0x1}], 0x1}}, {{&(0x7f0000000340)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000500)=[{&(0x7f0000000480)=')', 0x1}], 0x1}}], 0x2, 0x0) sendmmsg$inet_sctp(r2, &(0x7f0000001a40)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000300)="8d", 0x1}], 0x1}], 0x1, 0x0) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x11, &(0x7f0000000380)={r4}, 0x8) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=@mangle={'mangle\x00', 0x44, 0x6, 0x4a0, 0x0, 0x138, 0x210, 0x0, 0x138, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x500) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000680)='rxrpc_receive\x00', r0, 0x0, 0x7f}, 0x18) syz_emit_ethernet(0x66, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffff00303a00fe8000000000000000000000000000bbfe8000000000000000000000000000aa01049078c50000006561bced0005ff01fe88000000000000000000000000010100000000000000000000000000000001"], 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x1c}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000000ff0100000000", @ANYRES32=r5, @ANYBLOB="01000000002200001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c00000010000100000000000000000053000000", @ANYRES32=r7, @ANYBLOB="efdd0e4af11f"], 0x2c}}, 0x0) setsockopt(r6, 0x8, 0xd62, &(0x7f0000000300)="baf18e911cbadfc5b997277c9cd5e3568fb60bf4f38959d00cd2e7090da09bb3793600a7dbee2d4405b0cf940cfd3649661a83780dd7a7baa85807974c4ec0029aebb40a76e79ab70617d4e6f87d69d735012ca69af32a6a71de59627e5f162c76085a870ba3032a49f31a088e29", 0x6e) sched_setscheduler(0x0, 0x1, 0x0) r8 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$MON_IOCX_MFETCH(r8, 0xc0109207, &(0x7f0000000080)={0x0, 0x6}) 411.149289ms ago: executing program 0 (id=4479): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) creat(&(0x7f00000001c0)='./file0\x00', 0x0) r3 = getpid() bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0xe1515f8735398e8, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)=[0xff], 0x0, 0x0, 0x1, 0x0, r3}}, 0x40) 386.280628ms ago: executing program 6 (id=4480): socket$inet6_sctp(0xa, 0x5, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) socket$inet_sctp(0x2, 0x1, 0x84) (async) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000001c0)={r3, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x10000, 0x0, 0x90}, 0x9c) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={r3, 0xfffeffff, 0xfff, 0x7}, 0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000040)={r3, 0x2b, "9769bf8e85e1ef3bcbf41fb782b990e12680d60d0719c40cf2bd4690f41ec5d411fbb40c27a61ce8993aab"}, &(0x7f0000000140)=0x33) socket$inet_sctp(0x2, 0x5, 0x84) (async) r4 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xc, &(0x7f0000000c80)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000300)=@assoc_value={r5, 0x4}, &(0x7f00000005c0)=0x8) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000090) socket$nl_xfrm(0x10, 0x3, 0x6) (async) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f00000034c0)={0x0, 0x0, &(0x7f0000003480)={&(0x7f0000002240)=ANY=[@ANYBLOB="c8010000190001000000000000000000fe800000000000000000000000000000ff02000000000000000000000000000100000000000000000a00000033000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffffffffffff000000000000000001800000000000000000000000000000000000000000000000000000000000000a001000000000000000000004010500ac141400000000000000000000000000000004d33200000002000000fc0100000000000000000000000000000000000001030000000000000000000000000000ff010000000000000000000000000001000000006c00000002000000000000000000000000000000000000010000000000000000000000000000000000000000fe8000000000000000000000000000bb000000003200000002000000fc0000000000000000000000000000000000000004000000000000000000000000000000fe880000000000000000000000000001000000003300000068b50000fc0000000000000000000000000000000000000001"], 0x1c8}}, 0x0) (async) sendmsg$nl_xfrm(r6, &(0x7f00000034c0)={0x0, 0x0, &(0x7f0000003480)={&(0x7f0000002240)=ANY=[@ANYBLOB="c8010000190001000000000000000000fe800000000000000000000000000000ff02000000000000000000000000000100000000000000000a00000033000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffffffffffff000000000000000001800000000000000000000000000000000000000000000000000000000000000a001000000000000000000004010500ac141400000000000000000000000000000004d33200000002000000fc0100000000000000000000000000000000000001030000000000000000000000000000ff010000000000000000000000000001000000006c00000002000000000000000000000000000000000000010000000000000000000000000000000000000000fe8000000000000000000000000000bb000000003200000002000000fc0000000000000000000000000000000000000004000000000000000000000000000000fe880000000000000000000000000001000000003300000068b50000fc0000000000000000000000000000000000000001"], 0x1c8}}, 0x0) 385.919268ms ago: executing program 0 (id=4481): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="03", 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={0x0, 0xdc, 0xfd5, 0x4000001, 0xff, 0x180e}, 0x14) 320.002329ms ago: executing program 0 (id=4482): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000d40)={0x0, 0x2904c, 0x0, 0x10003, '\x00', [{0x0, 0x0, 0x2000000000}, {0xffffffff, 0x0, 0x0, 0x80000000}]}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x4c, 0x4c, 0x4, [@func={0xb, 0x0, 0x0, 0xc, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x4, 0x4e4f}}, @func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x0, 0x3}, {0x8, 0x4}]}, @restrict={0xe, 0x0, 0x0, 0xb, 0x1}]}, {0x0, [0x0, 0x0]}}, &(0x7f00000004c0)=""/160, 0x68, 0xa0, 0x1, 0x6, 0x0, @void, @value}, 0x28) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x2, 0x7ffc1ffb}]}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) setpriority(0x0, 0xffffffffffffffff, 0x2516695f) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000004001000040000000800000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000300000000000000000000000000000000160000000d0000a2f25fb6c632d9f74bf1e3df977c0337af503b51739633"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000001940), 0x2000cc0, r2}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240), 0x0, 0x2, r2}, 0x38) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000001c0)={0x2, [0x0, 0x0]}, &(0x7f0000000240)=0xc) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = signalfd(r4, &(0x7f0000000080)={[0x120000000000000]}, 0x8) ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f00000000c0)={'veth1_virt_wifi\x00'}) socket$nl_route(0x10, 0x3, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000680)='f2fs_background_gc\x00', r6}, 0x18) sendmsg$nl_route(r5, &(0x7f0000000600)={0x0, 0xffffffffffffff98, &(0x7f0000000640)={&(0x7f00000006c0)=ANY=[@ANYRES32=r3, @ANYRES64], 0x30}, 0x1, 0x0, 0x0, 0x4094}, 0x4000000) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x60, r8, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r9}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000280)={r3, 0x2b, 0x3, 0x5, 0x4, 0x9, 0x7, 0x8, {0x0, @in6={{0xa, 0x4e22, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8001}}, 0x4, 0x0, 0x3, 0x800, 0x18fa0233}}, &(0x7f0000000340)=0xb0) accept$nfc_llcp(r0, &(0x7f00000000c0), &(0x7f0000000140)=0x60) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="2c0000001a0001002cbd8ce3ffffffff0100000200fa0a967fc89a0566c2316d2cb7e1019cddc5"], 0x8b}}, 0x20044000) setsockopt$TIPC_CONN_TIMEOUT(0xffffffffffffffff, 0x10f, 0x82, &(0x7f0000000180)=0xca, 0x4) 319.846689ms ago: executing program 6 (id=4483): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x29, 0x5, 0x2, 0x8001, 0x6c, @remote, @ipv4={'\x00', '\xff\xff', @local}, 0x40, 0xe0e3ef9d4255d6b4, 0x0, 0x800}}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r2 = syz_open_dev$sg(&(0x7f0000000440), 0x0, 0x2001) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000040)=ANY=[]) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) r3 = syz_open_pts(0xffffffffffffffff, 0x0) r4 = dup3(r3, 0xffffffffffffffff, 0x0) read$watch_queue(r4, &(0x7f0000000e00)=""/4096, 0x1000) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/stat\x00', 0x0, 0x0) sendfile(r0, r5, 0x0, 0x20000023896) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) ioctl$TCSETSF(r6, 0x5404, &(0x7f0000000000)={0x8000b29, 0x8, 0x7, 0xb9, 0x0, "7a58beca39ed2d5a99bbc4bff0ebd3e9bd5a8e"}) 213.765489ms ago: executing program 0 (id=4484): r0 = perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x35, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r1 = socket(0x11, 0x3, 0x0) syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad5, 0x0, 0x0, 0x10000}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f00000004c0)=@abs, 0x6e) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRESOCT=r2, @ANYRES32=r6, @ANYRES64=r1, @ANYRESDEC, @ANYRESDEC=r3, @ANYBLOB="000000000000000000005c3500000000000000000000009113000000", @ANYRES32=r0], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000080000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000021440011800a0001006d617463680000003400028008000240000000001c0003000afe6cbf96caa5debdad61b67ddb2fb68fcf19f7807076430a00010071756f7461"], 0xc8}}, 0x0) 200.137269ms ago: executing program 3 (id=4485): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'rose0\x00', 0xd132}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r2}, 0x18) r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341) ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000000080)={0x0, 0x0, "b2d8f8e77ab2332d21644baf6c907902f9f25f7213c53e80ab517c412c400ec87403532622fe60e1c4d2be1b49d489a406c27759826b565edfddf3ba0231556e5f2a88065c0a960381094ba68dd5dcea98550919fecdafef292fd10b2985aca4426670e0ec35a8c9cb9aad285b776a4541e51908b33655fbb0c03dd0784308c26fed170bc32bfc57409a166228c30fecd7d40d26bbf2b764d350b150b22492789aad27573f2c37e0f5e36cee1027916b381ae45f64805d537d181a56388fba6be8c58aff329074f9ed83d1e6ea2a9e4ee26a66b620166cbb26853926a8be715dc8bd1ec8b6b75144fc6a4fd0b6663cb7006798412710e5deb41e1d03955498e0"}) ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f00000004c0)={0x2, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0}) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x8002) sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0x0) sendmsg$key(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x2, 0x18, 0x6, 0x5, 0x31, 0x0, 0x70bd28, 0x25dfdbfb, [@sadb_x_sec_ctx={0x1f, 0x18, 0x5, 0x1, 0xef, "21ff5561fceaa85fe443f0236d0f33507c0036e5f3decf86841d4d1748914cfaaf9e0acba9f919c2fd79145590c68a713baf754b927d36e001145a073146ceee49cdcd7b71f7891b5829a8c92648ee42b6c571358c02075290d6c4299be509c0698d9139e0727e2c4c3f98f3ca04cc2b7ba7968ace2278221de6de5f8417f808f0f8a2c9ea7e22b6345962f98a512fff03d1ab5f924e5707b7f65157ac8a7e672d34f6aa0380d55e93a92da796afbab83dbed2da8f5d86ca8fbb2fc0d077577f6b2d81ec72f8a1741f1c9167c14569137e60ed4b875cb8cbbe25bfeab94e81bcffc752eb931f3f57179ed8bb160fdb"}, @sadb_x_nat_t_type={0x1, 0x14, 0x4}, @sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x6e6bb7, 0x7, {0x6, 0x6c, 0x28, 0xc4, 0x0, 0x3, 0x0, @in=@remote, @in6=@local}}, @sadb_x_filter={0x5, 0x1a, @in6=@empty, @in6=@mcast1, 0x26, 0x4, 0x14}, @sadb_x_sa2={0x2, 0x13, 0x4, 0x0, 0x0, 0x70bd2a, 0x3500}]}, 0x188}}, 0x4c000) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8943, &(0x7f0000000080)) 90.22517ms ago: executing program 3 (id=4486): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109"], 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x1e8, 0xc, 0x5002004a, 0xb, 0x310, 0xea02, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x248) 89.88843ms ago: executing program 6 (id=4487): syz_emit_ethernet(0x46, &(0x7f00000007c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x5, 0x0, @dev, @private=0xa010100, {[@timestamp_addr={0x44, 0xc, 0x5, 0x3, 0x0, [{@remote}]}, @lsrr={0x83, 0x3}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) fchown(0xffffffffffffffff, 0x0, 0xee01) socket$inet_sctp(0x2, 0x5, 0x84) 51.65144ms ago: executing program 6 (id=4488): pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r1, 0x0, r0, 0x0, 0x6, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x3ff) fcntl$setstatus(r0, 0x4, 0x7c00) dup3(r1, r0, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000002060103000006000000000000000000"], 0x14}}, 0x0) 0s ago: executing program 0 (id=4489): clock_getres(0x1, &(0x7f0000000200)) (async) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="0a00000004000000ff0f000003"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r0, 0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000500)='%-5lx \x00'}, 0x20) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = dup(r2) ioctl$PTP_EXTTS_REQUEST2(r3, 0x40103d0b, &(0x7f0000000080)={0x400, 0x1}) (async, rerun: 32) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f0000000280), &(0x7f00000002c0)=0x4) (rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10) (async) unshare(0x2a020480) (async, rerun: 64) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (rerun: 64) pwritev2(r5, 0x0, 0x0, 0x3ff, 0x24, 0x16) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r6, 0x0, 0x8000000000000000}, 0x51) (async, rerun: 32) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) (async, rerun: 32) r8 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r8, 0x0, 0x0, 0x409c884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) (async, rerun: 64) sendto$inet6(r8, 0x0, 0x0, 0x24018815, 0x0, 0x0) (async, rerun: 64) r9 = socket$inet_dccp(0x2, 0x6, 0x0) poll(&(0x7f0000000300)=[{r1, 0x2280}, {r9, 0x2500}, {r6, 0x4000}, {r3, 0x1020}, {r7, 0x614}, {r4, 0x804c}], 0x6, 0x2) unshare(0x26020480) kernel console output (not intermixed with test programs): 5.448082][T13517] dump_stack+0x15/0x20 [ 205.452267][T13517] should_fail_ex+0x223/0x230 [ 205.457064][T13517] should_fail+0xb/0x10 [ 205.461336][T13517] should_fail_usercopy+0x1a/0x20 [ 205.466400][T13517] _copy_to_user+0x20/0xa0 [ 205.470957][T13517] simple_read_from_buffer+0xa0/0x110 [ 205.476383][T13517] proc_fail_nth_read+0xf9/0x140 [ 205.481439][T13517] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 205.487028][T13517] vfs_read+0x1a2/0x700 [ 205.491302][T13517] ? __rcu_read_unlock+0x4e/0x70 [ 205.496338][T13517] ? __fget_files+0x17c/0x1c0 [ 205.501117][T13517] ksys_read+0xeb/0x1b0 [ 205.505344][T13517] __x64_sys_read+0x42/0x50 [ 205.509905][T13517] x64_sys_call+0x27d3/0x2d60 [ 205.514665][T13517] do_syscall_64+0xc9/0x1c0 [ 205.519222][T13517] ? clear_bhb_loop+0x55/0xb0 [ 205.523973][T13517] ? clear_bhb_loop+0x55/0xb0 [ 205.528736][T13517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.535036][T13517] RIP: 0033:0x7f508b6cd19c [ 205.539479][T13517] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 205.559148][T13517] RSP: 002b:00007f508a341030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 205.567595][T13517] RAX: ffffffffffffffda RBX: 00007f508b885f80 RCX: 00007f508b6cd19c [ 205.575624][T13517] RDX: 000000000000000f RSI: 00007f508a3410a0 RDI: 0000000000000004 [ 205.583627][T13517] RBP: 00007f508a341090 R08: 0000000000000000 R09: 0000000000000000 [ 205.591631][T13517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.599634][T13517] R13: 0000000000000000 R14: 00007f508b885f80 R15: 00007ffec2ff4648 [ 205.607646][T13517] [ 205.621083][T13508] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3615'. [ 205.640998][T13508] bridge_slave_1: left allmulticast mode [ 205.646746][T13508] bridge_slave_1: left promiscuous mode [ 205.652605][T13508] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.696692][T13508] bridge_slave_0: left allmulticast mode [ 205.702577][T13508] bridge_slave_0: left promiscuous