last executing test programs: 3.638413387s ago: executing program 3 (id=1360): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x141141, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r5, 0x0, 0xffffffffffffffff}, 0x18) write$tun(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500561308005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef) 3.40187361s ago: executing program 3 (id=1367): syz_io_uring_setup(0x250b, &(0x7f0000000100)={0x0, 0x10645c, 0x800, 0x400040, 0x240}, &(0x7f0000000300), &(0x7f0000000200)) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x2}, {0x64, 0x1, 0x0, 0x2}, {0x6}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000080000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, 0x0, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r5, 0x1, 0x23, &(0x7f0000000080)=0x6, 0x4) recvmmsg(r5, &(0x7f0000000100), 0x0, 0x2100, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000002000100000000001d4e5c8405723ca05d6ad100000000000000"], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r7}, 0x10) sendmsg$nl_route_sched(r3, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x2, 0x0, 0x0, 0x3}, 0x2, r6}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x4800) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x4, 0x3, 0xfffffff7}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) 3.369337491s ago: executing program 1 (id=1368): syz_io_uring_setup(0x250b, &(0x7f0000000100)={0x0, 0x10645c, 0x800, 0x400040, 0x240}, &(0x7f0000000300), &(0x7f0000000200)) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x2}, {0x64, 0x1, 0x0, 0x2}, {0x6}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000080000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, 0x0, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r5, 0x1, 0x23, &(0x7f0000000080)=0x6, 0x4) recvmmsg(r5, &(0x7f0000000100), 0x0, 0x2100, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000002000100000000001d4e5c8405723ca05d6ad100000000000000"], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r7}, 0x10) sendmsg$nl_route_sched(r3, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x2, 0x0, 0x0, 0x3}, 0x2, r6}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x4800) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x4, 0x3, 0xfffffff7}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) 3.129837804s ago: executing program 0 (id=1373): bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) unshare(0x40020000) (async) bpf$PROG_LOAD(0x5, 0x0, 0xa35f98b4dae19503) (async) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd0700100000001400000060ec97000fc804f9fe8000000000000000000000000000aaff020000000000000000000000000001"], 0xffe) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) getsockopt$IP_SET_OP_VERSION(r2, 0x1, 0x49, &(0x7f0000000240), &(0x7f0000000280)=0x8) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0xfffffffa, 0x71, 0x10, 0x5c}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) 3.038284516s ago: executing program 0 (id=1375): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a5000000500000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], 0x0, 0x124, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb85000000430000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f0000000040)={0xb000001c}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) writev(r3, &(0x7f0000000400)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f8864", 0x12}, {&(0x7f00000001c0)}, {&(0x7f0000000280)="0f0f00", 0x3}], 0x3) r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) writev(r4, &(0x7f0000000380)=[{&(0x7f0000000c40)="34b83c418dcf74a94501f21c2dc0ce3b8323feedbf479050a427ff6efa8db0acf4daa2405e2f806c9b11414472fb9834e25c2a9e66a0bf56d1112e304b78bc4e0c0a0a1135e8841fd4b9f6f4d0192d6ff8c03f0ec4a7aaa297ce9bbf6f9176a41d3a4f887c05d9dbab6e9213a10e90090100d247dcd0bb1b04c44d8cef22ca6486483e527d775d42ead93353c54b96449c19ae66b8571ce7ab5d27fea24be40ab9de7c49bd0724a45ca3ea9204c4c5b872f338a0bbca23c5feb1a2a452dc7bda89e419a4ff666989c27fdcdf88f65d95b0dacf54f5ca39a0ed8cf8fea6e7359706645b8ab3896891e94f54ad66d4dc73f186d82f268bb52e3a2ca36773d0ecfca2afb7f6deb15232f64fbd3fc8d4cdf07730a8d9c3e59386315f78024f3761f6579ce82a56eecb6e64542c48ea8285e175dc25317484a56b24dd59a7f28d37fdfc961fc881c7e6114733ad102a215e0ee94f6542abe77e68cc640a057aef2c55403d7c853a16197c5848f5", 0x16b}, {0x0}, {&(0x7f0000000680)="819e9050dbada0000817fba3095c5adbea72449e6b46862c356658a253d2621d57263176eae2278e6c8e29ad25208dc79eb1309df97b31622def25b9a3cf13a0b1407b6909"}, {&(0x7f0000001100)="f868067f1723807324357bfa69344ded51366b4348a22dc4ae5ec09f0e5039f797195c12facbb70d7d43865bb8bee4b0effaedbbe8f441ec17af2416404f6bd00edd0c635d46610c47b99ad7d981fcf307a05355c90d49c47b5ba17501fd95e093c58eeeea3e1db7ac99dab986978852b027e376b136ebbcddaf1925efe58041c05dbc1efb014f487ee5ae46f9c0ac3f5fa3395c4b57f4a6de3bdb0c2748ada3c0b16871b80ba1a6c65e57bb64541bcfbbf686a1887a30644fc594b5f366fa36facf4f48735453894f85956398b87d5c1c0cdb492ff87e253f70bb82f0e9bde46e1f3f8cea65e7ff02d76a4b89674e0f3d5cbbb95a4906672fc7dfa096b9bb3f26d42f760844804def337ccc3a2d35404f4147594563bac4103de4e1b3c050ca360e3e90e8a4451857b3238557819d79c10119b509d87d59b1d020023641a3fd55ef615644ab731dcb9fa581abf12a3b2503a845044ad3590aeea1cf6fdfe5577dbb29bce6b35c9d71b6ac796fccf55e44fa996a62dcc5f6e7d32590e8c0c42bba24f7d07253e6a2b3bc616b57e6353d818932890f7331f72142ca41cd2a1f2441aeda9a53a2f4dcd03429a67a8c9cd9ebaa34ee522ee8c6d73be2fc2789317577ae83be9e8410502dd08d7bc73a9aa84724f1ad565da4b9cbfb6d14cb651c886196fb089f7035fbaa7a86d4ff4831b3fed4cd401b5b44c137e983c773880a9af34715992b4f075557c733c995f3d8de20dc35e3bb008a02ec80835779db2d3d574ae451b59f3ea43754dc502839ec85308fb191624bc29d3e88290e687e100a07eaae3ed696a01b0be26d197d67a3d0ed7aa80426574b245e4709af28ee6d22a32b83bf6984bef78e86e80a03bccc368ee9ff715e14780bfc3256bacaa8c38c78a00c933619e942396d2edd4ecc71b426a7dfe0c4b43ffd51d7d2a2bbc3b6431a8ded8fd0708079b1bc19a4c3c91d27c59504a4a89c676f3872aa2ba4106c309f79991e2c6fe59460b2f56894afdce29c5a2434f48940eeff46f67c60477c5b060342edaea6a5229e7a4266d477a57b2b9bf2465f931713378586ae1cacecf1646745854cbc010b1f8ea5e81b8e57c59079e89d145bb4571aec7d272f8f2ad2ae6f25a8370f8ada8782e31c0ff73749493394144934c57e15f2d7cc39e61e5ba5701c9cf7494ac574a8d3b375b68e4d67c2a30988ddfecfe3eb8204d338a6caa51df0b149a7a53b57da1343dc5e2ebc64eb84c9222349cf3573679bcb53860345cc79e716a42ccfbe20b8ad3b6721848d9156166cb3739b135a70651ff2cac6a387fe248c38d20b9df7597d93e5fedb47c3d3f1daa3ca8b67528b8883a8219be2ee52ea57043ad925e4ec19f7996fb12a39e4fbfaf166cc678542dd2959da9606942b9787da2cf4aa61b24d629684fde4398d5260e09dc76469bc0f90f39ce72a063646e9536fe848612c013bb886d89c985597b43483d846028bcc714d04cf741437872224ace227a7674562c93871f69f1d7c06dbc856d5f596af812b8099e0453b33847e3070f89cc6d6156a991c2f73b137f73b0a82aee86f463b805182947d5cce589032569716b417f7ab17c7a7da00acb2d4a992bbdb318d1e099b8607493c3a6960c8802311c38fd5b8d8b793f75ddc32d9416a57e82e202c4b72296e3cd02dac0ccf7f7d8073edccc3c2b7414c8c247cd75d3053a6a6826c0008a106cb823d75999b5911505d8e4550deaf84e160b0ffcf10360b7b9eb6c2ba26e85237cd1a14e434a03a966391aa9a0e013ee575ef4bc7d77ecb7c036e1119d99f8bd1c85ec3e05a4f837e0d7fd9ae1a617c2eaadee250c3a85af28cd011a8e9265235b7820799c9e38a3b6a207b4e2fa12a99482c116312ac281d24c88cde243f75398ccc22abfe66d0175b6b2726a7ac34d38c9bc69b9267f57e4ae383015cfe8475f9fdf4f9462a1054e08bd59346e1fc7d1b712a0de74c42143de4a7227ec536cc8338bb3caf31149ff741855653e5b99b5d856e2edfdd73fbddfd75f3137e27af9354257d9eb6122b9ba4d7ba99daec1145580aabdcb26aff844726738e68d432fed6cb2112b50a67ea82e09bbd6d8d8b94a560be68d0cc78ec28e1cc53247cfec977552b9fcf56c329da1ee43eb479a84d39cd887f47faaafb83837461b2893c0901271dd3747524fa97540ff420625fc2a3018d6cc1a10f079127fa49fd50ce1901e31c29e98c460c846a8159135f3630b2746d663169cd18947a56e435355530d0063d57bc0ddb6b875e11dc0978038bedacbf7363d08d27eb5ec30dd1b26a1976ef3683dbc8227f859c0ad9f897da0cad3277d28c2c9c2052d8d962baf633053d95d6ef0ef4a9599faddf9474655348891483928426aa4e796c05ef342af4cfe2049e9ed77a3ad1f3680e1043f1d8e78a8f30004dae8272d724283c2d5749e09ee83c0173c91f167cf23d3a3542d4deb0ab75b3ce903cf5088c7c21c5b6c9c5fd06293f8ce29008c2e0ba84e61bd9dafc509795f6b784e45526900dadf149d6f9469c07fcc86e98c746462ba2ff166185d9844e271b1ba666975db1fbece59c383d9de67d12fe9d4ce106aacedeb17f18d1f35335652bfcce3e9169ac4a2c504596a80da1c7cc5ec22e8858231aab457c98debb233911497ca038b067da40614fce060ef7e1de0c009a79258a005c49fcc7b2dedecd55f3902e85302c2d4e5c1447fb5a5dc797bc9ca0077a8d533e6016a1a782182c1872e67ed21e09aef21f6a3512ea639c811575a014b12407b790957e97069455c41d54f4c40c95b8ead6db83d65a11a18f0d476a6a0a38ab72ba0aabcf8843880703bd9f70027002c50c99ec5aa6c76e887d7a5fe061da60134f342be507b287c08d7db5f338ab96ae2e007aee4da7225328bb10bf6afabf37a2e0a4234e72fc4db5be3ad4aeffd4fded2da7ec3a598e059d870155ca3e86808afdf6a56eb2f6fe267f19342a26cda829d54370c2aaf98e051ab27d45e25597661dce16ef084cc34fe236903be16024ad6d9a6c52314833a89d8c955813c69de463dc3ac8b006e96f34fae4777659195e2c19f09b6a25d9d95d1287988f625e00d081ad2dc32ae02b36f3853db0e2840f6654f9648ff398a0d0f75adb960c3ae0cc2aa976bbf0c36d7439ade6648f212d7fcc0272cfb6d44aba5ecebca36fc5970852566287adc2e1e521cd25006cb0b04fe19ade7dede2a6b09d33e568c44a4e211c7fdfcc72bd02e9804f148ccf30f553d2cabc81ec59b3f58cc6372a847d39be307a3bfc2a942a4de44dedc2439fd58b1ca596189112c9a8fb750af0d4b3ae98a25abaca95830e2903231a80084c7e912636325042fec007399d1b4600a7a4796cd9677a2fdde42cabc02a362c2b91acb9d512b876e48b962962333af8c2aa86f2e8936e4cef9a40fa3e9045f963d52100c2b7daafa436503aa5b25528d832301f6c26009522a818ee7b33e3bbb2a497798f4ff59089a35abf4ca8585c2801a844101c9ea03d144108a8c2b5d76e89aed339a05899fcc308ee5e38e6c0d81df432aae04024aa65793f8efaeaf2ccd9de04adb32a1e6a5f81ed9c5a793fcdc751f763b20b955fc82583bb3d935be3b5843307e27c4e8833a2fe32731b4360c573ead95e12460aaea8ba995bf0145b58bd948b8cdd8b37db95b7ef869835feaa815ba5e91f1f94d06819fee50cb6e14c9af34922295312fe6d0a65fd7b945780aa762ee9ba11d07b76fb7249b1f52ea71f68b98189ce5898f4eb16bae96dcf0b36d008480e052ba3c66ad7620738e5ef51722c412273e9769b95c57d17c58360ccc76f75add8d6234f8565cb80fe51ad76a0e2171f8f9b3d5a95345e897b21d073ad69979bb8e06cdaeafa2e097c09959b14974164d149dba1d661bb8952bcd165e89beaa7410830beec65d591001f0536e5ce150619fe077700d81e5d49f29d5b8c3171dd0b4aa153062a4d3dfd4f331b4a5cf3a6a3362fc0805e524ace3bb0e02da9c2d23fbcfd6c50e496033c71e092755da815e691c40d76773ccbb6ac64ab13f712399f6c1dfd62ddeff348e54e8b1b3922d601c6456d9cfe67a9570502691ad21695e656fc7ebc1ef1cdab89aa537433afd613c4c6083c329dce2f2eecd89aa4b6ab1ef8a57d42d8d9fe89435a28dc6620d921cfd39e3b74c836bbe67d91ac2df7d7a5811379beb045856343158602f9bfb7ac99dd5deda1accc27a2cb194f085d46fc73c7e81bc06b8ab40cce8a49c0210d7f4476953c1d3426cb268f8784a8058d536b89d5df67a6b5ec28ddd227a075994b77596b649fbbfd69324f24a30bceab28c216f6f334bcd910ee8a17ebdb260267aea4609faf82a966fff7782c67fa94e3b877386842142ab857e9831ace015ccf03c4ebcb88ca57dc5a65123c569dcdbf4c0a049c71612f98908b6859c62231a4feed0a99bd562fc00f3746efce44b836caebc829d992c28d0d893670fc4f641d19f8fab0303a352e71fd952cd345f6e0c26c80a19823b22987eb8163268141e3fa8d5d6cc8710efd33c4b5cdc5863f6df237ec9d21817e18078171dace564ae9a3ef1ddebc2bd9dce3ee8bb4ebb4d188280fd8d03653a1facfc234d3d0922b9e9567b3ffd5a9d95abf429e9391cf2639220ae16c9e256d0bba7701b4c6ca7977ca071f9b5c7f6c394cf4a5419c4e4e6f6fc7dfd12f1fb94e17a9f007ba2b5d46651cac2b51bd37fbe06137808276dfe2d3898e5bcdb8ffb2fb9a0c0f6dcccbddbe594e9a24cc67e689bdd21e0575436400c2b151a019cb76e1904be1525cb7cbc7c40bddbacfab2236eb179acba42d7b4551f435e7fa537ef42b82a2e275e8ee668b6b277c2360fd3deeb6e033ce8f211b8648df473377a60e0373f3d4e82c88a5cfe3f7de64d95e8d33fe78765f21ae00f7f03a5cbcbaf34bbee0efef9c8805b25fd4eb04cad8831b709b44f0643da0e522ab3cd08ad763873662bf64c2c7954e304c0a6d0582cfe7a75cd8897bb0234412a98cd8d4321cb4e71f05b36af0f50dc1465634d5e053894c242eab9d70fb8b44c6cfe0e2e2b04ed3f69e0154fae84cccb4817dfc465c1a31f8f8640127d10e4e376c96dc7244ca6baaf7a290f6235868c5ac90f4832642831fb415fb1f37669439b640d9b98fc45be572949ec1babe6b26500d9e83fec6063356affd8579e2beb7409994df99ac4dd6f3c0cd0bdc20a6f1a3b7906052766c57e99c7658a0659ef4ae3ca7dbb8e6c00884e28f9e93e60652d0aa9e10d10c2140ca90a1a87892aa6b55590dfc69eaf68cc59aa804209c0b91ad908b7cc92b91adae34a8d253f17b89ad7ec658e50d51e1979355825699e0d2db7606b848611d6335045ba38902cfd1e52d1f2f0abb690b825acb5faab1a17f72fde7d165e06ab5e48cf3d8e22dfa5f67d7b3eee8d4fa27f385f68713eaa92383fbbabec69eda88e253d2dd22f8249cebd41ef6161e4e05c98b909fbd38c14e0d167036318768fe3bc6c9c9192e3ad564d2fd003e9d4337e67f8e73ea3f852f9635ad120584699d82c0e30e31829e3d566fc7ed9ba7b60dee810d44ea968fea09fed08fc0fbe4cd596a9fafde65af01be5bb7425ced827cc5b5685417f9b338187ba38d6575b9df0dfa25f49e559758f3ea7515f16257029227486d703d9e872524042f325502905769c8244972904078a7e40a71f5ad3490241c9638de5da206d1dfc495d3c432156622779ddde1bf1a0feeacc74cd510371e30e34959e5c7af4a077ebc3dbae182e27c795fa2a1dcdb2eb7da"}], 0x31) socket$nl_generic(0x10, 0x3, 0x10) unshare(0x22020600) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x3, 0xb, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) io_uring_setup(0x177d, &(0x7f00000002c0)={0x0, 0xf7cc, 0x2, 0x2, 0x3b1}) r6 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(r4, &(0x7f0000001000)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000002b00)=ANY=[@ANYBLOB="00000000b867a75be37eae2577e88ccf724404ce3d79d0fc5a76e6b85d2448d6358fa5fca41a085ca2cccdef34c42a1011f9b5c12c00603842e4e5bed2b34ee18401a1be37421d942e3a925377260736f07151d86c4b9126a8abdcf0e24cd198a23c8bb27d657ad1aff10044a88950ec292ba620183e6a6faf8ee10ba83cfe6fe6ad3ba207ff188312cebf826676767e0018c03fc11d9a93f22204a6c99151b0870b10c7fcc7b505c070e90c20c6eb32e24cd1cc28ce0d6f651fb7e8bf2d71fd8354b4ccfa0c64e4ced4f12bf129da7ddad95a2871f881f8a3b7406cba2452bd0d8163f236a9a4ca647bd407", @ANYRES16=r6, @ANYBLOB="000325bd7000fcdbdf2501000000080002000200000005000500020000000400040010000400000400000900000065d80000080003000000010014000100fc0100000000000000000000000000010800020006000000050005000400000005000600800000000500050004000000"], 0x74}, 0x1, 0x0, 0x0, 0x24040800}, 0x801) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="580100001000130729bd700000000000ac1e010100000000000000000000000000000000000000000000ffffe00000024e230001000000030200000084000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8000000000000000000000000000bb0000000032000000ac14143c00000000000000000000000000000000000000000000000000000000080000000000000009000000000000000600000000000000000000000000000002000200000000000000000000000000000000000000000000000000000000000200000000000000fcffffffffffffff0c000000000000000000000028bd7000000000000a000400020000000000000068001200726663343534332867636d2861657329290000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000e000000080000000316f74eeac053deb73fc018493cc121927a9bca207141b9a451c00aa"], 