last executing test programs: 1.592192171s ago: executing program 1 (id=3116): socket$nl_generic(0x10, 0x3, 0x10) timerfd_create(0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10) timer_create(0x2, 0x0, &(0x7f0000000500)=0x0) timer_gettime(r3, &(0x7f0000000100)) 1.591960431s ago: executing program 3 (id=3117): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='sched_switch\x00', r1}, 0xd) bpf$PROG_LOAD(0x5, 0x0, 0x0) close(0xffffffffffffffff) write$binfmt_misc(0xffffffffffffffff, 0x0, 0xfffffecc) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000500000000000000000a20000000000a03000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021"], 0xe0}}, 0x0) 1.555757584s ago: executing program 1 (id=3118): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d0000000700000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bind$inet(r0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) 1.555175415s ago: executing program 1 (id=3119): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="000000000000010400"/18, @ANYRES32=0x0, @ANYRES32], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x4030582b, 0x0) perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0xa, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x900000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000300)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") creat(&(0x7f0000000240)='./bus\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r2, &(0x7f0000004200)='t', 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) socket$netlink(0x10, 0x3, 0x0) sendfile(r2, r1, 0x0, 0x3ffff) sendfile(r2, r1, 0x0, 0x7ffff000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 1.554567295s ago: executing program 3 (id=3120): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d0000000700000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bind$inet(r0, 0x0, 0x0) listen(r0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaa8aaaaa0000000000000800450000280000000000069078ac0314bbac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf7cf39e3100c8acaa47684f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d7559f3b14820ed58b15627c95aa0b784625704f07372c29184ff7f4a7c0000070015006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e000000000000041201baa80b0b8ed8fb1ec577c377f627daaf787a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bdeda7be586602d985430cea080000000000fb1a26abfb0767192361448279b05d96a703a660587a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aab926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb155481ef836eb0f8c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaed2b25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec0271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761036eafed1fb2b98b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe514283707c70600000000000000b7561301bb997316db01ee601f2c9659db9bc04f7089a660d8dcc3ae83169cf331efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a515d83129cd857c775f9e7d6101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbe3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x20c092, &(0x7f0000000080)={[{@data_err_abort}]}, 0x8, 0x513, &(0x7f0000000c00)="$eJzs3U9vI2cZAPBnHLubbQNOWw6lEtvQP8oiWCdp+ifiUBqJP6dKiHLPhsSJojjxKnHaTbSC9BOAUAVIXODEBYkPgIT6ERBSJbhx4ASqIKEHLsjV2OMmcezU0Tp2N/79pMm8876xn+dxYmdez8QTwMiaiog3I2IsIl6KiGLWn8uWOGwu6fcdHz1YSZck6vW3/51EkvW13+cT2c1SP/hexI+S83F39w82lyuV8s7Z7oM7G1vL6+X18vb8/NxrC68vvLow22MlSf6i0Scj4o1vf/yLn/7uu2/86Rvv/mPpX7d/nKZ1NxvvVEc/NEsvxPiZ7esj/b3JNyoEAOBR8HREPBURz0fE16IYY3HhbjQAAADwCKp/a+JGqwkAAABcT7mImIgkV8rO952IXK5Uap7D+6V4PFep7ta+vlbd215NxyImo5Bb26iUZ7NzhSejkKTbc432yfbLbdvz2Tm47xdvptuNMQAAAGAwFtvm/x8Xm/N/AAAA4JrpfDB+bOB5AAAAAFfHyfgAAABw/Zn/AwAAwLX2/bfeSpf68dGDxnUAVt/Z39usvnNntby7WdraWymtVHfuldar1fVKudTDfwRUqtV7r8T23v2ZWn63NrO7f7C0Vd3bri01ruu9VH5qADUBAAAAZz353Ad/SyLi8Js3G0vqsWysMNTMgM+RJN/WcferQ8oE6ItLf8jP1N7VJAIMXPvfdGB0mOMDSXtH247BeOddhdz5rlufGcs+BwAADMf0lx3/h1HVYQIPjIifDTsBYGhO3ov/jDOBpq4+F2CwCi7zByPv3PH/NuPdBv7ca4R6/VIJAQAAfTfRXB1GdixwInK5UunTw4LJ2kalPBsRX4yIvxYLN9LtuSHmCwAAAAAAAAAAAAAAAAAAAAAAAACPono9iToAAABwrUXk/plk1/+aLr440f7+wGPJ/4qNdUS8++u3f3l/uVbbmUv7//Npf+1XWf/Lw3gHAwAAAEZR4cLR1jy9NY8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgH46Pnqw0loGGfejxbgZkxHHN9rj52O8sR6PQkQ8/t8k8qdul0TEWB/iH74XEc90qj9J04rJLIv2+LmIuDnk+E/0IT6Msg8WI+LNTs+/XEw11p2ff/lseVgfLTae5B3jt17/xrq8/n2hxxjPfviHma7x34t4Nt/59acVP+kS/4Ue49/94cFBt7H6byOmO/79SZqrXPaNta17M7v7B3c2tpbXy+vl7fn5udcWXl94dWF2Zm2jUs6+dozx86/88fD9rvU3A5yO36pzspnhT7rV/2KP9f//w/tHTzebhfPxI26/0Pnn/0xj3fnxT38nXsoennR8utU+bLZPu/X7v9zqllsaf7XL49/8+RfrJ/HzZ+q/3Vv5p2v+TW83AQCu0u7+weZypVLeGUDj+Vf6d4dJo5HuBQ0o+WE3Wm92fF7yGR9O9Bsx3Nq/89D309odfpj7+Xvf6krnDJ2HhviiBAAAXImTnf5hZwIAAAAAAAAAAAAAAAAAAACjq/H//2OX/CDA5y73SWPtMQ+HUyoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIU+CQAA//+3Rb+N") r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140), 0x4) r3 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000280)={0x0, r2}, 0x8) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x18, 0x5, &(0x7f0000000380)=ANY=[@ANYRES8=r2, @ANYBLOB="9123ab4fe59dcb6eae2322cc7594c275f5e617f6ebacd182041351407fe295df1eb1c5021ae3d46fb4bbaee0a11bbca6147c4c86b9b16699e2c530116a74e123ad3e0404499115cea4f309087881f74d4ea41e", @ANYRESOCT=r3], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYBLOB="adde9e3d6a4067c78ee08d3e2697b5f27018a9d766c4d4a17c479271", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) nanosleep(&(0x7f0000000180)={0x0, 0x989680}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) timerfd_create(0x9, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) getsockopt$sock_cred(r6, 0x1, 0x11, 0x0, &(0x7f0000cab000)) setresuid(0x0, 0x0, 0xee00) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_WIPHY(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01030000000000000000010000000800070000000000080003009429c14f1a815426a76897a432aec7da6a9d25d1d76ca0ed26b60200000000000000fa4ae49c6215ca54d50300fc95290b8836f6fe54b3357cce9f5bbd22aa7458403b8aa609fd538c313de4d8152b94d1482f8d87074ef18cee0bd5db365d931000", @ANYRES32=0x0, @ANYBLOB="0c0099000000000064000000"], 0x30}}, 0x0) 1.524926127s ago: executing program 0 (id=3121): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) lsm_set_self_attr(0x66, &(0x7f0000000340)=ANY=[@ANYBLOB="65000000000000000304000000000000280000000000000008"], 0x28, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="030700000000000000000b000000080003003803"], 0x1c}}, 0x0) 1.403333508s ago: executing program 3 (id=3123): close(0xffffffffffffffff) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000007c0)=ANY=[@ANYBLOB="1c0000000000000000000000000000001812000098f1bd05ab672dceb5e9ba01ecf86501ffa2009652f6de3ffbd4b32f3844a4c557bcadd5684f6f8963c59c0500d4f214b33350f83dfb12a242cce440adff8a55dd4ee3c3460b89c609635574000000000094ec365072ccd214a61c475005fd116ed092f2e8b29cd9d5d1290542a9768325560875870994aa21477f0d911a", @ANYRES32, @ANYRES32=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRESDEC=r6, @ANYRES32, @ANYBLOB="000000000000000000000600000000000000000000000000000013da392f8183b61916bb0000843ef4908d39d1d10268f378d2ade077583a85ca5cd67655d5aa71fbaca0053331959d42f7c468bc1bd3960dae9d466f6fe042c459868cffb5e5a9e7aaf643695a6d23c5dbc57bd58a903034c6ea9350d9037a4255ea8a29e126172ee343d2c16c91c7bfe1e48ae9e01585ab2d0daec9c432983f8d7c2386b393e4954e844718e7ab0b8cf6fc3697814b4a76b80c81c3b7f27e5d7d4e18289eac3d78670c30d7762e456d74c84ed6f94a3f5169dab7561e0790ffeb342d9adc2438bb"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00'}, 0x10) timer_create(0x0, 0x0, &(0x7f0000000240)=0x0) timer_delete(r8) splice(r3, 0x0, r5, 0x0, 0x8000f28, 0x0) splice(r4, 0x0, r1, 0x0, 0x7f, 0xe) write(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x100000a, 0x4012831, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000cd8000/0x4000)=nil, 0x3) read$msr(r4, &(0x7f00000003c0)=""/102, 0x66) quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r10 = socket$nl_route(0x10, 0x3, 0x0) r11 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="300000001d0001efffffff0000555adf63b55e7a7c0000000a0000003aed7effa606588ce637dd1e358206cf2ce1af91941af891e8303891b147a8c8dd8e8a8f34fd0600ec1868618a8c764bafc3a3a617613ccbe24482fb683b487902f551c37f5db812d6ce92c68b02ad3e020a27b91fb938015165d1381e80ec4cab4bbc6cd5ec644d06019529d36066c08ae7010cfcc25dd4811c5165348a809d000000000000000000000000000000000000000000000000000000000065cca040e2b122a008e1737e43548443977c0ead1c5ce640623cb911554edcbf83d85d17b9985e41cd9759ae5f93514a88c5845137d455272a625f23f9ee77b8b2987349c0238749e94da9843e223676cb0b44b109775f394904e7e61bf5ae6a41563f45e5080abe90b2191855549b0f0ba262d104436378f2aef59c43dc5fe8441275fe9b463b0cd9a75d9bb33e648074926102a5901d386bf5ed5a870a33ae5db300", @ANYRES32=r12, @ANYBLOB="0000080014000100fe8000000000000000000000000000aa"], 0x30}}, 0x0) r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES32=r9, @ANYRESHEX, @ANYRES64=r9, @ANYRESDEC=r4, @ANYRESHEX=0x0, @ANYRES32=r6, @ANYBLOB="0c330a11f113b822fdc99b826168f549acd7a1709c502b2215b0fe94d0bea262df3823922ceb210648518d2c7991b49b8d291321b87992a91048a3af024d5ba39b97ab16a4611b8e1e41fae974452d88c9140741b6c408200215e5f7bc5e212381ed729e1005553dd33c2ba136c82f4c1f494ed93576d2eb3b60798e11076a46df1dea83f8f67233e64919da12f4d489a23c9705014a18d10e94ae374fdb10736ed2bd76732496ac93120d7dac7d58", @ANYRES32=r0, @ANYRES16=r12], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r13}, 0x10) r14 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000300)='thermal_power_allocator\x00', r14}, 0x18) 1.37002366s ago: executing program 0 (id=3125): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x3804c82, &(0x7f0000000000)={[{@orlov}, {@errors_remount}]}, 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) ioctl$FIBMAP(r0, 0x1, &(0x7f00000000c0)) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 937.363108ms ago: executing program 2 (id=3127): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000180)={r2}, 0xc) 936.907598ms ago: executing program 2 (id=3128): socket$nl_generic(0x10, 0x3, 0x10) timerfd_create(0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10) timer_create(0x2, 0x0, &(0x7f0000000500)=0x0) timer_gettime(r3, &(0x7f0000000100)) 931.993739ms ago: executing program 2 (id=3129): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3eb4055bdebd7828}, {0xa}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_INGRESS={0x8}, @TCA_CAKE_FWMARK={0x8}]}}]}, 0x44}}, 0x8080) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r3, 0x0, 0x4ffe6, 0x0) 922.829289ms ago: executing program 0 (id=3130): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='sched_switch\x00', r1}, 0xd) bpf$PROG_LOAD(0x5, 0x0, 0x0) close(0xffffffffffffffff) write$binfmt_misc(0xffffffffffffffff, 0x0, 0xfffffecc) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000500000000000000000a20000000000a03000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021"], 0xe0}}, 0x0) 712.889278ms ago: executing program 0 (id=3134): perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x40000) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x1000, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x19, 0x4, 0x8, 0x7fff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x40042, 0x1ff) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x18) renameat2(r3, &(0x7f0000000080)='./file1\x00', r2, &(0x7f00000000c0)='./file0\x00', 0x0) 646.041224ms ago: executing program 1 (id=3135): socket$nl_generic(0x10, 0x3, 0x10) timerfd_create(0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) timer_create(0x2, 0x0, &(0x7f0000000500)=0x0) timer_gettime(r2, &(0x7f0000000100)) 587.305118ms ago: executing program 1 (id=3136): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2800001, 0xc3072, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0) 586.500728ms ago: executing program 1 (id=3137): perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x40000) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x1000, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x19, 0x4, 0x8, 0x7fff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0x0) ioctl$MON_IOCX_GET(r2, 0x40189206, &(0x7f0000000380)={0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x40042, 0x1ff) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x18) renameat2(r4, &(0x7f0000000080)='./file1\x00', r3, &(0x7f00000000c0)='./file0\x00', 0x0) 516.003815ms ago: executing program 0 (id=3139): bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8) close(0xffffffffffffffff) pipe(&(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) pipe(&(0x7f0000000200)) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000007c0)=ANY=[@ANYBLOB="1c0000000000000000000000000000001812000098f1bd05ab672dceb5e9ba01ecf86501ffa2009652f6de3ffbd4b32f3844a4c557bcadd5684f6f8963c59c0500d4f214b33350f83dfb12a242cce440adff8a55dd4ee3c3460b89c609635574000000000094ec365072ccd214a61c475005fd116ed092f2e8b29cd9d5d1290542a9768325560875870994aa21477f0d911a", @ANYRES32, @ANYRES32=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRESDEC=r1, @ANYRES32, @ANYBLOB="000000000000000000000600000000000000000000000000000013da392f8183b61916bb0000843ef4908d39d1d10268f378d2ade077583a85ca5cd67655d5aa71fbaca0053331959d42f7c468bc1bd3960dae9d466f6fe042c459868cffb5e5a9e7aaf643695a6d23c5dbc57bd58a903034c6ea9350d9037a4255ea8a29e126172ee343d2c16c91c7bfe1e48ae9e01585ab2d0daec9c432983f8d7c2386b393e4954e844718e7ab0b8cf6fc3697814b4a76b80c81c3b7f27e5d7d4e18289eac3d78670c30d7762e456d74c84ed6f94a3f5169dab7561e0790ffeb342d9adc2438bb"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00'}, 0x10) timer_create(0x0, 0x0, &(0x7f0000000240)=0x0) timer_delete(r2) write(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x100000a, 0x4012831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000cd8000/0x4000)=nil, 0x3) 472.752918ms ago: executing program 4 (id=3140): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000180)={r2}, 0xc) 456.57348ms ago: executing program 3 (id=3141): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x3804c82, &(0x7f0000000000)={[{@orlov}, {@errors_remount}]}, 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) ioctl$FIBMAP(r0, 0x1, &(0x7f00000000c0)) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 414.552464ms ago: executing program 4 (id=3142): socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) 414.168313ms ago: executing program 4 (id=3143): r0 = syz_io_uring_setup(0xd7b, &(0x7f00000035c0)={0x0, 0x2, 0x10100, 0x1}, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x49, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) io_uring_enter(r0, 0x291c, 0x0, 0x0, 0x0, 0x0) 286.475625ms ago: executing program 0 (id=3144): r0 = epoll_create1(0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x7, 0x2, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r3}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10) r7 = syz_open_procfs(0x0, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYRES32], 0x5c}}, 0x0) timer_gettime(0x0, &(0x7f0000000400)) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0xe000001a}) read$char_usb(r1, &(0x7f0000000b00)=""/182, 0xb6) ppoll(&(0x7f0000000780)=[{r0}], 0x1, 0x0, 0x0, 0x0) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002700)=@delchain={0x23c, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8, 0xb, 0x1000}, @filter_kind_options=@f_u32={{0x8}, {0x54, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'veth0\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8}, @TCA_U32_MARK={0x10}, @TCA_U32_FLAGS={0x8}]}}, @TCA_RATE={0x6, 0x5, {0x40, 0x1}}, @TCA_RATE={0x6}, @filter_kind_options=@f_cgroup={{0xb}, {0x198, 0x2, [@TCA_CGROUP_EMATCHES={0x194, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_LIST={0xa8, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x14, 0x1, 0x0, 0x0, {{0x3, 0x2, 0x9}, {0x2, 0x1, 0x1, "e2"}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x7, 0x3, 0x3fe5}, {0xfffffffb, 0x100, 0x4, 0x8000}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x1069, 0x7, 0x7}, {{0x8, 0x1, 0x1, 0x1}, {0x2, 0x0, 0x1, 0x1}}}}, @TCF_EM_IPT={0x20, 0x1, 0x0, 0x0, {{0x4, 0x9, 0xfc00}, [@TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x2}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x3, 0x3, 0x4}, {0x8, 0x194, 0x518, 0x7}}}, @TCF_EM_META={0x24, 0x1, 0x0, 0x0, {{0x8, 0x4, 0x9}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x2, 