mode [ 205.708311][T13508] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.850443][T13525] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3623'. [ 205.933024][T13522] loop3: detected capacity change from 0 to 8192 [ 205.946158][T13529] loop0: detected capacity change from 0 to 512 [ 206.052437][T13538] pim6reg1: entered promiscuous mode [ 206.057920][T13538] pim6reg1: entered allmulticast mode [ 206.082924][T13541] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3628'. [ 206.091998][T13541] netlink: 84 bytes leftover after parsing attributes in process `syz.0.3628'. [ 206.114674][T13544] syz.6.3626: attempt to access beyond end of device [ 206.114674][T13544] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 206.158844][T13538] bridge_slave_0: left allmulticast mode [ 206.164739][T13538] bridge_slave_0: left promiscuous mode [ 206.170479][T13538] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.189764][T13538] bridge_slave_1: left allmulticast mode [ 206.195639][T13538] bridge_slave_1: left promiscuous mode [ 206.201305][T13538] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.219730][T13538] bond0: (slave bond_slave_0): Releasing backup interface [ 206.231364][T13545] loop0: detected capacity change from 0 to 8192 [ 206.241309][T13538] bond0: (slave bond_slave_1): Releasing backup interface [ 206.264934][T13538] team0: Port device team_slave_0 removed [ 206.299045][T13538] team0: Port device team_slave_1 removed [ 206.323056][T13546] tipc: Started in network mode [ 206.328079][T13546] tipc: Node identity ac1414aa, cluster identity 4711 [ 206.337114][T13546] tipc: Enabled bearer , priority 10 [ 206.374862][T11099] IPVS: stop unused estimator thread 0... [ 206.457329][T13553] program syz.7.3633 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 206.539911][T13562] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=45444 sclass=netlink_route_socket pid=13562 comm=syz.7.3633 [ 206.589320][T13564] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3638'. [ 206.661072][T13571] loop3: detected capacity change from 0 to 512 [ 206.669970][T13573] netlink: 268 bytes leftover after parsing attributes in process `syz.7.3641'. [ 206.723971][T13571] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.744899][T13577] netlink: 72 bytes leftover after parsing attributes in process `syz.6.3644'. [ 206.769904][T13571] ext4 filesystem being mounted at /175/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 206.783994][T13577] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3644'. [ 206.824487][T13571] SELinux: Context @ is not valid (left unmapped). [ 206.862696][T11589] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.916809][T13598] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3653'. [ 206.932806][T13599] loop7: detected capacity change from 0 to 128 [ 206.939594][T13599] vfat: Unknown parameter 'źë' [ 206.945740][T13602] SELinux: Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 206.948587][T13599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 207.004781][T13602] loop6: detected capacity change from 0 to 512 [ 207.041554][T13599] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.060623][T13602] EXT4-fs: Ignoring removed i_version option [ 207.068846][T13602] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 207.097760][T13611] loop3: detected capacity change from 0 to 512 [ 207.130928][T13602] EXT4-fs (loop6): 1 truncate cleaned up [ 207.137149][T13602] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 207.146115][T13604] loop0: detected capacity change from 0 to 8192 [ 207.164817][T13602] FAULT_INJECTION: forcing a failure. [ 207.164817][T13602] name failslab, interval 1, probability 0, space 0, times 0 [ 207.173424][T13611] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.177525][T13602] CPU: 0 UID: 0 PID: 13602 Comm: syz.6.3654 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 207.195597][T13611] ext4 filesystem being mounted at /178/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 207.200278][T13602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 207.200296][T13602] Call Trace: [ 207.200306][T13602] [ 207.227100][T13602] dump_stack_lvl+0xf2/0x150 [ 207.231727][T13602] dump_stack+0x15/0x20 [ 207.235947][T13602] should_fail_ex+0x223/0x230 [ 207.240664][T13602] ? __es_insert_extent+0x563/0xed0 [ 207.245991][T13602] should_failslab+0x8f/0xb0 [ 207.250684][T13602] kmem_cache_alloc_noprof+0x4c/0x290 [ 207.256163][T13602] __es_insert_extent+0x563/0xed0 [ 207.261261][T13602] ext4_es_insert_extent+0x45a/0x1c80 [ 207.266727][T13602] ext4_map_blocks+0x872/0xcf0 [ 207.271645][T13602] _ext4_get_block+0x104/0x370 [ 207.276451][T13602] ext4_get_block+0x39/0x50 [ 207.280987][T13602] ext4_block_write_begin+0x34f/0x9c0 [ 207.286459][T13602] ? __pfx_ext4_get_block+0x10/0x10 [ 207.291720][T13602] ext4_write_begin+0x426/0xc30 [ 207.296658][T13602] generic_perform_write+0x1a8/0x4a0 [ 207.302046][T13602] ? __mark_inode_dirty+0x45e/0x7e0 [ 207.307324][T13602] ext4_buffered_write_iter+0x1ea/0x370 [ 207.312908][T13602] ext4_file_write_iter+0x360/0xf20 [ 207.318191][T13602] ? kstrtouint_from_user+0xb0/0xe0 [ 207.323409][T13602] ? avc_policy_seqno+0x15/0x20 [ 207.328305][T13602] ? selinux_file_permission+0x22a/0x360 [ 207.333968][T13602] vfs_write+0x77f/0x920 [ 207.338254][T13602] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 207.344014][T13602] ksys_write+0xeb/0x1b0 [ 207.348361][T13602] __x64_sys_write+0x42/0x50 [ 207.352975][T13602] x64_sys_call+0x27dd/0x2d60 [ 207.357672][T13602] do_syscall_64+0xc9/0x1c0 [ 207.362200][T13602] ? clear_bhb_loop+0x55/0xb0 [ 207.366947][T13602] ? clear_bhb_loop+0x55/0xb0 [ 207.371690][T13602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.377611][T13602] RIP: 0033:0x7f68571de759 [ 207.382080][T13602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 207.401710][T13602] RSP: 002b:00007f6855e57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 207.410184][T13602] RAX: ffffffffffffffda RBX: 00007f6857395f80 RCX: 00007f68571de759 [ 207.418167][T13602] RDX: 000000000000fcb8 RSI: 0000000020000140 RDI: 0000000000000005 [ 207.426154][T13602] RBP: 00007f6855e57090 R08: 0000000000000000 R09: 0000000000000000 [ 207.434138][T13602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.442122][T13602] R13: 0000000000000000 R14: 00007f6857395f80 R15: 00007ffcb8d92188 [ 207.450116][T13602] [ 207.453716][ T3392] tipc: Node number set to 2886997162 [ 207.465168][T13620] netlink: '+}[@': attribute type 21 has an invalid length. [ 207.472950][T13620] netlink: 132 bytes leftover after parsing attributes in process `+}[@'. [ 207.484793][T12741] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.514928][T11589] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.611785][T13624] loop6: detected capacity change from 0 to 8192 [ 207.785078][T13648] FAULT_INJECTION: forcing a failure. [ 207.785078][T13648] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 207.798534][T13648] CPU: 0 UID: 0 PID: 13648 Comm: syz.3.3671 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 207.808987][T13648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 207.819070][T13648] Call Trace: [ 207.822411][T13648] [ 207.825350][T13648] dump_stack_lvl+0xf2/0x150 [ 207.829994][T13648] dump_stack+0x15/0x20 [ 207.834261][T13648] should_fail_ex+0x223/0x230 [ 207.838970][T13648] should_fail_alloc_page+0xfd/0x110 [ 207.844351][T13648] __alloc_pages_noprof+0x109/0x340 [ 207.849691][T13648] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 207.855096][T13648] vma_alloc_folio_noprof+0x1a0/0x2f0 [ 207.860509][T13648] handle_mm_fault+0xdbe/0x2aa0 [ 207.865394][T13648] exc_page_fault+0x3b9/0x650 [ 207.870095][T13648] asm_exc_page_fault+0x26/0x30 [ 207.875023][T13648] RIP: 0033:0x7fde2e9718e0 [ 207.879451][T13648] Code: 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 47 0f b6 0c 08 45 84 c9 74 08 <45> 88 0c 00 49 8b 47 10 48 83 c0 01 49 89 47 10 83 e9 01 73 d3 41 [ 207.899140][T13648] RSP: 002b:00007fde2d7264a0 EFLAGS: 00010206 [ 207.905225][T13648] RAX: 0000000000019000 RBX: 00007fde2d726540 RCX: 0000000000000101 [ 207.913216][T13648] RDX: 00000000000003e3 RSI: 0000000000000fe4 RDI: 00007fde2d7265e0 [ 207.921219][T13648] RBP: 0000000000000102 R08: 00007fde25307000 R09: 0000000000000005 [ 207.929274][T13648] R10: 0000000020001402 R11: 00000000000005cb R12: 0000000000000c01 [ 207.937351][T13648] R13: 00007fde2eb35fc0 R14: 0000000000000017 R15: 00007fde2d7265e0 [ 207.945345][T13648] [ 207.948493][T13648] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 207.975939][T13648] loop3: detected capacity change from 0 to 1024 [ 208.014910][T13648] EXT4-fs: Ignoring removed orlov option [ 208.020801][T13648] EXT4-fs: Ignoring removed nomblk_io_submit option [ 208.049439][T13648] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 208.060513][T13648] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869) [ 208.069098][T13654] loop7: detected capacity change from 0 to 7 [ 208.086618][T13654] Buffer I/O error on dev loop7, logical block 0, async page read [ 208.086905][T13648] EXT4-fs (loop3): invalid journal inode [ 208.101707][T13654] Buffer I/O error on dev loop7, logical block 0, async page read [ 208.107732][T13648] EXT4-fs (loop3): can't get journal size [ 208.109557][T13654] loop7: unable to read partition table [ 208.132766][T13648] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 208.138454][T13654] loop_reread_partitions: partition scan of loop7 (ţ被xüźŃř éÚ¬§˝dƤ´ŕ–ݡŻ¨ťâ·ű [ 208.138454][T13654] ) failed (rc=-5) [ 208.173858][T11589] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.177840][T13673] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.191594][T13673] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.289411][T13682] loop0: detected capacity change from 0 to 8192 [ 208.404860][T13701] IPv4: Oversized IP packet from 127.202.26.0 [ 208.417701][T13703] loop7: detected capacity change from 0 to 2048 [ 208.432470][T13703] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a842c018, mo2=0102] [ 208.440812][T13703] System zones: 0-7 [ 208.445225][T13703] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 208.467304][ T5713] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.485887][T13707] loop6: detected capacity change from 0 to 128 [ 208.553294][T13715] FAULT_INJECTION: forcing a failure. [ 208.553294][T13715] name failslab, interval 1, probability 0, space 0, times 0 [ 208.566113][T13715] CPU: 1 UID: 0 PID: 13715 Comm: syz.6.3699 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 208.576560][T13715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 208.586687][T13715] Call Trace: [ 208.589963][T13715] [ 208.593015][T13715] dump_stack_lvl+0xf2/0x150 [ 208.597635][T13715] dump_stack+0x15/0x20 [ 208.601999][T13715] should_fail_ex+0x223/0x230 [ 208.606713][T13715] ? qdisc_alloc+0x65/0x450 [ 208.611307][T13715] should_failslab+0x8f/0xb0 [ 208.615947][T13715] __kmalloc_node_noprof+0xa8/0x380 [ 208.621220][T13715] qdisc_alloc+0x65/0x450 [ 208.625622][T13715] qdisc_create+0xe5/0xae0 [ 208.630120][T13715] ? __nla_parse+0x40/0x60 [ 208.634550][T13715] tc_modify_qdisc+0x65f/0x1050 [ 208.639412][T13715] ? ns_capable+0x7d/0xb0 [ 208.643762][T13715] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 208.649059][T13715] rtnetlink_rcv_msg+0x6aa/0x710 [ 208.654108][T13715] ? ref_tracker_free+0x3a5/0x410 [ 208.659142][T13715] ? __dev_queue_xmit+0x161/0x2040 [ 208.664260][T13715] ? ref_tracker_alloc+0x1f5/0x2f0 [ 208.669439][T13715] netlink_rcv_skb+0x12c/0x230 [ 208.674254][T13715] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 208.679733][T13715] rtnetlink_rcv+0x1c/0x30 [ 208.684209][T13715] netlink_unicast+0x599/0x670 [ 208.689006][T13715] netlink_sendmsg+0x5cc/0x6e0 [ 208.693800][T13715] ? __pfx_netlink_sendmsg+0x10/0x10 [ 208.699138][T13715] __sock_sendmsg+0x140/0x180 [ 208.703899][T13715] ____sys_sendmsg+0x312/0x410 [ 208.708701][T13715] __sys_sendmsg+0x1d9/0x270 [ 208.713390][T13715] __x64_sys_sendmsg+0x46/0x50 [ 208.718236][T13715] x64_sys_call+0x2689/0x2d60 [ 208.723082][T13715] do_syscall_64+0xc9/0x1c0 [ 208.727677][T13715] ? clear_bhb_loop+0x55/0xb0 [ 208.732471][T13715] ? clear_bhb_loop+0x55/0xb0 [ 208.737319][T13715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.743351][T13715] RIP: 0033:0x7f68571de759 [ 208.747769][T13715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.767418][T13715] RSP: 002b:00007f6855e57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 208.775852][T13715] RAX: ffffffffffffffda RBX: 00007f6857395f80 RCX: 00007f68571de759 [ 208.783878][T13715] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 208.791870][T13715] RBP: 00007f6855e57090 R08: 0000000000000000 R09: 0000000000000000 [ 208.799935][T13715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.807912][T13715] R13: 0000000000000000 R14: 00007f6857395f80 R15: 00007ffcb8d92188 [ 208.815915][T13715] [ 208.881077][T13730] program syz.4.3706 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 208.896786][T13731] loop6: detected capacity change from 0 to 128 [ 208.951285][T13732] loop7: detected capacity change from 0 to 8192 [ 208.960949][T13734] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=45444 sclass=netlink_route_socket pid=13734 comm=syz.4.3706 [ 209.102310][T13747] loop0: detected capacity change from 0 to 256 [ 209.116752][T13747] FAT-fs (loop0): bogus number of FAT sectors [ 209.122958][T13747] FAT-fs (loop0): Can't find a valid FAT filesystem [ 209.222908][T13748] loop6: detected capacity change from 0 to 8192 [ 209.385245][T13762] loop0: detected capacity change from 0 to 1024 [ 209.401891][T13762] EXT4-fs: Ignoring removed orlov option [ 209.407688][T13762] EXT4-fs: Ignoring removed nomblk_io_submit option [ 209.476880][T13762] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.528764][T13777] program syz.4.3721 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 209.543175][T10293] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.578346][T13780] loop0: detected capacity change from 0 to 128 [ 209.629251][T13779] loop3: detected capacity change from 0 to 8192 [ 209.809055][T13798] loop7: detected capacity change from 0 to 512 [ 209.837918][T13798] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 209.853496][T13798] ext4 filesystem being mounted at /530/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 209.881047][ T5713] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.990228][T13819] loop7: detected capacity change from 0 to 7 [ 210.006532][ T5713] Buffer I/O error on dev loop7, logical block 0, async page read [ 210.015347][ T5713] Buffer I/O error on dev loop7, logical block 0, async page read [ 210.023339][ T5713] loop7: unable to read partition table [ 210.030229][T13819] Buffer I/O error on dev loop7, logical block 0, async page read [ 210.049800][T13818] loop6: detected capacity change from 0 to 8192 [ 210.056547][T13819] Buffer I/O error on dev loop7, logical block 0, async page read [ 210.064481][T13819] loop7: unable to read partition table [ 210.070815][T13819] loop_reread_partitions: partition scan of loop7 (ţ被xüźŃř éÚ¬§˝dƤ´ŕ–ݡŻ¨ťâ·ű [ 210.070815][T13819] ) failed (rc=-5) [ 210.186743][T13829] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=13829 comm=syz.7.3743 [ 210.230004][ T29] kauditd_printk_skb: 242 callbacks suppressed [ 210.230019][ T29] audit: type=1326 audit(1732029483.303:18896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13825 comm="syz.4.3742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 