0x158}, 0x1, 0x0, 0x0, 0xc0}, 0x200480d0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xe, 0xc, &(0x7f0000000140)=ANY=[@ANYRES16=r6, @ANYRES64=r0], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x5e63961a6411a440, 0x5, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000007940)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x33f}, 0x1, 0x0, 0x0, 0xc0d0}, 0x0) r9 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0xffffff31, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x27, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x1000000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r10}, 0x10) r11 = socket$pppl2tp(0x18, 0x1, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) connect$pppl2tp(r11, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r9, {}, 0xa}}, 0x26) sendmmsg$inet(r11, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)=[{&(0x7f00000010c0)="7d5107673289eeae3f806c5c62db497a0299399ab6101c3b", 0x1}], 0x1}}], 0x4000000000001ce, 0x8040) 2.868139808s ago: executing program 2 (id=1380): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x141141, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r4, 0x0, 0xffffffffffffffff}, 0x18) write$tun(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500561308005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef) 2.74034665s ago: executing program 2 (id=1383): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000300), &(0x7f00000003c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x2, &(0x7f0000002400)=0x0) io_submit(r3, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r2, &(0x7f0000000040)="5400ffff0000", 0x6, 0x0, 0x0, 0x2}]) 2.644769401s ago: executing program 2 (id=1385): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe835, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa10000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r0}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xa, 0x101, 0x7ffc, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 2.579835802s ago: executing program 2 (id=1386): r0 = socket$inet6(0xa, 0x3, 0x38) setsockopt$inet6_int(r0, 0x29, 0x7, &(0x7f0000000040)=0xeffe, 0x4) connect$inet6(r0, &(0x7f0000000280)={0xa, 0xfff6, 0x101001, @loopback, 0xb}, 0x1c) writev(r0, &(0x7f00000000c0)=[{0x0}], 0x1) 2.531187833s ago: executing program 2 (id=1387): r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000500)={0x10e4, r0, 0x10, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x1028, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x5}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xcd}, @TIPC_NLA_NODE_ID={0x1004, 0x3, "0fee5ae0ea62003fdb0ffe4058918288d7b43139a2855f93ce8aaf3a8d4bd0d93c09a0bcfbd56baebddf74fccc53a60db45cae658436e1efd85f3c04e59a9b76f2a784ffa55d0d3ac5cfb03a396461d2ca90e4c63d487d4741aabdb44b48e41e3f34c94891551bd3680e346baf8ccc8940bff64900d01f7214ef8f33c0839e2609fcb2c3f5f5eea53d93177fdc8645fdce733734d2a012df097a4b780a0fd81a98d1eccff05d8661dbe3827d4c019565d5b3c18e94b084b050ee8b75544abbb0e5d8612395205c259650083159e23002ae5f3aa53cac104184a38b4c3668ca67769acc929f548aa1fe6fa16412547d6e0c970a2ecf4f6367eb8ec3b8829bf9969aa4e6d218ffc4f0c1b130a874d043287a5c56ba8d8bc4e59bcffe2e83615ef1c5f77a53fd45108e8c728c8405829fe71a8e2557f569a6bf55da0e5777e95e763772e0bdf5ada93e7740209e956decb021b269bf0c0dc2f82d9f464c6466cc9bfbad906b1d0e606a52d935635899e63447f3639e91e4a7a41b140bf7b32cc9e97ef3e30e7bc2326a5f289a1e5175fb2d4680b4d37c65072f3c324e176d3fd64a22ca96b327d02e31165e7e9d42abbea66121fda24f35b9f9bb5462815c78d34ffba63076d04503bf14a6d8ec74e07e384183dce877ca741ec48ea2cc01c87259b74731bbda1a94c3ef68cdb8d878240b5e7c897e5d7b18c1966cf13b63283e85eb80d6091be829dc416aa46e21d066cd5a724a23a49482aac43774983e537248ad0e9e01636eba74b9123ce7e4cc7c9f8de193ec55590605e54331bc97e2948a7ef71bc47b9a0f043b9728bd2246197971c191eb6450a429e4aa8f3b9d1151fc9f7b9254220c4c9d082be09fdee7efa34f2de632f07ca22ff40114c2ae2873233ee8b05f73fd9265839011d84b59397e452d5967455db10bca9c2d80b8edeceed5ca8059318aa0ccffed6c887bcf12a0da0790d4fba51870dcd313cae627cafdda2a698ef76b092107efbf120d2802140ef1f03147f0b818aea4da987012078834f446d1de656fb2b2dc0e7f5247c640cdef7b045becfa9e3e3be1d7c8b192bcdc4b4b79dbe3dcf3a418e93e3cf98e1339ad0e6aba9f9879cbcde0f9b8dc804ca6bb96e04300b919facd69ce7b6f5621a8e7b4dbae74af3e17445f724fae34f33a59743241e0fa057486a844101451a0218926eb14de02fa92fe4fab591bdcb41e5894a9ea294166da1553040ce03acb59f5361fdfe6f2e86d065963013cd9b59bca80e378010b2ea1808619454e0f8db1633fa5c819bce84091e789c1a9d071f026eb4e14ee9b284bea3ac3eea59d0da03f8a8d66f383cd6c4539d1ee476b0d4d6b73aee35c0f6a4a11366b63cc5c11f13ec9fb729f0f253613e7723fd7128107f1006bf4795b174149c22b0e6b404d08e9c7c336e595abe400f47bbf2891e80a64a2a3d5891e10fcbdd924838658f4ddd9ed9baf95dc9848079945b710488aba6a23dfb0bd5fad20a4ba55da3715c2cf82a40daab81f7ea89d996a97eec80e69d9a28ef543389fa6e5fc37eb73b9936fc3d8d1ae59a1907166c20b6d4f993c21f89241d33dbb4465366c717bc0e93626687c393e6dd3069d4eae91587e29e7daf8f7998e995babfaa9ed3d307edc66962eb7d63d7f06f072d33d1dfcd9d98e85cd27ba40d71df87f694f0acfdb2342338211509fb91780d3db26d7d43fa13c893393ad9ab3918bf84ce517b8deebbb3a339e642b858b046c5ed4e594d7f09bf9a19d3cf9050593b647ec32cc785658ae605945c9a58525b36fca7b19fa5916188943f94ed7b194995189704ad1c96cf09b389e49edfafae30f87c04b4e83321f4768e507b9b6e488071aa66eb925577caa9b6acf69d60e51fa3d2a68e1c049b6155382721a6bd25bb61cecb15d2e96fde5ddfe7befe177db88bcc4e97d2f95debb3db4b58b4d46a95ba5ff05fb62d3e930634ce16cb687114630254dfc0c8ff2bc49c03af786ced3061d2a00aea0d1cf8fd3a60e3dd873ef5a1c3deb647116bf0b61f8b638847b771b174e324d7afa17abb83c9942d2b0f6cf14a826ac8f419ac72cfb79e020f19626df32b80e0bfb32bf5373938c9bff9151afe65491938685ba17166536b42d84f2771933a364a1fe39476556b6ed46249ed0addc9ce9477e9aaf6e3364ced010ee32b820b607fa56a216aaecd1a41edad22278b8b6de17d763491cfa5957440c197beb8ca75f7471e843da8516dfecf8707a597e813a2d497c158fe42a80175814264b95a92ec9337ed98a6807c650d24f32dc14434639fba088b3889affde34b4ac404b41720d6fcc56ed499223964d42a15c0f4d861c3d0d0f130a4119d72bcc9c0a5d62bedb1296caf4795a762f6c6d71b418c9bc09aa721ec8e946dc7f58ec9108b0a5f8e1da98dc105258c8f6e13927859dcb8a9bf3aaed8c79558638e6634190680fe3b6aa16016a684de7bd4044b737b1e1f6e6f32959e10cef3796a97f8fdf6430f72ab53d9155956b262600c11073f20d32ea6e26f4873d74ae6db074a8a088ffde1dc990ea4e284ae5a2ab37c507f8c2f2902de94fb05e7e5c9c6abfeadb56a371194b76c774a1865dc4a2e0ff0fc27d4259160f243ce08aaa9534e4a246d2d4d9e98ea2c1de356950348722903f46efc04652777727611a9c5fa15bbf7daddeaf36d5333ed2a08295e3eebc74f88ece749155d7b15da60076ab9d68e90f1535a502c7d878de7ce1506bd169f604eb1dac75f165193c0ee42cd1e5895923114760baee887199b7cbbdb70715b17b85e03bd79c174c919ba09e715186382c80009e73cc56f7cff82fdc987f16888e8c759fd673f3d73b62ef1cbbc45d6eb8e651b2c575c6cf671ee56227f0c5bc7b44d546b7351735488d1ae69d42181042c16d07499627628dca1024a53dc51dcf4c184079e4f68b632f483c7bc88b697d1503bd2550805ce33cfa7deeee19a63e6de929f7d4638c2cab56b3e1b619f933b3271e41925e757af2ced1cf3304927fe3bc1b58833d11f543043a6023b9dbb0f64de916e9682164f805387632c4d477338cf587991e50392bf8c6a1fd69a701a0ee43e57998b2367485ec6f1b18c167914f62ee7edc675c09fdf9a880f8b48cae1ae6e0f3caf08144d434fe2118656e6657805b5a773bf934b7a9f16cb456fcbcf7eeaaa3f3049523be36ecb4f2e3487a061ddb80db6a0210120608641b21e6f14b50b16d3de75095d91e882835128782a25a5d38948eb9aefb64bb1382cd6d203db72050112787a05510c8d7699dad0e4b09faf384b3dbe251480b087e5586de30ceea90e561f4b116057dbf80c21b5e0ceab14eaa6169d37490266e7df90a6e6414df3465b82198d17db4a3c68deb40e5118d6886e5b2eea03c8143dca51b7ec2d9e5e86d8b394028a6e698e8c0d373e9de160039187fe255a2a2361c9f2a1aa4a541fd6193f2bf88bc6981fc796a7ee2475af59dd593c11f1a2153be5f943b6a38f09140bb9dc6593280cb1038fa7b6e6038576bf2519be034d65ae096124d168d558f9849dc7cc99a98aee1ace4cb308944815451ab959a6ad3549d02f87d1f09e4b4f8bae6e3617ed8715b200c039ec142178679f634c1aa0411825923cee25c49e6a92d46846bb36cd0c5fd534e5b1453389ca3c2273fc7624f0f951eadacbed551eb53ac0bbfeac722910de2fb7e0641de6721c3e4ced1cadb2e38a86c11d260771e11804f359b81ec2bf93ee0b51c49f66aad453c7f6fbfccb4094e59472ea8b5cb13b0c313467a4660abf233bf3bbedb74d1ba817ca46e710266d6d7310e2f975d1d5579604490bcdd5b0c14449c79a48a8e3e48736a73827a2f2c919d24d9b86a18c86192ee4e26e53d435057c3bb2da235ffa101ba553aa6c12e4865844aa178d0ea57d457669a2e58c99f429e2774dfd274d4436a970155e34cd30e1602dd338bc630820986ec16059348e00d88c01c55c4e4dc09fed126e7ce26ea7eb40d0808beca69c0cb1d76f1bf7a4e3db7c022a262fe2e5d202026c1ba4b3d05b7463d32c7815d2c7c5532580f25ca883fb1bbed64bf12c74ee34377ff2e4b30737ec5b7b69d0256fa00edb5ba4bc76e0af406d7c07cb3f0af04ba99197b97d66c5b1ef24e9b4d4746286a6117996242222c69a6f6010c1e4ef99ce6892201aacba43d6882d187fa63ee341dc5e2c1e25cd9f9c6f0c90a87b20eb6e7ca712824d0df5cac2610c5270e3a10666f12a32b8d5f9e1d07699e13312acb01bc05293dab29b9db762847e7523efa7a3518277c8483baf8b240f9768e833959736e45839b8808d192fc91aceb947bc0612f1a690ba0b2c74ce54ba45d444cab41fe81d19ec87cb91c1d165dd50f0a21633c8722d620ff59a49eff3f1bacb3893ed608a4cc4f09fe1f2b99c60b01cc0b8dead481870c98e8c862eb318119582ad62e2eaf3d386ca1d0c53dea39a9034f7a9eef8e48faf8bcec784707687d5910839ca81054b3224d5c2b301fc174020ee7758feb0e09fee11a8e63af9656bd880fc45837930e7f15b2b5ebd340df067ee10829428832c5014d51a351d59226dd8ad6b5215a7beb7a1525648c73de07f4c87f8e711b3b8da2e8a57f85f4c2435ebfb7414be058734ee01aaf185a92d5bd347b40e7191ffa745df2ccb65955a4d15166265713e2a00f7213848a336bde466eb80abf28251747190566042f66c3a851ff54f42175b87b29ded39aca43828ffb98c13dff40fe7c5b1dd86b977bd1396ac9c1d2c44ff0e9b178f665d94a047d2881743019ac227dd3629531c861e418de9c00d75fbb985e194a6b711e981eeb72b63cb670598e3086adcf3cbc5f91d176641da39b5003b68755381324de6f198bd2da5fd17656844c8a89503fe836bc5a257a47324b3bc66278badf05c8aecdadda4c98e94ffbe4d5c47d3ab6835706ac2d389dc14eea7c9e4fa79e51c247e1285244bf156152abf7c91614912e77216f6056fbcd392ddb3d35edc6ae5e235af821fa637849fe6a50ec38fd12f6785fe035250c8b56887d45e4ec30a48d7269b4124983300da891d97c9a3799e953a8b796dcdb9e84d23d57df2d743e3fcc33baf52ae153bf93c0e4c7f204c495443e9425d56c66b81c74a4a2052ba992f50651924546557e47a32aaaef84e813a378eb6d050fb9217db47a640f81c543214648f9050b771282e44365eec9b66a435feaf488da7fec12ab4e9c0ba44cc680f50efd87f3c49aaaa755869553bfd868adef9476a7afda7575afe55095520cf3c3a72fa70254ca3403284daa3bf95df384fcdc898ad055f1cca913afb6e4bad3d1a49bbc8198b90ad6f4e5570f1babd3cb7ed163987238afafd727e9d888933c5e96fe4c6504cb1a4769a0e5831c6be7331e51598e71f85eb11f3cc079dd19755a670a78ae3f5157d5cee936c2c2cb6afd406934a4fe1c87beb73e090d15a1dd1c284608f7162b26bae3d7652137819e8ceafb410a39c70e73da93e04d97995378bad40def8c602d796770595e804e63476d77e95928f68ebab6ae3522f0c7591130f62d2d35d06897bae1683ee788ec73469ced2681308dabc316ffb90c38f93ef8ac31871b7e686ec92608a3201dffebbed0cf4c42b4845b1f4bec6f9dc455912e63c48f53d15848d8451618f63725d260a80606bdec284d4e94bfc8d41849663b3892f9e35f85777a794f6b16758b4936c13f57d19b6f912c2df87cee8ac45f9d5830340fc8bcfb39617828c0bf50978411457eb040927dbf2480ea4ccb39950d6be942dd"}]}, @TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4f}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xa71}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1b8}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xa}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x100}]}, @TIPC_NLA_MEDIA={0x28, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5602f0f9}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}]}]}, 0x10e4}, 0x1, 0x0, 0x0, 0x20008010}, 0x20000840) socket$netlink(0x10, 0x3, 0xe) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f00000001c0)={'wg0\x00'}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000970000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_process_wait\x00', r4}, 0x18) r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(r5, 0x0, 0x1, 0x0) 2.530588213s ago: executing program 4 (id=1388): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) flistxattr(r2, &(0x7f0000000540)=""/223, 0xdf) 2.506105233s ago: executing program 3 (id=1389): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000540)={[{@delalloc}, {@nojournal_checksum}, {@journal_async_commit}, {@dioread_lock}, {@data_err_ignore}, {@mb_optimize_scan}, {@mb_optimize_scan}, {@nobarrier}, {@abort}, {@user_xattr}, {@noblock_validity}, {@errors_remount}]}, 0x0, 0x570, &(0x7f00000019c0)="$eJzs3c1rHOUfAPDvbF76+vs1hVJURAI9WNFumsSXCh7qUbRY0HtdkjGUbLoluylNLLQ92IsXKYKIBfHgTe8ei/+Af0VBi0VK0IOXyGxm022zm2zTbXbrfj4w4XlmZvM835l5nn1mn1k2gIE1nv0pRDwfEV8mEYciIsm3DUe+cXx9v9X7V2ayJYm1tY/+TOr7ZfnG/2q87kCeeS4ifvk84tXC5nKryyvzpXI5XczzE7WFixPV5ZUT5xdKc+lcemFqevrUG9NTb7/1ZtdifeXs3998ePu9U18cW/36p7uHbyZxOg7m25rjeALXmjPjMZ4fk5E4/ciOk10orJ8kva4AOzKUt/ORyPqAQzGUt3rgv+9qRKwBAyrR/mFANcYBjXv7Lt0HPzPuvbt+A7Q5/uH1z0Zib/3eaP9q8tCdUXa/O9aF8rMyfv791s1sie59DgGwrWvXI+Lk8PDm/i/J+7+dO9nBPo+Wof+D3XM7G/+81mr8U9gY/0SL8c+BFm13J7Zv/4W7XSimrWz8907L8e/GpNXYUJ77X33MN5J8er6cZn3b/yPieIzsyfJbzeecWr2z1m5b8/gvW7LyG2PBvB53h/c8/JrZUq30JDE3u3c94oWW499k4/wnLc5/djzOdljG0fTWS+22bR//07X2fcTLLc//gxmtZOv5yYn69TDRuCo2++vG0V/blb85/tHYzfiz879/6/jHkub52urjl/Hd3n/Sdtseij86v/5Hk4/r6dF83eVSrbY4GTGafLB5/dSD1zbyjf2z+I8f27r/a3X974uITzqM/8aRH1/sKP4eXP9Z/LOPdf4fP3Hn/c++bVd+Z/3f6/XU8XxNJ/1fpxV8kmMHAAAAAAAA/aYQEQcjKRQ30oVCsbj+fMeR2F8oj60//xGzUf+u7FiMFBoz3YeanoeYzJ+HbeSnHslPR8ThiPhqaF89X5yplGd7HTwAAAAAAAAAAAAAAAAAAAD0iQNtvv+f+W2o17UDnjo/+Q2Da9v2341fegL6kvd/GFzaPwwu7R8Gl/YPg6up/e/pZT2A3ef9HwaX9g+DS/sHAAAAAAAAAAAAAAAAAAAAAAAAAACArjp75ky2rK3evzKT5WcvLS/NVy6dmE2r88WFpZniTGXxYnGuUpkrp8WZysJ2/69cqVycnIqlyxO1tFqbqC6vnFuoLF2onTu/UJpLz6UjuxIVAAAAAAAAAAAAAAAAAAAAPFuqyyvzpXI5XZSQ2FFiuD+qsZ7ILummNVd7XZ+tEn/80BfVaJfodc8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/8GwAA//9ITzKe") r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000e00)='./file0\x00', 0x1) renameat2(r0, &(0x7f0000000140)='./file0\x00', r0, &(0x7f0000000040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU") r1 = socket$tipc(0x1e, 0x2, 0x0) getpeername$tipc(r1, &(0x7f0000000040)=@id, &(0x7f0000000200)=0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000780)=ANY=[@ANYRES32=r3, @ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095", @ANYRESOCT=r1, @ANYRES32=r0], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r6, 