0x17}, {0x3ff, 0x3, 0x1}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x7fff, 0x0, 0x2}, {0x2, 0x8}}}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_LIST={0xd8, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0xfffa, 0x1, 0xfff7}, {0x7, 0x6, 0x2, 0x2, 0x5, 0x2, 0x2}}}, @TCF_EM_META={0x60, 0x2, 0x0, 0x0, {{0x0, 0x4, 0xd}, [@TCA_EM_META_LVALUE={0x33, 0x2, [@TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR="58a7987a274f0cc3ce", @TCF_META_TYPE_VAR="cac29306dd73c5e626", @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_INT, @TCF_META_TYPE_VAR="faae9e3b", @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="547d4938e2", @TCF_META_TYPE_INT=0x3]}, @TCA_EM_META_LVALUE={0x14, 0x2, [@TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT=0x8]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x8, 0x25, 0x1}, {0x1, 0xfe}}}]}}, @TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x7, 0x7, 0x4000}, {{0x0, 0x1, 0x0, 0x1}, {0x1}}}}, @TCF_EM_NBYTE={0x14, 0x1, 0x0, 0x0, {{0xb457, 0x2, 0x6}, {0x8001, 0x2, 0x0, "0588"}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x0, 0x1, 0x304}, {0x8, 0x8001, 0x6, 0x4, 0x3, 0x1, 0x1}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x0, 0x3, 0x1}, {0x4, 0x1, 0xd21, 0x5}}}]}]}]}}]}, 0x23c}}, 0x0) ioctl$USBDEVFS_FORBID_SUSPEND(r1, 0x5521) r10 = socket(0x10, 0x803, 0x0) sendto(r10, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r10, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r2, 0xffffffffffffffff}, &(0x7f00000005c0), &(0x7f00000006c0)=r8}, 0x20) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000bc0)=@bpf_lsm={0x1d, 0x3, &(0x7f0000000300)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @map_val={0x18, 0x9, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x3}], &(0x7f0000000340)='GPL\x00', 0x10, 0xc5, &(0x7f0000000880)=""/197, 0x41100, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000580)={0x5, 0x4, 0x1000, 0x10000000}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000a40)=[r1, r7, r11, r2], &(0x7f0000000a80)=[{0x5, 0x2, 0x8, 0xa}, {0x4, 0x1, 0x5, 0x9}, {0x5, 0x4, 0x4, 0x5}, {0x4, 0x2, 0x2, 0xc}, {0x2, 0x3}], 0x10, 0xfff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10) r12 = socket$isdn(0x22, 0x2, 0x23) r13 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x40, 0x0) dup2(r13, r12) 286.167755ms ago: executing program 4 (id=3145): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xa0090199) 251.677688ms ago: executing program 4 (id=3146): socket$nl_generic(0x10, 0x3, 0x10) timerfd_create(0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) timer_create(0x2, 0x0, &(0x7f0000000500)=0x0) timer_gettime(r2, &(0x7f0000000100)) 235.890059ms ago: executing program 4 (id=3147): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="000000000000010400"/18, @ANYRES32=0x0, @ANYRES32], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x4030582b, 0x0) perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0xa, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x900000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000300)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") creat(&(0x7f0000000240)='./bus\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r2, &(0x7f0000004200)='t', 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) socket$netlink(0x10, 0x3, 0x0) sendfile(r2, r1, 0x0, 0x3ffff) sendfile(r2, r1, 0x0, 0x7ffff000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 148.623127ms ago: executing program 3 (id=3148): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2800001, 0xc3072, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0) 74.408173ms ago: executing program 2 (id=3149): socket$nl_rdma(0x10, 0x3, 0x14) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3e8, 0x200, 0x200, 0x200, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2}}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x4}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x2}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x4}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x3c, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000840)={{r4}, &(0x7f0000000600), &(0x7f0000000800)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) connect$inet(r3, &(0x7f00000006c0)={0x2, 0x0, @dev}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xb7, &(0x7f0000000340)=[{}, {}, {}], 0x18, 0x0, 0x0, &(0x7f0000000400), 0x8, 0xa1, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000004c0)=r5, 0x4) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r7}, &(0x7f00000002c0), &(0x7f0000000300)}, 0x20) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10) r9 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000851000000300000018000000000000000000000000000000950000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) pipe(&(0x7f0000000500)) 39.270416ms ago: executing program 2 (id=3150): r0 = socket$rds(0x15, 0x5, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000600)='\x87\x86@\x00\x00\x00\x00\x00\x00\x00\x00+\xafM\x01\x00\x00\x00\x00\x00') bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) 31.934777ms ago: executing program 3 (id=3151): close(0xffffffffffffffff) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000007c0)=ANY=[@ANYBLOB="1c0000000000000000000000000000001812000098f1bd05ab672dceb5e9ba01ecf86501ffa2009652f6de3ffbd4b32f3844a4c557bcadd5684f6f8963c59c0500d4f214b33350f83dfb12a242cce440adff8a55dd4ee3c3460b89c609635574000000000094ec365072ccd214a61c475005fd116ed092f2e8b29cd9d5d1290542a9768325560875870994aa21477f0d911a", @ANYRES32, @ANYRES32=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRESDEC=r6, @ANYRES32, @ANYBLOB="000000000000000000000600000000000000000000000000000013da392f8183b61916bb0000843ef4908d39d1d10268f378d2ade077583a85ca5cd67655d5aa71fbaca0053331959d42f7c468bc1bd3960dae9d466f6fe042c459868cffb5e5a9e7aaf643695a6d23c5dbc57bd58a903034c6ea9350d9037a4255ea8a29e126172ee343d2c16c91c7bfe1e48ae9e01585ab2d0daec9c432983f8d7c2386b393e4954e844718e7ab0b8cf6fc3697814b4a76b80c81c3b7f27e5d7d4e18289eac3d78670c30d7762e456d74c84ed6f94a3f5169dab7561e0790ffeb342d9adc2438bb"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00'}, 0x10) timer_create(0x0, 0x0, &(0x7f0000000240)=0x0) timer_delete(r8) splice(r3, 0x0, r5, 0x0, 0x8000f28, 0x0) splice(r4, 0x0, r1, 0x0, 0x7f, 0xe) write(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x100000a, 0x4012831, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000cd8000/0x4000)=nil, 0x3) read$msr(r4, &(0x7f00000003c0)=""/102, 0x66) quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r10 = socket$nl_route(0x10, 0x3, 0x0) r11 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="300000001d0001efffffff0000555adf63b55e7a7c0000000a0000003aed7effa606588ce637dd1e358206cf2ce1af91941af891e8303891b147a8c8dd8e8a8f34fd0600ec1868618a8c764bafc3a3a617613ccbe24482fb683b487902f551c37f5db812d6ce92c68b02ad3e020a27b91fb938015165d1381e80ec4cab4bbc6cd5ec644d06019529d36066c08ae7010cfcc25dd4811c5165348a809d000000000000000000000000000000000000000000000000000000000065cca040e2b122a008e1737e43548443977c0ead1c5ce640623cb911554edcbf83d85d17b9985e41cd9759ae5f93514a88c5845137d455272a625f23f9ee77b8b2987349c0238749e94da9843e223676cb0b44b109775f394904e7e61bf5ae6a41563f45e5080abe90b2191855549b0f0ba262d104436378f2aef59c43dc5fe8441275fe9b463b0cd9a75d9bb33e648074926102a5901d386bf5ed5a870a33ae5db300", @ANYRES32=r12, @ANYBLOB="0000080014000100fe8000000000000000000000000000aa"], 0x30}}, 0x0) r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES32=r9, @ANYRESHEX, @ANYRES64=r9, @ANYRESDEC=r4, @ANYRESHEX=0x0, @ANYRES32=r6, @ANYBLOB="0c330a11f113b822fdc99b826168f549acd7a1709c502b2215b0fe94d0bea262df3823922ceb210648518d2c7991b49b8d291321b87992a91048a3af024d5ba39b97ab16a4611b8e1e41fae974452d88c9140741b6c408200215e5f7bc5e212381ed729e1005553dd33c2ba136c82f4c1f494ed93576d2eb3b60798e11076a46df1dea83f8f67233e64919da12f4d489a23c9705014a18d10e94ae374fdb10736ed2bd76732496ac93120d7dac7d58", @ANYRES32=r0, @ANYRES16=r12], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r13}, 0x10) r14 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000300)='thermal_power_allocator\x00', r14}, 0x18) 0s ago: executing program 2 (id=3152): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="000000000000010400"/20, @ANYRES32], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x4030582b, 0x0) perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0xa, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x900000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000300)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") creat(&(0x7f0000000240)='./bus\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r2, &(0x7f0000004200)='t', 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) socket$netlink(0x10, 0x3, 0x0) sendfile(r2, r1, 0x0, 0x3ffff) sendfile(r2, r1, 0x0, 0x7ffff000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) kernel console output (not intermixed with test programs): 2723': attribute type 15 has an invalid length. [ 185.581556][T12101] netlink: 'syz.3.2723': attribute type 18 has an invalid length. [ 185.848601][T12108] netlink: 'syz.2.2726': attribute type 15 has an invalid length. [ 185.856508][T12108] netlink: 'syz.2.2726': attribute type 18 has an invalid length. [ 185.901172][ T3265] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.072892][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.147100][T12121] loop1: detected capacity change from 0 to 512 [ 186.155017][T12121] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 186.176966][T12121] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #17: comm syz.1.2730: iget: bad i_size value: -6917529027641081756 [ 186.190431][T12121] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.2730: couldn't read orphan inode 17 (err -117) [ 186.202937][T12121] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.241983][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.261936][T12129] loop1: detected capacity change from 0 to 512 [ 186.268878][T12129] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 186.284680][T12129] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #17: comm syz.1.2735: iget: bad i_size value: -6917529027641081756 [ 186.297985][T12129] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.2735: couldn't read orphan inode 17 (err -117) [ 186.310300][T12129] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.343776][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.391342][T12140] loop1: detected capacity change from 0 to 164 [ 186.421195][T12143] loop1: detected capacity change from 0 to 1024 [ 186.428923][T12143] EXT4-fs: Ignoring removed orlov option [ 186.434723][T12143] EXT4-fs: Ignoring removed nomblk_io_submit option [ 186.444360][T12143] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 186.656525][T12151] loop2: detected capacity change from 0 to 512 [ 186.685600][T12151] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.698211][T12151] ext4 filesystem being mounted at /566/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 187.077279][T12159] FAULT_INJECTION: forcing a failure. [ 187.077279][T12159] name failslab, interval 1, probability 0, space 0, times 0 [ 187.090028][T12159] CPU: 0 UID: 0 PID: 12159 Comm: syz.0.2744 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 187.100874][T12159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 187.110959][T12159] Call Trace: [ 187.114254][T12159] [ 187.117176][T12159] dump_stack_lvl+0xf2/0x150 [ 187.121839][T12159] dump_stack+0x15/0x20 [ 187.126083][T12159] should_fail_ex+0x229/0x230 [ 187.130813][T12159] ? tcp_sigpool_alloc_ahash+0x87/0x6c0 [ 187.136378][T12159] should_failslab+0x8f/0xb0 [ 187.141030][T12159] __kmalloc_noprof+0xa5/0x370 [ 187.145787][T12159] tcp_sigpool_alloc_ahash+0x87/0x6c0 [ 187.151242][T12159] tcp_md5_alloc_sigpool+0x1b/0x60 [ 187.156456][T12159] tcp_md5_do_add+0x86/0x1c0 [ 187.161042][T12159] tcp_v6_parse_md5_keys+0x3d7/0x430 [ 187.166503][T12159] do_tcp_setsockopt+0xdbc/0x1550 [ 187.171590][T12159] ? selinux_socket_setsockopt+0x1ca/0x200 [ 187.177468][T12159] tcp_setsockopt+0x50/0xb0 [ 187.181973][T12159] sock_common_setsockopt+0x64/0x80 [ 187.187176][T12159] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 187.193185][T12159] __sys_setsockopt+0x1d8/0x250 [ 187.198039][T12159] __x64_sys_setsockopt+0x66/0x80 [ 187.203106][T12159] x64_sys_call+0x278d/0x2d60 [ 187.207787][T12159] do_syscall_64+0xc9/0x1c0 [ 187.212337][T12159] ? clear_bhb_loop+0x55/0xb0 [ 187.217016][T12159] ? clear_bhb_loop+0x55/0xb0 [ 187.221702][T12159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.227671][T12159] RIP: 0033:0x7f373b6bdef9 [ 187.232090][T12159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.251696][T12159] RSP: 002b:00007f373a331038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 187.260112][T12159] RAX: ffffffffffffffda RBX: 00007f373b875f80 RCX: 00007f373b6bdef9 [ 187.268102][T12159] RDX: 000000000000000e RSI: 0000000000000006 RDI: 0000000000000005 [ 187.276064][T12159] RBP: 00007f373a331090 R08: 00000000000000d8 R09: 0000000000000000 [ 187.284257][T12159] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000001 [ 187.292247][T12159] R13: 0000000000000000 R14: 00007f373b875f80 R15: 00007ffd51db4668 [ 187.300246][T12159] [ 187.334910][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.338906][T12164] 0ªX¹¦Dö»: renamed from gretap0 (while UP) [ 187.355019][T12164] 0ªX¹¦Dö»: entered allmulticast mode [ 187.380985][T12169] loop1: detected capacity change from 0 to 512 [ 187.392803][T12169] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 187.415208][T12169] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #17: comm syz.1.2747: iget: bad i_size value: -6917529027641081756 [ 187.430222][T12169] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.2747: couldn't read orphan inode 17 (err -117) [ 187.432683][T12177] loop3: detected capacity change from 0 to 1024 [ 187.445678][T12169] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.452368][T12177] EXT4-fs: Ignoring removed orlov option [ 187.466717][T12177] EXT4-fs: Ignoring removed nomblk_io_submit option [ 187.490801][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.501514][T12177] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 187.544374][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.566004][ T3269] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.631873][T12195] loop3: detected capacity change from 0 to 1024 [ 187.639065][T12197] FAULT_INJECTION: forcing a failure. [ 187.639065][T12197] name failslab, interval 1, probability 0, space 0, times 0 [ 187.651741][T12197] CPU: 0 UID: 0 PID: 12197 Comm: syz.1.2756 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 187.662517][T12197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 187.672643][T12197] Call Trace: [ 187.675987][T12197] [ 187.678906][T12197] dump_stack_lvl+0xf2/0x150 [ 187.683592][T12197] dump_stack+0x15/0x20 [ 187.687737][T12197] should_fail_ex+0x229/0x230 [ 187.692495][T12197] ? sock_kmalloc+0x83/0xc0 [ 187.696990][T12197] should_failslab+0x8f/0xb0 [ 187.701578][T12197] __kmalloc_noprof+0xa5/0x370 [ 187.706439][T12197] sock_kmalloc+0x83/0xc0 [ 187.710763][T12197] ____sys_sendmsg+0x127/0x410 [ 187.715592][T12197] __sys_sendmmsg+0x269/0x500 [ 187.720379][T12197] ? trace_sys_enter+0x65/0xa0 [ 187.725139][T12197] __x64_sys_sendmmsg+0x57/0x70 [ 187.730013][T12197] x64_sys_call+0xa49/0x2d60 [ 187.734666][T12197] do_syscall_64+0xc9/0x1c0 [ 187.739163][T12197] ? clear_bhb_loop+0x55/0xb0 [ 187.743853][T12197] ? clear_bhb_loop+0x55/0xb0 [ 187.748512][T12197] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.754448][T12197] RIP: 0033:0x7fb09b8ddef9 [ 187.758846][T12197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.778494][T12197] RSP: 002b:00007fb09a536038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 187.786968][T12197] RAX: ffffffffffffffda RBX: 00007fb09ba96058 RCX: 00007fb09b8ddef9 [ 187.794996][T12197] RDX: 0000000000000001 RSI: 0000000020000bc0 RDI: 0000000000000006 [ 187.802951][T12197] RBP: 00007fb09a536090 R08: 0000000000000000 R09: 0000000000000000 [ 187.811043][T12197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 187.819056][T12197] R13: 0000000000000001 R14: 00007fb09ba96058 R15: 00007fff720f78b8 [ 187.827017][T12197] [ 187.832015][T12195] EXT4-fs: Ignoring removed