210.275473][ T29] audit: type=1326 audit(1732029483.303:18897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13825 comm="syz.4.3742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 210.299170][ T29] audit: type=1326 audit(1732029483.303:18898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13825 comm="syz.4.3742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 210.322873][ T29] audit: type=1326 audit(1732029483.313:18899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13825 comm="syz.4.3742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 210.346520][ T29] audit: type=1326 audit(1732029483.313:18900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13825 comm="syz.4.3742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 210.370299][ T29] audit: type=1326 audit(1732029483.313:18901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13825 comm="syz.4.3742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f712acc0677 code=0x7ffc0000 [ 210.393826][ T29] audit: type=1326 audit(1732029483.313:18902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13825 comm="syz.4.3742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f712acc05ec code=0x7ffc0000 [ 210.417534][ T29] audit: type=1326 audit(1732029483.313:18903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13825 comm="syz.4.3742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f712acc0524 code=0x7ffc0000 [ 210.441575][ T29] audit: type=1326 audit(1732029483.313:18904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13825 comm="syz.4.3742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f712acbd3ea code=0x7ffc0000 [ 210.464996][ T29] audit: type=1326 audit(1732029483.313:18905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13825 comm="syz.4.3742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 210.538346][T13835] loop7: detected capacity change from 0 to 128 [ 210.587689][T13835] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 210.622896][T13835] ext4 filesystem being mounted at /538/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 210.634765][T13835] EXT4-fs error (device loop7): ext4_validate_block_bitmap:423: comm syz.7.3747: bg 0: bad block bitmap checksum [ 210.659869][ T5713] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 210.679425][T13841] __nla_validate_parse: 14 callbacks suppressed [ 210.679445][T13841] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3748'. [ 210.695458][T13841] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3748'. [ 210.767695][T13841] loop3: detected capacity change from 0 to 8192 [ 210.824827][T13853] loop7: detected capacity change from 0 to 7 [ 210.831239][T13853] Buffer I/O error on dev loop7, logical block 0, async page read [ 210.840077][T13853] Buffer I/O error on dev loop7, logical block 0, async page read [ 210.848063][T13853] loop7: unable to read partition table [ 210.898089][T13853] loop_reread_partitions: partition scan of loop7 (ţ被xüźŃř éÚ¬§˝dƤ´ŕ–ݡŻ¨ťâ·ű [ 210.898089][T13853] ) failed (rc=-5) [ 211.960756][T13867] loop6: detected capacity change from 0 to 8192 [ 212.053172][T13871] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3760'. [ 214.133490][T13874] loop3: detected capacity change from 0 to 512 [ 214.565902][T13874] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 214.616371][T13881] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3773'. [ 214.625512][T13881] netlink: 84 bytes leftover after parsing attributes in process `syz.6.3773'. [ 214.666949][T13889] loop7: detected capacity change from 0 to 128 [ 214.683530][T13881] loop6: detected capacity change from 0 to 8192 [ 214.686225][T13889] vfat: Unknown parameter 'źë' [ 214.722595][T13889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 214.731202][T13889] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 214.742772][T13874] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 214.765170][T13874] ext4 filesystem being mounted at /192/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 214.806818][T13902] program syz.4.3770 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 214.824979][T13874] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 214.844237][T11589] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.869778][T13906] loop3: detected capacity change from 0 to 512 [ 214.880826][T13903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3771'. [ 214.880958][T13906] EXT4-fs: user quota file already specified [ 214.890498][T13903] netlink: 84 bytes leftover after parsing attributes in process `syz.0.3771'. [ 214.947654][T13908] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3774'. [ 214.989124][T13903] loop0: detected capacity change from 0 to 8192 [ 215.082643][T13910] loop3: detected capacity change from 0 to 256 [ 218.430814][T13940] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3786'. [ 218.430852][T13940] netlink: 84 bytes leftover after parsing attributes in process `syz.4.3786'. [ 218.458676][T13949] loop6: detected capacity change from 0 to 512 [ 218.459067][T13949] EXT4-fs: user quota file already specified [ 218.486826][ T29] kauditd_printk_skb: 165 callbacks suppressed [ 218.486863][ T29] audit: type=1326 audit(1732029491.563:19071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13948 comm="syz.6.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68571de759 code=0x7ffc0000 [ 218.489130][ T29] audit: type=1326 audit(1732029491.563:19072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13948 comm="syz.6.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f68571de759 code=0x7ffc0000 [ 218.489159][ T29] audit: type=1326 audit(1732029491.563:19073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13948 comm="syz.6.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68571de759 code=0x7ffc0000 [ 218.489187][ T29] audit: type=1326 audit(1732029491.563:19074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13948 comm="syz.6.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f68571de759 code=0x7ffc0000 [ 218.489304][ T29] audit: type=1326 audit(1732029491.563:19075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13948 comm="syz.6.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68571de759 code=0x7ffc0000 [ 218.490329][ T29] audit: type=1326 audit(1732029491.563:19076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13948 comm="syz.6.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7f68571de759 code=0x7ffc0000 [ 218.490364][ T29] audit: type=1326 audit(1732029491.563:19077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13948 comm="syz.6.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68571de759 code=0x7ffc0000 [ 218.490389][ T29] audit: type=1326 audit(1732029491.563:19078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13948 comm="syz.6.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f68571de759 code=0x7ffc0000 [ 218.490486][ T29] audit: type=1326 audit(1732029491.563:19079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13948 comm="syz.6.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68571de759 code=0x7ffc0000 [ 218.490513][ T29] audit: type=1326 audit(1732029491.563:19080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13948 comm="syz.6.3787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f68571de759 code=0x7ffc0000 [ 218.579270][T13956] loop3: detected capacity change from 0 to 128 [ 218.579570][T13956] vfat: Unknown parameter 'źë' [ 218.592635][T13956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 218.592722][T13956] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 218.599114][T13953] loop7: detected capacity change from 0 to 8192 [ 218.903135][T13968] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3795'. [ 219.078048][T13987] loop7: detected capacity change from 0 to 8192 [ 219.420470][T13999] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3804'. [ 219.429487][T13999] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3804'. [ 219.468509][T14001] netlink: 'syz.4.3806': attribute type 33 has an invalid length. [ 219.490948][T14001] team0: entered allmulticast mode [ 219.496907][T14001] team_slave_0: entered allmulticast mode [ 219.502690][T14001] team_slave_1: entered allmulticast mode [ 219.606004][T14002] team_slave_0: left allmulticast mode [ 219.623358][T14004] netlink: 44 bytes leftover after parsing attributes in process `syz.6.3807'. [ 219.660407][T14002] team0: Port device team_slave_0 removed [ 219.695572][T14002] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 219.775131][T13997] loop3: detected capacity change from 0 to 8192 [ 220.055447][T14011] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3808'. [ 220.084157][T14002] netlink: 'syz.4.3806': attribute type 3 has an invalid length. [ 220.199710][T14014] loop6: detected capacity change from 0 to 512 [ 220.228345][T14014] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2 [ 220.258650][T14014] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -2 [ 220.299600][T14014] EXT4-fs (loop6): 1 truncate cleaned up [ 220.319400][T14014] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.527821][T14026] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3814'. [ 220.536912][T14026] netlink: 84 bytes leftover after parsing attributes in process `syz.7.3814'. [ 220.555145][T12741] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.717023][T14026] loop7: detected capacity change from 0 to 8192 [ 221.157549][T14031] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 221.166219][T14031] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 221.213110][T14036] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3816'. [ 221.239877][T14035] loop0: detected capacity change from 0 to 8192 [ 221.569292][T14067] netlink: 'syz.3.3827': attribute type 33 has an invalid length. [ 221.579124][T14067] team0: entered allmulticast mode [ 221.584343][T14067] team_slave_0: entered allmulticast mode [ 221.590154][T14067] team_slave_1: entered allmulticast mode [ 221.630817][T14067] team_slave_0: left allmulticast mode [ 221.650954][T14067] team0: Port device team_slave_0 removed [ 221.664864][T14067] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 221.920163][T14099] program syz.0.3840 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 221.984358][T14067] netlink: 'syz.3.3827': attribute type 3 has an invalid length. [ 222.020839][T14110] FAULT_INJECTION: forcing a failure. [ 222.020839][T14110] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 222.034754][T14110] CPU: 1 UID: 0 PID: 14110 Comm: syz.0.3846 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 222.045229][T14110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 222.055352][T14110] Call Trace: [ 222.056302][T14112] lo: entered promiscuous mode [ 222.058636][T14110] [ 222.058648][T14110] dump_stack_lvl+0xf2/0x150 [ 222.063460][T14112] lo: entered allmulticast mode [ 222.066369][T14110] dump_stack+0x15/0x20 [ 222.080073][T14110] should_fail_ex+0x223/0x230 [ 222.084845][T14110] should_fail+0xb/0x10 [ 222.089094][T14110] should_fail_usercopy+0x1a/0x20 [ 222.094230][T14110] _copy_to_user+0x20/0xa0 [ 222.098706][T14110] simple_read_from_buffer+0xa0/0x110 [ 222.104274][T14110] proc_fail_nth_read+0xf9/0x140 [ 222.109276][T14110] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 222.114950][T14110] vfs_read+0x1a2/0x700 [ 222.119239][T14110] ? __rcu_read_unlock+0x4e/0x70 [ 222.124329][T14110] ? __fget_files+0x17c/0x1c0 [ 222.129074][T14110] ksys_read+0xeb/0x1b0 [ 222.133322][T14110] __x64_sys_read+0x42/0x50 [ 222.137886][T14110] x64_sys_call+0x27d3/0x2d60 [ 222.142602][T14110] do_syscall_64+0xc9/0x1c0 [ 222.147150][T14110] ? clear_bhb_loop+0x55/0xb0 [ 222.151906][T14110] ? clear_bhb_loop+0x55/0xb0 [ 222.156625][T14110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.162553][T14110] RIP: 0033:0x7f508b6cd19c [ 222.166999][T14110] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 222.186717][T14110] RSP: 002b:00007f508a341030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 222.195183][T14110] RAX: ffffffffffffffda RBX: 00007f508b885f80 RCX: 00007f508b6cd19c [ 222.203287][T14110] RDX: 000000000000000f RSI: 00007f508a3410a0 RDI: 0000000000000009 [ 222.211389][T14110] RBP: 00007f508a341090 R08: 0000000000000000 R09: 0000000000000000 [ 222.219428][T14110] R10: 0000000024000004 R11: 0000000000000246 R12: 0000000000000001 [ 222.227545][T14110] R13: 0000000000000000 R14: 00007f508b885f80 R15: 00007ffec2ff4648 [ 222.235608][T14110] [ 222.294610][T14117] veth0_to_team: entered promiscuous mode [ 222.300432][T14117] veth0_to_team: entered allmulticast mode [ 222.456385][T14133] program syz.0.3854 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 222.493875][T14140] netlink: 'syz.0.3858': attribute type 33 has an invalid length. [ 222.502659][T14140] team0: entered allmulticast mode [ 222.507892][T14140] team_slave_0: entered allmulticast mode [ 222.513863][T14140] team_slave_1: entered allmulticast mode [ 222.519285][T14142] loop3: detected capacity change from 0 to 128 [ 222.541944][T14140] team_slave_0: left allmulticast mode [ 222.550946][T14140] team0: Port device team_slave_0 removed [ 222.575518][T14140] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 222.773341][T14140] netlink: 'syz.0.3858': attribute type 3 has an invalid length. [ 222.998279][T14172] program syz.3.3869 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 223.199599][T14187] syzkaller1: entered promiscuous mode [ 223.215866][T14182] loop7: detected capacity change from 0 to 8192 [ 223.358687][T14190] netlink: 'syz.3.3876': attribute type 33 has an invalid length. [ 223.383915][T14190] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 223.526103][ T29] kauditd_printk_skb: 280 callbacks suppressed [ 223.526117][ T29] audit: type=1400 audit(1732029496.603:19361): avc: denied { ioctl } for pid=14196 comm="syz.4.3879" path="socket:[40894]" dev="sockfs" ino=40894 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 223.882007][ T29] audit: type=1326 audit(1732029496.963:19362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14203 comm="syz.4.3881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 223.906469][ T29] audit: type=1326 audit(1732029496.983:19363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14203 comm="syz.4.3881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 223.930942][ T29] audit: type=1326 audit(1732029496.983:19364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14203 comm="syz.4.3881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 223.954639][ T29] audit: type=1326 audit(1732029496.983:19365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14203 comm="syz.4.3881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 223.978288][ T29] audit: type=1326 audit(1732029497.003:19366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14203 comm="syz.4.3881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 224.001938][ T29] audit: type=1326 audit(1732029497.003:19367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14203 comm="syz.4.3881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 224.032550][ T29] audit: type=1326 audit(1732029497.003:19368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14203 comm="syz.4.3881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 224.056302][ T29] audit: type=1326 audit(1732029497.003:19369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14203 comm="syz.4.3881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 224.080587][ T29] audit: type=1326 audit(1732029497.013:19370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14203 comm="syz.4.3881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 224.104297][T14207] __nla_validate_parse: 16 callbacks suppressed [ 224.104317][T14207] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3883'. [ 224.213520][T14222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3890'. [ 224.288891][T14236] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3896'. [ 224.299083][T14232] loop6: detected capacity change from 0 to 8192 [ 224.367052][T14245] loop7: detected capacity change from 0 to 164 [ 224.802885][T14268] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3907'. [ 225.044870][T14270] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3918'. [ 225.084503][T14276] FAULT_INJECTION: forcing a failure. [ 225.084503][T14276] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 225.098403][T14276] CPU: 1 UID: 0 PID: 14276 Comm: syz.7.3910 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 225.108868][T14276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 225.118950][T14276] Call Trace: [ 225.122248][T14276] [ 225.125191][T14276] dump_stack_lvl+0xf2/0x150 [ 225.129818][T14276] dump_stack+0x15/0x20 [ 225.134010][T14276] should_fail_ex+0x223/0x230 [ 225.138755][T14276] should_fail+0xb/0x10 [ 225.142932][T14276] should_fail_usercopy+0x1a/0x20 [ 225.148050][T14276] _copy_to_user+0x20/0xa0 [ 225.152494][T14276] sg_ioctl+0x127a/0x1870 [ 225.156893][T14276] ? __fget_files+0x17c/0x1c0 [ 225.161591][T14276] ? __pfx_sg_ioctl+0x10/0x10 [ 225.166287][T14276] __se_sys_ioctl+0xcd/0x140 [ 225.170909][T14276] __x64_sys_ioctl+0x43/0x50 [ 225.175554][T14276] x64_sys_call+0x15cc/0x2d60 [ 225.180326][T14276] do_syscall_64+0xc9/0x1c0 [ 225.184856][T14276] ? clear_bhb_loop+0x55/0xb0 [ 225.189631][T14276] ? clear_bhb_loop+0x55/0xb0 [ 225.194338][T14276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.200330][T14276] RIP: 0033:0x7f80fbbbe759 [ 225.204756][T14276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.224445][T14276] RSP: 002b:00007f80fa837038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 225.232898][T14276] RAX: ffffffffffffffda RBX: 00007f80fbd75f80 RCX: 00007f80fbbbe759 [ 225.240885][T14276] RDX: 00000000200018c0 RSI: 0000000000002286 RDI: 0000000000000004 [ 225.249348][T14276] RBP: 00007f80fa837090 R08: 0000000000000000 R09: 0000000000000000 [ 225.257334][T14276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.265451][T14276] R13: 0000000000000000 R14: 00007f80fbd75f80 R15: 00007ffcc448c908 [ 225.273489][T14276] [ 225.289584][T14279] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3911'. [ 225.472231][T14308] program syz.0.3923 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 225.497776][T14310] FAULT_INJECTION: forcing a failure. [ 225.497776][T14310] name failslab, interval 1, probability 0, space 0, times 0 [ 225.510711][T14310] CPU: 0 UID: 0 PID: 14310 Comm: syz.6.3925 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 225.521203][T14310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 225.531297][T14310] Call Trace: [ 225.534586][T14310] [ 225.537661][T14310] dump_stack_lvl+0xf2/0x150 [ 225.542294][T14310] dump_stack+0x15/0x20 [ 225.546468][T14310] should_fail_ex+0x223/0x230 [ 225.551266][T14310] ? skb_clone+0x154/0x1f0 [ 225.555723][T14310] should_failslab+0x8f/0xb0 [ 225.560449][T14310] kmem_cache_alloc_noprof+0x4c/0x290 [ 225.565885][T14310] skb_clone+0x154/0x1f0 [ 225.570180][T14310] nfnetlink_rcv+0x2de/0x15c0 [ 225.574937][T14310] ? kmem_cache_free+0xdc/0x2d0 [ 225.579840][T14310] ? nlmon_xmit+0x51/0x60 [ 225.584223][T14310] ? __kfree_skb+0x102/0x150 [ 225.588850][T14310] ? consume_skb+0x49/0x160 [ 225.593374][T14310] ? nlmon_xmit+0x51/0x60 [ 225.597747][T14310] ? dev_hard_start_xmit+0x3c1/0x3f0 [ 225.603056][T14310] ? __dev_queue_xmit+0xb4c/0x2040 [ 225.608278][T14310] ? ref_tracker_free+0x3a5/0x410 [ 225.613413][T14310] ? __dev_queue_xmit+0x161/0x2040 [ 225.618559][T14310] ? ref_tracker_alloc+0x1f5/0x2f0 [ 225.623700][T14310] netlink_unicast+0x599/0x670 [ 225.628518][T14310] netlink_sendmsg+0x5cc/0x6e0 [ 225.633327][T14310] ? __pfx_netlink_sendmsg+0x10/0x10 [ 225.638756][T14310] __sock_sendmsg+0x140/0x180 [ 225.643529][T14310] ____sys_sendmsg+0x312/0x410 [ 225.648322][T14310] __sys_sendmsg+0x1d9/0x270 [ 225.653034][T14310] __x64_sys_sendmsg+0x46/0x50 [ 225.657939][T14310] x64_sys_call+0x2689/0x2d60 [ 225.662742][T14310] do_syscall_64+0xc9/0x1c0 [ 225.667343][T14310] ? clear_bhb_loop+0x55/0xb0 [ 225.672169][T14310] ? clear_bhb_loop+0x55/0xb0 [ 225.676868][T14310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.682782][T14310] RIP: 0033:0x7f68571de759 [ 225.687209][T14310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.706918][T14310] RSP: 002b:00007f6855e57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 225.715347][T14310] RAX: ffffffffffffffda RBX: 00007f6857395f80 RCX: 00007f68571de759 [ 225.723408][T14310] RDX: 0000000000008000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 225.731541][T14310] RBP: 00007f6855e57090 R08: 0000000000000000 R09: 0000000000000000 [ 225.739591][T14310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.747572][T14310] R13: 0000000000000000 R14: 00007f6857395f80 R15: 00007ffcb8d92188 [ 225.755575][T14310] [ 225.765891][T14314] netlink: 'syz.7.3924': attribute type 1 has an invalid length. [ 225.853341][T14327] loop7: detected capacity change from 0 to 128 [ 225.861376][T14326] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3932'. [ 225.997211][T14349] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in; [ 225.997211][T14349] program syz.7.3940 not setting count and/or reply_len properly [ 225.999175][T14346] program syz.6.3943 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 226.032515][T14351] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3944'. [ 226.041615][T14351] netlink: 84 bytes leftover after parsing attributes in process `syz.4.3944'. [ 226.162979][T14362] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3949'. [ 226.362118][T14381] FAULT_INJECTION: forcing a failure. [ 226.362118][T14381] name failslab, interval 1, probability 0, space 0, times 0 [ 226.374954][T14381] CPU: 0 UID: 0 PID: 14381 Comm: syz.3.3957 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 226.385417][T14381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 226.395508][T14381] Call Trace: [ 226.398865][T14381] [ 226.401882][T14381] dump_stack_lvl+0xf2/0x150 [ 226.406149][T14379] loop0: detected capacity change from 0 to 8192 [ 226.406535][T14381] dump_stack+0x15/0x20 [ 226.417037][T14381] should_fail_ex+0x223/0x230 [ 226.421748][T14381] ? vm_area_dup+0x98/0x130 [ 226.426302][T14381] should_failslab+0x8f/0xb0 [ 226.431065][T14381] kmem_cache_alloc_noprof+0x4c/0x290 [ 226.436493][T14381] vm_area_dup+0x98/0x130 [ 226.440872][T14381] __split_vma+0xf7/0x6a0 [ 226.445237][T14381] vma_modify+0x2cb/0xcd0 [ 226.449642][T14381] ? kstrtoull+0x110/0x140 [ 226.454120][T14381] vma_modify_policy+0xeb/0x120 [ 226.459051][T14381] mbind_range+0x1d8/0x490 [ 226.463602][T14381] __se_sys_set_mempolicy_home_node+0x35e/0x540 [ 226.469955][T14381] __x64_sys_set_mempolicy_home_node+0x55/0x70 [ 226.476162][T14381] x64_sys_call+0x1782/0x2d60 [ 226.480878][T14381] do_syscall_64+0xc9/0x1c0 [ 226.485428][T14381] ? clear_bhb_loop+0x55/0xb0 [ 226.490153][T14381] ? clear_bhb_loop+0x55/0xb0 [ 226.494868][T14381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.500801][T14381] RIP: 0033:0x7fde2eaae759 [ 226.505233][T14381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.524878][T14381] RSP: 002b:00007fde2d727038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c2 [ 226.533320][T14381] RAX: ffffffffffffffda RBX: 00007fde2ec65f80 RCX: 00007fde2eaae759 [ 226.541319][T14381] RDX: 0000000000000000 RSI: 000000000000a000 RDI: 0000000020349000 [ 226.549304][T14381] RBP: 00007fde2d727090 R08: 0000000000000000 R09: 0000000000000000 [ 226.557295][T14381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.565372][T14381] R13: 0000000000000000 R14: 00007fde2ec65f80 R15: 00007ffd21529c38 [ 226.573398][T14381] [ 226.600964][T14383] loop0: detected capacity change from 0 to 128 [ 226.624136][T14385] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 226.632716][T14385] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 226.653295][T14389] netlink: 'syz.0.3969': attribute type 33 has an invalid length. [ 226.662067][T14389] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 227.159215][T14418] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 227.168531][T14418] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 227.248205][T14430] FAULT_INJECTION: forcing a failure. [ 227.248205][T14430] name failslab, interval 1, probability 0, space 0, times 0 [ 227.261743][T14430] CPU: 1 UID: 0 PID: 14430 Comm: syz.7.3978 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 227.272246][T14430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 227.282327][T14430] Call Trace: [ 227.285630][T14430] [ 227.288582][T14430] dump_stack_lvl+0xf2/0x150 [ 227.293218][T14430] dump_stack+0x15/0x20 [ 227.297432][T14430] should_fail_ex+0x223/0x230 [ 227.302143][T14430] ? security_prepare_creds+0x53/0x120 [ 227.307645][T14430] should_failslab+0x8f/0xb0 [ 227.312333][T14430] __kmalloc_noprof+0xa5/0x370 [ 227.317204][T14430] security_prepare_creds+0x53/0x120 [ 227.322617][T14430] prepare_kernel_cred+0x2c0/0x650 [ 227.327828][T14430] _request_firmware+0x2c4/0x9c0 [ 227.332825][T14430] ? rpm_resume+0x655/0xd00 [ 227.337506][T14430] ? __rcu_read_unlock+0x4e/0x70 [ 227.342494][T14430] request_firmware+0x36/0x50 [ 227.347200][T14430] devlink_compat_flash_update+0xaf/0x1b0 [ 227.352953][T14430] ? _raw_spin_unlock_irqrestore+0x2b/0x60 [ 227.358833][T14430] dev_ethtool+0x138b/0x14c0 [ 227.363487][T14430] ? __rcu_read_unlock+0x4e/0x70 [ 227.368481][T14430] dev_ioctl+0x854/0xab0 [ 227.372789][T14430] sock_do_ioctl+0x11c/0x260 [ 227.377506][T14430] sock_ioctl+0x46a/0x640 [ 227.381884][T14430] ? __pfx_sock_ioctl+0x10/0x10 [ 227.386895][T14430] __se_sys_ioctl+0xcd/0x140 [ 227.391531][T14430] __x64_sys_ioctl+0x43/0x50 [ 227.396217][T14430] x64_sys_call+0x15cc/0x2d60 [ 227.400986][T14430] do_syscall_64+0xc9/0x1c0 [ 227.405608][T14430] ? clear_bhb_loop+0x55/0xb0 [ 227.410418][T14430] ? clear_bhb_loop+0x55/0xb0 [ 227.415249][T14430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.421198][T14430] RIP: 0033:0x7f80fbbbe759 [ 227.425624][T14430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.445281][T14430] RSP: 002b:00007f80fa837038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 227.453872][T14430] RAX: ffffffffffffffda RBX: 00007f80fbd75f80 RCX: 00007f80fbbbe759 [ 227.461870][T14430] RDX: 0000000020000000 RSI: 0000000000008946 RDI: 0000000000000006 [ 227.469868][T14430] RBP: 00007f80fa837090 R08: 0000000000000000 R09: 0000000000000000 [ 227.477926][T14430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.485998][T14430] R13: 0000000000000000 R14: 00007f80fbd75f80 R15: 00007ffcc448c908 [ 227.494000][T14430] [ 227.559596][T14439] loop3: detected capacity change from 0 to 512 [ 227.574057][T14439] journal_path: Non-blockdev passed as './file0' [ 227.580495][T14439] EXT4-fs: error: could not find journal device path [ 227.615691][T14439] loop3: detected capacity change from 0 to 764 [ 227.629762][T14439] iso9660: Unknown parameter 'ý˙˙˙' [ 227.635586][T14437] loop7: detected capacity change from 0 to 8192 [ 227.901248][T11099] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.947598][T14455] loop6: detected capacity change from 0 to 2048 [ 227.962546][T14443] chnl_net:caif_netlink_parms(): no params data found [ 227.974313][T11099] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.986590][T14455] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.025245][T11099] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.036666][T14443] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.036670][T12741] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.043882][T14443] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.060471][T14443] bridge_slave_0: entered allmulticast mode [ 228.067924][T14443] bridge_slave_0: entered promiscuous mode [ 228.075435][T14443] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.082659][T14443] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.089940][T14443] bridge_slave_1: entered allmulticast mode [ 228.097313][T14443] bridge_slave_1: entered promiscuous mode [ 228.111327][T11099] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.141974][T14443] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 228.153549][T14443] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 228.174996][T14443] team0: Port device team_slave_0 added [ 228.182795][T14443] team0: Port device team_slave_1 added [ 228.207941][T14443] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.215751][T14443] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.242453][T14443] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 228.254259][T14443] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 228.261244][T14443] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.287792][T14443] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 228.543565][T11099] bond0 (unregistering): Released all slaves [ 228.553984][T11099] bond1 (unregistering): Released all slaves [ 228.564529][T14443] hsr_slave_0: entered promiscuous mode [ 228.571009][T14443] hsr_slave_1: entered promiscuous mode [ 228.578951][T14443] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 228.586599][T14443] Cannot create hsr debugfs directory [ 228.598421][T11099] hsr_slave_0: left promiscuous mode [ 228.606085][T11099] veth1_macvtap: left promiscuous mode [ 228.611665][T11099] veth0_macvtap: left promiscuous mode [ 228.617213][T11099] veth1_vlan: left promiscuous mode [ 228.622557][T11099] veth0_vlan: left promiscuous mode [ 228.683229][T14482] loop3: detected capacity change from 0 to 8192 [ 228.997482][T11099] IPVS: stop unused estimator thread 0... [ 229.050063][T14443] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 229.060093][T14443] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 229.069974][T14443] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 229.080059][T14443] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 229.125591][T14443] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.141543][T14443] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.151246][T11099] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.158502][T11099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.170350][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.177559][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.200994][T14443] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 229.211559][T14443] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 229.276146][T14443] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.416705][T14443] veth0_vlan: entered promiscuous mode [ 229.428433][T14443] veth1_vlan: entered promiscuous mode [ 229.447519][T14443] veth0_macvtap: entered promiscuous mode [ 229.459808][T14443] veth1_macvtap: entered promiscuous mode [ 229.471242][T14443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 229.481825][T14443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 229.491669][T14443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 229.502162][T14443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 