0x0, r5, 0x0, 0x46) close(r5) write$cgroup_int(r2, &(0x7f0000000000)=0x10000000000000, 0xffffff6a) r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r7}, 0x10) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@nodioread_nolock}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) utimensat(r6, 0x0, &(0x7f0000000280)={{0x0, 0x2710}}, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x42, 0x0) pwrite64(r8, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x18) r9 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r9, 0x8955, &(0x7f0000000340)={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x43}}, {0x1, @link_local}, 0x4, {0x2, 0x0, @multicast2}, 'lo\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00'}, 0x10) syz_clone3(&(0x7f00000006c0)={0x102102180, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 2.488204033s ago: executing program 1 (id=1390): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0, 0x0, 0x10000000000ac6}, 0x18) r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_ALLOC_STREAMS(r1, 0x8008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="64a1000001"]) 2.457842804s ago: executing program 4 (id=1391): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(r1, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000280)={0xa, 0x4e21, 0xffffffff, @mcast1, 0x1}, 0x1c) r2 = accept(r1, 0x0, &(0x7f0000000340)) sendmsg$nl_route(r2, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c000000430001002abd7000fbdbdf2502000000280006800c000700b05c1830000000000c000400faffffffffffffff0c0006001e00000000000000"], 0x3c}}, 0xc0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000240)=0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffff001, 0x2590, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x6, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, r3, 0xffffffffffffffff, r1, 0x2) mincore(&(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f00000003c0)=""/54) r4 = syz_open_procfs(r3, &(0x7f0000000480)='net/vlan/vlan0\x00') r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f0000000200)={0x28, 0x0, 0xffffffff, @host}, 0x10) connect$vsock_stream(r5, &(0x7f00000001c0)={0x28, 0x0, 0x2710}, 0x10) pread64(r5, &(0x7f0000000d40)=""/4096, 0x1000, 0x7) ioctl$SIOCSIFMTU(r0, 0x8923, &(0x7f0000000040)={'vlan0\x00', 0x40}) mmap(&(0x7f0000006000/0x4000)=nil, 0x4000, 0x680000f, 0x12, r4, 0x2000) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c40)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010000030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a32000000007c000000060a010400000000000000000100000008000b400000000054000480240001800b000100657874686472000014000280080001400000000c08000440000000222c0001800c00010062e2701483e2cff97f0002800800034000000001080001400000001408000240000000120900010073797a3000000000140000001100010000000000000000000700000a"], 0xf0}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x2c) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x1b, &(0x7f0000001800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7020000000000008500000017000000180100002020690000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r9 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={r8, r10, 0x25, 0x0, @val=@perf_event}, 0x18) syz_emit_ethernet(0x66, &(0x7f0000001a40)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaa9abb86dd601200b000303a0000000000000000000000000000000000ff020000000000000000000000006027738200000000fc01000000000000000000000000000020010000000000000000000000000001"], 0x0) syz_emit_ethernet(0xfdef, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000000800450000b00000004e20009c907802000000000000000000000082d18160f7d8dda36479a6b179161b4bbff2d0508977b3928ebd2dee05607d170194bd7b1b0303c5ba7f602606a285b330da2d58da817f8a5f77a23de36a21643b33cfa231a427159c7b9f0eceb155f000"/134], 0x0) 2.398545545s ago: executing program 1 (id=1392): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000180)={0x80, 0x2b, 0x5, 0x0, 0xff, 0x105}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000040)={0x80, 0x2b, 0x5, 0x1, 0x9, 0x8}) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r2) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="0b060000000000000000300000000800020040d1538e8b4ea66d514064c61cbc35e5a1876514676d6ed87a48d367b0c9320ded035cc021ca313dfab11942de041b727c8160773ec9605b2e0714d0c0f7a6857aaa28c5013a99ce6687e6e5a164246157209c1dffd31299dbea86c4e47bb5ceb5be40bd372baf1d580ff57213a26528f28c2bbf4c6130dec63b11d4e8ec68ae0165dd538c218768520383e1f849afa0c2d4d2247a85634ee3a850ff1709b8a11a0bb702a49a384014453eef0d80d00421f162bdc60856f6a4e3e7363897c39f3b738954b2c10eaac885c7d07c8a36eda2f2a4e83f16f1f07d0154596129073976a30f92410efd338f4a71aa3c9ae5764dc49618903d091795238dee2d6648ba219e6346275f77999bd9fd861ef87329189d7b3af894357ef1481b17f20d29023780e738adb0bf73fd6cb10c06d2a2ac2acc41309fdf67625e1eb1741787ec6381d86dc180e6d435de0b0d9d99f99e838a533b3fe39dd45aaf4ad69f1900fc3cd43417ecbc4fe24ba87c4cce117a52aca44641c8c37199d1e0bfd6278b634291cc514d1befe2ee64371d89cf4edc165670bd1a643611aee8bf15a9304f3e0fdfebdd8e2f817b551fc268f0af871610e405d1549834eb", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r1, &(0x7f0000000200)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="00042e090000000099be904b8e3c8e8b2d000203aaaaaaaaa8dd"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x0) socket$kcm(0x10, 0x2, 0x0) (async) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014002000700036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r6 = creat(&(0x7f0000001740)='./bus\x00', 0x81) getsockopt$XDP_MMAP_OFFSETS(r6, 0x11b, 0x1, &(0x7f0000000240), &(0x7f00000002c0)=0x80) socket$nl_netfilter(0x10, 0x3, 0xc) syz_genetlink_get_family_id$nfc(&(0x7f0000000380), r2) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='kmem_cache_free\x00', r7}, 0x18) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='kmem_cache_free\x00', r7}, 0x18) r8 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0) write$binfmt_script(r8, &(0x7f0000000340)={'#! ', './file0'}, 0xb) execveat(r8, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) (async) execveat(r8, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000202300800000000000000000850000007b00000095"], &(0x7f0000000200)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r11}, 0x18) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r11}, 0x18) r12 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet(r12, &(0x7f0000000380)={&(0x7f0000000000)={0x2, 0x4e25, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="140000000000080000000000070000090000000000000000"], 0x18}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9) 2.258117967s ago: executing program 4 (id=1393): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x18) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001b80)=@newtaction={0x894, 0x30, 0x12f, 0x0, 0x0, {}, [{0x880, 0x1, [@m_police={0x87c, 0x1, 0x0, 0x0, {{0xb}, {0x850, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0xffff, 0x0, {0x7, 0x1, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x40, 0x0, 0x0, 0x7}}}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x80000000, 0x10000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61a0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0xc0000, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffc, 0xb, 0x37, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x2, 0x0, 0x0, 0x0, 0x1000, 0xffffff35, 0x0, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7e40cfb4, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x9, 0xfffffffd, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x100000, 0x0, 0xffffff80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5, 0x0, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1]}, @TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x0, 0x5, 0x0, 0x2, 0xb, 0xfffffffb, 0x0, 0x7, 0xfea7, 0xfffffffe, 0xffff8000, 0x90, 0x9fd, 0x2, 0xb8, 0xca2, 0x0, 0x3c, 0x7, 0x1, 0xa89c, 0x400, 0xc, 0x492217a0, 0xff, 0x5, 0x3, 0x1ff, 0xe5, 0x2f, 0xd, 0x3, 0xa, 0x3, 0xfffffffe, 0x9, 0x11, 0x188, 0x6, 0x3ff, 0x7, 0xd, 0x3, 0xc0000, 0x8, 0x8, 0xffffff40, 0x100, 0x3, 0x5, 0x7, 0xcf, 0xfffffffe, 0x8fc, 0x89e0, 0x9, 0x3, 0x9, 0x80000001, 0x6, 0x0, 0x8, 0x800, 0x9, 0x1, 0x100, 0x401, 0x8, 0x3, 0xb5, 0x10001, 0x401, 0x1, 0x7f, 0x0, 0x8, 0x2, 0x7f, 0x0, 0x2, 0x4, 0x0, 0x1000004, 0x8000, 0x0, 0x9, 0x80, 0x7, 0x5, 0x1, 0x2, 0x7, 0xeb22, 0xd, 0x8000, 0xfffffff7, 0x0, 0x4, 0x3ff, 0x400002, 0x10, 0x5, 0x3, 0x10000, 0x5, 0x1, 0x0, 0x1000, 0x6, 0x5, 0x6, 0x5, 0x4, 0x2, 0x81, 0x0, 0x10, 0x6, 0x7fff, 0x804, 0xfffffff4, 0x10000, 0x5, 0x8, 0xba, 0x4, 0x89, 0x2, 0x6, 0x100, 0x9, 0xffffa3e0, 0x86b9, 0xff, 0x1, 0x40002, 0xf, 0x24b9, 0x3a, 0xe01, 0x1, 0x6430, 0xd, 0x8, 0x0, 0x3, 0x7eb7, 0x3, 0x0, 0x200, 0xfffffeff, 0x9, 0xff, 0xa, 0x6, 0x7, 0x6d0, 0x10000001, 0x8001, 0x100, 0xb, 0x8, 0x101, 0x6, 0x2, 0xfffffc00, 0x81, 0x81, 0x200, 0x80000001, 0x1, 0xfffffffd, 0x9, 0x7, 0x4, 0xb, 0x84, 0x0, 0x0, 0x0, 0x5, 0x2, 0x65, 0x4, 0xfffffa0c, 0x3, 0x0, 0x4, 0x4, 0x35bc0, 0x9, 0xfffffffa, 0x7, 0x5, 0x3, 0x0, 0x6, 0x20000008, 0x28, 0x2, 0x5, 0x10001, 0x2, 0xf, 0xffffffff, 0x1, 0x723, 0x0, 0x9, 0x9, 0x4, 0x6, 0x7, 0x200, 0xfffffbff, 0x7, 0x3, 0x8, 0x5, 0xfffffffb, 0x2, 0x7f, 0x2, 0x80000002, 0x0, 0x9, 0x1ff, 0xfffffffe, 0x938, 0x4, 0xffffffff, 0x5, 0x6042, 0xb87, 0x6, 0xd8d, 0x55, 0x101, 0x3, 0x64e8, 0x8, 0x82f, 0x772, 0x400080a, 0xffe, 0x6, 0x3f7, 0x4, 0x8, 0x8, 0x1, 0x5d, 0x9, 0x8000d, 0x80]}], [@TCA_POLICE_AVRATE={0x8, 0x4, 0x80000001}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x3}}}}]}]}, 0x894}, 0x1, 0x0, 0x0, 0x50}, 0x0) 2.206398668s ago: executing program 1 (id=1394): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x141141, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r4, 0x0, 0xffffffffffffffff}, 0x18) write$tun(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500561308005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef) 1.268579612s ago: executing program 4 (id=1395): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000300), &(0x7f00000003c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x2, &(0x7f0000002400)=0x0) io_submit(r3, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r2, &(0x7f0000000040)="5400ffff0000", 0x6, 0x0, 0x0, 0x2}]) 1.204160073s ago: executing program 0 (id=1396): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000080)=r1, 0x4) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000010"], 0xa8}}, 0x0) 1.160922613s ago: executing program 3 (id=1397): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa1000000000000070100"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d413600000", 0x24) 1.106974694s ago: executing program 0 (id=1398): syz_emit_ethernet(0x0, 0x0, 0x0) syz_emit_ethernet(0x32, &(0x7f0000001940)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x2, 0x0, 0x24, 0x0, 0xe000, 0x8b, 0x11, 0x0, @empty, @empty}, {0x24, 0x4e22, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0xf}}}}}}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount_setattr(r0, &(0x7f0000000080)='./file0\x00', 0x8000, &(0x7f00000000c0)={0x1, 0x89}, 0x20) 1.062518445s ago: executing program 1 (id=1399): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x70, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x800) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00'}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket(0x3, 0x5, 0x3a) setsockopt$MRT6_INIT(r1, 0x29, 0xc8, &(0x7f0000000340), 0x4) setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f00000000c0)={0x4, 0x1, 0x78, 0x0, 0xfffffff8}, 0xc) pipe(&(0x7f0000000080)) syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00') read$msr(r2, &(0x7f0000000080)=""/90, 0x5a) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r3, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000000880)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) sendmsg$inet6(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="246ad8f53d17cc26559f07f51bdf1d8013a630fce008d3b8dda391ec6e588fba4c3f1259a39f6bc35fedcda76f9d6588f4f04878469b86efc7716f17f9ae34bc5badf4", 0x43}], 0x1}, 0x4200c000) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x5, 0x6, 0x8, 0xae, 0x0, 0x1, 0x20727ff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) writev(r3, &(0x7f0000000100)=[{&(0x7f0000000240)=',', 0x34000}], 0x1) 1.024515135s ago: executing program 0 (id=1400): syz_io_uring_setup(0x250b, &(0x7f0000000100)={0x0, 0x10645c, 0x800, 0x400040, 0x240}, &(0x7f0000000300), &(0x7f0000000200)) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x2}, {0x64, 0x1, 0x0, 0x2}, {0x6}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000080000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, 0x0, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r5, 0x1, 0x23, &(0x7f0000000080)=0x6, 0x4) recvmmsg(r5, &(0x7f0000000100), 0x0, 0x2100, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000002000100000000001d4e5c8405723ca05d6ad100000000000000"], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r7}, 0x10) sendmsg$nl_route_sched(r3, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x2, 0x0, 0x0, 0x3}, 0x2, r6}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x4800) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x4, 0x3, 0xfffffff7}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) 1.016682486s ago: executing program 4 (id=1401): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f0000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) flistxattr(r2, &(0x7f0000000540)=""/223, 0xdf) 878.208737ms ago: executing program 4 (id=1402): add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe6d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x2c41, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_NET_SET(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xb3054c33a4d3b783}, 0xc, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x8844}, 0x8000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{}, 0x0, 0x0}, 0x20) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa2c"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) syz_io_uring_setup(0x3c0c, 0x0, 0x0, 