orlov option [ 187.837877][T12195] EXT4-fs: Ignoring removed nomblk_io_submit option [ 187.860681][T12195] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 187.862945][T12203] loop4: detected capacity change from 0 to 256 [ 187.881447][T12203] msdos: Bad value for 'uid' [ 187.886167][T12203] msdos: Bad value for 'uid' [ 187.895289][T12203] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 187.994713][T12209] loop2: detected capacity change from 0 to 512 [ 188.002395][T12209] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 188.020195][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.032976][T12209] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #17: comm syz.2.2762: iget: bad i_size value: -6917529027641081756 [ 188.053801][T12209] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2762: couldn't read orphan inode 17 (err -117) [ 188.069294][T12209] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.113454][ T3269] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.128067][T12219] loop3: detected capacity change from 0 to 1024 [ 188.142521][T12219] EXT4-fs: Ignoring removed orlov option [ 188.149376][T12219] EXT4-fs: Ignoring removed nomblk_io_submit option [ 188.159415][T12221] loop2: detected capacity change from 0 to 512 [ 188.176104][T12219] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.190051][T12221] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.201093][T12215] loop4: detected capacity change from 0 to 1024 [ 188.211871][T12221] ext4 filesystem being mounted at /571/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 188.247696][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.263188][T12215] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 188.289290][T12215] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.521649][T12235] loop3: detected capacity change from 0 to 1024 [ 188.546547][T12235] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 188.563872][T12235] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.584324][T12242] netlink: 'syz.1.2770': attribute type 15 has an invalid length. [ 188.592195][T12242] netlink: 'syz.1.2770': attribute type 18 has an invalid length. [ 188.873566][T12244] delete_channel: no stack [ 188.924889][ T3265] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.978133][T12250] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=12250 comm=syz.4.2773 [ 189.038397][ T3269] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.083845][T12253] loop2: detected capacity change from 0 to 1024 [ 189.090625][T12253] EXT4-fs: Ignoring removed orlov option [ 189.096335][T12253] EXT4-fs: Ignoring removed nomblk_io_submit option [ 189.115442][T12253] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 189.287956][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.321976][T12260] loop3: detected capacity change from 0 to 512 [ 189.328914][T12260] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 189.344774][T12260] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.2776: iget: bad i_size value: -6917529027641081756 [ 189.358162][T12260] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2776: couldn't read orphan inode 17 (err -117) [ 189.372066][T12260] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.402263][T12260] __nla_validate_parse: 10 callbacks suppressed [ 189.402317][T12260] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2776'. [ 189.424872][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.444115][T12268] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 189.582801][T12281] loop0: detected capacity change from 0 to 512 [ 189.586901][T12277] loop3: detected capacity change from 0 to 1024 [ 189.599498][T12277] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 189.607837][T12281] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.621567][T12277] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.624162][T12281] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 189.951175][ T3269] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.994470][T12295] Cannot find del_set index 0 as target [ 190.081891][ T29] kauditd_printk_skb: 364 callbacks suppressed [ 190.081904][ T29] audit: type=1400 audit(1726073407.587:10408): avc: denied { create } for pid=12294 comm="syz.2.2787" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 190.118803][ T29] audit: type=1400 audit(1726073407.587:10409): avc: denied { ioctl } for pid=12294 comm="syz.2.2787" path="socket:[29359]" dev="sockfs" ino=29359 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 190.200648][T12299] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2788'. [ 190.209587][T12299] netlink: 'syz.2.2788': attribute type 15 has an invalid length. [ 190.217424][T12299] netlink: 'syz.2.2788': attribute type 18 has an invalid length. [ 190.311048][T12307] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2792'. [ 190.329451][T12307] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2792'. [ 190.354865][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.361122][T12307] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2792'. [ 190.390442][T12312] futex_wake_op: syz.3.2793 tries to shift op by 144; fix this program [ 190.405543][ T29] audit: type=1326 audit(1726073407.917:10410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 190.447368][ T29] audit: type=1326 audit(1726073407.917:10411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 190.472079][ T29] audit: type=1326 audit(1726073407.917:10412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 190.476832][T12314] loop1: detected capacity change from 0 to 256 [ 190.496720][ T29] audit: type=1326 audit(1726073407.917:10413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 190.525489][ T29] audit: type=1326 audit(1726073407.917:10414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 190.549854][ T29] audit: type=1326 audit(1726073407.917:10415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 190.574218][ T29] audit: type=1326 audit(1726073407.917:10416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 190.597816][ T29] audit: type=1326 audit(1726073407.917:10417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 190.624313][T11040] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.670744][T12320] loop1: detected capacity change from 0 to 1024 [ 190.688534][T12320] EXT4-fs: Ignoring removed orlov option [ 190.694338][T12320] EXT4-fs: Ignoring removed nomblk_io_submit option [ 190.718891][T12320] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 190.753557][T12328] pim6reg: entered allmulticast mode [ 190.760864][T12328] pim6reg: left allmulticast mode [ 190.938152][T12338] loop4: detected capacity change from 0 to 1024 [ 190.972068][T12338] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 190.980743][T12342] loop0: detected capacity change from 0 to 2048 [ 191.009016][T12342] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 191.039775][T12338] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.570214][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.603147][T11040] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.642976][T12393] futex_wake_op: syz.3.2810 tries to shift op by 144; fix this program [ 191.675673][ T3265] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.680407][T12397] loop3: detected capacity change from 0 to 512 [ 191.692062][T12397] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 191.707292][T12397] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.2812: iget: bad i_size value: -6917529027641081756 [ 191.729763][T12404] FAULT_INJECTION: forcing a failure. [ 191.729763][T12404] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 191.742872][T12404] CPU: 1 UID: 0 PID: 12404 Comm: syz.0.2814 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 191.753635][T12404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 191.763715][T12404] Call Trace: [ 191.766996][T12404] [ 191.769920][T12404] dump_stack_lvl+0xf2/0x150 [ 191.774609][T12404] dump_stack+0x15/0x20 [ 191.778842][T12404] should_fail_ex+0x229/0x230 [ 191.783520][T12404] should_fail+0xb/0x10 [ 191.787665][T12404] should_fail_usercopy+0x1a/0x20 [ 191.792688][T12404] _copy_to_user+0x1e/0xa0 [ 191.797141][T12404] simple_read_from_buffer+0xa0/0x110 [ 191.802512][T12404] proc_fail_nth_read+0xff/0x140 [ 191.807452][T12404] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 191.812997][T12404] vfs_read+0x1a2/0x6e0 [ 191.817185][T12404] ? __rcu_read_unlock+0x4e/0x70 [ 191.818743][T12407] ip6t_REJECT: ECHOREPLY is not supported [ 191.822161][T12404] ? __fget_files+0x1da/0x210 [ 191.822191][T12404] ksys_read+0xeb/0x1b0 [ 191.836749][T12404] __x64_sys_read+0x42/0x50 [ 191.841314][T12404] x64_sys_call+0x27d3/0x2d60 [ 191.845995][T12404] do_syscall_64+0xc9/0x1c0 [ 191.850550][T12404] ? clear_bhb_loop+0x55/0xb0 [ 191.855459][T12404] ? clear_bhb_loop+0x55/0xb0 [ 191.860140][T12404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.866040][T12404] RIP: 0033:0x7f373b6bc93c [ 191.870484][T12404] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 191.890089][T12404] RSP: 002b:00007f373a331030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 191.898563][T12404] RAX: ffffffffffffffda RBX: 00007f373b875f80 RCX: 00007f373b6bc93c [ 191.906561][T12404] RDX: 000000000000000f RSI: 00007f373a3310a0 RDI: 0000000000000006 [ 191.914520][T12404] RBP: 00007f373a331090 R08: 0000000000000000 R09: 0000000000000000 [ 191.922477][T12404] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000001 [ 191.930436][T12404] R13: 0000000000000000 R14: 00007f373b875f80 R15: 00007ffd51db4668 [ 191.938403][T12404] [ 191.961279][T12410] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2816'. [ 191.970633][T12397] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2812: couldn't read orphan inode 17 (err -117) [ 191.999545][T12397] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.015304][T12410] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2816'. [ 192.044043][T12410] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2816'. [ 192.044159][T12397] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2812'. [ 192.076581][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.081511][T12421] loop1: detected capacity change from 0 to 1024 [ 192.092405][T12421] EXT4-fs: Ignoring removed nomblk_io_submit option [ 192.103333][T12426] loop3: detected capacity change from 0 to 164 [ 192.111079][T12421] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 192.132077][T12426] bio_check_eod: 35639 callbacks suppressed [ 192.132091][T12426] syz.3.2821: attempt to access beyond end of device [ 192.132091][T12426] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 192.152666][T12426] syz.3.2821: attempt to access beyond end of device [ 192.152666][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 192.166287][T12426] syz.3.2821: attempt to access beyond end of device [ 192.166287][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 192.180735][T12426] syz.3.2821: attempt to access beyond end of device [ 192.180735][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 192.194856][T12426] syz.3.2821: attempt to access beyond end of device [ 192.194856][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 192.208470][T12426] syz.3.2821: attempt to access beyond end of device [ 192.208470][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 192.222173][T12426] syz.3.2821: attempt to access beyond end of device [ 192.222173][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 192.235914][T12426] syz.3.2821: attempt to access beyond end of device [ 192.235914][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 192.249413][T12426] syz.3.2821: attempt to access beyond end of device [ 192.249413][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 192.255640][T12434] loop0: detected capacity change from 0 to 1024 [ 192.263376][T12426] syz.3.2821: attempt to access beyond end of device [ 192.263376][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 192.296601][T12434] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 192.296583][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.314744][T12434] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.845612][T12459] loop4: detected capacity change from 0 to 1024 [ 192.858920][T12459] EXT4-fs: test_dummy_encryption option not supported [ 192.867653][T12461] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2831'. [ 192.934535][T12463] loop4: detected capacity change from 0 to 512 [ 192.956264][T12463] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 193.011893][T12463] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.2832: iget: bad i_size value: -6917529027641081756 [ 193.017999][T12475] loop3: detected capacity change from 0 to 512 [ 193.025988][T11040] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.041581][T12463] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2832: couldn't read orphan inode 17 (err -117) [ 193.055062][T12463] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.073519][T12477] loop1: detected capacity change from 0 to 1024 [ 193.075219][T12475] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.080252][T12477] EXT4-fs: Ignoring removed nomblk_io_submit option [ 193.100734][T12475] ext4 filesystem being mounted at /586/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 193.108648][T12480] futex_wake_op: syz.0.2837 tries to shift op by 144; fix this program [ 193.145831][T12484] Cannot find del_set index 0 as target [ 193.151738][ T3265] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.168618][T12477] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 193.186158][T12477] FAULT_INJECTION: forcing a failure. [ 193.186158][T12477] name failslab, interval 1, probability 0, space 0, times 0 [ 193.198861][T12477] CPU: 0 UID: 0 PID: 12477 Comm: +}[@ Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 193.209146][T12477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 193.219194][T12477] Call Trace: [ 193.222462][T12477] [ 193.225380][T12477] dump_stack_lvl+0xf2/0x150 [ 193.229969][T12477] dump_stack+0x15/0x20 [ 193.234204][T12477] should_fail_ex+0x229/0x230 [ 193.238938][T12477] ? getname_kernel+0x3d/0x1e0 [ 193.243712][T12477] should_failslab+0x8f/0xb0 [ 193.248304][T12477] kmem_cache_alloc_noprof+0x4c/0x290 [ 193.254106][T12477] getname_kernel+0x3d/0x1e0 [ 193.258723][T12477] kern_path+0x21/0x110 [ 193.262870][T12477] lookup_bdev+0x62/0x140 [ 193.267186][T12477] __se_sys_quotactl+0x1b3/0x660 [ 193.272181][T12477] __x64_sys_quotactl+0x55/0x70 [ 193.277103][T12477] x64_sys_call+0x2b7f/0x2d60 [ 193.281771][T12477] do_syscall_64+0xc9/0x1c0 [ 193.286264][T12477] ? clear_bhb_loop+0x55/0xb0 [ 193.290966][T12477] ? clear_bhb_loop+0x55/0xb0 [ 193.295630][T12477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.301606][T12477] RIP: 0033:0x7fb09b8ddef9 [ 193.306089][T12477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.325683][T12477] RSP: 002b:00007fb09a557038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3 [ 193.334109][T12477] RAX: ffffffffffffffda RBX: 00007fb09ba95f80 RCX: 00007fb09b8ddef9 [ 193.342085][T12477] RDX: 0000000000000000 RSI: 0000000020000280 RDI: ffffffff80000501 [ 193.350055][T12477] RBP: 00007fb09a557090 R08: 0000000000000000 R09: 0000000000000000 [ 193.358078][T12477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.366114][T12477] R13: 0000000000000000 R14: 00007fb09ba95f80 R15: 00007fff720f78b8 [ 193.374122][T12477] [ 193.389014][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.399137][T12482] delete_channel: no stack [ 193.897325][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.928865][T12504] loop2: detected capacity change from 0 to 164 [ 194.213795][T12516] loop3: detected capacity change from 0 to 1024 [ 194.224356][T12516] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 194.230427][T12488] delete_channel: no stack [ 194.260672][T12519] loop4: detected capacity change from 0 to 512 [ 194.267511][T12516] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 194.283015][T12519] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 194.297806][T12519] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.2849: iget: bad i_size value: -6917529027641081756 [ 194.314968][T12519] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2849: couldn't read orphan inode 