229.512022][T14443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 229.522476][T14443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 229.532406][T14443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 229.542884][T14443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 229.556658][T14443] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 229.565252][T14443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 229.575889][T14443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 229.585839][T14443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 229.596298][T14443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 229.606285][T14443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 229.616778][T14443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 229.626723][T14443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 229.637373][T14443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 229.650181][T14443] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 229.666145][T14509] loop3: detected capacity change from 0 to 2048 [ 229.674484][T14443] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.683272][T14443] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.692086][T14443] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.700878][T14443] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.716314][T14509] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 229.794557][T11589] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.805298][T14511] loop0: detected capacity change from 0 to 8192 [ 229.816553][T14521] program syz.7.3999 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 229.858266][T14525] loop3: detected capacity change from 0 to 512 [ 229.868365][T14525] EXT4-fs (loop3): failed to initialize system zone (-117) [ 229.875915][T14525] EXT4-fs (loop3): mount failed [ 229.901132][ T29] kauditd_printk_skb: 529 callbacks suppressed [ 229.901148][ T29] audit: type=1400 audit(1732029502.973:19900): avc: denied { read } for pid=14529 comm="syz.0.4003" name="nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 229.931142][ T29] audit: type=1400 audit(1732029502.973:19901): avc: denied { open } for pid=14529 comm="syz.0.4003" path="/dev/nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 230.034768][T14539] netlink: 'syz.3.4008': attribute type 33 has an invalid length. [ 230.043111][T14532] __nla_validate_parse: 12 callbacks suppressed [ 230.043129][T14532] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4005'. [ 230.048818][T14542] netlink: 44 bytes leftover after parsing attributes in process `syz.7.4009'. [ 230.049394][T14532] netlink: 84 bytes leftover after parsing attributes in process `syz.4.4005'. [ 230.087580][T14539] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 230.111543][ T29] audit: type=1326 audit(1732029503.163:19902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14540 comm="syz.0.4010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 230.135255][ T29] audit: type=1326 audit(1732029503.163:19903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14540 comm="syz.0.4010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 230.159046][ T29] audit: type=1326 audit(1732029503.163:19904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14540 comm="syz.0.4010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 230.182745][ T29] audit: type=1326 audit(1732029503.163:19905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14540 comm="syz.0.4010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 230.206392][ T29] audit: type=1326 audit(1732029503.163:19906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14540 comm="syz.0.4010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 230.230179][ T29] audit: type=1326 audit(1732029503.163:19907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14540 comm="syz.0.4010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 230.253814][ T29] audit: type=1326 audit(1732029503.163:19908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14540 comm="syz.0.4010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 230.277492][ T29] audit: type=1326 audit(1732029503.163:19909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14540 comm="syz.0.4010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 230.352274][T14547] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4011'. [ 230.361294][T14547] netlink: 84 bytes leftover after parsing attributes in process `syz.7.4011'. [ 230.375262][T14543] loop0: detected capacity change from 0 to 512 [ 230.405705][T14543] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 230.432157][T14543] ext4 filesystem being mounted at /328/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 230.458219][T14547] loop7: detected capacity change from 0 to 8192 [ 230.554526][T10293] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.557377][T14563] loop7: detected capacity change from 0 to 2048 [ 230.601830][T14563] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 230.614986][T14566] program syz.0.4018 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 230.616858][T14562] loop3: detected capacity change from 0 to 8192 [ 230.685745][T14443] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.697723][T14573] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4022'. [ 230.725669][T14577] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=14577 comm=syz.7.4021 [ 230.791055][T14584] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4026'. [ 230.800263][T14584] netlink: 84 bytes leftover after parsing attributes in process `syz.7.4026'. [ 230.850069][T14584] loop7: detected capacity change from 0 to 8192 [ 230.870243][T14591] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4027'. [ 230.879248][T14591] netlink: 84 bytes leftover after parsing attributes in process `syz.0.4027'. [ 231.004908][T14591] loop0: detected capacity change from 0 to 8192 [ 231.041939][T14593] support for the xor transformation has been removed. [ 231.053110][T14598] loop3: detected capacity change from 0 to 8192 [ 231.305418][T14603] loop3: detected capacity change from 0 to 8192 [ 231.656601][T14609] program syz.3.4035 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 231.692636][T14612] FAULT_INJECTION: forcing a failure. [ 231.692636][T14612] name failslab, interval 1, probability 0, space 0, times 0 [ 231.705657][T14613] loop0: detected capacity change from 0 to 2048 [ 231.712374][T14612] CPU: 0 UID: 0 PID: 14612 Comm: syz.6.4037 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 231.722819][T14612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 231.732940][T14612] Call Trace: [ 231.736230][T14612] [ 231.739168][T14612] dump_stack_lvl+0xf2/0x150 [ 231.743870][T14612] dump_stack+0x15/0x20 [ 231.748047][T14612] should_fail_ex+0x223/0x230 [ 231.752751][T14612] ? percpu_ref_init+0x96/0x240 [ 231.757673][T14612] should_failslab+0x8f/0xb0 [ 231.762426][T14612] __kmalloc_cache_noprof+0x4b/0x2a0 [ 231.767807][T14612] ? __pfx_free_ioctx_reqs+0x10/0x10 [ 231.773162][T14612] percpu_ref_init+0x96/0x240 [ 231.777937][T14612] ioctx_alloc+0x1fe/0x4c0 [ 231.782371][T14612] __se_sys_io_setup+0x6b/0x1b0 [ 231.787322][T14612] __x64_sys_io_setup+0x31/0x40 [ 231.792246][T14612] x64_sys_call+0x2639/0x2d60 [ 231.796949][T14612] do_syscall_64+0xc9/0x1c0 [ 231.801512][T14612] ? clear_bhb_loop+0x55/0xb0 [ 231.806243][T14612] ? clear_bhb_loop+0x55/0xb0 [ 231.810951][T14612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.816900][T14612] RIP: 0033:0x7f68571de759 [ 231.821364][T14612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.841031][T14612] RSP: 002b:00007f6855e57038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 231.849467][T14612] RAX: ffffffffffffffda RBX: 00007f6857395f80 RCX: 00007f68571de759 [ 231.857489][T14612] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000010000 [ 231.865504][T14612] RBP: 00007f6855e57090 R08: 0000000000000000 R09: 0000000000000000 [ 231.873540][T14612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 231.881524][T14612] R13: 0000000000000000 R14: 00007f6857395f80 R15: 00007ffcb8d92188 [ 231.889520][T14612] [ 231.915283][T14613] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 232.057958][T10293] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.205341][T14636] loop6: detected capacity change from 0 to 8192 [ 232.311836][T14654] loop6: detected capacity change from 0 to 2048 [ 232.319351][T14648] loop3: detected capacity change from 0 to 8192 [ 232.359418][T14668] loop7: detected capacity change from 0 to 1024 [ 232.363421][T14654] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 232.422714][T14668] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 232.450993][T12741] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.540336][T14685] bridge0: entered promiscuous mode [ 232.546366][T14685] bridge0: entered allmulticast mode [ 232.584703][T14693] loop6: detected capacity change from 0 to 8192 [ 232.670017][T14700] loop0: detected capacity change from 0 to 8192 [ 232.794576][T14709] loop0: detected capacity change from 0 to 8192 [ 233.060902][T14725] loop0: detected capacity change from 0 to 2048 [ 233.078276][T14443] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 233.125452][T14725] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 233.163602][T14727] loop7: detected capacity change from 0 to 8192 [ 233.193121][T14734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 233.203078][T14734] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 233.245987][T14736] loop7: detected capacity change from 0 to 8192 [ 233.481092][T14750] loop7: detected capacity change from 0 to 8192 [ 233.963350][T10293] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.257567][T14766] program syz.7.4089 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 234.401027][T14768] loop7: detected capacity change from 0 to 8192 [ 234.460751][T14772] program syz.7.4092 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 234.909640][ T29] kauditd_printk_skb: 287 callbacks suppressed [ 234.909656][ T29] audit: type=1326 audit(1732029507.983:20197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14776 comm="syz.4.4095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f712acb5727 code=0x7ffc0000 [ 234.943193][ T29] audit: type=1326 audit(1732029507.983:20198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14776 comm="syz.4.4095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f712ac5a0f9 code=0x7ffc0000 [ 234.966903][ T29] audit: type=1326 audit(1732029507.983:20199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14776 comm="syz.4.4095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 234.990469][ T29] audit: type=1326 audit(1732029507.993:20200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14776 comm="syz.4.4095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f712acb5727 code=0x7ffc0000 [ 235.013993][ T29] audit: type=1326 audit(1732029507.993:20201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14776 comm="syz.4.4095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f712ac5a0f9 code=0x7ffc0000 [ 235.037553][ T29] audit: type=1326 audit(1732029507.993:20202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14776 comm="syz.4.4095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 235.061162][ T29] audit: type=1326 audit(1732029508.003:20203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14776 comm="syz.4.4095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f712acb5727 code=0x7ffc0000 [ 235.084671][ T29] audit: type=1326 audit(1732029508.003:20204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14776 comm="syz.4.4095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f712ac5a0f9 code=0x7ffc0000 [ 235.108199][ T29] audit: type=1326 audit(1732029508.003:20205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14776 comm="syz.4.4095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 235.131925][ T29] audit: type=1326 audit(1732029508.013:20206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14776 comm="syz.4.4095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f712acb5727 code=0x7ffc0000 [ 235.200087][T14794] loop0: detected capacity change from 0 to 1764 [ 235.585754][T14810] program syz.4.4107 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 235.586008][T14812] __nla_validate_parse: 17 callbacks suppressed [ 235.586026][T14812] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4108'. [ 235.629427][T14814] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4109'. [ 235.638713][T14814] netlink: 84 bytes leftover after parsing attributes in process `syz.7.4109'. [ 235.697979][T14814] loop7: detected capacity change from 0 to 8192 [ 235.730884][T14817] program syz.3.4110 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 235.796426][T14824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 235.805586][T14824] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.869864][T14828] netlink: 48 bytes leftover after parsing attributes in process `syz.7.4113'. [ 236.088947][T14833] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4116'. [ 236.354933][T14833] loop3: detected capacity change from 0 to 8192 [ 236.846707][T14847] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4122'. [ 236.855780][T14847] netlink: 84 bytes leftover after parsing attributes in process `syz.4.4122'. [ 236.893398][T14851] netlink: 44 bytes leftover after parsing attributes in process `syz.7.4124'. [ 236.918983][T14853] program syz.0.4123 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 237.114414][T14863] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 237.134655][T14865] program syz.0.4129 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 237.152463][T14863] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 237.391786][T14878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4136'. [ 237.511415][T14878] loop0: detected capacity change from 0 to 8192 [ 237.798302][T14887] program syz.7.4139 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 238.257719][T14899] program syz.3.4144 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 238.394619][T14909] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 238.403140][T14909] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 238.486124][T14912] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4148'. [ 238.567720][T14917] program syz.3.4151 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 238.602932][T14912] loop0: detected capacity change from 0 to 8192 [ 239.112781][T14944] program syz.6.4162 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 239.924228][ T29] kauditd_printk_skb: 702 callbacks suppressed [ 239.924246][ T29] audit: type=1326 audit(1732029513.003:20909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14946 comm="syz.6.4163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f68571d5727 code=0x7ffc0000 [ 240.015256][T14955] loop3: detected capacity change from 0 to 8192 [ 240.028714][ T29] audit: type=1326 audit(1732029513.033:20910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14946 comm="syz.6.4163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f685717a0f9 code=0x7ffc0000 [ 240.052968][ T29] audit: type=1326 audit(1732029513.033:20911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14946 comm="syz.6.4163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f68571d5727 code=0x7ffc0000 [ 240.076668][ T29] audit: type=1326 