0x0) keyctl$update(0x2, r1, &(0x7f00000002c0)="2639fa52325aee793bb76d2588930ca3928193f08cd46ebac8abd4663671f39d8545683ddaf4e4763cf2cc271674df20e526ca59640f16af2c0195da68fcdbc04e9cfcc03ca4c888f9caabff8edd7a17eeb0879bb488dca5bbce554bd135f962b5c1480b8f61717128a010ca14394043f2e5550532fdd69f15e531ba86ddfb6b092d2a59b022669e40580ddd662be40bedc9b84c7eadccece90238", 0x9b) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x8000000003c) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) socket$igmp6(0xa, 0x3, 0x2) socket$packet(0x11, 0x2, 0x300) syz_emit_ethernet(0x82, &(0x7f0000000040)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x80}, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, '\x00', 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0) syz_emit_ethernet(0x5e, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd603000bb00282b00fc020000000000000000000000000000fe8000000000000000000000000000aa"], 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 877.691088ms ago: executing program 3 (id=1403): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(r1, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000280)={0xa, 0x4e21, 0xffffffff, @mcast1, 0x1}, 0x1c) r2 = accept(r1, 0x0, &(0x7f0000000340)) sendmsg$nl_route(r2, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c000000430001002abd7000fbdbdf2502000000280006800c000700b05c1830000000000c000400faffffffffffffff0c0006001e00000000000000"], 0x3c}}, 0xc0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000240)=0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffff001, 0x2590, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x6, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, r3, 0xffffffffffffffff, r1, 0x2) mincore(&(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f00000003c0)=""/54) r4 = syz_open_procfs(r3, &(0x7f0000000480)='net/vlan/vlan0\x00') r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f0000000200)={0x28, 0x0, 0xffffffff, @host}, 0x10) connect$vsock_stream(r5, &(0x7f00000001c0)={0x28, 0x0, 0x2710}, 0x10) pread64(r5, &(0x7f0000000d40)=""/4096, 0x1000, 0x7) ioctl$SIOCSIFMTU(r0, 0x8923, &(0x7f0000000040)={'vlan0\x00', 0x40}) mmap(&(0x7f0000006000/0x4000)=nil, 0x4000, 0x680000f, 0x12, r4, 0x2000) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c40)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010000030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a32000000007c000000060a010400000000000000000100000008000b400000000054000480240001800b000100657874686472000014000280080001400000000c08000440000000222c0001800c00010062e2701483e2cff97f0002800800034000000001080001400000001408000240000000120900010073797a3000000000140000001100010000000000000000000700000a"], 0xf0}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x2c) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x1b, &(0x7f0000001800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7020000000000008500000017000000180100002020690000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r9 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={r8, r10, 0x25, 0x0, @val=@perf_event}, 0x18) syz_emit_ethernet(0x66, &(0x7f0000001a40)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaa9abb86dd601200b000303a0000000000000000000000000000000000ff020000000000000000000000006027738200000000fc01000000000000000000000000000020010000000000000000000000000001"], 0x0) syz_emit_ethernet(0xfdef, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000000800450000b00000004e20009c907802000000000000000000000082d18160f7d8dda36479a6b179161b4bbff2d0508977b3928ebd2dee05607d170194bd7b1b0303c5ba7f602606a285b330da2d58da817f8a5f77a23de36a21643b33cfa231a427159c7b9f0eceb155f000"/134], 0x0) 227.556837ms ago: executing program 1 (id=1404): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x70, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x800) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xd, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00'}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket(0x3, 0x5, 0x3a) setsockopt$MRT6_INIT(r1, 0x29, 0xc8, &(0x7f0000000340), 0x4) setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f00000000c0)={0x4, 0x1, 0x78, 0x0, 0xfffffff8}, 0xc) pipe(&(0x7f0000000080)) syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00') read$msr(r2, &(0x7f0000000080)=""/90, 0x5a) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r3, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000000880)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) sendmsg$inet6(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="246ad8f53d17cc26559f07f51bdf1d8013a630fce008d3b8dda391ec6e588fba4c3f1259a39f6bc35fedcda76f9d6588f4f04878469b86efc7716f17f9ae34bc5badf4", 0x43}], 0x1}, 0x4200c000) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x5, 0x6, 0x8, 0xae, 0x0, 0x1, 0x20727ff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) writev(r3, &(0x7f0000000100)=[{&(0x7f0000000240)=',', 0x34000}], 0x1) 204.414348ms ago: executing program 3 (id=1405): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x5400, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000080000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000040008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socket$nl_route(0x10, 0x3, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/vmstat\x00', 0x0, 0x0) r4 = syz_io_uring_setup(0x49a, &(0x7f00000003c0)={0x0, 0x79ad, 0x3180, 0x7ffd, 0x32c, 0x0, r3}, &(0x7f0000000340)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r3, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1}) io_uring_enter(r4, 0xfd0, 0x4c1, 0x43, 0x0, 0x0) 98.303219ms ago: executing program 0 (id=1406): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001b80)=@newtaction={0x894, 0x30, 0x12f, 0x0, 0x0, {}, [{0x880, 0x1, [@m_police={0x87c, 0x1, 0x0, 0x0, {{0xb}, {0x850, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0xffff, 0x0, {0x7, 0x1, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x40, 0x0, 0x0, 0x7}}}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x80000000, 0x10000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61a0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0xc0000, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffc, 0xb, 0x37, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x7ff, 0x2, 0x0, 0x0, 0x0, 0x1000, 0xffffff35, 0x0, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7e40cfb4, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x9, 0xfffffffd, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x100000, 0x0, 0xffffff80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5, 0x0, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1]}, @TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x0, 0x5, 0x0, 0x2, 0xb, 0xfffffffb, 0x0, 0x7, 0xfea7, 0xfffffffe, 0xffff8000, 0x90, 0x9fd, 0x2, 0xb8, 0xca2, 0x0, 0x3c, 0x7, 0x1, 0xa89c, 0x400, 0xc, 0x492217a0, 0xff, 0x5, 0x3, 0x1ff, 0xe5, 0x2f, 0xd, 0x3, 0xa, 0x3, 0xfffffffe, 0x9, 0x11, 0x188, 0x6, 0x3ff, 0x7, 0xd, 0x3, 0xc0000, 0x8, 0x8, 0xffffff40, 0x100, 0x3, 0x5, 0x7, 0xcf, 0xfffffffe, 0x8fc, 0x89e0, 0x9, 0x3, 0x9, 0x80000001, 0x6, 0x0, 0x8, 0x800, 0x9, 0x1, 0x100, 0x401, 0x8, 0x3, 0xb5, 0x10001, 0x401, 0x1, 0x7f, 0x0, 0x8, 0x2, 0x7f, 0x0, 0x2, 0x4, 0x0, 0x1000004, 0x8000, 0x0, 0x9, 0x80, 0x7, 0x5, 0x1, 0x2, 0x7, 0xeb22, 0xd, 0x8000, 0xfffffff7, 0x0, 0x4, 0x3ff, 0x400002, 0x10, 0x5, 0x3, 0x10000, 0x5, 0x1, 0x0, 0x1000, 0x6, 0x5, 0x6, 0x5, 0x4, 0x2, 0x81, 0x0, 0x10, 0x6, 0x7fff, 0x804, 0xfffffff4, 0x10000, 0x5, 0x8, 0xba, 0x4, 0x89, 0x2, 0x6, 0x100, 0x9, 0xffffa3e0, 0x86b9, 0xff, 0x1, 0x40002, 0xf, 0x24b9, 0x3a, 0xe01, 0x1, 0x6430, 0xd, 0x8, 0x0, 0x3, 0x7eb7, 0x3, 0x0, 0x200, 0xfffffeff, 0x9, 0xff, 0xa, 0x6, 0x7, 0x6d0, 0x10000001, 0x8001, 0x100, 0xb, 0x8, 0x101, 0x6, 0x2, 0xfffffc00, 0x81, 0x81, 0x200, 0x80000001, 0x1, 0xfffffffd, 0x9, 0x7, 0x4, 0xb, 0x84, 0x0, 0x0, 0x0, 0x5, 0x2, 0x65, 0x4, 0xfffffa0c, 0x3, 0x0, 0x4, 0x4, 0x35bc0, 0x9, 0xfffffffa, 0x7, 0x5, 0x3, 0x0, 0x6, 0x20000008, 0x28, 0x2, 0x5, 0x10001, 0x2, 0xf, 0xffffffff, 0x1, 0x723, 0x0, 0x9, 0x9, 0x4, 0x6, 0x7, 0x200, 0xfffffbff, 0x7, 0x3, 0x8, 0x5, 0xfffffffb, 0x2, 0x7f, 0x2, 0x80000002, 0x0, 0x9, 0x1ff, 0xfffffffe, 0x938, 0x4, 0xffffffff, 0x5, 0x6042, 0xb87, 0x6, 0xd8d, 0x55, 0x101, 0x3, 0x64e8, 0x8, 0x82f, 0x772, 0x400080a, 0xffe, 0x6, 0x3f7, 0x4, 0x8, 0x8, 0x1, 0x5d, 0x9, 0x8000d, 0x80]}], [@TCA_POLICE_AVRATE={0x8, 0x4, 0x80000001}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x3}}}}]}]}, 0x894}, 0x1, 0x0, 0x0, 0x50}, 0x0) 0s ago: executing program 2 (id=1407): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000540)={[{@delalloc}, {@nojournal_checksum}, {@journal_async_commit}, {@dioread_lock}, {@data_err_ignore}, {@mb_optimize_scan}, {@mb_optimize_scan}, {@nobarrier}, {@abort}, {@user_xattr}, {@noblock_validity}, {@errors_remount}]}, 0x0, 0x570, &(0x7f00000019c0)="$eJzs3c1rHOUfAPDvbF76+vs1hVJURAI9WNFumsSXCh7qUbRY0HtdkjGUbLoluylNLLQ92IsXKYKIBfHgTe8ei/+Af0VBi0VK0IOXyGxm022zm2zTbXbrfj4w4XlmZvM835l5nn1mn1k2gIE1nv0pRDwfEV8mEYciIsm3DUe+cXx9v9X7V2ayJYm1tY/+TOr7ZfnG/2q87kCeeS4ifvk84tXC5nKryyvzpXI5XczzE7WFixPV5ZUT5xdKc+lcemFqevrUG9NTb7/1ZtdifeXs3998ePu9U18cW/36p7uHbyZxOg7m25rjeALXmjPjMZ4fk5E4/ciOk10orJ8kva4AOzKUt/ORyPqAQzGUt3rgv+9qRKwBAyrR/mFANcYBjXv7Lt0HPzPuvbt+A7Q5/uH1z0Zib/3eaP9q8tCdUXa/O9aF8rMyfv791s1sie59DgGwrWvXI+Lk8PDm/i/J+7+dO9nBPo+Wof+D3XM7G/+81mr8U9gY/0SL8c+BFm13J7Zv/4W7XSimrWz8907L8e/GpNXYUJ77X33MN5J8er6cZn3b/yPieIzsyfJbzeecWr2z1m5b8/gvW7LyG2PBvB53h/c8/JrZUq30JDE3u3c94oWW499k4/wnLc5/djzOdljG0fTWS+22bR//07X2fcTLLc//gxmtZOv5yYn69TDRuCo2++vG0V/blb85/tHYzfiz879/6/jHkub52urjl/Hd3n/Sdtseij86v/5Hk4/r6dF83eVSrbY4GTGafLB5/dSD1zbyjf2z+I8f27r/a3X974uITzqM/8aRH1/sKP4eXP9Z/LOPdf4fP3Hn/c++bVd+Z/3f6/XU8XxNJ/1fpxV8kmMHAAAAAAAA/aYQEQcjKRQ30oVCsbj+fMeR2F8oj60//xGzUf+u7FiMFBoz3YeanoeYzJ+HbeSnHslPR8ThiPhqaF89X5yplGd7HTwAAAAAAAAAAAAAAAAAAAD0iQNtvv+f+W2o17UDnjo/+Q2Da9v2341fegL6kvd/GFzaPwwu7R8Gl/YPg6up/e/pZT2A3ef9HwaX9g+DS/sHAAAAAAAAAAAAAAAAAAAAAAAAAACArjp75ky2rK3evzKT5WcvLS/NVy6dmE2r88WFpZniTGXxYnGuUpkrp8WZysJ2/69cqVycnIqlyxO1tFqbqC6vnFuoLF2onTu/UJpLz6UjuxIVAAAAAAAAAAAAAAAAAAAAPFuqyyvzpXI5XZSQ2FFiuD+qsZ7ILummNVd7XZ+tEn/80BfVaJfodc8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/8GwAA//9ITzKe") r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000e00)='./file0\x00', 0x1) renameat2(r0, &(0x7f0000000140)='./file0\x00', r0, &(0x7f0000000040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU") r1 = socket$tipc(0x1e, 0x2, 0x0) getpeername$tipc(r1, &(0x7f0000000040)=@id, &(0x7f0000000200)=0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000780)=ANY=[@ANYRES32=r3, @ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095", @ANYRESOCT=r1, @ANYRES32=r0], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r6, 0x0, r5, 0x0, 0x46) close(r5) write$cgroup_int(r2, &(0x7f0000000000)=0x10000000000000, 0xffffff6a) r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r7}, 0x10) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@nodioread_nolock}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) utimensat(r6, 0x0, &(0x7f0000000280)={{0x0, 0x2710}}, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x42, 0x0) pwrite64(r8, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x18) r9 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r9, 0x8955, &(0x7f0000000340)={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x43}}, {0x1, @link_local}, 0x4, {0x2, 0x0, @multicast2}, 'lo\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00'}, 0x10) syz_clone3(&(0x7f00000006c0)={0x102102180, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) kernel console output (not intermixed with test programs): loop3): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 1 [ 80.794106][ T5805] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 80.828906][ T5815] netlink: 12 bytes leftover after parsing attributes in process `syz.2.662'. [ 80.841544][ T5812] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.654: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 80.846345][ T5805] EXT4-fs (loop4): orphan cleanup on readonly fs [ 81.016652][ T5805] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.658: bg 0: block 248: padding at end of block bitmap is not set [ 81.032427][ T5805] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.658: Failed to acquire dquot type 1 [ 81.049880][ T5805] EXT4-fs (loop4): 1 truncate cleaned up [ 81.070050][ T5805] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 81.104747][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.122331][ T5805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.170706][ T5815] netlink: 'syz.2.662': attribute type 21 has an invalid length. [ 81.251716][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.532019][ T5855] netlink: 12 bytes leftover after parsing attributes in process `syz.0.676'. [ 81.543239][ T5855] netlink: 84 bytes leftover after parsing attributes in process `syz.0.676'. [ 81.644537][ T5861] xt_TPROXY: Can be used only with -p tcp or -p udp [ 81.664390][ T5861] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 81.776499][ T5855] netlink: 'syz.0.676': attribute type 21 has an invalid length. [ 81.986509][ T5876] loop0: detected capacity change from 0 to 128 [ 82.009036][ T5876] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 82.307947][ T5885] netlink: 14 bytes leftover after parsing attributes in process `syz.1.687'. [ 82.342534][ T5887] loop2: detected capacity change from 0 to 128 [ 82.388907][ T5887] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 82.632997][ T3359] lo speed is unknown, defaulting to 1000 [ 82.680868][ T5906] loop2: detected capacity change from 0 to 128 [ 82.701620][ T5907] netlink: 'syz.1.695': attribute type 4 has an invalid length. [ 82.726893][ T5906] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 82.753894][ T5909] netlink: 'syz.0.697': attribute type 4 has an invalid length. [ 82.895778][ T5913] 9pnet_fd: Insufficient options for proto=fd [ 82.947618][ T5917] loop3: detected capacity change from 0 to 512 [ 82.963233][ T5917] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.976799][ T5917] ext4 filesystem being mounted at /123/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.013425][ T5921] random: crng reseeded on system resumption [ 83.090328][ T5924] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz.3.700: iget: bad i_size value: 2533274857506816 [ 83.114693][ T5929] netlink: 14 bytes leftover