17 (err -117) [ 194.327893][T12519] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 194.339545][T12525] loop0: detected capacity change from 0 to 164 [ 194.351279][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.356511][T12527] loop1: detected capacity change from 0 to 1024 [ 194.377752][T12527] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 194.387823][ T3265] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.400453][T12527] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 194.437574][T12531] FAULT_INJECTION: forcing a failure. [ 194.437574][T12531] name failslab, interval 1, probability 0, space 0, times 0 [ 194.450843][T12531] CPU: 1 UID: 0 PID: 12531 Comm: syz.3.2852 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 194.461622][T12531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 194.471671][T12531] Call Trace: [ 194.474947][T12531] [ 194.477879][T12531] dump_stack_lvl+0xf2/0x150 [ 194.482477][T12531] dump_stack+0x15/0x20 [ 194.486639][T12531] should_fail_ex+0x229/0x230 [ 194.491381][T12531] ? kstrdup_const+0x3e/0x50 [ 194.495991][T12531] should_failslab+0x8f/0xb0 [ 194.500714][T12531] __kmalloc_node_track_caller_noprof+0xa6/0x380 [ 194.507075][T12531] kstrdup+0x3a/0x80 [ 194.510971][T12531] kstrdup_const+0x3e/0x50 [ 194.515389][T12531] alloc_vfsmnt+0xa9/0x300 [ 194.519886][T12531] clone_mnt+0x45/0x7a0 [ 194.524120][T12531] copy_tree+0x2df/0x7f0 [ 194.528434][T12531] copy_mnt_ns+0x11e/0x5c0 [ 194.532855][T12531] ? create_new_namespaces+0x3c/0x430 [ 194.538304][T12531] ? kmem_cache_alloc_noprof+0x1a6/0x290 [ 194.543988][T12531] create_new_namespaces+0x89/0x430 [ 194.549248][T12531] unshare_nsproxy_namespaces+0xe6/0x120 [ 194.554926][T12531] ksys_unshare+0x3da/0x720 [ 194.559439][T12531] __x64_sys_unshare+0x1f/0x30 [ 194.564230][T12531] x64_sys_call+0x2c8d/0x2d60 [ 194.568922][T12531] do_syscall_64+0xc9/0x1c0 [ 194.573425][T12531] ? clear_bhb_loop+0x55/0xb0 [ 194.578107][T12531] ? clear_bhb_loop+0x55/0xb0 [ 194.582802][T12531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.588726][T12531] RIP: 0033:0x7fb6a9e4def9 [ 194.593150][T12531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 194.612758][T12531] RSP: 002b:00007fb6a8ac7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 194.621165][T12531] RAX: ffffffffffffffda RBX: 00007fb6aa005f80 RCX: 00007fb6a9e4def9 [ 194.629136][T12531] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000024020400 [ 194.637136][T12531] RBP: 00007fb6a8ac7090 R08: 0000000000000000 R09: 0000000000000000 [ 194.645282][T12531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 194.653250][T12531] R13: 0000000000000000 R14: 00007fb6aa005f80 R15: 00007fff2fdf8ed8 [ 194.661277][T12531] [ 194.684699][T12533] delete_channel: no stack [ 195.201411][T12555] __nla_validate_parse: 8 callbacks suppressed [ 195.201450][T12555] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2858'. [ 195.228078][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.235295][T12555] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2858'. [ 195.257909][T12560] futex_wake_op: syz.0.2861 tries to shift op by 144; fix this program [ 195.272910][T12555] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2858'. [ 195.307633][T12566] loop4: detected capacity change from 0 to 512 [ 195.307767][T12569] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2862'. [ 195.325997][T12566] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 195.330353][T12569] vlan2: entered promiscuous mode [ 195.340142][T12569] macvlan1: entered promiscuous mode [ 195.347260][T12569] macvlan1: left promiscuous mode [ 195.356361][T12566] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.2863: iget: bad i_size value: -6917529027641081756 [ 195.369823][T12566] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2863: couldn't read orphan inode 17 (err -117) [ 195.389516][T12566] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 195.405398][ T29] kauditd_printk_skb: 6768 callbacks suppressed [ 195.405410][ T29] audit: type=1326 audit(1726073412.917:17186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000 [ 195.424773][T12566] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2863'. [ 195.441696][T12574] loop0: detected capacity change from 0 to 164 [ 195.455756][ T29] audit: type=1326 audit(1726073412.917:17187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000 [ 195.479558][ T29] audit: type=1326 audit(1726073412.917:17188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000 [ 195.503384][ T29] audit: type=1326 audit(1726073412.917:17189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000 [ 195.527003][ T29] audit: type=1326 audit(1726073412.917:17190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000 [ 195.550605][ T29] audit: type=1326 audit(1726073412.917:17191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000 [ 195.574256][ T29] audit: type=1326 audit(1726073412.917:17192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000 [ 195.597877][ T29] audit: type=1326 audit(1726073412.917:17193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000 [ 195.621439][ T29] audit: type=1326 audit(1726073412.917:17194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000 [ 195.645035][ T29] audit: type=1326 audit(1726073412.917:17195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000 [ 195.669248][ T3265] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.798924][T12576] loop4: detected capacity change from 0 to 1024 [ 195.810135][T12576] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 195.833843][T12576] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 195.982713][T12552] delete_channel: no stack [ 196.191017][T12590] Cannot find del_set index 0 as target [ 196.225281][T12588] loop2: detected capacity change from 0 to 2048 [ 196.238806][T12588] EXT4-fs: Ignoring removed orlov option [ 196.285503][T12594] Cannot find del_set index 0 as target [ 196.302765][ T4463] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 196.332313][T12598] loop0: detected capacity change from 0 to 1764 [ 196.334690][ T4463] EXT4-fs (loop2): Remounting filesystem read-only [ 196.398771][T12601] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2874'. [ 196.427328][T12601] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2874'. [ 196.472393][T12601] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2874'. [ 196.509480][T12614] loop3: detected capacity change from 0 to 512 [ 196.519330][T12614] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 196.539640][T12614] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.2877: iget: bad i_size value: -6917529027641081756 [ 196.554765][T12614] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2877: couldn't read orphan inode 17 (err -117) [ 196.594633][T12603] delete_channel: no stack [ 196.660773][T12631] loop3: detected capacity change from 0 to 512 [ 196.667865][T12631] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 196.684562][T12631] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.2883: iget: bad i_size value: -6917529027641081756 [ 196.697934][T12631] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2883: couldn't read orphan inode 17 (err -117) [ 196.725397][T12631] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2883'. [ 196.774162][ T3262] bridge0: port 3(syz_tun) entered disabled state [ 196.787801][ T3262] syz_tun (unregistering): left allmulticast mode [ 196.794388][ T3262] syz_tun (unregistering): left promiscuous mode [ 196.800758][ T3262] bridge0: port 3(syz_tun) entered disabled state [ 196.864830][T12636] gre0 speed is unknown, defaulting to 1000 [ 196.935294][T12636] chnl_net:caif_netlink_parms(): no params data found [ 196.966668][T12636] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.973832][T12636] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.980925][T12636] bridge_slave_0: entered allmulticast mode [ 196.987289][T12636] bridge_slave_0: entered promiscuous mode [ 196.994177][T12636] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.001220][T12636] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.008411][T12636] bridge_slave_1: entered allmulticast mode [ 197.014955][T12636] bridge_slave_1: entered promiscuous mode [ 197.031762][T12636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.042657][T12636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.061534][T12636] team0: Port device team_slave_0 added [ 197.069934][T12636] team0: Port device team_slave_1 added [ 197.083816][ T4467] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 197.094104][ T4467] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.110587][T12636] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 197.117593][T12636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.144411][T12636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 197.155759][T12636] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 197.162677][T12636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.189270][T12636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 197.202827][ T4467] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 197.213259][ T4467] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.237612][T12636] hsr_slave_0: entered promiscuous mode [ 197.244582][T12636] hsr_slave_1: entered promiscuous mode [ 197.250458][T12636] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 197.259354][T12636] Cannot create hsr debugfs directory [ 197.266859][T12651] Invalid ELF header magic: != ELF [ 197.267661][ T4467] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 197.282379][ T4467] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.293907][T12653] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2886'. [ 197.356522][ T4467] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 197.366853][ T4467] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.415389][T12621] delete_channel: no stack [ 197.439837][ T4467] erspan0: left allmulticast mode [ 197.444956][ T4467] erspan0: left promiscuous mode [ 197.450028][ T4467] bridge0: port 4(erspan0) entered disabled state [ 197.458052][ T4467] bridge_slave_1: left allmulticast mode [ 197.463797][ T4467] bridge_slave_1: left promiscuous mode [ 197.469538][ T4467] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.494666][ T4467] bridge_slave_0: left allmulticast mode [ 197.500362][ T4467] bridge_slave_0: left promiscuous mode [ 197.505330][T12661] loop0: detected capacity change from 0 to 512 [ 197.506152][ T4467] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.526357][T12661] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 197.560017][T12670] futex_wake_op: syz.0.2892 tries to shift op by 144; fix this program [ 197.615733][T12677] futex_wake_op: syz.0.2893 tries to shift op by 144; fix this program [ 197.631258][T12680] loop4: detected capacity change from 0 to 512 [ 197.646339][T12680] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 197.668943][T12680] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.2894: iget: bad i_size value: -6917529027641081756 [ 197.686923][T12680] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2894: couldn't read orphan inode 17 (err -117) [ 197.701174][ T4467] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 197.717547][ T4467] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 197.735816][ T4467] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 197.755016][ T4467] bond0 (unregistering): Released all slaves [ 197.765040][ T4467] bond1 (unregistering): Released all slaves [ 197.933316][ T4467] hsr_slave_0: left promiscuous mode [ 197.939035][ T4467] hsr_slave_1: left promiscuous mode [ 197.945131][ T4467] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 197.952590][ T4467] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 197.960455][ T4467] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 197.969065][ T4467] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 197.977880][ T4467] veth1_macvtap: left promiscuous mode [ 197.983451][ T4467] veth0_macvtap: left promiscuous mode [ 197.989042][ T4467] veth1_vlan: left promiscuous mode [ 197.994295][ T4467] veth0_vlan: left promiscuous mode [ 198.069459][ T4467] team0 (unregistering): Port device team_slave_1 removed [ 198.079326][ T4467] team0 (unregistering): Port device team_slave_0 removed [ 198.116267][T12702] lo: entered allmulticast mode [ 198.136638][T12706] futex_wake_op: syz.1.2903 tries to shift op by 144; fix this program [ 198.158935][T12708] tipc: Can't bind to reserved service type 0 [ 198.238004][T12715] loop2: detected capacity change from 0 to 164 [ 198.246526][T12715] bio_check_eod: 70068 callbacks suppressed [ 198.246535][T12715] syz.2.2907: attempt to access beyond end of device [ 198.246535][T12715] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 198.267498][T12715] syz.2.2907: attempt to access beyond end of device [ 198.267498][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 198.281727][T12715] syz.2.2907: attempt to access beyond end of device [ 198.281727][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 198.296011][T12715] syz.2.2907: attempt to access beyond end of device [ 198.296011][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 198.310090][T12715] syz.2.2907: attempt to access beyond end of device [ 198.310090][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 198.323538][T12715] syz.2.2907: attempt to access beyond end of device [ 198.323538][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 198.326725][T12636] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 198.336964][T12715] syz.2.2907: attempt to access beyond end of device [ 198.336964][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 198.357122][T12715] syz.2.2907: attempt to access beyond end of device [ 198.357122][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 198.364573][T12636] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 198.371694][T12715] syz.2.2907: attempt to access beyond end of device [ 198.371694][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 198.390753][T12715] syz.2.2907: attempt to access beyond end of device [ 198.390753][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 198.392408][T12636] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 198.416457][T12636] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 198.427115][T12713] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 198.443598][T12713] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 198.480154][ T4467] IPVS: stop unused estimator thread 0... [ 198.487892][T12636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.509974][T12636] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.520677][ T4461] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.527826][ T4461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.547545][ T4463] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.554634][ T4463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.579844][T12719] loop1: detected capacity change from 0 to 512 [ 198.597084][T12719] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 198.647032][T12719] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #17: comm syz.1.2908: iget: bad i_size value: -6917529027641081756 [ 198.701758][T12636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 198.708809][T12719] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.2908: couldn't read orphan inode 17 (err -117) [ 198.744486][T12739] netlink: zone id is out of range [ 198.766404][T12739] netlink: del zone limit has 4 unknown bytes [ 198.821897][T12743] loop4: detected capacity change from 0 to 1024 [ 198.826142][T12746] loop1: detected capacity change from 0 to 512 [ 198.832747][T12743] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 198.857099][T12743] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 198.861203][T12749] loop0: detected capacity change from 0 to 512 [ 198.874474][T12743] EXT4-fs (loop4): too many log groups per flexible block group [ 198.877583][T12746] ext4 filesystem being mounted at /163/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 198.882121][T12743] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 198.901028][T12749] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349) [ 198.903630][T12743] EXT4-fs (loop4): mount failed [ 198.942348][T12636] veth0_vlan: entered promiscuous mode [ 198.958540][T12636] veth1_vlan: entered promiscuous mode [ 198.988799][T12636] veth0_macvtap: entered promiscuous mode [ 198.997010][T12749] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e01c, mo2=0002] [ 199.008587][T12749] System zones: 1-12 [ 199.012726][T12749] EXT4-fs (loop0): orphan cleanup on readonly fs [ 199.023148][T12636] veth1_macvtap: entered promiscuous mode [ 199.040238][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 199.050705][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.060539][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 199.070076][T12759] loop4: detected capacity change from 0 to 512 [ 199.071022][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.087116][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 199.088456][T12749] EXT4-fs error (device loop0): ext4_read_inode_bitmap:168: comm syz.0.2917: Inode bitmap for bg 0 marked uninitialized [ 199.097595][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.097610][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 199.130566][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.161045][T12749] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 5: comm syz.0.2917: lblock 0 mapped to illegal pblock 5 (length 1) [ 199.177094][T12749] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.2917: error -117 reading directory block [ 199.204910][T12636] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 199.212295][T12759] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 199.212421][T12749] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 5: comm syz.0.2917: lblock 0 mapped to illegal pblock 5 (length 1) [ 199.236384][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 199.238215][T12759] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.2918: iget: bad i_size value: -6917529027641081756 [ 199.246810][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.246820][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 199.246832][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.246845][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 199.265420][T12759] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2918: couldn't read orphan inode 17 (err -117) [ 199.270052][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.283287][T12749] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.2917: error -117 reading directory block [ 199.290116][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 199.345210][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.355805][T12636] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 199.367846][T12636] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.376698][T12636] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.385423][T12636] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.394166][T12636] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.450690][T12773] FAULT_INJECTION: forcing a failure. [ 199.450690][T12773] name failslab, interval 1, probability 0, space 0, times 0 [ 199.463445][T12773] CPU: 0 UID: 0 PID: 12773 Comm: syz.0.2923 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 199.474288][T12773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 199.484463][T12773] Call Trace: [ 199.487737][T12773] [ 199.490665][T12773] dump_stack_lvl+0xf2/0x150 [ 199.495289][T12773] dump_stack+0x15/0x20 [ 199.499443][T12773] should_fail_ex+0x229/0x230 [ 199.504129][T12773] ? alloc_empty_file+0xd0/0x310 [ 199.509095][T12773] should_failslab+0x8f/0xb0 [ 199.513705][T12773] kmem_cache_alloc_noprof+0x4c/0x290 [ 199.519157][T12773] alloc_empty_file+0xd0/0x310 [ 199.524028][T12773] alloc_file_pseudo+0xc3/0x140 [ 199.528871][T12773] __shmem_file_setup+0x1bb/0x1f0 [ 199.533901][T12773] shmem_file_setup+0x3b/0x50 [ 199.538687][T12773] __se_sys_memfd_create+0x31d/0x600 [ 199.544035][T12773] __x64_sys_memfd_create+0x31/0x40 [ 199.549240][T12773] x64_sys_call+0x2891/0x2d60 [ 199.554005][T12773] do_syscall_64+0xc9/0x1c0 [ 199.558509][T12773] ? clear_bhb_loop+0x55/0xb0 [ 199.563269][T12773] ? clear_bhb_loop+0x55/0xb0 [ 199.565521][T12775] loop3: detected capacity change from 0 to 2048 [ 199.567938][T12773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.579560][T12775] EXT4-fs: Ignoring removed orlov option [ 199.580116][T12773] RIP: 0033:0x7f373b6bdef9 [ 199.590207][T12773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.610251][T12773] RSP: 002b:00007f373a330e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 199.618736][T12773] RAX: ffffffffffffffda RBX: 000000000000044a RCX: 00007f373b6bdef9 [ 199.626806][T12773] RDX: 00007f373a330ef0 RSI: 0000000000000000 RDI: 00007f373b7311e9 [ 199.634939][T12773] RBP: 0000000020000400 R08: 00007f373a330bb7 R09: 00007f373a330e40 [ 199.642902][T12773] R10: 000000000000000a R11: 0000000000000202 R12: 00000000200001c0 [ 199.650862][T12773] R13: 00007f373a330ef0 R14: 00007f373a330eb0 R15: 0000000020000a40 [ 199.658827][T12773] [ 199.750860][T12781] loop0: detected capacity change from 0 to 512 [ 199.777878][T12781] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 199.816499][T12786] FAULT_INJECTION: forcing a failure. [ 199.816499][T12786] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 199.829744][T12786] CPU: 1 UID: 0 PID: 12786 Comm: syz.1.2926 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 199.840506][T12786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 199.850560][T12786] Call Trace: [ 199.853877][T12786] [ 199.856901][T12786] dump_stack_lvl+0xf2/0x150 [ 199.861494][T12786] dump_stack+0x15/0x20 [ 199.865648][T12786] should_fail_ex+0x229/0x230 [ 199.870348][T12786] should_fail+0xb/0x10 [ 199.874561][T12786] should_fail_usercopy+0x1a/0x20 [ 199.879659][T12786] _copy_from_iter+0xd3/0xb00 [ 199.884340][T12786] ? __virt_addr_valid+0x1ed/0x250 [ 199.889457][T12786] ? __check_object_size+0x35b/0x510 [ 199.894785][T12786] memcpy_from_msg+0x39/0x80 [ 199.899418][T12786] dgram_sendmsg+0x4b4/0x720 [ 199.904093][T12786] ? __pfx_ieee802154_sock_sendmsg+0x10/0x10 [ 199.910140][T12786] ieee802154_sock_sendmsg+0x4e/0x60 [ 199.915436][T12786] __sock_sendmsg+0x140/0x180 [ 199.920163][T12786] __sys_sendto+0x1e5/0x260 [ 199.924701][T12786] __x64_sys_sendto+0x78/0x90 [ 199.929384][T12786] x64_sys_call+0x2959/0x2d60 [ 199.934074][T12786] do_syscall_64+0xc9/0x1c0 [ 199.938587][T12786] ? clear_bhb_loop+0x55/0xb0 [ 199.943281][T12786] ? clear_bhb_loop+0x55/0xb0 [ 199.947954][T12786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.953925][T12786] RIP: 0033:0x7fb09b8dfd8c [ 199.958333][T12786] Code: 2a 5a 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5a 02 00 48 8b [ 199.977942][T12786] RSP: 002b:00007fb09a555ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 199.986441][T12786] RAX: ffffffffffffffda RBX: 00007fb09a555fc0 RCX: 00007fb09b8dfd8c [ 199.994440][T12786] RDX: 0000000000000024 RSI: 00007fb09a556010 RDI: 0000000000000004 [ 200.002418][T12786] RBP: 0000000000000000 R08: 00007fb09a555f14 R09: 000000000000000c [ 200.010384][T12786] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 200.018356][T12786] R13: 00007fb09a555f68 R14: 00007fb09a556010 R15: 0000000000000000 [ 200.026414][T12786] [ 200.049887][T12781] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #17: comm syz.0.2925: iget: bad i_size value: -6917529027641081756 [ 200.071407][T12789] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 200.077876][T12781] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2925: couldn't read orphan inode 17 (err -117) [ 200.089438][T12789] EXT4-fs (loop3): Remounting filesystem read-only [ 200.100702][T12795] loop2: detected capacity change from 0 to 164 [ 200.120201][T12793] loop4: detected capacity change from 0 to 1024 [ 200.133053][T12796] loop1: detected capacity change from 0 to 1024 [ 200.140395][T12793] EXT4-fs: Ignoring removed orlov option [ 200.146148][T12793] EXT4-fs: Ignoring removed nomblk_io_submit option [ 200.163870][T12796] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 200.263062][T12808] Invalid ELF header magic: != ELF [ 200.303893][T12811] loop0: detected capacity change from 0 to 512 [ 200.315473][T12811] ext4 filesystem being mounted at /98/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 200.317556][T12813] loop3: detected capacity change from 0 to 764 [ 200.428632][T12813] FAULT_INJECTION: forcing a failure. [ 200.428632][T12813] name failslab, interval 1, probability 0, space 0, times 0 [ 200.441339][T12813] CPU: 0 UID: 0 PID: 12813 Comm: syz.3.2933 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 200.452200][T12813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 200.462385][T12813] Call Trace: [ 200.465666][T12813] [ 200.468595][T12813] dump_stack_lvl+0xf2/0x150 [ 200.473219][T12813] dump_stack+0x15/0x20 [ 200.477374][T12813] should_fail_ex+0x229/0x230 [ 200.482121][T12813] ? alloc_empty_file+0xd0/0x310 [ 200.487136][T12813] should_failslab+0x8f/0xb0 [ 200.491813][T12813] kmem_cache_alloc_noprof+0x4c/0x290 [ 200.497193][T12813] ? mntput+0x49/0x70 [ 200.501194][T12813] alloc_empty_file+0xd0/0x310 [ 200.505964][T12813] path_openat+0x6a/0x1f10 [ 200.510872][T12813] ? _parse_integer_limit+0x167/0x180 [ 200.516250][T12813] ? _parse_integer+0x27/0x30 [ 200.520959][T12813] ? kstrtoull+0x110/0x140 [ 200.525406][T12813] ? kstrtouint+0x77/0xc0 [ 200.529742][T12813] do_filp_open+0xf7/0x200 [ 200.534171][T12813] do_sys_openat2+0xab/0x120 [ 200.538766][T12813] __x64_sys_openat+0xf3/0x120 [ 200.543578][T12813] x64_sys_call+0x1025/0x2d60 [ 200.548259][T12813] do_syscall_64+0xc9/0x1c0 [ 200.552765][T12813] ? clear_bhb_loop+0x55/0xb0 [ 200.557496][T12813] ? clear_bhb_loop+0x55/0xb0 [ 200.562178][T12813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.568109][T12813] RIP: 0033:0x7f67b652def9 [ 200.572526][T12813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.592223][T12813] RSP: 002b:00007f67b51a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 200.600634][T12813] RAX: ffffffffffffffda RBX: 00007f67b66e5f80 RCX: 00007f67b652def9 [ 200.608642][T12813] RDX: 0000000000002040 RSI: 0000000020000080 RDI: ffffffffffffff9c [ 200.616611][T12813] RBP: 00007f67b51a7090 R08: 0000000000000000 R09: 0000000000000000 [ 200.624576][T12813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 200.632612][T12813] R13: 0000000000000000 R14: 00007f67b66e5f80 R15: 00007fff9f30a318 [ 200.640671][T12813] [ 200.762212][ T29] kauditd_printk_skb: 353 callbacks suppressed [ 200.762227][ T29] audit: type=1326 audit(1726073418.267:17549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 200.804134][ T29] audit: type=1326 audit(1726073418.267:17550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 200.829028][ T29] audit: type=1326 audit(1726073418.267:17551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 200.852671][ T29] audit: type=1326 audit(1726073418.277:17552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 200.877328][ T29] audit: type=1326 audit(1726073418.277:17553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 200.900972][ T29] audit: type=1326 audit(1726073418.277:17554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 200.925636][ T29] audit: type=1326 audit(1726073418.277:17555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 200.949300][ T29] audit: type=1326 audit(1726073418.277:17556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 200.974144][ T29] audit: type=1326 audit(1726073418.277:17557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 200.997823][ T29] audit: type=1326 audit(1726073418.277:17558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 201.104777][T12833] loop3: detected capacity change from 0 to 512 [ 201.119989][T12833] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 201.122739][T12835] loop4: detected capacity change from 0 to 2048 [ 201.138558][T12835] EXT4-fs: Ignoring removed orlov option [ 201.155587][T12833] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.2941: iget: bad i_size value: -6917529027641081756 [ 201.171609][T12833] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2941: couldn't read orphan inode 17 (err -117) [ 201.221646][T12840] loop2: detected capacity change from 0 to 164 [ 201.352377][T12842] loop0: detected capacity change from 0 to 1024 [ 201.369712][T12842] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 201.684891][T12855] loop3: detected capacity change from 0 to 1024 [ 201.708852][T12855] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 201.721434][T12850] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 201.743953][T12850] EXT4-fs (loop4): Remounting filesystem read-only [ 201.942904][T12863] futex_wake_op: syz.4.2947 tries to shift op by 144; fix this program [ 201.993656][T12865] loop4: detected capacity change from 0 to 128 [ 202.008124][T12865] EXT4-fs: Ignoring removed nobh option [ 202.050824][T12865] ext4 filesystem being mounted at /582/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 202.064421][T12870] loop1: detected capacity change from 0 to 128 [ 202.076306][T12870] EXT4-fs: Ignoring removed nobh option [ 202.096660][T12870] ext4 filesystem being mounted at /169/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 202.102889][T12872] loop2: detected capacity change from 0 to 1024 [ 202.114045][T12872] EXT4-fs: Ignoring removed orlov option [ 202.119768][T12872] EXT4-fs: Ignoring removed nomblk_io_submit option [ 202.127148][T12875] loop0: detected capacity change from 0 to 512 [ 202.135311][T12865] FAULT_INJECTION: forcing a failure. [ 202.135311][T12865] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 202.148384][T12865] CPU: 1 UID: 0 PID: 12865 Comm: syz.4.2948 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 202.159198][T12865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 202.169288][T12865] Call Trace: [ 202.172566][T12865] [ 202.175492][T12865] dump_stack_lvl+0xf2/0x150 [ 202.180091][T12865] dump_stack+0x15/0x20 [ 202.184252][T12865] should_fail_ex+0x229/0x230 [ 202.188934][T12865] should_fail+0xb/0x10 [ 202.193100][T12865] should_fail_usercopy+0x1a/0x20 [ 202.198139][T12865] _copy_from_user+0x1e/0xd0 [ 202.202745][T12865] do_vfs_ioctl+0x4fd/0x1560 [ 202.207346][T12865] ? __fget_files+0x1da/0x210 [ 202.212072][T12865] __se_sys_ioctl+0x81/0x150 [ 202.216662][T12865] __x64_sys_ioctl+0x43/0x50 [ 202.221259][T12865] x64_sys_call+0x15cc/0x2d60 [ 202.225956][T12865] do_syscall_64+0xc9/0x1c0 [ 202.230628][T12865] ? clear_bhb_loop+0x55/0xb0 [ 202.235307][T12865] ? clear_bhb_loop+0x55/0xb0 [ 202.239984][T12865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.245895][T12865] RIP: 0033:0x7fa66e2bdef9 [ 202.250309][T12865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.269970][T12865] RSP: 002b:00007fa66cf37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 202.278391][T12865] RAX: ffffffffffffffda RBX: 00007fa66e475f80 RCX: 00007fa66e2bdef9 [ 202.286420][T12865] RDX: 00000000200000c0 RSI: 00000000c020660b RDI: 0000000000000004 [ 202.294405][T12865] RBP: 00007fa66cf37090 R08: 0000000000000000 R09: 0000000000000000 [ 202.302428][T12865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 202.310481][T12865] R13: 0000000000000000 R14: 00007fa66e475f80 R15: 00007ffe25193d58 [ 202.318460][T12865] [ 202.324102][T12875] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 202.353692][T12883] loop3: detected capacity change from 0 to 512 [ 202.362666][T12884] __nla_validate_parse: 4 callbacks suppressed [ 202.362679][T12884] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2953'. [ 202.379663][T12884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 202.388941][T12883] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 202.406236][T12884] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 202.416676][T12883] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.2954: iget: bad i_size value: -6917529027641081756 [ 202.429971][T12883] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2954: couldn't read orphan inode 17 (err -117) [ 203.352746][T12920] futex_wake_op: syz.3.2966 tries to shift op by 144; fix this program [ 203.375569][T12922] loop3: detected capacity change from 0 to 512 [ 203.382455][T12922] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 203.395285][T12922] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.2967: iget: bad i_size value: -6917529027641081756 [ 