audit(1732029513.033:20912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14946 comm="syz.6.4163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f685717a0f9 code=0x7ffc0000 [ 240.101033][ T29] audit: type=1326 audit(1732029513.033:20913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14946 comm="syz.6.4163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f68571de759 code=0x7ffc0000 [ 240.125258][ T29] audit: type=1326 audit(1732029513.033:20914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14946 comm="syz.6.4163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f68571d5727 code=0x7ffc0000 [ 240.148931][ T29] audit: type=1326 audit(1732029513.033:20915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14946 comm="syz.6.4163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f685717a0f9 code=0x7ffc0000 [ 240.173203][ T29] audit: type=1326 audit(1732029513.033:20916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14946 comm="syz.6.4163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f68571de759 code=0x7ffc0000 [ 240.196737][ T29] audit: type=1326 audit(1732029513.043:20917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14946 comm="syz.6.4163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f68571d5727 code=0x7ffc0000 [ 240.220916][ T29] audit: type=1326 audit(1732029513.043:20918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14946 comm="syz.6.4163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f685717a0f9 code=0x7ffc0000 [ 240.419464][T14958] loop6: detected capacity change from 0 to 8192 [ 241.837658][T14983] loop3: detected capacity change from 0 to 2048 [ 241.848325][T14974] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 241.863387][T14974] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 241.890666][T14983] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 241.911769][T14994] __nla_validate_parse: 2 callbacks suppressed [ 241.911787][T14994] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4181'. [ 241.935234][T11589] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 242.213713][T14994] loop0: detected capacity change from 0 to 8192 [ 242.458818][T14999] program syz.6.4184 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 242.941148][T15003] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4183'. [ 244.024547][T15003] loop3: detected capacity change from 0 to 8192 [ 244.570282][T15023] loop7: detected capacity change from 0 to 8192 [ 245.767757][T15037] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4197'. [ 246.127115][T15037] loop6: detected capacity change from 0 to 8192 [ 246.318515][ T29] kauditd_printk_skb: 56 callbacks suppressed [ 246.318530][ T29] audit: type=1326 audit(1732029519.393:20975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15046 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 246.366438][T15047] program syz.0.4201 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 246.425509][ T29] audit: type=1326 audit(1732029519.433:20976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15046 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 246.449466][ T29] audit: type=1326 audit(1732029519.433:20977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15046 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 246.473255][ T29] audit: type=1326 audit(1732029519.433:20978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15046 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 246.497127][ T29] audit: type=1326 audit(1732029519.433:20979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15046 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 246.520940][ T29] audit: type=1326 audit(1732029519.433:20980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15046 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 246.544720][ T29] audit: type=1326 audit(1732029519.433:20981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15046 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 246.568638][ T29] audit: type=1326 audit(1732029519.433:20982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15046 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 246.592376][ T29] audit: type=1326 audit(1732029519.433:20983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15046 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 246.616539][ T29] audit: type=1326 audit(1732029519.433:20984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15046 comm="syz.4.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f712acbe759 code=0x7ffc0000 [ 247.182657][T15058] loop0: detected capacity change from 0 to 8192 [ 248.417243][T15077] loop0: detected capacity change from 0 to 128 [ 248.429794][T15077] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 248.443744][T15077] ext4 filesystem being mounted at /380/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 248.521874][T10293] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 248.760782][T15083] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4216'. [ 248.854908][T15083] loop7: detected capacity change from 0 to 8192 [ 248.935472][T15088] loop0: detected capacity change from 0 to 8192 [ 250.223712][T15113] FAULT_INJECTION: forcing a failure. [ 250.223712][T15113] name failslab, interval 1, probability 0, space 0, times 0 [ 250.236485][T15113] CPU: 0 UID: 0 PID: 15113 Comm: syz.4.4225 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 250.247128][T15113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 250.257206][T15113] Call Trace: [ 250.260490][T15113] [ 250.263487][T15113] dump_stack_lvl+0xf2/0x150 [ 250.268315][T15113] dump_stack+0x15/0x20 [ 250.272516][T15113] should_fail_ex+0x223/0x230 [ 250.277241][T15113] ? getname_flags+0x81/0x3b0 [ 250.281944][T15113] should_failslab+0x8f/0xb0 [ 250.286633][T15113] kmem_cache_alloc_noprof+0x4c/0x290 [ 250.292232][T15113] getname_flags+0x81/0x3b0 [ 250.296764][T15113] __x64_sys_renameat2+0x61/0xa0 [ 250.301777][T15113] x64_sys_call+0x2cf1/0x2d60 [ 250.306492][T15113] do_syscall_64+0xc9/0x1c0 [ 250.311084][T15113] ? clear_bhb_loop+0x55/0xb0 [ 250.315793][T15113] ? clear_bhb_loop+0x55/0xb0 [ 250.320564][T15113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.326549][T15113] RIP: 0033:0x7f712acbe759 [ 250.330981][T15113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.350679][T15113] RSP: 002b:00007f7129931038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 250.359116][T15113] RAX: ffffffffffffffda RBX: 00007f712ae75f80 RCX: 00007f712acbe759 [ 250.367230][T15113] RDX: ffffffffffffff9c RSI: 0000000020000580 RDI: ffffffffffffff9c [ 250.375281][T15113] RBP: 00007f7129931090 R08: 0000000000000000 R09: 0000000000000000 [ 250.383327][T15113] R10: 00000000200005c0 R11: 0000000000000246 R12: 0000000000000001 [ 250.391376][T15113] R13: 0000000000000000 R14: 00007f712ae75f80 R15: 00007fffdbf43fc8 [ 250.399376][T15113] [ 250.461340][T15119] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4229'. [ 250.499569][T15121] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4228'. [ 250.635056][T15121] loop6: detected capacity change from 0 to 8192 [ 250.672030][T15124] loop0: detected capacity change from 0 to 8192 [ 250.703929][T15129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 250.715057][T15129] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 250.858572][T15133] FAULT_INJECTION: forcing a failure. [ 250.858572][T15133] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 250.871732][T15133] CPU: 0 UID: 0 PID: 15133 Comm: syz.0.4235 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 250.882177][T15133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 250.892244][T15133] Call Trace: [ 250.895538][T15133] [ 250.898585][T15133] dump_stack_lvl+0xf2/0x150 [ 250.903208][T15133] dump_stack+0x15/0x20 [ 250.907427][T15133] should_fail_ex+0x223/0x230 [ 250.912122][T15133] should_fail+0xb/0x10 [ 250.916294][T15133] should_fail_usercopy+0x1a/0x20 [ 250.921389][T15133] _copy_to_user+0x20/0xa0 [ 250.925856][T15133] simple_read_from_buffer+0xa0/0x110 [ 250.931324][T15133] proc_fail_nth_read+0xf9/0x140 [ 250.936306][T15133] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 250.941935][T15133] vfs_read+0x1a2/0x700 [ 250.946150][T15133] ? __rcu_read_unlock+0x4e/0x70 [ 250.951155][T15133] ? __fget_files+0x17c/0x1c0 [ 250.955875][T15133] ksys_read+0xeb/0x1b0 [ 250.960157][T15133] __x64_sys_read+0x42/0x50 [ 250.964798][T15133] x64_sys_call+0x27d3/0x2d60 [ 250.969500][T15133] do_syscall_64+0xc9/0x1c0 [ 250.974121][T15133] ? clear_bhb_loop+0x55/0xb0 [ 250.978829][T15133] ? clear_bhb_loop+0x55/0xb0 [ 250.983560][T15133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.989478][T15133] RIP: 0033:0x7f508b6cd19c [ 250.993912][T15133] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 251.013699][T15133] RSP: 002b:00007f508a341030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 251.022175][T15133] RAX: ffffffffffffffda RBX: 00007f508b885f80 RCX: 00007f508b6cd19c [ 251.030222][T15133] RDX: 000000000000000f RSI: 00007f508a3410a0 RDI: 0000000000000009 [ 251.038283][T15133] RBP: 00007f508a341090 R08: 0000000000000000 R09: 0000000000000000 [ 251.046298][T15133] R10: 0000000020000500 R11: 0000000000000246 R12: 0000000000000002 [ 251.054285][T15133] R13: 0000000000000000 R14: 00007f508b885f80 R15: 00007ffec2ff4648 [ 251.062378][T15133] [ 251.244336][T15149] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4242'. [ 251.334424][ T29] kauditd_printk_skb: 113 callbacks suppressed [ 251.334439][ T29] audit: type=1400 audit(1732029524.413:21098): avc: denied { module_request } for pid=15155 comm="syz.3.4244" kmod="fs-omfs" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 251.385258][T15161] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4244'. [ 251.411308][T15158] loop0: detected capacity change from 0 to 8192 [ 251.425782][T15163] loop6: detected capacity change from 0 to 2048 [ 251.439699][ T29] audit: type=1400 audit(1732029524.513:21099): avc: denied { mounton } for pid=15157 comm="syz.0.4245" path="/393/file0" dev="tmpfs" ino=2159 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 251.462636][ T29] audit: type=1400 audit(1732029524.513:21100): avc: denied { mount } for pid=15157 comm="syz.0.4245" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 251.495207][ T29] audit: type=1400 audit(1732029524.573:21101): avc: denied { unmount } for pid=10293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 251.593472][T15163] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 251.597501][T15161] loop3: detected capacity change from 0 to 8192 [ 251.615190][ T29] audit: type=1400 audit(1732029524.693:21102): avc: denied { mount } for pid=15162 comm="syz.6.4246" name="/" dev="loop6" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 251.615839][T15172] syz.7.4249[15172] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 251.640655][T15172] syz.7.4249[15172] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 251.652207][ T29] audit: type=1400 audit(1732029524.733:21103): avc: denied { unmount } for pid=12741 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 251.656814][T15170] loop0: detected capacity change from 0 to 2048 [ 251.690820][T12741] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.700043][ T29] audit: type=1400 audit(1732029524.763:21104): avc: denied { create } for pid=15171 comm="syz.7.4249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 251.721860][ T29] audit: type=1400 audit(1732029524.763:21105): avc: denied { write } for pid=15171 comm="syz.7.4249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 251.742704][ T29] audit: type=1400 audit(1732029524.763:21106): avc: denied { read } for pid=15171 comm="syz.7.4249" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 251.766163][ T29] audit: type=1400 audit(1732029524.763:21107): avc: denied { open } for pid=15171 comm="syz.7.4249" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 251.802012][T15170] loop0: p1 < > p4 [ 251.808255][T15170] loop0: p4 size 8388608 extends beyond EOD, truncated [ 251.884715][T15181] loop7: detected capacity change from 0 to 512 [ 251.894993][T15181] EXT4-fs error (device loop7): ext4_orphan_get:1388: inode #15: comm syz.7.4255: casefold flag without casefold feature [ 251.907933][T15181] EXT4-fs error (device loop7): ext4_orphan_get:1393: comm syz.7.4255: couldn't read orphan inode 15 (err -117) [ 251.922127][T15181] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 251.953828][T14443] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.953839][T15186] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4256'. [ 251.991758][T15189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 252.000319][T15189] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 252.007610][T15191] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4258'. [ 252.100844][T15195] loop0: detected capacity change from 0 to 8192 [ 252.401235][T15222] loop0: detected capacity change from 0 to 1024 [ 252.414579][T15222] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 252.434754][T15222] ext4: Unknown parameter '˙˙˙˙˙˙˙˙˙0xffffffffffffffff˙˙˙˙˙˙˙˙' [ 252.645468][T15228] netlink: 44 bytes leftover after parsing attributes in process `syz.7.4272'. [ 253.256291][T10293] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.314762][T15233] loop3: detected capacity change from 0 to 8192 [ 253.416694][T15244] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4277'. [ 253.425773][T15244] netlink: 84 bytes leftover after parsing attributes in process `syz.0.4277'. [ 253.445134][T15249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 253.454637][T15249] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 253.491760][T15244] loop0: detected capacity change from 0 to 8192 [ 253.592157][T15259] FAULT_INJECTION: forcing a failure. [ 253.592157][T15259] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 253.605420][T15259] CPU: 0 UID: 0 PID: 15259 Comm: syz.3.4286 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 253.615862][T15259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 253.625938][T15259] Call Trace: [ 253.629226][T15259] [ 253.632172][T15259] dump_stack_lvl+0xf2/0x150 [ 253.636854][T15259] dump_stack+0x15/0x20 [ 253.641044][T15259] should_fail_ex+0x223/0x230 [ 253.645757][T15259] should_fail+0xb/0x10 [ 253.649954][T15259] should_fail_usercopy+0x1a/0x20 [ 253.655146][T15259] _copy_from_iter+0xd5/0xd00 [ 253.659923][T15259] ? kmalloc_reserve+0x16e/0x190 [ 253.664884][T15259] ? __build_skb_around+0x196/0x1f0 [ 253.670148][T15259] ? __alloc_skb+0x21f/0x310 [ 253.674770][T15259] ? __virt_addr_valid+0x1ed/0x250 [ 253.679935][T15259] ? __check_object_size+0x364/0x520 [ 253.685314][T15259] netlink_sendmsg+0x460/0x6e0 [ 253.690141][T15259] ? __pfx_netlink_sendmsg+0x10/0x10 [ 253.695464][T15259] __sock_sendmsg+0x140/0x180 [ 253.700266][T15259] ____sys_sendmsg+0x312/0x410 [ 253.705174][T15259] __sys_sendmsg+0x1d9/0x270 [ 253.709836][T15259] __x64_sys_sendmsg+0x46/0x50 [ 253.714687][T15259] x64_sys_call+0x2689/0x2d60 [ 253.719396][T15259] do_syscall_64+0xc9/0x1c0 [ 253.723995][T15259] ? clear_bhb_loop+0x55/0xb0 [ 253.728706][T15259] ? clear_bhb_loop+0x55/0xb0 [ 253.733511][T15259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.739439][T15259] RIP: 0033:0x7fde2eaae759 [ 253.743877][T15259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.763505][T15259] RSP: 002b:00007fde2d727038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 253.771958][T15259] RAX: ffffffffffffffda RBX: 00007fde2ec65f80 RCX: 00007fde2eaae759 [ 