after parsing attributes in process `syz.2.702'. [ 83.148555][ T5931] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz.3.700: iget: bad i_size value: 2533274857506816 [ 83.231668][ T5936] loop0: detected capacity change from 0 to 128 [ 83.256739][ T5936] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 83.608742][ T5959] loop0: detected capacity change from 0 to 128 [ 83.625739][ T5959] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 83.805510][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.825256][ T5972] FAULT_INJECTION: forcing a failure. [ 83.825256][ T5972] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 83.838772][ T5972] CPU: 1 UID: 0 PID: 5972 Comm: syz.4.714 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 83.838800][ T5972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 83.838816][ T5972] Call Trace: [ 83.838823][ T5972] [ 83.838831][ T5972] __dump_stack+0x1d/0x30 [ 83.838917][ T5972] dump_stack_lvl+0xe8/0x140 [ 83.838943][ T5972] dump_stack+0x15/0x1b [ 83.838959][ T5972] should_fail_ex+0x265/0x280 [ 83.839055][ T5972] should_fail+0xb/0x20 [ 83.839089][ T5972] should_fail_usercopy+0x1a/0x20 [ 83.839129][ T5972] _copy_to_user+0x20/0xa0 [ 83.839196][ T5972] simple_read_from_buffer+0xb5/0x130 [ 83.839301][ T5972] proc_fail_nth_read+0x100/0x140 [ 83.839328][ T5972] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 83.839350][ T5972] vfs_read+0x1a0/0x6f0 [ 83.839393][ T5972] ? __rcu_read_unlock+0x4f/0x70 [ 83.839421][ T5972] ? __fget_files+0x184/0x1c0 [ 83.839471][ T5972] ksys_read+0xda/0x1a0 [ 83.839536][ T5972] __x64_sys_read+0x40/0x50 [ 83.839594][ T5972] x64_sys_call+0x2d77/0x2fb0 [ 83.839620][ T5972] do_syscall_64+0xd2/0x200 [ 83.839637][ T5972] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 83.839678][ T5972] ? clear_bhb_loop+0x40/0x90 [ 83.839721][ T5972] ? clear_bhb_loop+0x40/0x90 [ 83.839742][ T5972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.839763][ T5972] RIP: 0033:0x7f597a75d33c [ 83.839778][ T5972] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 83.839912][ T5972] RSP: 002b:00007f5978dc7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 83.839932][ T5972] RAX: ffffffffffffffda RBX: 00007f597a985fa0 RCX: 00007f597a75d33c [ 83.839946][ T5972] RDX: 000000000000000f RSI: 00007f5978dc70a0 RDI: 0000000000000007 [ 83.839959][ T5972] RBP: 00007f5978dc7090 R08: 0000000000000000 R09: 0000000000000000 [ 83.839975][ T5972] R10: 0000000004048841 R11: 0000000000000246 R12: 0000000000000001 [ 83.839990][ T5972] R13: 0000000000000000 R14: 00007f597a985fa0 R15: 00007fff4bb6a058 [ 83.840019][ T5972] [ 84.136623][ T5980] netlink: 'syz.3.719': attribute type 3 has an invalid length. [ 84.155512][ T5983] netlink: 12 bytes leftover after parsing attributes in process `syz.0.717'. [ 84.164992][ T5983] netlink: 28 bytes leftover after parsing attributes in process `syz.0.717'. [ 84.174456][ T5983] netlink: 12 bytes leftover after parsing attributes in process `syz.0.717'. [ 84.176235][ T5980] FAULT_INJECTION: forcing a failure. [ 84.176235][ T5980] name failslab, interval 1, probability 0, space 0, times 0 [ 84.184315][ T5983] netlink: 28 bytes leftover after parsing attributes in process `syz.0.717'. [ 84.196136][ T5980] CPU: 0 UID: 0 PID: 5980 Comm: syz.3.719 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 84.196169][ T5980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 84.196183][ T5980] Call Trace: [ 84.196190][ T5980] [ 84.196199][ T5980] __dump_stack+0x1d/0x30 [ 84.196294][ T5980] dump_stack_lvl+0xe8/0x140 [ 84.196319][ T5980] dump_stack+0x15/0x1b [ 84.196338][ T5980] should_fail_ex+0x265/0x280 [ 84.196427][ T5980] should_failslab+0x8c/0xb0 [ 84.196461][ T5980] kmem_cache_alloc_node_noprof+0x57/0x320 [ 84.196578][ T5980] ? __alloc_skb+0x101/0x320 [ 84.196616][ T5980] ? __rtnl_unlock+0x95/0xb0 [ 84.196669][ T5980] __alloc_skb+0x101/0x320 [ 84.196781][ T5980] netlink_ack+0xfd/0x500 [ 84.196832][ T5980] netlink_rcv_skb+0x192/0x220 [ 84.196949][ T5980] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 84.196994][ T5980] rtnetlink_rcv+0x1c/0x30 [ 84.197103][ T5980] netlink_unicast+0x59e/0x670 [ 84.197151][ T5980] netlink_sendmsg+0x58b/0x6b0 [ 84.197231][ T5980] ? __pfx_netlink_sendmsg+0x10/0x10 [ 84.197259][ T5980] __sock_sendmsg+0x142/0x180 [ 84.197321][ T5980] ____sys_sendmsg+0x31e/0x4e0 [ 84.197366][ T5980] ___sys_sendmsg+0x17b/0x1d0 [ 84.197404][ T5980] __x64_sys_sendmsg+0xd4/0x160 [ 84.197429][ T5980] x64_sys_call+0x2999/0x2fb0 [ 84.197457][ T5980] do_syscall_64+0xd2/0x200 [ 84.197545][ T5980] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 84.197582][ T5980] ? clear_bhb_loop+0x40/0x90 [ 84.197647][ T5980] ? clear_bhb_loop+0x40/0x90 [ 84.197677][ T5980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.197706][ T5980] RIP: 0033:0x7fe82e86e929 [ 84.197728][ T5980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.197753][ T5980] RSP: 002b:00007fe82ced7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 84.197778][ T5980] RAX: ffffffffffffffda RBX: 00007fe82ea95fa0 RCX: 00007fe82e86e929 [ 84.197871][ T5980] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 [ 84.197890][ T5980] RBP: 00007fe82ced7090 R08: 0000000000000000 R09: 0000000000000000 [ 84.197908][ T5980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 84.197925][ T5980] R13: 0000000000000000 R14: 00007fe82ea95fa0 R15: 00007ffe458762a8 [ 84.197958][ T5980] [ 84.255014][ T5991] random: crng reseeded on system resumption [ 84.259104][ T5983] netlink: 'syz.0.717': attribute type 6 has an invalid length. [ 84.334459][ T29] kauditd_printk_skb: 548 callbacks suppressed [ 84.334544][ T29] audit: type=1326 audit(1750010645.879:3838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.4.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 84.410915][ T5999] netlink: 14 bytes leftover after parsing attributes in process `syz.3.722'. [ 84.415018][ T29] audit: type=1326 audit(1750010645.879:3839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.4.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 84.519709][ T29] audit: type=1326 audit(1750010645.879:3840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.4.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 84.543998][ T29] audit: type=1326 audit(1750010645.879:3841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.4.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 84.568576][ T29] audit: type=1326 audit(1750010645.879:3842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.4.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 84.592447][ T29] audit: type=1326 audit(1750010645.879:3843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.4.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 84.616383][ T29] audit: type=1326 audit(1750010645.879:3844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.4.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 84.643268][ T29] audit: type=1326 audit(1750010645.919:3845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.4.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 84.667718][ T29] audit: type=1326 audit(1750010645.919:3846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.4.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 84.691554][ T29] audit: type=1326 audit(1750010645.919:3847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.4.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 84.741857][ T6010] loop4: detected capacity change from 0 to 128 [ 84.750248][ T6010] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 85.062021][ T6029] loop4: detected capacity change from 0 to 1024 [ 85.069388][ T6029] EXT4-fs: Ignoring removed orlov option [ 85.095180][ T6029] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.109747][ T6029] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.843149][ T6043] xt_hashlimit: max too large, truncated to 1048576 [ 86.004086][ T6047] lo speed is unknown, defaulting to 1000 [ 86.222001][ T6059] loop3: detected capacity change from 0 to 128 [ 86.247972][ T6059] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 86.476131][ T6078] netlink: 28 bytes leftover after parsing attributes in process `syz.2.743'. [ 86.485549][ T6078] netlink: 28 bytes leftover after parsing attributes in process `syz.2.743'. [ 86.507611][ T6067] syzkaller0: entered promiscuous mode [ 86.513273][ T6067] syzkaller0: entered allmulticast mode [ 86.551271][ T6081] netlink: 28 bytes leftover after parsing attributes in process `syz.3.744'. [ 86.560677][ T6081] netlink: 28 bytes leftover after parsing attributes in process `syz.3.744'. [ 86.990552][ T6101] loop3: detected capacity change from 0 to 128 [ 87.023285][ T6101] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 87.038065][ T6103] bridge0: entered promiscuous mode [ 87.055094][ T6103] bridge0: port 3(macsec1) entered blocking state [ 87.062119][ T6103] bridge0: port 3(macsec1) entered disabled state [ 87.090793][ T6101] ext4 filesystem being mounted at /130/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 87.115924][ T6103] macsec1: entered allmulticast mode [ 87.121402][ T6103] bridge0: entered allmulticast mode [ 87.163706][ T6103] macsec1: left allmulticast mode [ 87.169426][ T6103] bridge0: left allmulticast mode [ 87.202422][ T6103] bridge0: left promiscuous mode [ 87.346233][ T3314] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 87.518738][ T6122] loop3: detected capacity change from 0 to 128 [ 87.534080][ T6122] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 87.576123][ T6124] netlink: 'syz.4.749': attribute type 21 has an invalid length. [ 87.911799][ T6143] lo speed is unknown, defaulting to 1000 [ 88.047867][ T6129] netlink: 'syz.3.755': attribute type 21 has an invalid length. [ 88.190854][ T6150] random: crng reseeded on system resumption [ 88.267559][ T6153] __nla_validate_parse: 19 callbacks suppressed [ 88.267585][ T6153] netlink: 14 bytes leftover after parsing attributes in process `syz.4.760'. [ 88.467211][ T6161] netlink: 28 bytes leftover after parsing attributes in process `syz.2.761'. [ 88.476251][ T6161] netlink: 28 bytes leftover after parsing attributes in process `syz.2.761'. [ 88.597832][ T6160] loop3: detected capacity change from 0 to 128 [ 88.731232][ T6160] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 88.803332][ T6160] ext4 filesystem being mounted at /133/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.838168][ T6161] netlink: 28 bytes leftover after parsing attributes in process `syz.2.761'. [ 88.847454][ T6161] netlink: 28 bytes leftover after parsing attributes in process `syz.2.761'. [ 89.038830][ T6161] netlink: 28 bytes leftover after parsing attributes in process `syz.2.761'. [ 89.048000][ T6161] netlink: 28 bytes leftover after parsing attributes in process `syz.2.761'. [ 89.215648][ T6191] loop2: detected capacity change from 0 to 128 [ 89.226695][ T6191] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 89.264619][ T3314] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 89.489487][ T6204] FAULT_INJECTION: forcing a failure. [ 89.489487][ T6204] name failslab, interval 1, probability 0, space 0, times 0 [ 89.502436][ T6204] CPU: 0 UID: 0 PID: 6204 Comm: syz.4.772 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 89.502521][ T6204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 89.502534][ T6204] Call Trace: [ 89.502541][ T6204] [ 89.502549][ T6204] __dump_stack+0x1d/0x30 [ 89.502570][ T6204] dump_stack_lvl+0xe8/0x140 [ 89.502658][ T6204] dump_stack+0x15/0x1b [ 89.502680][ T6204] should_fail_ex+0x265/0x280 [ 89.502720][ T6204] should_failslab+0x8c/0xb0 [ 89.502780][ T6204] __kvmalloc_node_noprof+0x123/0x4e0 [ 89.502853][ T6204] ? traverse+0x9d/0x3a0 [ 89.502907][ T6204] traverse+0x9d/0x3a0 [ 89.502932][ T6204] ? path_openat+0x1bf8/0x2170 [ 89.503009][ T6204] seq_read_iter+0x853/0x940 [ 89.503036][ T6204] ? _parse_integer+0x27/0x40 [ 89.503151][ T6204] ? iovec_from_user+0x179/0x210 [ 89.503204][ T6204] proc_reg_read_iter+0x10d/0x180 [ 89.503228][ T6204] do_iter_readv_writev+0x421/0x4c0 [ 89.503325][ T6204] vfs_readv+0x1ea/0x690 [ 89.503373][ T6204] __x64_sys_preadv+0xfd/0x1c0 [ 89.503499][ T6204] x64_sys_call+0x1503/0x2fb0 [ 89.503527][ T6204] do_syscall_64+0xd2/0x200 [ 89.503555][ T6204] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 89.503612][ T6204] ? clear_bhb_loop+0x40/0x90 [ 89.503669][ T6204] ? clear_bhb_loop+0x40/0x90 [ 89.503697][ T6204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.503716][ T6204] RIP: 0033:0x7f597a75e929 [ 89.503773][ T6204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.503791][ T6204] RSP: 002b:00007f5978dc7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 89.503808][ T6204] RAX: ffffffffffffffda RBX: 00007f597a985fa0 RCX: 00007f597a75e929 [ 89.503820][ T6204] RDX: 0000000000000002 RSI: 00002000000006c0 RDI: 0000000000000003 [ 89.503832][ T6204] RBP: 00007f5978dc7090 R08: 0000000000000000 R09: 0000000000000000 [ 89.503843][ T6204] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001 [ 89.503904][ T6204] R13: 0000000000000000 R14: 00007f597a985fa0 R15: 00007fff4bb6a058 [ 89.503932][ T6204] [ 89.762901][ T29] kauditd_printk_skb: 218 callbacks suppressed [ 89.762916][ T29] audit: type=1326 audit(1750010651.309:4066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6205 comm="syz.4.773" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x0 [ 89.852022][ T6207] netlink: 'syz.4.773': attribute type 4 has an invalid length. [ 89.878874][ T6209] warn_alloc: 1 callbacks suppressed [ 89.878893][ T6209] syz.2.774: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 89.899409][ T6209] CPU: 0 UID: 0 PID: 6209 Comm: syz.2.774 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 89.899492][ T6209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 89.899510][ T6209] Call Trace: [ 89.899519][ T6209] [ 89.899529][ T6209] __dump_stack+0x1d/0x30 [ 89.899554][ T6209] dump_stack_lvl+0xe8/0x140 [ 89.899609][ T6209] dump_stack+0x15/0x1b [ 89.899628][ T6209] warn_alloc+0x12b/0x1a0 [ 89.899664][ T6209] __vmalloc_node_range_noprof+0x9c/0xe00 [ 89.899730][ T6209] ? __futex_wait+0x1ff/0x260 [ 89.899763][ T6209] ? __pfx_futex_wake_mark+0x10/0x10 [ 89.899797][ T6209] ? __rcu_read_unlock+0x4f/0x70 [ 89.899936][ T6209] ? avc_has_perm_noaudit+0x1b1/0x200 [ 89.899974][ T6209] ? should_fail_ex+0x30/0x280 [ 89.900136][ T6209] ? xskq_create+0x36/0xe0 [ 89.900166][ T6209] vmalloc_user_noprof+0x7d/0xb0 [ 89.900247][ T6209] ? xskq_create+0x80/0xe0 [ 89.900324][ T6209] xskq_create+0x80/0xe0 [ 89.900407][ T6209] xsk_init_queue+0x95/0xf0 [ 89.900436][ T6209] xsk_setsockopt+0x35c/0x510 [ 89.900464][ T6209] ? __pfx_xsk_setsockopt+0x10/0x10 [ 89.900608][ T6209] __sys_setsockopt+0x181/0x200 [ 89.900732][ T6209] __x64_sys_setsockopt+0x64/0x80 [ 89.900770][ T6209] x64_sys_call+0x2bd5/0x2fb0 [ 89.900799][ T6209] do_syscall_64+0xd2/0x200 [ 89.900825][ T6209] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 89.900883][ T6209] ? clear_bhb_loop+0x40/0x90 [ 89.900903][ T6209] ? clear_bhb_loop+0x40/0x90 [ 89.900925][ T6209] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.901041][ T6209] RIP: 0033:0x7fc6e9f5e929 [ 89.901062][ T6209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.901082][ T6209] RSP: 002b:00007fc6e85c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 89.901130][ T6209] RAX: ffffffffffffffda RBX: 00007fc6ea185fa0 RCX: 00007fc6e9f5e929 [ 89.901142][ T6209] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 89.901200][ T6209] RBP: 00007fc6e9fe0b39 R08: 0000000000000004 R09: 0000000000000000 [ 89.901214][ T6209] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 89.901229][ T6209] R13: 0000000000000000 R14: 00007fc6ea185fa0 R15: 00007ffc66618b28 [ 89.901257][ T6209] [ 89.901322][ T6209] Mem-Info: [ 90.136211][ T6209] active_anon:50662 inactive_anon:2 isolated_anon:0 [ 90.136211][ T6209] active_file:8038 inactive_file:10604 isolated_file:0 [ 90.136211][ T6209] unevictable:0 dirty:70 writeback:0 [ 90.136211][ T6209] slab_reclaimable:3164 slab_unreclaimable:14339 [ 90.136211][ T6209] mapped:29612 shmem:45365 pagetables:2221 [ 90.136211][ T6209] sec_pagetables:0 bounce:0 [ 90.136211][ T6209] kernel_misc_reclaimable:0 [ 90.136211][ T6209] free:1836281 free_pcp:9385 free_cma:0 [ 90.151431][ T29] audit: type=1326 audit(1750010651.679:4067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6210 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f30ee929 code=0x7ffc0000 [ 90.182531][ T6209] Node 0 active_anon:202648kB inactive_anon:8kB active_file:32152kB inactive_file:42416kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118268kB dirty:280kB writeback:0kB shmem:181460kB writeback_tmp:0kB kernel_stack:3936kB pagetables:9000kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 90.206325][ T29] audit: type=1326 audit(1750010651.679:4068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6210 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f30ee929 code=0x7ffc0000 [ 90.206427][ T29] audit: type=1326 audit(1750010651.679:4069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6210 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fb6f30ee929 code=0x7ffc0000 [ 90.235949][ T6209] Node 0 [ 90.259213][ T29] audit: type=1326 audit(1750010651.679:4070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6210 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f30ee929 code=0x7ffc0000 [ 90.259271][ T29] audit: type=1326 audit(1750010651.679:4071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6210 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f30ee929 code=0x7ffc0000 [ 90.317979][ T6213] netlink: 12 bytes leftover after parsing attributes in process `syz.3.767'. [ 90.333695][ T6209] DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 90.365120][ T6213] netlink: 84 bytes leftover after parsing attributes in process `syz.3.767'. [ 90.370953][ T6209] lowmem_reserve[]: 0 2882 7860 7860 [ 90.370995][ T6209] Node 0 DMA32 free:2947740kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951368kB mlocked:0kB bounce:0kB free_pcp:3628kB local_pcp:100kB free_cma:0kB [ 90.416291][ T6209] lowmem_reserve[]: 0 0 4978 4978 [ 90.421557][ T6209] Node 0 Normal free:4379720kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:202764kB inactive_anon:8kB active_file:32152kB inactive_file:42416kB unevictable:0kB writepending:280kB present:5242880kB managed:5098232kB mlocked:0kB bounce:0kB free_pcp:33168kB local_pcp:19308kB free_cma:0kB [ 90.454107][ T6209] lowmem_reserve[]: 0 0 0 0 [ 90.458716][ T6209] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 90.471846][ T6209] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 4*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947740kB [ 90.488518][ T6209] Node 0 Normal: 577*4kB (UME) 705*8kB (UM) 330*16kB (UME) 253*32kB (UME) 124*64kB (UE) 64*128kB (UM) 59*256kB (UE) 37*512kB (UM) 45*1024kB (UE) 31*2048kB (UE) 1025*4096kB (UME) = 4379468kB [ 90.507531][ T6209] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 90.517064][ T6209] 64754 total pagecache pages [ 90.521800][ T6209] 9 pages in swap cache [ 90.523277][ T29] audit: type=1326 audit(1750010651.809:4072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6210 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7fb6f30ee929 code=0x7ffc0000 [ 90.526081][ T6209] Free swap = 124640kB [ 90.526090][ T6209] Total swap = 124996kB [ 90.526099][ T6209] 2097051 pages RAM [ 90.526106][ T6209] 0 pages HighMem/MovableOnly [ 90.549673][ T29] audit: type=1326 audit(1750010651.809:4073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6210 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f30ee929 code=0x7ffc0000 [ 90.553725][ T6209] 80811 pages reserved [ 90.594422][ T29] audit: type=1326 audit(1750010651.809:4074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6210 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f30ee929 code=0x7ffc0000 [ 90.618119][ T29] audit: type=1326 audit(1750010652.059:4075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6219 comm="syz.1.778" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x0 [ 90.706190][ T6225] random: crng reseeded on system resumption [ 90.709017][ T6223] netlink: 'syz.1.778': attribute type 4 has an invalid length. [ 90.725797][ T6213] netlink: 'syz.3.767': attribute type 21 has an invalid length. [ 90.746383][ T6229] loop4: detected capacity change from 0 to 128 [ 90.769473][ T6229] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 90.791627][ T6233] netlink: 14 bytes leftover after parsing attributes in process `syz.0.780'. [ 90.891175][ T6248] loop3: detected capacity change from 0 to 128 [ 90.930936][ T6248] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 90.964717][ T6248] ext4 filesystem being mounted at /136/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.078638][ T6269] loop4: detected capacity change from 0 to 512 [ 91.122518][ T6269] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.138075][ T6269] ext4 filesystem being mounted at /130/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.165259][ T6269] EXT4-fs error (device loop4): ext4_lookup:1787: inode #12: comm syz.4.789: iget: bad i_size value: 2533274857506816 [ 91.184984][ T6269] EXT4-fs error (device loop4): ext4_lookup:1787: inode #12: comm syz.4.789: iget: bad i_size value: 2533274857506816 [ 91.226550][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.248611][ T6278] netlink: 'syz.2.790': attribute type 4 has an invalid length. [ 91.267845][ T3314] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 91.281987][ T6280] FAULT_INJECTION: forcing a failure. [ 91.281987][ T6280] name failslab, interval 1, probability 0, space 0, times 0 [ 91.294808][ T6280] CPU: 0 UID: 0 PID: 6280 Comm: syz.0.792 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 91.294838][ T6280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 91.294850][ T6280] Call Trace: [ 91.294861][ T6280] [ 91.294922][ T6280] __dump_stack+0x1d/0x30 [ 91.294944][ T6280] dump_stack_lvl+0xe8/0x140 [ 91.294970][ T6280] dump_stack+0x15/0x1b [ 91.295021][ T6280] should_fail_ex+0x265/0x280 [ 91.295067][ T6280] should_failslab+0x8c/0xb0 [ 91.295186][ T6280] kmem_cache_alloc_noprof+0x50/0x310 [ 91.295246][ T6280] ? radix_tree_node_alloc+0x8a/0x1f0 [ 91.295282][ T6280] ? perf_callchain_user+0xae0/0xb50 [ 91.295318][ T6280] radix_tree_node_alloc+0x8a/0x1f0 [ 91.295425][ T6280] idr_get_free+0x1fa/0x550 [ 91.295457][ T6280] idr_alloc_u32+0xca/0x180 [ 91.295481][ T6280] tcf_idr_check_alloc+0x193/0x240 [ 91.295680][ T6280] tcf_police_init+0x1ca/0xc80 [ 91.295723][ T6280] tcf_action_init_1+0x367/0x4a0 [ 91.295798][ T6280] tcf_action_init+0x267/0x6d0 [ 91.295909][ T6280] ? mark_reg_read+0x59/0x340 [ 91.295978][ T6280] tc_ctl_action+0x291/0x830 [ 91.296047][ T6280] ? __pfx_tc_ctl_action+0x10/0x10 [ 91.296096][ T6280] rtnetlink_rcv_msg+0x657/0x6d0 [ 91.296133][ T6280] netlink_rcv_skb+0x123/0x220 [ 91.296169][ T6280] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 91.296206][ T6280] rtnetlink_rcv+0x1c/0x30 [ 91.296282][ T6280] netlink_unicast+0x59e/0x670 [ 91.296318][ T6280] netlink_sendmsg+0x58b/0x6b0 [ 91.296347][ T6280] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.296371][ T6280] __sock_sendmsg+0x142/0x180 [ 91.296404][ T6280] ____sys_sendmsg+0x31e/0x4e0 [ 91.296459][ T6280] ___sys_sendmsg+0x17b/0x1d0 [ 91.296510][ T6280] __x64_sys_sendmsg+0xd4/0x160 [ 91.296577][ T6280] x64_sys_call+0x2999/0x2fb0 [ 91.296604][ T6280] do_syscall_64+0xd2/0x200 [ 91.296625][ T6280] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 91.296679][ T6280] ? clear_bhb_loop+0x40/0x90 [ 91.296708][ T6280] ? clear_bhb_loop+0x40/0x90 [ 91.296730][ T6280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.296750][ T6280] RIP: 0033:0x7fb6f30ee929 [ 91.296801][ T6280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.296886][ T6280] RSP: 002b:00007fb6f1757038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.296950][ T6280] RAX: ffffffffffffffda RBX: 00007fb6f3315fa0 RCX: 00007fb6f30ee929 [ 91.296962][ T6280] RDX: 0000000000000000 RSI: 00002000000037c0 RDI: 0000000000000005 [ 91.296974][ T6280] RBP: 00007fb6f1757090 R08: 0000000000000000 R09: 0000000000000000 [ 91.296986][ T6280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.296998][ T6280] R13: 0000000000000000 R14: 00007fb6f3315fa0 R15: 00007ffd513a60d8 [ 91.297021][ T6280] [ 91.582757][ T6282] loop4: detected capacity change from 0 to 128 [ 91.825129][ T6288] netlink: 'syz.0.795': attribute type 21 has an invalid length. [ 92.073103][ T6330] netlink: 'syz.3.805': attribute type 4 has an invalid length. [ 92.111705][ T6333] @: renamed from vlan0 (while UP) [ 92.137201][ T6341] netlink: 'syz.4.813': attribute type 11 has an invalid length. [ 92.168671][ T6341] netlink: 'syz.4.813': attribute type 11 has an invalid length. [ 92.183281][ T6341] netlink: 'syz.4.813': attribute type 11 has an invalid length. [ 92.458631][ T6364] loop4: detected capacity change from 0 to 256 [ 92.466669][ T6364] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 94.609029][ T6400] __nla_validate_parse: 81 callbacks suppressed [ 94.609047][ T6400] netlink: 28 bytes leftover after parsing attributes in process `syz.1.830'. [ 94.624774][ T6400] netlink: 28 bytes leftover after parsing attributes in process `syz.1.830'. [ 94.688104][ T6400] netlink: 28 bytes leftover after parsing attributes in process `syz.1.830'. [ 94.697273][ T6400] netlink: 28 bytes leftover after parsing attributes in process `syz.1.830'. [ 94.796826][ T6411] FAULT_INJECTION: forcing a failure. [ 94.796826][ T6411] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 94.810445][ T6411] CPU: 0 UID: 0 PID: 6411 Comm: syz.4.834 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 94.810533][ T6411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 94.810547][ T6411] Call Trace: [ 94.810555][ T6411] [ 94.810564][ T6411] __dump_stack+0x1d/0x30 [ 94.810590][ T6411] dump_stack_lvl+0xe8/0x140 [ 94.810614][ T6411] dump_stack+0x15/0x1b [ 94.810675][ T6411] should_fail_ex+0x265/0x280 [ 94.810711][ T6411] should_fail+0xb/0x20 [ 94.810809][ T6411] should_fail_usercopy+0x1a/0x20 [ 94.810882][ T6411] _copy_to_user+0x20/0xa0 [ 94.810962][ T6411] simple_read_from_buffer+0xb5/0x130 [ 94.810997][ T6411] proc_fail_nth_read+0x100/0x140 [ 94.811018][ T6411] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 94.811045][ T6411] vfs_read+0x1a0/0x6f0 [ 94.811183][ T6411] ? __rcu_read_unlock+0x4f/0x70 [ 94.811319][ T6411] ? __fget_files+0x184/0x1c0 [ 94.811342][ T6411] ksys_read+0xda/0x1a0 [ 94.811377][ T6411] __x64_sys_read+0x40/0x50 [ 94.811417][ T6411] x64_sys_call+0x2d77/0x2fb0 [ 94.811437][ T6411] do_syscall_64+0xd2/0x200 [ 94.811513][ T6411] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 94.811541][ T6411] ? clear_bhb_loop+0x40/0x90 [ 94.811561][ T6411] ? clear_bhb_loop+0x40/0x90 [ 94.811590][ T6411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.811616][ T6411] RIP: 0033:0x7f597a75d33c [ 94.811645][ T6411] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 94.811667][ T6411] RSP: 002b:00007f5978dc7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 94.811687][ T6411] RAX: ffffffffffffffda RBX: 00007f597a985fa0 RCX: 00007f597a75d33c [ 94.811702][ T6411] RDX: 000000000000000f RSI: 00007f5978dc70a0 RDI: 0000000000000006 [ 94.811750][ T6411] RBP: 00007f5978dc7090 R08: 0000000000000000 R09: 0000000000000000 [ 94.811763][ T6411] R10: 00000000000000d7 R11: 0000000000000246 R12: 0000000000000001 [ 94.811775][ T6411] R13: 0000000000000000 R14: 00007f597a985fa0 R15: 00007fff4bb6a058 [ 94.811802][ T6411] [ 95.035161][ T29] kauditd_printk_skb: 44 callbacks suppressed [ 95.035180][ T29] audit: type=1326 audit(1750010656.579:4120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.1.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 95.104599][ T6424] loop2: detected capacity change from 0 to 128 [ 95.113628][ T29] audit: type=1326 audit(1750010656.589:4121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.1.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 95.137179][ T29] audit: type=1326 audit(1750010656.599:4122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.1.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 95.162060][ T29] audit: type=1326 audit(1750010656.599:4123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.1.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 95.187608][ T29] audit: type=1326 audit(1750010656.599:4124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.1.