203.409137][T12922] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2967: couldn't read orphan inode 17 (err -117) [ 203.486245][T12931] loop3: detected capacity change from 0 to 1024 [ 203.492863][T12931] EXT4-fs: Ignoring removed orlov option [ 203.499306][T12931] EXT4-fs: Ignoring removed nomblk_io_submit option [ 203.806739][T12936] loop2: detected capacity change from 0 to 512 [ 203.825187][T12936] ext4 filesystem being mounted at /598/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 203.850241][T12903] delete_channel: no stack [ 203.942545][T12943] loop0: detected capacity change from 0 to 1024 [ 203.949851][T12943] EXT4-fs: Ignoring removed orlov option [ 203.955561][T12943] EXT4-fs: Ignoring removed nomblk_io_submit option [ 204.043814][T12952] loop1: detected capacity change from 0 to 164 [ 204.054490][T12952] bio_check_eod: 40957 callbacks suppressed [ 204.054505][T12952] syz.1.2975: attempt to access beyond end of device [ 204.054505][T12952] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 204.075561][T12952] syz.1.2975: attempt to access beyond end of device [ 204.075561][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 204.089302][T12952] syz.1.2975: attempt to access beyond end of device [ 204.089302][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 204.102831][T12952] syz.1.2975: attempt to access beyond end of device [ 204.102831][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 204.117231][T12952] syz.1.2975: attempt to access beyond end of device [ 204.117231][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 204.130714][T12952] syz.1.2975: attempt to access beyond end of device [ 204.130714][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 204.144781][T12952] syz.1.2975: attempt to access beyond end of device [ 204.144781][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 204.158306][T12952] syz.1.2975: attempt to access beyond end of device [ 204.158306][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 204.172149][T12952] syz.1.2975: attempt to access beyond end of device [ 204.172149][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 204.186496][T12952] syz.1.2975: attempt to access beyond end of device [ 204.186496][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 204.261384][T12958] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2976'. [ 205.056939][T13003] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2990'. [ 205.094654][T13009] loop3: detected capacity change from 0 to 164 [ 205.315661][T13022] loop0: detected capacity change from 0 to 512 [ 205.345289][T13022] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.2999: casefold flag without casefold feature [ 205.346159][T13011] loop1: detected capacity change from 0 to 1024 [ 205.388132][T13022] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2999: couldn't read orphan inode 15 (err -117) [ 205.403591][T13011] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 205.533921][T13026] loop0: detected capacity change from 512 to 64 [ 205.558061][T13028] EXT4-fs (loop0): discard request in group:0 block:42 count:1 failed with -5 [ 205.586025][T13028] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: IO failure [ 205.602933][T13028] EXT4-fs (loop0): discard request in group:0 block:41 count:1 failed with -5 [ 205.632483][T13028] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: IO failure [ 205.649488][T13028] EXT4-fs warning (device loop0): ext4_end_bio:346: I/O error 10 writing to inode 19 starting block 255) [ 205.660783][T13028] Buffer I/O error on device loop0, logical block 255 [ 205.668404][T13028] EXT4-fs warning (device loop0): ext4_end_bio:346: I/O error 10 writing to inode 19 starting block 253) [ 205.680204][T13028] Buffer I/O error on device loop0, logical block 253 [ 205.686970][T13028] Buffer I/O error on device loop0, logical block 254 [ 205.694766][T13028] EXT4-fs warning (device loop0): ext4_end_bio:346: I/O error 10 writing to inode 19 starting block 37) [ 205.706465][T13028] Buffer I/O error on device loop0, logical block 37 [ 205.713138][T13028] Buffer I/O error on device loop0, logical block 38 [ 205.717019][T12985] delete_channel: no stack [ 205.719790][T13028] Buffer I/O error on device loop0, logical block 39 [ 205.719807][T13028] Buffer I/O error on device loop0, logical block 40 [ 205.741637][T13028] EXT4-fs warning (device loop0): ext4_end_bio:346: I/O error 10 writing to inode 19 starting block 249) [ 205.753243][T13028] Buffer I/O error on device loop0, logical block 249 [ 205.760015][T13028] Buffer I/O error on device loop0, logical block 250 [ 205.766830][T13028] Buffer I/O error on device loop0, logical block 251 [ 205.774796][T13028] EXT4-fs warning (device loop0): ext4_end_bio:346: I/O error 10 writing to inode 19 starting block 41) [ 205.978512][T13031] gre0 speed is unknown, defaulting to 1000 [ 205.988829][T13041] FAULT_INJECTION: forcing a failure. [ 205.988829][T13041] name failslab, interval 1, probability 0, space 0, times 0 [ 206.001482][T13041] CPU: 0 UID: 0 PID: 13041 Comm: syz.3.3001 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 206.012245][T13041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 206.022299][T13041] Call Trace: [ 206.025586][T13041] [ 206.028595][T13041] dump_stack_lvl+0xf2/0x150 [ 206.033205][T13041] dump_stack+0x15/0x20 [ 206.037364][T13041] should_fail_ex+0x229/0x230 [ 206.042044][T13041] ? sctp_make_abort_user+0x176/0x500 [ 206.047427][T13041] should_failslab+0x8f/0xb0 [ 206.052088][T13041] __kmalloc_noprof+0xa5/0x370 [ 206.056929][T13041] ? _sctp_make_chunk+0x1f0/0x210 [ 206.061997][T13041] sctp_make_abort_user+0x176/0x500 [ 206.067206][T13041] sctp_sendmsg_check_sflags+0x17c/0x1d0 [ 206.072893][T13041] sctp_sendmsg+0x754/0x1920 [ 206.077494][T13041] ? __pfx_sctp_sendmsg+0x10/0x10 [ 206.082522][T13041] inet_sendmsg+0xc5/0xd0 [ 206.086967][T13041] __sock_sendmsg+0x102/0x180 [ 206.091663][T13041] ____sys_sendmsg+0x312/0x410 [ 206.096432][T13041] __sys_sendmmsg+0x269/0x500 [ 206.101193][T13041] __x64_sys_sendmmsg+0x57/0x70 [ 206.106049][T13041] x64_sys_call+0xa49/0x2d60 [ 206.110688][T13041] do_syscall_64+0xc9/0x1c0 [ 206.115193][T13041] ? clear_bhb_loop+0x55/0xb0 [ 206.119867][T13041] ? clear_bhb_loop+0x55/0xb0 [ 206.124602][T13041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.130558][T13041] RIP: 0033:0x7f67b652def9 [ 206.134991][T13041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 206.154746][T13041] RSP: 002b:00007f67b51a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 206.163161][T13041] RAX: ffffffffffffffda RBX: 00007f67b66e5f80 RCX: 00007f67b652def9 [ 206.171126][T13041] RDX: 0000000000000001 RSI: 00000000200032c0 RDI: 0000000000000004 [ 206.179084][T13041] RBP: 00007f67b51a7090 R08: 0000000000000000 R09: 0000000000000000 [ 206.187042][T13041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 206.195002][T13041] R13: 0000000000000000 R14: 00007f67b66e5f80 R15: 00007fff9f30a318 [ 206.203054][T13041] [ 206.213401][T13045] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3003'. [ 206.222983][T11040] EXT4-fs warning (device loop0): htree_dirblock_to_tree:1083: inode #2: lblock 0: comm syz-executor: error -12 reading directory block [ 206.247172][ T4461] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 206.258569][ T4461] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.288412][T13053] loop1: detected capacity change from 0 to 2048 [ 206.302988][T13031] chnl_net:caif_netlink_parms(): no params data found [ 206.305190][T13053] EXT4-fs: Ignoring removed orlov option [ 206.312909][T13056] loop3: detected capacity change from 0 to 512 [ 206.336706][T13056] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 206.357134][ T4461] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 206.367562][ T4461] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.378396][T13056] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 206.381862][T13065] loop1: detected capacity change from 0 to 164 [ 206.426208][T13031] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.434658][T13031] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.445099][T13031] bridge_slave_0: entered allmulticast mode [ 206.452022][T13031] bridge_slave_0: entered promiscuous mode [ 206.473548][T13031] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.480699][T13031] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.488169][T13031] bridge_slave_1: entered allmulticast mode [ 206.494549][T13031] bridge_slave_1: entered promiscuous mode [ 206.503180][T13073] loop3: detected capacity change from 0 to 512 [ 206.510989][T13073] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 206.511103][ T4461] team0: Port device netdevsim1 removed [ 206.527354][T13073] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.3013: iget: bad i_size value: -6917529027641081756 [ 206.527459][ T4461] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 206.545458][T13073] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3013: couldn't read orphan inode 17 (err -117) [ 206.550873][ T4461] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.586588][T13031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.597105][T13031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.602138][ T29] kauditd_printk_skb: 184 callbacks suppressed [ 206.602149][ T29] audit: type=1326 audit(1726073424.107:17743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 206.647961][ T29] audit: type=1326 audit(1726073424.157:17744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 206.649016][T13031] team0: Port device team_slave_0 added [ 206.672528][ T29] audit: type=1326 audit(1726073424.157:17745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 206.701718][ T29] audit: type=1326 audit(1726073424.157:17746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 206.705868][T13031] team0: Port device team_slave_1 added [ 206.726324][ T29] audit: type=1326 audit(1726073424.157:17747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 206.755622][ T29] audit: type=1326 audit(1726073424.157:17748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 206.779466][ T29] audit: type=1326 audit(1726073424.157:17749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 206.804058][ T29] audit: type=1326 audit(1726073424.157:17750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000 [ 206.838790][ T4461] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 206.849093][ T4461] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.866626][T13031] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 206.873629][T13031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.899598][T13031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 206.914046][T13031] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 206.921168][T13031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.947307][T13031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 206.965183][T13079] loop3: detected capacity change from 0 to 1024 [ 206.971935][T13079] EXT4-fs: Ignoring removed orlov option [ 206.977627][T13079] EXT4-fs: Ignoring removed nomblk_io_submit option [ 207.147917][T13031] hsr_slave_0: entered promiscuous mode [ 207.165826][T13031] hsr_slave_1: entered promiscuous mode [ 207.197153][ T4461] bridge_slave_1: left allmulticast mode [ 207.202891][ T4461] bridge_slave_1: left promiscuous mode [ 207.208637][ T4461] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.246116][ T4461] bridge_slave_0: left allmulticast mode [ 207.251850][ T4461] bridge_slave_0: left promiscuous mode [ 207.258746][ T4461] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.271894][T13089] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3016'. [ 207.330526][ T4461] infiniband syz2: set down [ 207.363397][ T4467] smc: removing ib device syz2 [ 207.387730][ T29] audit: type=1400 audit(1726073424.897:17751): avc: denied { mount } for pid=13078 comm="syz.3.3014" name="/" dev="gadgetfs" ino=31562 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 207.394084][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.417675][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.425121][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.432491][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.439890][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.447376][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.454777][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.462224][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.469635][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.477403][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.484823][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.492272][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.499782][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.507188][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.514593][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.521985][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.529409][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.536808][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.544216][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.551612][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.559039][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.560069][T13092] loop1: detected capacity change from 0 to 1024 [ 207.566475][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.566500][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.566564][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.566588][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.566610][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.566646][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.566670][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.566692][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.566715][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.566752][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.566774][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 207.568548][ T3339] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz0 [ 207.577171][T13092] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 207.766209][ T4461] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 207.777419][ T4461] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 207.788192][ T4461] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 207.797703][ T4461] bond0 (unregistering): Released all slaves [ 207.819740][ T787] gre0 speed is unknown, defaulting to 1000 [ 207.879230][ T29] audit: type=1400 audit(1726073425.387:17752): avc: denied { unmount } for pid=12636 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 207.938812][T13102] loop3: detected capacity change from 0 to 1024 [ 207.949521][T13102] EXT4-fs: Ignoring removed orlov option [ 207.955242][T13102] EXT4-fs: Ignoring removed nomblk_io_submit option [ 207.972924][T13104] loop4: detected capacity change from 0 to 2048 [ 207.985807][ T4461] tipc: Left network mode [ 207.992624][T13104] EXT4-fs: Ignoring removed orlov option [ 208.009414][T13080] chnl_net:caif_netlink_parms(): no params data found [ 208.074334][ T4461] hsr_slave_0: left promiscuous mode [ 208.080910][ T4461] hsr_slave_1: left promiscuous mode [ 208.087085][ T4461] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 208.095228][ T4461] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 208.106088][ T4461] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 208.113642][ T4461] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 208.136495][ T4461] veth1_macvtap: left promiscuous mode [ 208.142049][ T4461] veth0_macvtap: left promiscuous mode [ 208.147711][ T4461] veth1_vlan: left promiscuous mode [ 208.153035][ T4461] veth0_vlan: left promiscuous mode [ 208.181220][T13122] loop1: detected capacity change from 0 to 512 [ 208.197046][T13122] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 208.219025][T13122] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #17: comm syz.1.3023: iget: bad i_size value: -6917529027641081756 [ 208.234632][T13122] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.3023: couldn't read orphan inode 17 (err -117) [ 208.273201][T13130] loop1: detected capacity change from 0 to 1024 [ 208.280000][T13130] EXT4-fs: Ignoring removed orlov option [ 