253.780020][T15259] RDX: 0000000004000080 RSI: 0000000020001200 RDI: 0000000000000003 [ 253.788068][T15259] RBP: 00007fde2d727090 R08: 0000000000000000 R09: 0000000000000000 [ 253.796064][T15259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 253.804090][T15259] R13: 0000000000000000 R14: 00007fde2ec65f80 R15: 00007ffd21529c38 [ 253.812160][T15259] [ 253.860795][T15261] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4287'. [ 254.063353][T15275] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4294'. [ 254.150469][T15282] FAULT_INJECTION: forcing a failure. [ 254.150469][T15282] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 254.163903][T15282] CPU: 0 UID: 0 PID: 15282 Comm: syz.3.4296 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 254.174341][T15282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 254.184417][T15282] Call Trace: [ 254.187738][T15282] [ 254.190812][T15282] dump_stack_lvl+0xf2/0x150 [ 254.195473][T15282] dump_stack+0x15/0x20 [ 254.199667][T15282] should_fail_ex+0x223/0x230 [ 254.204415][T15282] should_fail_alloc_page+0xfd/0x110 [ 254.209737][T15282] __alloc_pages_noprof+0x109/0x340 [ 254.214975][T15282] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 254.220380][T15282] alloc_pages_noprof+0xe1/0x100 [ 254.225464][T15282] pte_alloc_one+0x31/0x110 [ 254.230000][T15282] __pte_alloc+0x33/0x2a0 [ 254.234356][T15282] handle_mm_fault+0x1b31/0x2aa0 [ 254.239329][T15282] exc_page_fault+0x3b9/0x650 [ 254.244105][T15282] asm_exc_page_fault+0x26/0x30 [ 254.248997][T15282] RIP: 0033:0x7fde2e971833 [ 254.253439][T15282] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 254.273111][T15282] RSP: 002b:00007fde2d7264a0 EFLAGS: 00010206 [ 254.279189][T15282] RAX: 0000000000000000 RBX: 00007fde2d726540 RCX: 00007fde25307000 [ 254.287174][T15282] RDX: 00007fde2d7266e0 RSI: 0000000000000001 RDI: 00007fde2d7265e0 [ 254.295205][T15282] RBP: 000000000000013c R08: 0000000000000008 R09: 00000000000000c7 [ 254.303240][T15282] R10: 00000000000000d2 R11: 00007fde2d726540 R12: 00007fde2d726540 [ 254.311226][T15282] R13: 00007fde2eb35fc0 R14: 00000000000000eb R15: 00007fde2d7265e0 [ 254.319259][T15282] [ 254.322343][T15282] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 254.330917][T15282] loop3: detected capacity change from 0 to 128 [ 254.338340][T15282] vfat: Unknown parameter '€' [ 254.364392][T15291] netlink: 44 bytes leftover after parsing attributes in process `syz.7.4299'. [ 254.498886][T15304] loop7: detected capacity change from 0 to 8192 [ 254.522014][T15308] loop6: detected capacity change from 0 to 1024 [ 254.529383][T15308] EXT4-fs: Ignoring removed orlov option [ 254.535336][T15308] EXT4-fs: Ignoring removed nomblk_io_submit option [ 254.537798][T15313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 254.555387][T15313] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 254.564138][T15308] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 254.576620][T15314] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4310'. [ 254.585565][T15314] netlink: 84 bytes leftover after parsing attributes in process `syz.7.4310'. [ 254.609304][T12741] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.644790][T15314] loop7: detected capacity change from 0 to 8192 [ 254.646019][T15323] loop6: detected capacity change from 0 to 512 [ 254.660209][T15323] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended [ 254.682755][T15323] EXT4-fs error (device loop6): ext4_ext_check_inode:524: inode #3: comm syz.6.4313: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 48834(4), depth 0(0) [ 254.702074][T15323] EXT4-fs error (device loop6): ext4_quota_enable:7087: comm syz.6.4313: Bad quota inode: 3, type: 0 [ 254.713598][T15323] EXT4-fs warning (device loop6): ext4_enable_quotas:7128: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 254.735346][T15323] EXT4-fs (loop6): mount failed [ 254.767036][T15329] FAULT_INJECTION: forcing a failure. [ 254.767036][T15329] name failslab, interval 1, probability 0, space 0, times 0 [ 254.779801][T15329] CPU: 0 UID: 0 PID: 15329 Comm: syz.7.4315 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 254.786168][T15338] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4318'. [ 254.790232][T15329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 254.809322][T15329] Call Trace: [ 254.812625][T15329] [ 254.815568][T15329] dump_stack_lvl+0xf2/0x150 [ 254.820201][T15329] dump_stack+0x15/0x20 [ 254.824370][T15329] should_fail_ex+0x223/0x230 [ 254.829059][T15329] ? security_sk_alloc+0x53/0x120 [ 254.834093][T15329] should_failslab+0x8f/0xb0 [ 254.838757][T15329] __kmalloc_noprof+0xa5/0x370 [ 254.843585][T15329] security_sk_alloc+0x53/0x120 [ 254.848449][T15329] sk_prot_alloc+0xc6/0x190 [ 254.852966][T15329] sk_alloc+0x33/0x360 [ 254.857043][T15329] ? pptp_create+0x15/0x160 [ 254.861567][T15329] pptp_create+0x31/0x160 [ 254.865966][T15329] pppox_create+0xd1/0x120 [ 254.870489][T15329] __sock_create+0x2db/0x500 [ 254.875097][T15329] __sys_socketpair+0x17c/0x430 [ 254.879984][T15329] __x64_sys_socketpair+0x52/0x60 [ 254.885022][T15329] x64_sys_call+0x1c1e/0x2d60 [ 254.889780][T15329] do_syscall_64+0xc9/0x1c0 [ 254.894375][T15329] ? clear_bhb_loop+0x55/0xb0 [ 254.899067][T15329] ? clear_bhb_loop+0x55/0xb0 [ 254.903840][T15329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.909767][T15329] RIP: 0033:0x7f8ca905e759 [ 254.914205][T15329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.933821][T15329] RSP: 002b:00007f8ca7cd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 254.942303][T15329] RAX: ffffffffffffffda RBX: 00007f8ca9215f80 RCX: 00007f8ca905e759 [ 254.950299][T15329] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000018 [ 254.958271][T15329] RBP: 00007f8ca7cd1090 R08: 0000000000000000 R09: 0000000000000000 [ 254.966308][T15329] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 254.974325][T15329] R13: 0000000000000000 R14: 00007f8ca9215f80 R15: 00007fff8716f398 [ 254.982408][T15329] [ 255.014633][T15344] loop6: detected capacity change from 0 to 1024 [ 255.023610][T15344] EXT4-fs (loop6): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 255.033485][T15344] EXT4-fs warning (device loop6): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 255.101808][T15346] loop7: detected capacity change from 0 to 8192 [ 255.113521][T15352] loop0: detected capacity change from 0 to 256 [ 255.212946][T15356] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4326'. [ 255.222008][T15356] netlink: 84 bytes leftover after parsing attributes in process `syz.7.4326'. [ 255.238880][T15366] loop3: detected capacity change from 0 to 512 [ 255.248444][T15367] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4331'. [ 255.278921][T15356] loop7: detected capacity change from 0 to 8192 [ 255.302578][T15366] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 255.310964][T15366] System zones: 0-2, 18-18, 34-34 [ 255.318055][T15366] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4330: bg 0: block 248: padding at end of block bitmap is not set [ 255.335029][T15366] EXT4-fs error (device loop3): ext4_acquire_dquot:6910: comm syz.3.4330: Failed to acquire dquot type 1 [ 255.348464][T15366] EXT4-fs (loop3): 1 truncate cleaned up [ 255.356166][T15366] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 255.371413][T15366] ext4 filesystem being mounted at /307/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 255.418327][T11589] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.443487][T15373] loop6: detected capacity change from 0 to 8192 [ 255.457213][T15379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.467126][T15379] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 255.518043][T15384] loop7: detected capacity change from 0 to 8192 [ 255.569596][T15396] netlink: 44 bytes leftover after parsing attributes in process `syz.7.4342'. [ 255.632065][T15398] loop6: detected capacity change from 0 to 8192 [ 255.862163][T15406] xt_CT: You must specify a L4 protocol and not use inversions on it [ 256.087543][T15410] ref_ctr_offset mismatch. inode: 0x6a6 offset: 0x0 ref_ctr_offset(old): 0x4 ref_ctr_offset(new): 0x0 [ 256.153464][T15412] loop0: detected capacity change from 0 to 8192 [ 256.166204][T15410] loop3: detected capacity change from 0 to 512 [ 256.198416][T15410] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 256.256530][T15410] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.4347: corrupted in-inode xattr: invalid ea_ino [ 256.311983][T15410] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.4347: couldn't read orphan inode 15 (err -117) [ 256.320689][T15417] loop0: detected capacity change from 0 to 8192 [ 256.334735][T15410] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 256.411057][ T29] kauditd_printk_skb: 192 callbacks suppressed [ 256.411076][ T29] audit: type=1326 audit(1732029529.463:21296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15420 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 256.441040][ T29] audit: type=1326 audit(1732029529.463:21297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15420 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 256.464719][ T29] audit: type=1326 audit(1732029529.463:21298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15420 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 256.475367][T11589] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.488385][ T29] audit: type=1326 audit(1732029529.463:21299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15420 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 256.521050][ T29] audit: type=1326 audit(1732029529.463:21300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15420 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 256.544819][ T29] audit: type=1326 audit(1732029529.473:21301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15420 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 256.568648][ T29] audit: type=1326 audit(1732029529.473:21302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15420 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 256.592327][ T29] audit: type=1326 audit(1732029529.473:21303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15420 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f508b6cd0f0 code=0x7ffc0000 [ 256.616011][ T29] audit: type=1326 audit(1732029529.473:21304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15420 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 256.639658][ T29] audit: type=1326 audit(1732029529.473:21305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15420 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 256.717443][T15425] loop0: detected capacity change from 0 to 512 [ 256.726768][T15425] EXT4-fs: Ignoring removed bh option [ 256.733561][T15425] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 256.744295][T15425] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 256.753810][T15431] program syz.3.4356 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 256.776495][T15425] netlink: 'syz.0.4353': attribute type 10 has an invalid length. [ 256.829079][T15435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 256.839091][T15435] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 256.874546][T15425] hsr_slave_0 (unregistering): left promiscuous mode [ 256.986620][T15441] loop7: detected capacity change from 0 to 8192 [ 257.078876][T15444] loop3: detected capacity change from 0 to 8192 [ 257.174286][T15452] loop7: detected capacity change from 0 to 8192 [ 257.285510][T15455] loop3: detected capacity change from 0 to 8192 [ 257.428741][T15468] program syz.7.4369 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 257.565065][T15476] program syz.0.4383 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 257.569445][T15478] loop7: detected capacity change from 0 to 512 [ 257.583381][T15478] EXT4-fs: Ignoring removed bh option [ 257.590930][T15478] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 257.600888][T15478] EXT4-fs (loop7): couldn't mount as ext3 due to feature incompatibilities [ 257.619537][T15478] netlink: 'syz.7.4373': attribute type 10 has an invalid length. [ 257.669199][T15478] hsr_slave_0 (unregistering): left promiscuous mode [ 257.847536][T15487] loop0: detected capacity change from 0 to 8192 [ 257.919480][T15498] loop6: detected capacity change from 0 to 512 [ 257.931956][T15494] loop7: detected capacity change from 0 to 2048 [ 257.933392][T15498] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 257.982321][T15498] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec01c, mo2=0002] [ 258.002980][T15494] loop7: p1 < > p4 [ 258.009004][T15498] System zones: 1-12 [ 258.013370][T15494] loop7: p4 size 8388608 extends beyond EOD, truncated [ 258.033992][T15498] EXT4-fs (loop6): 1 truncate cleaned up [ 258.053643][T15498] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 258.140179][T15499] loop0: detected capacity change from 0 to 8192 [ 258.184365][T12741] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.244888][T15505] program syz.3.4385 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 258.368318][T15514] loop6: detected capacity change from 0 to 512 [ 258.375110][T15514] EXT4-fs: Ignoring removed bh option [ 258.382268][T15514] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 258.392381][T15514] EXT4-fs (loop6): couldn't mount as ext3 due to feature incompatibilities [ 258.406446][T15514] netlink: 'syz.6.4389': attribute type 10 has an invalid length. [ 258.438889][T15514] hsr_slave_0 (unregistering): left promiscuous mode [ 258.540771][T15520] loop3: detected capacity change from 0 to 8192 [ 258.746571][T15533] loop3: detected capacity change from 0 to 8192 [ 258.872427][T15521] loop7: detected capacity change from 0 to 512 [ 258.904522][T15521] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 259.006279][T15521] EXT4-fs (loop7): 1 truncate cleaned up [ 259.018397][T15521] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 259.138267][T15562] __nla_validate_parse: 17 callbacks suppressed [ 259.138300][T15562] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4405'. [ 259.154364][T15562] netlink: 84 bytes leftover after parsing attributes in process `syz.3.4405'. [ 259.234901][T15562] loop3: detected capacity change from 0 to 8192 [ 259.304392][T14443] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.339494][T15573] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4409'. [ 259.565707][T15597] netlink: 36 bytes leftover after parsing attributes in process `syz.7.4419'. [ 259.575383][T15597] netlink: 36 bytes leftover after parsing attributes in process `syz.7.4419'. [ 259.584566][T15597] netlink: 36 bytes leftover after parsing attributes in process `syz.7.4419'. [ 259.602859][T15597] netlink: 36 bytes leftover after parsing attributes in process `syz.7.4419'. [ 259.612059][T15597] netlink: 36 bytes leftover after parsing attributes in process `syz.7.4419'. [ 259.621140][T15597] netlink: 36 bytes leftover after parsing attributes in process `syz.7.4419'. [ 259.646582][T15597] netlink: 36 bytes leftover after parsing attributes in process `syz.7.4419'. [ 259.762291][T15615] program syz.0.4425 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 260.023623][T15647] program syz.3.4440 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 260.141056][T15650] FAULT_INJECTION: forcing a failure. [ 260.141056][T15650] name failslab, interval 1, probability 0, space 0, times 0 [ 260.154401][T15650] CPU: 1 UID: 0 PID: 15650 Comm: syz.6.4441 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 260.164857][T15650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 260.175021][T15650] Call Trace: [ 260.178468][T15650] [ 260.181468][T15650] dump_stack_lvl+0xf2/0x150 [ 260.186164][T15650] dump_stack+0x15/0x20 [ 260.190372][T15650] should_fail_ex+0x223/0x230 [ 260.195147][T15650] ? __vmalloc_node_range_noprof+0x41f/0xec0 [ 260.201187][T15650] should_failslab+0x8f/0xb0 [ 260.205859][T15650] __kmalloc_node_noprof+0xa8/0x380 [ 260.211091][T15650] __vmalloc_node_range_noprof+0x41f/0xec0 [ 260.216940][T15650] ? __kvmalloc_node_noprof+0x72/0x170 [ 260.222432][T15650] ? ___kmalloc_large_node+0xba/0x120 [ 260.227982][T15650] ? __kmalloc_node_noprof+0x27f/0x380 [ 260.233520][T15650] ? bpf_check+0xdb/0xcbf0 [ 260.237954][T15650] vzalloc_noprof+0x5e/0x70 [ 260.242470][T15650] ? bpf_check+0xdb/0xcbf0 [ 260.246972][T15650] bpf_check+0xdb/0xcbf0 [ 260.251361][T15650] ? __rcu_read_unlock+0x4e/0x70 [ 260.256324][T15650] ? obj_cgroup_charge_pages+0x13d/0x1a0 [ 260.262003][T15650] ? __rcu_read_unlock+0x4e/0x70 [ 260.267032][T15650] ? __memcg_kmem_charge_page+0xd2/0x170 [ 260.272694][T15650] ? __alloc_pages_noprof+0x1bc/0x340 [ 260.278137][T15650] ? alloc_pages_bulk_noprof+0x324/0x650 [ 260.283789][T15650] ? policy_nodemask+0x2ba/0x3e0 [ 260.288781][T15650] ? __vmap_pages_range_noflush+0x940/0x960 [ 260.294704][T15650] ? _find_next_zero_bit+0x29/0x90 [ 260.299904][T15650] ? pcpu_block_update_hint_alloc+0x685/0x6a0 [ 260.306113][T15650] ? cgroup_rstat_updated+0x99/0x550 [ 260.311414][T15650] ? pcpu_block_update_hint_alloc+0x685/0x6a0 [ 260.317568][T15650] ? cgroup_rstat_updated+0x99/0x550 [ 260.322869][T15650] ? pcpu_chunk_relocate+0x183/0x280 [ 260.328263][T15650] ? __mod_memcg_state+0x104/0x1f0 [ 260.333397][T15650] ? __rcu_read_unlock+0x4e/0x70 [ 260.338414][T15650] ? pcpu_memcg_post_alloc_hook+0x158/0x1c0 [ 260.344331][T15650] ? pcpu_alloc_noprof+0xb9b/0x10a0 [ 260.349589][T15650] ? should_fail_ex+0xd7/0x230 [ 260.354373][T15650] ? selinux_bpf_prog_load+0x35/0xe0 [ 260.359682][T15650] ? should_failslab+0x8f/0xb0 [ 260.364462][T15650] ? __kmalloc_cache_noprof+0x10b/0x2a0 [ 260.370070][T15650] ? selinux_bpf_prog_load+0xbb/0xe0 [ 260.375440][T15650] bpf_prog_load+0xed4/0x1070 [ 260.380131][T15650] ? __rcu_read_unlock+0x4e/0x70 [ 260.385103][T15650] __sys_bpf+0x463/0x7a0 [ 260.389367][T15650] __x64_sys_bpf+0x43/0x50 [ 260.393811][T15650] x64_sys_call+0x2625/0x2d60 [ 260.398510][T15650] do_syscall_64+0xc9/0x1c0 [ 260.403053][T15650] ? clear_bhb_loop+0x55/0xb0 [ 260.407813][T15650] ? clear_bhb_loop+0x55/0xb0 [ 260.412510][T15650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.418437][T15650] RIP: 0033:0x7f68571de759 [ 260.422908][T15650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.442529][T15650] RSP: 002b:00007f6855e57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 260.450957][T15650] RAX: ffffffffffffffda RBX: 00007f6857395f80 RCX: 00007f68571de759 [ 260.458952][T15650] RDX: 0000000000000094 RSI: 0000000020000f80 RDI: 0000000000000005 [ 260.466945][T15650] RBP: 00007f6855e57090 R08: 0000000000000000 R09: 0000000000000000 [ 260.474990][T15650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 260.482975][T15650] R13: 0000000000000000 R14: 00007f6857395f80 R15: 00007ffcb8d92188 [ 260.491043][T15650] [ 260.495157][T15650] syz.6.4441: vmalloc error: size 4096, failed to allocated page array size 8, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 260.512484][T15650] CPU: 1 UID: 0 PID: 15650 Comm: syz.6.4441 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 260.520951][T15658] program syz.3.4444 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 260.523260][T15650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 260.523290][T15650] Call Trace: [ 260.523299][T15650] [ 260.523308][T15650] dump_stack_lvl+0xf2/0x150 [ 260.553378][T15650] dump_stack+0x15/0x20 [ 260.557573][T15650] warn_alloc+0x145/0x1b0 [ 260.561910][T15650] ? dump_stack+0x15/0x20 [ 260.566262][T15650] ? should_fail_ex+0x198/0x230 [ 260.571137][T15650] __vmalloc_node_range_noprof+0x4b6/0xec0 [ 260.576965][T15650] ? __kvmalloc_node_noprof+0x72/0x170 [ 260.582450][T15650] ? ___kmalloc_large_node+0xba/0x120 [ 260.587987][T15650] ? __kmalloc_node_noprof+0x27f/0x380 [ 260.593480][T15650] ? bpf_check+0xdb/0xcbf0 [ 260.597950][T15650] vzalloc_noprof+0x5e/0x70 [ 260.602467][T15650] ? bpf_check+0xdb/0xcbf0 [ 260.606901][T15650] bpf_check+0xdb/0xcbf0 [ 260.611203][T15650] ? __rcu_read_unlock+0x4e/0x70 [ 260.616282][T15650] ? obj_cgroup_charge_pages+0x13d/0x1a0 [ 260.621936][T15650] ? __rcu_read_unlock+0x4e/0x70 [ 260.626945][T15650] ? __memcg_kmem_charge_page+0xd2/0x170 [ 260.632776][T15650] ? __alloc_pages_noprof+0x1bc/0x340 [ 260.638166][T15650] ? alloc_pages_bulk_noprof+0x324/0x650 [ 260.643858][T15650] ? policy_nodemask+0x2ba/0x3e0 [ 260.648920][T15650] ? __vmap_pages_range_noflush+0x940/0x960 [ 260.654904][T15650] ? _find_next_zero_bit+0x29/0x90 [ 260.660067][T15650] ? pcpu_block_update_hint_alloc+0x685/0x6a0 [ 260.666167][T15650] ? cgroup_rstat_updated+0x99/0x550 [ 260.671499][T15650] ? pcpu_block_update_hint_alloc+0x685/0x6a0 [ 260.677759][T15650] ? cgroup_rstat_updated+0x99/0x550 [ 260.683119][T15650] ? pcpu_chunk_relocate+0x183/0x280 [ 260.688509][T15650] ? __mod_memcg_state+0x104/0x1f0 [ 260.693691][T15650] ? __rcu_read_unlock+0x4e/0x70 [ 260.698750][T15650] ? pcpu_memcg_post_alloc_hook+0x158/0x1c0 [ 260.704798][T15650] ? pcpu_alloc_noprof+0xb9b/0x10a0 [ 260.710025][T15650] ? should_fail_ex+0xd7/0x230 [ 260.714845][T15650] ? selinux_bpf_prog_load+0x35/0xe0 [ 260.720152][T15650] ? should_failslab+0x8f/0xb0 [ 260.724930][T15650] ? __kmalloc_cache_noprof+0x10b/0x2a0 [ 260.730537][T15650] ? selinux_bpf_prog_load+0xbb/0xe0 [ 260.735845][T15650] bpf_prog_load+0xed4/0x1070 [ 260.740623][T15650] ? __rcu_read_unlock+0x4e/0x70 [ 260.745665][T15650] __sys_bpf+0x463/0x7a0 [ 260.749925][T15650] __x64_sys_bpf+0x43/0x50 [ 260.754396][T15650] x64_sys_call+0x2625/0x2d60 [ 260.759169][T15650] do_syscall_64+0xc9/0x1c0 [ 260.763770][T15650] ? clear_bhb_loop+0x55/0xb0 [ 260.768472][T15650] ? clear_bhb_loop+0x55/0xb0 [ 260.773174][T15650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.779146][T15650] RIP: 0033:0x7f68571de759 [ 260.783573][T15650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.803208][T15650] RSP: 002b:00007f6855e57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 260.811645][T15650] RAX: ffffffffffffffda RBX: 00007f6857395f80 RCX: 00007f68571de759 [ 260.819633][T15650] RDX: 0000000000000094 RSI: 0000000020000f80 RDI: 0000000000000005 [ 260.827675][T15650] RBP: 00007f6855e57090 R08: 0000000000000000 R09: 0000000000000000 [ 260.835656][T15650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 260.843644][T15650] R13: 0000000000000000 R14: 00007f6857395f80 R15: 00007ffcb8d92188 [ 260.851635][T15650] [ 260.854813][T15650] Mem-Info: [ 260.857956][T15650] active_anon:17775 inactive_anon:18 isolated_anon:0 [ 260.857956][T15650] active_file:9725 inactive_file:11390 isolated_file:0 [ 260.857956][T15650] unevictable:0 dirty:344 writeback:1 [ 260.857956][T15650] slab_reclaimable:3138 slab_unreclaimable:16608 [ 260.857956][T15650] mapped:21080 shmem:15145 pagetables:716 [ 260.857956][T15650] sec_pagetables:0 bounce:0 [ 260.857956][T15650] kernel_misc_reclaimable:0 [ 260.857956][T15650] free:1890349 free_pcp:2927 free_cma:0 [ 260.904551][T15650] Node 0 active_anon:71216kB inactive_anon:72kB active_file:38900kB inactive_file:45560kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:84320kB dirty:1376kB writeback:4kB shmem:60580kB writeback_tmp:0kB kernel_stack:3088kB pagetables:2864kB sec_pagetables:0kB all_unreclaimable? no [ 260.933625][T15650] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 260.960844][T15650] lowmem_reserve[]: 0 2866 7844 0 [ 260.966633][T15650] Node 0 DMA32 free:2950376kB boost:0kB min:4136kB low:7068kB high:10000kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953908kB mlocked:0kB bounce:0kB free_pcp:3532kB local_pcp:0kB free_cma:0kB [ 260.995941][T15650] lowmem_reserve[]: 0 0 4978 0 [ 261.000791][T15650] Node 0 Normal free:4595220kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB active_anon:71100kB inactive_anon:72kB active_file:38900kB inactive_file:45560kB unevictable:0kB writepending:1380kB present:5242880kB managed:5098208kB mlocked:0kB bounce:0kB free_pcp:8180kB local_pcp:1668kB free_cma:0kB [ 261.031750][T15650] lowmem_reserve[]: 0 0 0 0 [ 261.036412][T15650] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 261.049318][T15650] Node 0 DMA32: 4*4kB (M) 3*8kB (M) 4*16kB (M) 4*32kB (M) 4*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 3*1024kB (M) 2*2048kB (M) 718*4096kB (M) = 2950376kB [ 261.066423][T15650] Node 0 Normal: 1117*4kB (UME) 384*8kB (UM) 242*16kB (UME) 202*32kB (UME) 139*64kB (UME) 57*128kB (UME) 117*256kB (UME) 232*512kB (UME) 179*1024kB (UME) 89*2048kB (UE) 988*4096kB (UM) = 4595220kB [ 261.085984][T15650] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 261.096191][T15650] 36274 total pagecache pages [ 261.100940][T15650] 22 pages in swap cache [ 261.105241][T15650] Free swap = 124484kB [ 261.109457][T15650] Total swap = 124996kB [ 261.113652][T15650] 2097051 pages RAM [ 261.117507][T15650] 0 pages HighMem/MovableOnly [ 261.122945][T15650] 80182 pages reserved [ 261.224818][T15685] program syz.7.4454 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 261.266275][T15690] program syz.7.4457 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 261.294657][T15694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 261.304028][T15694] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 261.376683][T15700] loop6: detected capacity change from 0 to 1024 [ 261.383594][T15700] EXT4-fs: Ignoring removed nobh option [ 261.389274][T15700] EXT4-fs: Ignoring removed orlov option [ 261.403489][T15700] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 261.452795][T12741] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.454657][T15707] loop7: detected capacity change from 0 to 2048 [ 261.469316][T15707] EXT4-fs (loop7): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 261.485348][T15707] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 261.499812][T15707] EXT4-fs error (device loop7): ext4_find_extent:938: inode #2: comm syz.7.4463: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 261.525942][T14443] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.573369][T15716] loop6: detected capacity change from 0 to 512 [ 261.580174][T15716] EXT4-fs: Ignoring removed bh option [ 261.587385][T15716] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 261.599463][T15720] program syz.7.4468 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 261.599832][T15716] EXT4-fs (loop6): 1 truncate cleaned up [ 261.615940][T15716] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 261.631245][T15716] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 261.642821][T15723] pim6reg1: entered promiscuous mode [ 261.648172][T15723] pim6reg1: entered allmulticast mode [ 261.674222][T12741] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.747999][T15729] program syz.7.4472 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 261.856152][ T29] kauditd_printk_skb: 296 callbacks suppressed [ 261.856168][ T29] audit: type=1400 audit(1732029534.933:21602): avc: denied { write } for pid=15734 comm="syz.4.4475" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 261.883851][ T29] audit: type=1400 audit(1732029534.963:21603): avc: denied { read } for pid=15738 comm="syz.0.4476" name="event1" dev="devtmpfs" ino=243 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 261.910032][ T29] audit: type=1400 audit(1732029534.963:21604): avc: denied { open } for pid=15738 comm="syz.0.4476" path="/dev/input/event1" dev="devtmpfs" ino=243 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 261.935193][ T29] audit: type=1400 audit(1732029534.963:21605): avc: denied { ioctl } for pid=15738 comm="syz.0.4476" path="/dev/input/event1" dev="devtmpfs" ino=243 ioctlcmd=0x4581 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 261.972240][ T29] audit: type=1400 audit(1732029535.053:21606): avc: denied { getopt } for pid=15748 comm="syz.7.4478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 262.004273][T15753] sctp: [Deprecated]: syz.6.4480 (pid 15753) Use of struct sctp_assoc_value in delayed_ack socket option. [ 262.004273][T15753] Use struct sctp_sack_info instead [ 262.026925][ T29] audit: type=1326 audit(1732029535.103:21607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15757 comm="syz.0.4482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 262.056371][ T29] audit: type=1326 audit(1732029535.103:21608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15757 comm="syz.0.4482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 262.063521][T15758] team0: No ports can be present during mode change [ 262.080044][ T29] audit: type=1326 audit(1732029535.103:21609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15757 comm="syz.0.4482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 262.080079][ T29] audit: type=1326 audit(1732029535.103:21610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15757 comm="syz.0.4482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 262.080104][ T29] audit: type=1326 audit(1732029535.103:21611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15757 comm="syz.0.4482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f508b6ce759 code=0x7ffc0000 [ 262.119685][T15760] program syz.6.4483 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 262.198157][T15765] vhci_hcd: invalid port number 129 [ 262.203434][T15765] vhci_hcd: default hub control req: 0200 v0000 i0081 l0 [ 262.299301][T15768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 262.308638][T15768] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 262.343496][T15773] ================================================================== [ 262.351648][T15773] BUG: KCSAN: data-race in __anon_vma_prepare / handle_mm_fault [ 262.359323][T15773] [ 262.361655][T15773] write to 0xffff888115ef7748 of 8 bytes by task 15774 on cpu 1: [ 262.369396][T15773] __anon_vma_prepare+0x180/0x310 [ 262.374442][T15773] handle_mm_fault+0x1c5d/0x2aa0 [ 262.379412][T15773] exc_page_fault+0x296/0x650 [ 262.384104][T15773] asm_exc_page_fault+0x26/0x30 [ 262.388977][T15773] rep_movs_alternative+0x33/0x70 [ 262.394022][T15773] _copy_to_user+0x7c/0xa0 [ 262.398483][T15773] put_timespec64+0x64/0xb0 [ 262.403008][T15773] __x64_sys_clock_getres+0x143/0x190 [ 262.408391][T15773] x64_sys_call+0x12a5/0x2d60 [ 262.413084][T15773] do_syscall_64+0xc9/0x1c0 [ 262.417628][T15773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.423545][T15773] [ 262.425880][T15773] read to 0xffff888115ef7748 of 8 bytes by task 15773 on cpu 0: [ 262.433523][T15773] handle_mm_fault+0xd87/0x2aa0 [ 262.438406][T15773] exc_page_fault+0x3b9/0x650 [ 262.443097][T15773] asm_exc_page_fault+0x26/0x30 [ 262.448021][T15773] [ 262.450338][T15773] value changed: 0x0000000000000000 -> 0xffff888114d60138 [ 262.457445][T15773] [ 262.459763][T15773] Reported by Kernel Concurrency Sanitizer on: [ 262.465906][T15773] CPU: 0 UID: 0 PID: 15773 Comm: syz.0.4489 Not tainted 6.12.0-syzkaller-00171-g23acd177540d #0 [ 262.476323][T15773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 262.486384][T15773] ==================================================================