208.286134][T13130] EXT4-fs: Ignoring removed nomblk_io_submit option [ 208.323090][ T4461] team0 (unregistering): Port device team_slave_1 removed [ 208.340724][ T4461] team0 (unregistering): Port device team_slave_0 removed [ 208.386313][T13135] delete_channel: no stack [ 208.492093][T13080] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.499569][T13080] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.506822][T13080] bridge_slave_0: entered allmulticast mode [ 208.513344][T13080] bridge_slave_0: entered promiscuous mode [ 208.520275][T13080] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.527817][T13080] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.535057][T13080] bridge_slave_1: entered allmulticast mode [ 208.541480][T13080] bridge_slave_1: entered promiscuous mode [ 208.564356][T13080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.574794][T13080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.592819][T13080] team0: Port device team_slave_0 added [ 208.599395][T13080] team0: Port device team_slave_1 added [ 208.614433][T13080] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.621442][T13080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.647783][T13080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.658938][T13080] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.665885][T13080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.692194][T13080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.717386][T13080] hsr_slave_0: entered promiscuous mode [ 208.723516][T13080] hsr_slave_1: entered promiscuous mode [ 208.729457][T13080] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 208.737000][T13080] Cannot create hsr debugfs directory [ 208.772542][T13031] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 208.789432][T13031] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 208.799448][T13141] loop3: detected capacity change from 0 to 2048 [ 208.807130][T13141] EXT4-fs: Ignoring removed orlov option [ 208.813151][T13031] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 208.829207][T13031] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 208.856650][T13080] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 208.866965][T13080] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.917377][T13080] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 208.928415][T13080] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.957776][T13031] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.975146][T13031] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.997206][T13080] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 209.007502][T13080] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.021218][ T4463] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.028329][ T4463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.037311][ T4463] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.044381][ T4463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.096782][T13080] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 209.101854][T13156] loop4: detected capacity change from 0 to 512 [ 209.107128][T13080] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.126869][T13156] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 209.147929][T13031] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 209.159175][T13156] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.3035: iget: bad i_size value: -6917529027641081756 [ 209.180251][T13156] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.3035: couldn't read orphan inode 17 (err -117) [ 209.192509][T13152] loop3: detected capacity change from 0 to 1024 [ 209.202521][T13152] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 209.262111][T13031] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.269621][T13167] loop1: detected capacity change from 0 to 2048 [ 209.285201][T13080] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 209.292236][T13167] EXT4-fs: Ignoring removed orlov option [ 209.308389][T13080] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 209.326096][T13080] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 209.342020][T13080] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 209.421991][T13186] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3042'. [ 209.422547][T13031] veth0_vlan: entered promiscuous mode [ 209.447245][T13080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.456533][T13031] veth1_vlan: entered promiscuous mode [ 209.482087][T13031] veth0_macvtap: entered promiscuous mode [ 209.498962][T13080] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.510139][ T4463] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.517231][ T4463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.535156][T13031] veth1_macvtap: entered promiscuous mode [ 209.546598][ T4463] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.553753][ T4463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.584182][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.594637][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.604473][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.614893][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.624710][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.635301][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.645122][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.655553][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.666836][T13031] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 209.679857][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.690394][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.700249][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.710674][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.720547][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.731040][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.740847][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.751263][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.763001][T13031] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 209.777261][T13080] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 209.793939][T13031] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.802641][T13031] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.811503][T13031] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.820345][T13031] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.885030][T13080] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.895260][T13203] loop3: detected capacity change from 0 to 512 [ 209.914903][T13203] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 209.937083][T13203] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.3046: iget: bad i_size value: -6917529027641081756 [ 209.960609][T13080] veth0_vlan: entered promiscuous mode [ 209.971196][T13080] veth1_vlan: entered promiscuous mode [ 209.989694][T13080] veth0_macvtap: entered promiscuous mode [ 209.997414][T13080] veth1_macvtap: entered promiscuous mode [ 210.007487][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.017989][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.027895][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.038443][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.048407][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.055214][T13203] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3046: couldn't read orphan inode 17 (err -117) [ 210.058838][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.080444][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.090951][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.100890][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.111388][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.126925][T13080] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.135432][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.145969][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.155814][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.166305][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.176280][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.186699][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.196687][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.207224][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.217068][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.227515][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.239652][T13080] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 210.270780][T13080] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.279547][T13080] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.288321][T13080] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.297106][T13080] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.328893][T13239] loop1: detected capacity change from 0 to 512 [ 210.331456][T13240] loop3: detected capacity change from 0 to 2048 [ 210.337125][T13239] journal_path: Lookup failure for './bus' [ 210.341986][T13240] EXT4-fs: Ignoring removed orlov option [ 210.347362][T13239] EXT4-fs: error: could not find journal device path [ 210.381966][T13193] delete_channel: no stack [ 210.423775][T13262] loop0: detected capacity change from 0 to 512 [ 210.430583][T13262] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 210.469961][T13262] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #17: comm syz.0.3024: iget: bad i_size value: -6917529027641081756 [ 210.508921][T13262] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.3024: couldn't read orphan inode 17 (err -117) [ 210.579808][T13262] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3024'. [ 210.588873][T13289] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3057'. [ 210.711866][T13309] loop0: detected capacity change from 0 to 2048 [ 210.720837][T13309] EXT4-fs: Ignoring removed orlov option [ 210.871329][ T4437] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 210.882339][ T4437] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.910812][T13272] chnl_net:caif_netlink_parms(): no params data found [ 210.956429][T13376] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3065'. [ 210.977526][ T4437] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 210.987853][ T4437] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.019719][T13272] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.027569][T13272] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.036296][T13383] loop2: detected capacity change from 0 to 512 [ 211.036943][T13272] bridge_slave_0: entered allmulticast mode [ 211.048581][T13383] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 211.049661][T13272] bridge_slave_0: entered promiscuous mode [ 211.068684][ T4437] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 211.079034][ T4437] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.081247][T13383] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #17: comm syz.2.3067: iget: bad i_size value: -6917529027641081756 [ 211.103566][T13272] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.104786][T13383] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.3067: couldn't read orphan inode 17 (err -117) [ 211.110701][T13272] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.130711][T13272] bridge_slave_1: entered allmulticast mode [ 211.137207][T13272] bridge_slave_1: entered promiscuous mode [ 211.154541][ T4437] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 211.164890][ T4437] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.176139][T13383] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3067'. [ 211.192095][T13272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 211.209314][T13272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.230302][T13272] team0: Port device team_slave_0 added [ 211.240908][T13272] team0: Port device team_slave_1 added [ 211.262827][T13272] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 211.270486][T13272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.275270][T13395] loop2: detected capacity change from 0 to 164 [ 211.297032][T13272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.305524][T13395] bio_check_eod: 50636 callbacks suppressed [ 211.305537][T13395] syz.2.3071: attempt to access beyond end of device [ 211.305537][T13395] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 211.316811][T13272] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.335774][T13395] syz.2.3071: attempt to access beyond end of device [ 211.335774][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 211.340608][T13272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.355402][T13395] syz.2.3071: attempt to access beyond end of device [ 211.355402][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 211.380560][T13272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.396225][T13395] syz.2.3071: attempt to access beyond end of device [ 211.396225][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 211.418285][T13395] syz.2.3071: attempt to access beyond end of device [ 211.418285][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 211.431731][T13395] syz.2.3071: attempt to access beyond end of device [ 211.431731][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 211.445267][T13395] syz.2.3071: attempt to access beyond end of device [ 211.445267][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 211.458890][T13395] syz.2.3071: attempt to access beyond end of device [ 211.458890][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 211.472610][T13395] syz.2.3071: attempt to access beyond end of device [ 211.472610][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 211.487007][T13395] syz.2.3071: attempt to access beyond end of device [ 211.487007][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 211.532745][ T4437] bridge_slave_1: left allmulticast mode [ 211.538421][ T4437] bridge_slave_1: left promiscuous mode [ 211.544105][ T4437] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.573340][ T4437] bridge_slave_0: left allmulticast mode [ 211.579030][ T4437] bridge_slave_0: left promiscuous mode [ 211.584705][ T4437] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.619840][T13399] futex_wake_op: syz.3.3073 tries to shift op by 144; fix this program [ 211.675005][ T3337] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x4 [ 211.682703][ T3337] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x2 [ 211.699510][ T3337] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x3 [ 211.716841][ T3337] hid-generic 0000:3000000:0000.0002: hidraw0: HID v0.00 Device [sy] on syz0 [ 211.770252][T13370] delete_channel: no stack [ 211.798705][T13407] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3075'. [ 211.803536][T13403] loop3: detected capacity change from 0 to 512 [ 211.817958][ T4437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 211.829476][ T4437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 211.843445][T13403] EXT4-fs: Ignoring removed nobh option [ 211.844602][T13409] loop1: detected capacity change from 0 to 512 [ 211.856814][ T4437] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 211.867283][T13409] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 211.877219][ T4437] bond0 (unregistering): Released all slaves [ 211.887919][T13409] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #17: comm syz.1.3077: iget: bad i_size value: -6917529027641081756 [ 211.907398][T13272] hsr_slave_0: entered promiscuous mode [ 211.914170][T13403] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 211.929740][T13272] hsr_slave_1: entered promiscuous mode [ 211.935696][T13272] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 211.944013][T13409] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.3077: couldn't read orphan inode 17 (err -117) [ 211.957414][T13272] Cannot create hsr debugfs directory [ 211.962849][T13402] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3074'. [ 211.988799][ T29] kauditd_printk_skb: 85 callbacks suppressed [ 211.988810][ T29] audit: type=1400 audit(1726073429.467:17838): avc: denied { execute } for pid=13401 comm="syz.3.3074" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 212.038770][ T4437] hsr_slave_0: left promiscuous mode [ 212.044947][ T4437] hsr_slave_1: left promiscuous mode [ 212.050424][ T29] audit: type=1326 audit(1726073429.547:17839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 212.073997][ T29] audit: type=1326 audit(1726073429.557:17840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 212.097596][ T29] audit: type=1326 audit(1726073429.557:17841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 212.124795][ T29] audit: type=1326 audit(1726073429.557:17842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 212.148695][ T29] audit: type=1326 audit(1726073429.557:17843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 212.172304][ T4437] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 212.179783][ T4437] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 212.195855][ T4437] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 212.197376][ T29] audit: type=1326 audit(1726073429.567:17844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 212.203291][ T4437] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 212.234117][ T29] audit: type=1326 audit(1726073429.567:17845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 212.257722][ T29] audit: type=1326 audit(1726073429.567:17846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 212.281359][ T29] audit: type=1326 audit(1726073429.567:17847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000 [ 212.306935][ T4437] veth1_macvtap: left promiscuous mode [ 212.307019][T13422] FAULT_INJECTION: forcing a failure. [ 212.307019][T13422] name failslab, interval 1, probability 0, space 0, times 0 [ 212.312442][ T4437] veth0_macvtap: left promiscuous mode [ 212.324959][T13422] CPU: 0 UID: 0 PID: 13422 Comm: syz.2.3079 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 212.330511][ T4437] veth1_vlan: left promiscuous mode [ 212.341162][T13422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 212.341175][T13422] Call Trace: [ 212.341186][T13422] [ 212.346468][ T4437] veth0_vlan: left promiscuous mode [ 212.356374][T13422] dump_stack_lvl+0xf2/0x150 [ 212.372478][T13422] dump_stack+0x15/0x20 [ 212.376667][T13422] should_fail_ex+0x229/0x230 [ 212.381374][T13422] ? nd_alloc_stack+0x4e/0x90 [ 212.386110][T13422] should_failslab+0x8f/0xb0 [ 212.390740][T13422] __kmalloc_cache_noprof+0x4b/0x2a0 [ 212.396032][T13422] nd_alloc_stack+0x4e/0x90 [ 212.400623][T13422] pick_link+0x745/0x7e0 [ 212.404872][T13422] ? __d_lookup+0x342/0x370 [ 212.409384][T13422] step_into+0x725/0x810 [ 212.413739][T13422] link_path_walk+0x54c/0x820 [ 212.418445][T13422] path_openat+0x1aa/0x1f10 [ 212.423014][T13422] ? terminate_walk+0x260/0x280 [ 212.427885][T13422] do_filp_open+0xf7/0x200 [ 212.432361][T13422] ? __pfx_shmem_put_link+0x10/0x10 [ 212.437563][T13422] ? __pfx_shmem_put_link+0x10/0x10 [ 212.442768][T13422] alloc_bprm+0xd5/0x760 [ 212.447177][T13422] ? __check_object_size+0x35b/0x510 [ 212.452524][T13422] do_execveat_common+0x134/0x800 [ 212.457560][T13422] __x64_sys_execve+0x5a/0x70 [ 212.462242][T13422] x64_sys_call+0x1277/0x2d60 [ 212.466991][T13422] do_syscall_64+0xc9/0x1c0 [ 212.471498][T13422] ? clear_bhb_loop+0x55/0xb0 [ 212.476214][T13422] ? clear_bhb_loop+0x55/0xb0 [ 212.480936][T13422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.486868][T13422] RIP: 0033:0x7f2b317cdef9 [ 212.491283][T13422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.510955][T13422] RSP: 002b:00007f2b30441038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 212.519352][T13422] RAX: ffffffffffffffda RBX: 00007f2b31985f80 RCX: 00007f2b317cdef9 [ 212.527305][T13422] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 212.535345][T13422] RBP: 00007f2b30441090 R08: 0000000000000000 R09: 0000000000000000 [ 212.543295][T13422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.551290][T13422] R13: 0000000000000000 R14: 00007f2b31985f80 R15: 00007ffef395b468 [ 212.559273][T13422] [ 212.592547][T13432] loop2: detected capacity change from 0 to 512 [ 212.607560][T13432] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 212.652262][ T4437] team0 (unregistering): Port device team_slave_1 removed [ 212.665588][ T4437] team0 (unregistering): Port device team_slave_0 removed [ 212.710174][T13409] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3077'. [ 212.823176][T13443] loop3: detected capacity change from 0 to 1024 [ 212.830305][T13443] EXT4-fs: Ignoring removed orlov option [ 212.836019][T13443] EXT4-fs: Ignoring removed nomblk_io_submit option [ 213.036196][T13272] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 213.044822][T13272] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 213.053667][T13272] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 213.061769][T13272] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 213.089311][ T4437] IPVS: stop unused estimator thread 0... [ 213.129315][T13272] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.141076][T13448] loop0: detected capacity change from 0 to 164 [ 213.143678][T13272] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.157873][ T4460] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.164996][ T4460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.176627][ T4439] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.183690][ T4439] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.202508][T13272] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 213.212965][T13272] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 213.279961][T13272] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.409602][T13272] veth0_vlan: entered promiscuous mode [ 213.418593][T13272] veth1_vlan: entered promiscuous mode [ 213.436571][T13272] veth0_macvtap: entered promiscuous mode [ 213.445205][T13272] veth1_macvtap: entered promiscuous mode [ 213.455950][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 213.466449][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.476411][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 213.487213][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.497163][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 213.507666][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.517479][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 213.527910][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.537847][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 213.548312][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.565395][T13272] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 213.575976][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 213.578540][T13466] futex_wake_op: syz.2.3089 tries to shift op by 144; fix this program [ 213.586491][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.604667][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 213.615226][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.625119][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 213.634523][T13436] delete_channel: no stack [ 213.635660][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.649758][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 213.660333][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.670197][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 213.680819][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.693147][T13272] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 213.701714][T13272] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.710542][T13272] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.719380][T13272] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.720585][T13468] loop2: detected capacity change from 0 to 1024 [ 213.728074][T13272] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.752948][T13468] EXT4-fs: Ignoring removed orlov option [ 213.758789][T13468] EXT4-fs: Ignoring removed nomblk_io_submit option [ 213.823820][T13481] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3094'. [ 213.851674][T13484] loop3: detected capacity change from 0 to 512 [ 213.860036][T13484] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 213.879338][T13484] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.3095: iget: bad i_size value: -6917529027641081756 [ 213.906038][T13484] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3095: couldn't read orphan inode 17 (err -117) [ 213.950455][T13482] delete_channel: no stack [ 213.974970][T13484] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3095'. [ 214.017913][T13493] futex_wake_op: syz.0.3097 tries to shift op by 144; fix this program [ 214.090134][T13499] loop0: detected capacity change from 0 to 512 [ 214.109461][T13499] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 214.439900][T13522] loop3: detected capacity change from 0 to 512 [ 214.446878][T13522] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 214.464458][T13522] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.3108: iget: bad i_size value: -6917529027641081756 [ 214.477883][T13522] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3108: couldn't read orphan inode 17 (err -117) [ 214.505181][T13522] __nla_validate_parse: 1 callbacks suppressed [ 214.505190][T13522] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3108'. [ 214.567997][T13530] loop3: detected capacity change from 0 to 2048 [ 214.575085][T13530] EXT4-fs: Ignoring removed orlov option [ 214.802410][T13535] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 214.817361][T13535] EXT4-fs (loop3): Remounting filesystem read-only [ 214.908301][T13548] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3117'. [ 214.950328][T13553] loop3: detected capacity change from 0 to 512 [ 214.958720][T13553] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 214.985484][T13539] delete_channel: no stack [ 214.990078][T13553] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.3120: iget: bad i_size value: -6917529027641081756 [ 215.005669][T13503] delete_channel: no stack [ 215.011380][T13553] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3120: couldn't read orphan inode 17 (err -117) [ 215.041743][T13553] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3120'. [ 215.060364][T13554] loop1: detected capacity change from 0 to 1024 [ 215.077920][T13554] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 215.095796][T13556] SELinux: Context · is not valid (left unmapped). [ 215.145177][T13569] loop0: detected capacity change from 0 to 2048 [ 215.151769][T13569] EXT4-fs: Ignoring removed orlov option [ 215.483575][T13575] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 215.525623][T13575] EXT4-fs (loop0): Remounting filesystem read-only [ 215.635866][T13586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3129'. [ 215.644806][T13586] netlink: 'syz.2.3129': attribute type 15 has an invalid length. [ 215.652736][T13586] netlink: 'syz.2.3129': attribute type 18 has an invalid length. [ 215.669309][T13586] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 215.670405][T13080] EXT4-fs unmount: 117 callbacks suppressed [ 215.670418][T13080] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.678037][T13586] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 215.701578][T13586] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 215.710372][T13586] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 215.721483][T13586] vxlan0: entered promiscuous mode [ 215.753569][T13592] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3130'. [ 215.762830][T13594] loop4: detected capacity change from 0 to 512 [ 215.769985][T13594] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 215.797948][T13594] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.3133: iget: bad i_size value: -6917529027641081756 [ 215.812891][T13596] loop0: detected capacity change from 0 to 1024 [ 215.820506][T13594] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.3133: couldn't read orphan inode 17 (err -117) [ 215.820715][T13596] EXT4-fs: Ignoring removed orlov option [ 215.838107][T13596] EXT4-fs: Ignoring removed nomblk_io_submit option [ 215.843793][T13594] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 215.858056][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.869354][T13596] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 215.886792][T13594] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3133'. [ 215.907417][T13272] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.917552][T13606] loop1: detected capacity change from 0 to 1024 [ 215.925436][T13606] EXT4-fs: Ignoring removed orlov option [ 215.931195][T13606] EXT4-fs: Ignoring removed nomblk_io_submit option [ 215.947279][T13606] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 215.980796][T13080] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.072994][T13617] loop3: detected capacity change from 0 to 2048 [ 216.080033][T13617] EXT4-fs: Ignoring removed orlov option [ 216.096615][T13617] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 216.216710][T13628] futex_wake_op: syz.4.3145 tries to shift op by 144; fix this program [ 216.301299][T13625] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 216.317493][T13625] EXT4-fs (loop3): Remounting filesystem read-only [ 216.358509][T13634] loop4: detected capacity change from 0 to 1024 [ 216.368213][T13634] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 216.388114][T13634] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 216.406843][T12636] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.419385][T13629] delete_channel: no stack [ 216.552850][T13634] ================================================================== [ 216.560971][T13634] BUG: KCSAN: data-race in generic_buffers_fsync_noflush / writeback_single_inode [ 216.570199][T13634] [ 216.572524][T13634] write to 0xffff8881064a5ce8 of 8 bytes by task 13646 on cpu 1: [ 216.580236][T13634] writeback_single_inode+0x10e/0x4a0 [ 216.585620][T13634] sync_inode_metadata+0x5c/0x90 [ 216.590571][T13634] generic_buffers_fsync_noflush+0xe4/0x130 [ 216.596479][T13634] ext4_sync_file+0x20b/0x6c0 [ 216.601157][T13634] vfs_fsync_range+0x122/0x140 [ 216.605929][T13634] ext4_buffered_write_iter+0x338/0x380 [ 216.610420][T13644] loop2: detected capacity change from 0 to 1024 [ 216.611466][T13634] ext4_file_write_iter+0x29f/0xe30 [ 216.611488][T13634] iter_file_splice_write+0x5e6/0x970 [ 216.611520][T13634] direct_splice_actor+0x16c/0x2c0 [ 216.611538][T13634] splice_direct_to_actor+0x305/0x670 [ 216.611569][T13634] do_splice_direct+0xd7/0x150 [ 216.611599][T13634] do_sendfile+0x3ab/0x950 [ 216.611616][T13634] __x64_sys_sendfile64+0x110/0x150 [ 216.611644][T13634] x64_sys_call+0xed5/0x2d60 [ 216.611667][T13634] do_syscall_64+0xc9/0x1c0 [ 216.611684][T13634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.611713][T13634] [ 216.611719][T13634] read to 0xffff8881064a5ce8 of 8 bytes by task 13634 on cpu 0: [ 216.611735][T13634] generic_buffers_fsync_noflush+0x89/0x130 [ 216.656318][T13644] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 216.657917][T13634] ext4_sync_file+0x20b/0x6c0 [ 216.657944][T13634] vfs_fsync_range+0x122/0x140 [ 216.657966][T13634] ext4_buffered_write_iter+0x338/0x380 [ 216.657985][T13634] ext4_file_write_iter+0x29f/0xe30 [ 216.658003][T13634] iter_file_splice_write+0x5e6/0x970 [ 216.658035][T13634] direct_splice_actor+0x16c/0x2c0 [ 216.723405][T13634] splice_direct_to_actor+0x305/0x670 [ 216.728792][T13634] do_splice_direct+0xd7/0x150 [ 216.733571][T13634] do_sendfile+0x3ab/0x950 [ 216.737985][T13634] __x64_sys_sendfile64+0x110/0x150 [ 216.743200][T13634] x64_sys_call+0xed5/0x2d60 [ 216.747795][T13634] do_syscall_64+0xc9/0x1c0 [ 216.752307][T13634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.758208][T13634] [ 216.760523][T13634] value changed: 0x0000000000000007 -> 0x0000000000000080 [ 216.767636][T13634] [ 216.769962][T13634] Reported by Kernel Concurrency Sanitizer on: [ 216.776108][T13634] CPU: 0 UID: 0 PID: 13634 Comm: syz.4.3147 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 216.786872][T13634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 216.796928][T13634] ================================================================== [ 216.829565][T13644] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 216.921143][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.156059][T13634] syz.4.3147 (13634) used greatest stack depth: 9560 bytes left [ 217.166233][T13272] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.375731][T13031] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.