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 95.213601][ T29] audit: type=1326 audit(1750010656.599:4125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.1.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 95.237727][ T29] audit: type=1326 audit(1750010656.599:4126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.1.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 95.249282][ T6434] loop3: detected capacity change from 0 to 512 [ 95.261851][ T29] audit: type=1326 audit(1750010656.599:4127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.1.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 95.291471][ T29] audit: type=1326 audit(1750010656.599:4128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.1.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 95.315512][ T29] audit: type=1326 audit(1750010656.599:4129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.1.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 95.318821][ T6429] validate_nla: 63 callbacks suppressed [ 95.318843][ T6429] netlink: 'syz.4.839': attribute type 4 has an invalid length. [ 95.353281][ T6424] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 95.387911][ T6424] ext4 filesystem being mounted at /195/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.424455][ T6434] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.452834][ T6434] ext4 filesystem being mounted at /144/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.498506][ T6446] syzkaller1: entered promiscuous mode [ 95.504261][ T6446] syzkaller1: entered allmulticast mode [ 95.515070][ T6446] netlink: 'syz.0.847': attribute type 1 has an invalid length. [ 95.550477][ T6446] lo speed is unknown, defaulting to 1000 [ 95.615441][ T6434] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz.3.842: iget: bad i_size value: 2533274857506816 [ 95.631054][ T6434] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz.3.842: iget: bad i_size value: 2533274857506816 [ 95.765648][ T3306] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 95.784097][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.000809][ T6462] netlink: 28 bytes leftover after parsing attributes in process `syz.2.848'. [ 97.009939][ T6462] netlink: 28 bytes leftover after parsing attributes in process `syz.2.848'. [ 97.329239][ T6458] SELinux: syz.4.850 (6458) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 97.888815][ T6483] netlink: 12 bytes leftover after parsing attributes in process `syz.2.857'. [ 97.908844][ T6483] netlink: 84 bytes leftover after parsing attributes in process `syz.2.857'. [ 98.156374][ T6489] loop0: detected capacity change from 0 to 128 [ 98.198145][ T6483] netlink: 'syz.2.857': attribute type 21 has an invalid length. [ 98.207033][ T6489] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 98.362168][ T6499] netlink: 'syz.3.860': attribute type 4 has an invalid length. [ 98.545099][ T6513] netlink: 28 bytes leftover after parsing attributes in process `syz.1.865'. [ 98.554597][ T6513] netlink: 28 bytes leftover after parsing attributes in process `syz.1.865'. [ 98.750172][ T6524] loop0: detected capacity change from 0 to 128 [ 98.763921][ T6524] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 98.795652][ T6524] ext4 filesystem being mounted at /179/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.846525][ T6527] loop2: detected capacity change from 0 to 512 [ 98.870395][ T6527] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.861: iget: bad extended attribute block 1 [ 98.894130][ T6527] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.861: couldn't read orphan inode 15 (err -117) [ 98.923070][ T6527] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.953060][ T6527] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters [ 98.992227][ T3310] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 99.038054][ T6542] FAULT_INJECTION: forcing a failure. [ 99.038054][ T6542] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.052097][ T6542] CPU: 0 UID: 0 PID: 6542 Comm: syz.0.874 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 99.052139][ T6542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 99.052220][ T6542] Call Trace: [ 99.052232][ T6542] [ 99.052242][ T6542] __dump_stack+0x1d/0x30 [ 99.052265][ T6542] dump_stack_lvl+0xe8/0x140 [ 99.052373][ T6542] dump_stack+0x15/0x1b [ 99.052394][ T6542] should_fail_ex+0x265/0x280 [ 99.052572][ T6542] should_fail+0xb/0x20 [ 99.052599][ T6542] should_fail_usercopy+0x1a/0x20 [ 99.052653][ T6542] _copy_from_user+0x1c/0xb0 [ 99.052723][ T6542] kstrtouint_from_user+0x69/0xf0 [ 99.052762][ T6542] ? 0xffffffff81000000 [ 99.052775][ T6542] ? selinux_file_permission+0x1e4/0x320 [ 99.052881][ T6542] proc_fail_nth_write+0x50/0x160 [ 99.052908][ T6542] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 99.052929][ T6542] vfs_write+0x269/0x8e0 [ 99.052958][ T6542] ? vfs_read+0x47f/0x6f0 [ 99.053007][ T6542] ? __rcu_read_unlock+0x4f/0x70 [ 99.053036][ T6542] ? __fget_files+0x184/0x1c0 [ 99.053068][ T6542] ksys_write+0xda/0x1a0 [ 99.053087][ T6542] __x64_sys_write+0x40/0x50 [ 99.053104][ T6542] x64_sys_call+0x2cdd/0x2fb0 [ 99.053130][ T6542] do_syscall_64+0xd2/0x200 [ 99.053153][ T6542] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 99.053215][ T6542] ? clear_bhb_loop+0x40/0x90 [ 99.053242][ T6542] ? clear_bhb_loop+0x40/0x90 [ 99.053269][ T6542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.053296][ T6542] RIP: 0033:0x7fb6f30ed3df [ 99.053313][ T6542] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 99.053397][ T6542] RSP: 002b:00007fb6f1757030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 99.053474][ T6542] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb6f30ed3df [ 99.053490][ T6542] RDX: 0000000000000001 RSI: 00007fb6f17570a0 RDI: 0000000000000008 [ 99.053506][ T6542] RBP: 00007fb6f1757090 R08: 0000000000000000 R09: 0000000000000000 [ 99.053521][ T6542] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 99.053544][ T6542] R13: 0000000000000000 R14: 00007fb6f3315fa0 R15: 00007ffd513a60d8 [ 99.053570][ T6542] [ 99.311176][ T6534] netlink: 'syz.4.872': attribute type 21 has an invalid length. [ 99.348545][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.748255][ T6583] netlink: 'syz.4.887': attribute type 4 has an invalid length. [ 99.767989][ T6584] __nla_validate_parse: 6 callbacks suppressed [ 99.768007][ T6584] netlink: 28 bytes leftover after parsing attributes in process `syz.0.882'. [ 99.783491][ T6584] netlink: 28 bytes leftover after parsing attributes in process `syz.0.882'. [ 99.829448][ T6584] netlink: 28 bytes leftover after parsing attributes in process `syz.0.882'. [ 99.838428][ T6584] netlink: 28 bytes leftover after parsing attributes in process `syz.0.882'. [ 99.913797][ T6588] FAULT_INJECTION: forcing a failure. [ 99.913797][ T6588] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.927175][ T6588] CPU: 1 UID: 0 PID: 6588 Comm: syz.2.889 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 99.927211][ T6588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 99.927225][ T6588] Call Trace: [ 99.927232][ T6588] [ 99.927313][ T6588] __dump_stack+0x1d/0x30 [ 99.927336][ T6588] dump_stack_lvl+0xe8/0x140 [ 99.927362][ T6588] dump_stack+0x15/0x1b [ 99.927383][ T6588] should_fail_ex+0x265/0x280 [ 99.927470][ T6588] should_fail+0xb/0x20 [ 99.927512][ T6588] should_fail_usercopy+0x1a/0x20 [ 99.927618][ T6588] _copy_from_user+0x1c/0xb0 [ 99.927645][ T6588] __se_sys_mount+0x10d/0x2e0 [ 99.927663][ T6588] ? fput+0x8f/0xc0 [ 99.927686][ T6588] ? ksys_write+0x192/0x1a0 [ 99.927747][ T6588] __x64_sys_mount+0x67/0x80 [ 99.927767][ T6588] x64_sys_call+0xd36/0x2fb0 [ 99.927787][ T6588] do_syscall_64+0xd2/0x200 [ 99.927804][ T6588] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 99.927866][ T6588] ? clear_bhb_loop+0x40/0x90 [ 99.927887][ T6588] ? clear_bhb_loop+0x40/0x90 [ 99.927946][ T6588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.927974][ T6588] RIP: 0033:0x7fc6e9f5e929 [ 99.927992][ T6588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.928012][ T6588] RSP: 002b:00007fc6e85c7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 99.928098][ T6588] RAX: ffffffffffffffda RBX: 00007fc6ea185fa0 RCX: 00007fc6e9f5e929 [ 99.928113][ T6588] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 0000000000000000 [ 99.928129][ T6588] RBP: 00007fc6e85c7090 R08: 0000200000000280 R09: 0000000000000000 [ 99.928144][ T6588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.928157][ T6588] R13: 0000000000000000 R14: 00007fc6ea185fa0 R15: 00007ffc66618b28 [ 99.928179][ T6588] [ 100.147178][ T6584] netlink: 28 bytes leftover after parsing attributes in process `syz.0.882'. [ 100.156196][ T6584] netlink: 28 bytes leftover after parsing attributes in process `syz.0.882'. [ 100.313796][ T6597] netlink: 12 bytes leftover after parsing attributes in process `syz.2.892'. [ 100.348733][ T6598] loop0: detected capacity change from 0 to 512 [ 100.370348][ T6599] netlink: 84 bytes leftover after parsing attributes in process `syz.2.892'. [ 100.387429][ T6598] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.890: iget: bad extended attribute block 1 [ 100.422967][ T6602] warn_alloc: 9 callbacks suppressed [ 100.422985][ T6602] syz.1.893: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 100.443283][ T6602] CPU: 1 UID: 0 PID: 6602 Comm: syz.1.893 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 100.443391][ T6602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 100.443404][ T6602] Call Trace: [ 100.443410][ T6602] [ 100.443418][ T6602] __dump_stack+0x1d/0x30 [ 100.443507][ T6602] dump_stack_lvl+0xe8/0x140 [ 100.443528][ T6602] dump_stack+0x15/0x1b [ 100.443543][ T6602] warn_alloc+0x12b/0x1a0 [ 100.443587][ T6602] __vmalloc_node_range_noprof+0x9c/0xe00 [ 100.443620][ T6602] ? __futex_wait+0x1ff/0x260 [ 100.443658][ T6602] ? __pfx_futex_wake_mark+0x10/0x10 [ 100.443697][ T6602] ? __rcu_read_unlock+0x4f/0x70 [ 100.443724][ T6602] ? avc_has_perm_noaudit+0x1b1/0x200 [ 100.443826][ T6602] ? should_fail_ex+0x30/0x280 [ 100.443866][ T6602] ? xskq_create+0x36/0xe0 [ 100.443941][ T6602] vmalloc_user_noprof+0x7d/0xb0 [ 100.443972][ T6602] ? xskq_create+0x80/0xe0 [ 100.443995][ T6602] xskq_create+0x80/0xe0 [ 100.444023][ T6602] xsk_init_queue+0x95/0xf0 [ 100.444123][ T6602] xsk_setsockopt+0x35c/0x510 [ 100.444143][ T6602] ? __pfx_xsk_setsockopt+0x10/0x10 [ 100.444163][ T6602] __sys_setsockopt+0x181/0x200 [ 100.444202][ T6602] __x64_sys_setsockopt+0x64/0x80 [ 100.444296][ T6602] x64_sys_call+0x2bd5/0x2fb0 [ 100.444317][ T6602] do_syscall_64+0xd2/0x200 [ 100.444336][ T6602] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 100.444382][ T6602] ? clear_bhb_loop+0x40/0x90 [ 100.444434][ T6602] ? clear_bhb_loop+0x40/0x90 [ 100.444472][ T6602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.444500][ T6602] RIP: 0033:0x7f1f98afe929 [ 100.444520][ T6602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.444537][ T6602] RSP: 002b:00007f1f97167038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 100.444567][ T6602] RAX: ffffffffffffffda RBX: 00007f1f98d25fa0 RCX: 00007f1f98afe929 [ 100.444584][ T6602] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000005 [ 100.444600][ T6602] RBP: 00007f1f98b80b39 R08: 0000000000000004 R09: 0000000000000000 [ 100.444616][ T6602] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 100.444633][ T6602] R13: 0000000000000000 R14: 00007f1f98d25fa0 R15: 00007fff2c407278 [ 100.444661][ T6602] [ 100.444670][ T6602] Mem-Info: [ 100.679776][ T6602] active_anon:64179 inactive_anon:2 isolated_anon:0 [ 100.679776][ T6602] active_file:8038 inactive_file:10607 isolated_file:0 [ 100.679776][ T6602] unevictable:0 dirty:65 writeback:0 [ 100.679776][ T6602] slab_reclaimable:3187 slab_unreclaimable:14356 [ 100.679776][ T6602] mapped:30230 shmem:57875 pagetables:2362 [ 100.679776][ T6602] sec_pagetables:0 bounce:0 [ 100.679776][ T6602] kernel_misc_reclaimable:0 [ 100.679776][ T6602] free:1822929 free_pcp:8675 free_cma:0 [ 100.725578][ T6602] Node 0 active_anon:256832kB inactive_anon:8kB active_file:32152kB inactive_file:42428kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:120920kB dirty:260kB writeback:0kB shmem:231500kB writeback_tmp:0kB kernel_stack:4128kB pagetables:9448kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 100.755349][ T6602] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 100.784279][ T6602] lowmem_reserve[]: 0 2882 7860 7860 [ 100.789694][ T6602] Node 0 DMA32 free:2947740kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951368kB mlocked:0kB bounce:0kB free_pcp:3628kB local_pcp:3528kB free_cma:0kB [ 100.820855][ T6602] lowmem_reserve[]: 0 0 4978 4978 [ 100.825974][ T6602] Node 0 Normal free:4328616kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:256948kB inactive_anon:8kB active_file:32152kB inactive_file:42428kB unevictable:0kB writepending:260kB present:5242880kB managed:5098232kB mlocked:0kB bounce:0kB free_pcp:30776kB local_pcp:18560kB free_cma:0kB [ 100.859099][ T6602] lowmem_reserve[]: 0 0 0 0 [ 100.863783][ T6602] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 100.876875][ T6602] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 4*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947740kB [ 100.893193][ T6602] Node 0 Normal: 573*4kB (UME) 348*8kB (U) 191*16kB (U) 162*32kB (UM) 78*64kB (U) 12*128kB (UE) 41*256kB (UE) 39*512kB (UM) 46*1024kB (UME) 32*2048kB (UME) 1017*4096kB (UME) = 4328580kB [ 100.912027][ T6602] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 100.921448][ T6602] 76513 total pagecache pages [ 100.926222][ T6602] 9 pages in swap cache [ 100.930471][ T6602] Free swap = 124640kB [ 100.934887][ T6602] Total swap = 124996kB [ 100.939252][ T6602] 2097051 pages RAM [ 100.943152][ T6602] 0 pages HighMem/MovableOnly [ 100.947943][ T6602] 80811 pages reserved [ 100.994259][ T6598] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.890: couldn't read orphan inode 15 (err -117) [ 101.017620][ T6604] netlink: 12 bytes leftover after parsing attributes in process `syz.4.894'. [ 101.028489][ T6598] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.045239][ T6594] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters [ 101.119000][ T29] kauditd_printk_skb: 134 callbacks suppressed [ 101.119029][ T29] audit: type=1326 audit(1750010662.659:4264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6605 comm="syz.1.895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 101.149737][ T29] audit: type=1326 audit(1750010662.659:4265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6605 comm="syz.1.895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 101.174194][ T29] audit: type=1326 audit(1750010662.659:4266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6605 comm="syz.1.895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 101.198075][ T29] audit: type=1326 audit(1750010662.659:4267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6605 comm="syz.1.895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 101.221756][ T29] audit: type=1326 audit(1750010662.659:4268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6605 comm="syz.1.895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 101.378513][ T6597] netlink: 'syz.2.892': attribute type 21 has an invalid length. [ 101.441140][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.503866][ T6614] netlink: 12 bytes leftover after parsing attributes in process `syz.1.895'. [ 101.536848][ T6614] netlink: 'syz.1.895': attribute type 6 has an invalid length. [ 101.563377][ T29] audit: type=1326 audit(1750010662.849:4269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6605 comm="syz.1.895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 101.587213][ T29] audit: type=1326 audit(1750010662.849:4270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6605 comm="syz.1.895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 101.611978][ T29] audit: type=1326 audit(1750010662.849:4271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6605 comm="syz.1.895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 101.635634][ T29] audit: type=1326 audit(1750010662.859:4272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6605 comm="syz.1.895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 101.659691][ T29] audit: type=1326 audit(1750010662.869:4273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6605 comm="syz.1.895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 104.759383][ T6667] loop4: detected capacity change from 0 to 128 [ 104.775640][ T6667] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 104.815798][ T6678] loop2: detected capacity change from 0 to 128 [ 104.844549][ T6682] FAULT_INJECTION: forcing a failure. [ 104.844549][ T6682] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 104.850632][ T6678] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 104.858116][ T6682] CPU: 1 UID: 0 PID: 6682 Comm: syz.0.914 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 104.858156][ T6682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 104.858174][ T6682] Call Trace: [ 104.858184][ T6682] [ 104.858255][ T6682] __dump_stack+0x1d/0x30 [ 104.858284][ T6682] dump_stack_lvl+0xe8/0x140 [ 104.858312][ T6682] dump_stack+0x15/0x1b [ 104.858334][ T6682] should_fail_ex+0x265/0x280 [ 104.858378][ T6682] should_fail+0xb/0x20 [ 104.858449][ T6682] should_fail_usercopy+0x1a/0x20 [ 104.858495][ T6682] _copy_from_user+0x1c/0xb0 [ 104.858524][ T6682] ___sys_sendmsg+0xc1/0x1d0 [ 104.858605][ T6682] __x64_sys_sendmsg+0xd4/0x160 [ 104.858640][ T6682] x64_sys_call+0x2999/0x2fb0 [ 104.858670][ T6682] do_syscall_64+0xd2/0x200 [ 104.858727][ T6682] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 104.858769][ T6682] ? clear_bhb_loop+0x40/0x90 [ 104.858866][ T6682] ? clear_bhb_loop+0x40/0x90 [ 104.858898][ T6682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.858998][ T6682] RIP: 0033:0x7fb6f30ee929 [ 104.859020][ T6682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.859093][ T6682] RSP: 002b:00007fb6f1757038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 104.859187][ T6682] RAX: ffffffffffffffda RBX: 00007fb6f3315fa0 RCX: 00007fb6f30ee929 [ 104.859207][ T6682] RDX: 00000000040408c0 RSI: 0000200000000440 RDI: 0000000000000003 [ 104.859224][ T6682] RBP: 00007fb6f1757090 R08: 0000000000000000 R09: 0000000000000000 [ 104.859242][ T6682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.859259][ T6682] R13: 0000000000000000 R14: 00007fb6f3315fa0 R15: 00007ffd513a60d8 [ 104.859293][ T6682] [ 106.020451][ T6678] ext4 filesystem being mounted at /213/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.100078][ T3306] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 107.136249][ T29] kauditd_printk_skb: 129 callbacks suppressed [ 107.136266][ T29] audit: type=1326 audit(1750010668.679:4403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6693 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 107.167057][ T29] audit: type=1326 audit(1750010668.679:4404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6693 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 107.278630][ T29] audit: type=1326 audit(1750010668.749:4405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6693 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=279 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 107.302305][ T29] audit: type=1326 audit(1750010668.749:4406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6693 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 107.325778][ T29] audit: type=1326 audit(1750010668.749:4407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6693 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 107.349510][ T29] audit: type=1326 audit(1750010668.749:4408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6693 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 107.373315][ T29] audit: type=1326 audit(1750010668.749:4409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6693 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 107.397053][ T29] audit: type=1326 audit(1750010668.749:4410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6693 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 107.420500][ T29] audit: type=1326 audit(1750010668.749:4411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6693 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 107.444207][ T29] audit: type=1326 audit(1750010668.749:4412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6693 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 107.544731][ T6687] syzkaller0: entered promiscuous mode [ 107.550415][ T6687] syzkaller0: entered allmulticast mode [ 108.073307][ T6715] loop2: detected capacity change from 0 to 512 [ 108.116661][ T6715] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.247454][ T6729] loop4: detected capacity change from 0 to 512 [ 108.303933][ T6729] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.342614][ T6732] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6732 comm=syz.1.931 [ 108.364762][ T6729] ext4 filesystem being mounted at /159/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.461460][ T6729] EXT4-fs error (device loop4): ext4_lookup:1787: inode #12: comm syz.4.930: iget: bad i_size value: 2533274857506816 [ 108.485709][ T6738] rdma_op ffff8881384d6d80 conn xmit_rdma 0000000000000000 [ 108.495861][ T6729] EXT4-fs error (device loop4): ext4_lookup:1787: inode #12: comm syz.4.930: iget: bad i_size value: 2533274857506816 [ 108.534782][ T6738] tipc: Started in network mode [ 108.539989][ T6738] tipc: Node identity fef331000000000000000000000000aa, cluster identity 4711 [ 108.549192][ T6738] tipc: Enabling of bearer rejected, failed to enable media [ 108.574828][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.626852][ T6740] __nla_validate_parse: 9 callbacks suppressed [ 108.626922][ T6740] netlink: 28 bytes leftover after parsing attributes in process `syz.1.943'. [ 108.642335][ T6740] netlink: 28 bytes leftover after parsing attributes in process `syz.1.943'. [ 108.654921][ T6715] ext4 filesystem being mounted at /214/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.673014][ T6715] EXT4-fs error (device loop2): ext4_lookup:1787: inode #12: comm syz.2.921: iget: bad i_size value: 2533274857506816 [ 108.700892][ T6715] EXT4-fs error (device loop2): ext4_lookup:1787: inode #12: comm syz.2.921: iget: bad i_size value: 2533274857506816 [ 108.722031][ T6740] netlink: 28 bytes leftover after parsing attributes in process `syz.1.943'. [ 108.731029][ T6740] netlink: 28 bytes leftover after parsing attributes in process `syz.1.943'. [ 108.781972][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.817111][ T6740] netlink: 28 bytes leftover after parsing attributes in process `syz.1.943'. [ 108.826264][ T6740] netlink: 28 bytes leftover after parsing attributes in process `syz.1.943'. [ 109.173150][ T6764] FAULT_INJECTION: forcing a failure. [ 109.173150][ T6764] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.186432][ T6764] CPU: 0 UID: 0 PID: 6764 Comm: syz.3.941 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 109.186514][ T6764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 109.186530][ T6764] Call Trace: [ 109.186539][ T6764] [ 109.186626][ T6764] __dump_stack+0x1d/0x30 [ 109.186661][ T6764] dump_stack_lvl+0xe8/0x140 [ 109.186687][ T6764] dump_stack+0x15/0x1b [ 109.186708][ T6764] should_fail_ex+0x265/0x280 [ 109.186769][ T6764] should_fail+0xb/0x20 [ 109.186874][ T6764] should_fail_usercopy+0x1a/0x20 [ 109.186917][ T6764] _copy_from_user+0x1c/0xb0 [ 109.186937][ T6764] kstrtouint_from_user+0x69/0xf0 [ 109.187012][ T6764] ? 0xffffffff81000000 [ 109.187029][ T6764] ? selinux_file_permission+0x1e4/0x320 [ 109.187055][ T6764] proc_fail_nth_write+0x50/0x160 [ 109.187126][ T6764] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 109.187197][ T6764] vfs_write+0x269/0x8e0 [ 109.187229][ T6764] ? vfs_read+0x47f/0x6f0 [ 109.187260][ T6764] ? __rcu_read_unlock+0x4f/0x70 [ 109.187331][ T6764] ? __fget_files+0x184/0x1c0 [ 109.187350][ T6764] ? __sys_bind+0x223/0x2a0 [ 109.187380][ T6764] ksys_write+0xda/0x1a0 [ 109.187406][ T6764] __x64_sys_write+0x40/0x50 [ 109.187442][ T6764] x64_sys_call+0x2cdd/0x2fb0 [ 109.187466][ T6764] do_syscall_64+0xd2/0x200 [ 109.187483][ T6764] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 109.187530][ T6764] ? clear_bhb_loop+0x40/0x90 [ 109.187557][ T6764] ? clear_bhb_loop+0x40/0x90 [ 109.187649][ T6764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.187676][ T6764] RIP: 0033:0x7fe82e86d3df [ 109.187692][ T6764] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 109.187709][ T6764] RSP: 002b:00007fe82ced7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 109.187729][ T6764] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe82e86d3df [ 109.187745][ T6764] RDX: 0000000000000001 RSI: 00007fe82ced70a0 RDI: 0000000000000006 [ 109.187767][ T6764] RBP: 00007fe82ced7090 R08: 0000000000000000 R09: 0000000000000000 [ 109.187779][ T6764] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 109.187790][ T6764] R13: 0000000000000000 R14: 00007fe82ea95fa0 R15: 00007ffe458762a8 [ 109.187814][ T6764] [ 109.492314][ T6768] loop3: detected capacity change from 0 to 512 [ 109.541736][ T6768] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.569621][ T6768] ext4 filesystem being mounted at /157/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 109.611426][ T6768] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz.3.944: iget: bad i_size value: 2533274857506816 [ 109.653949][ T6768] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz.3.944: iget: bad i_size value: 2533274857506816 [ 109.811929][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.966848][ T6784] rdma_op ffff8881384d5580 conn xmit_rdma 0000000000000000 [ 110.023049][ T6788] netlink: 28 bytes leftover after parsing attributes in process `syz.3.946'. [ 110.027293][ T6784] tipc: Started in network mode [ 110.032091][ T6788] netlink: 28 bytes leftover after parsing attributes in process `syz.3.946'. [ 110.036932][ T6784] tipc: Node identity fef331000000000000000000000000aa, cluster identity 4711 [ 110.055087][ T6784] tipc: Enabling of bearer rejected, failed to enable media [ 110.076102][ T6792] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.096041][ T6788] netlink: 28 bytes leftover after parsing attributes in process `syz.3.946'. [ 110.105136][ T6788] netlink: 28 bytes leftover after parsing attributes in process `syz.3.946'. [ 110.178448][ T6792] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.234471][ T6792] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.272611][ T6811] loop0: detected capacity change from 0 to 512 [ 110.306147][ T6792] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.309606][ T6811] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.353340][ T6811] ext4 filesystem being mounted at /194/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.399019][ T6792] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.428825][ T6792] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.443093][ T6792] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.451606][ T6811] EXT4-fs error (device loop0): ext4_lookup:1787: inode #12: comm syz.0.956: iget: bad i_size value: 2533274857506816 [ 110.477558][ T6811] EXT4-fs error (device loop0): ext4_lookup:1787: inode #12: comm syz.0.956: iget: bad i_size value: 2533274857506816 [ 110.501629][ T6792] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.533953][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.636963][ T6844] warn_alloc: 3 callbacks suppressed [ 110.636979][ T6844] syz.2.964: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 110.656883][ T6844] CPU: 1 UID: 0 PID: 6844 Comm: syz.2.964 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 110.657002][ T6844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 110.657019][ T6844] Call Trace: [ 110.657028][ T6844] [ 110.657043][ T6844] __dump_stack+0x1d/0x30 [ 110.657070][ T6844] dump_stack_lvl+0xe8/0x140 [ 110.657090][ T6844] dump_stack+0x15/0x1b [ 110.657166][ T6844] warn_alloc+0x12b/0x1a0 [ 110.657208][ T6844] __vmalloc_node_range_noprof+0x9c/0xe00 [ 110.657255][ T6844] ? __futex_wait+0x1ff/0x260 [ 110.657363][ T6844] ? __pfx_futex_wake_mark+0x10/0x10 [ 110.657472][ T6844] ? __rcu_read_unlock+0x4f/0x70 [ 110.657501][ T6844] ? avc_has_perm_noaudit+0x1b1/0x200 [ 110.657531][ T6844] ? should_fail_ex+0x30/0x280 [ 110.657562][ T6844] ? xskq_create+0x36/0xe0 [ 110.657654][ T6844] vmalloc_user_noprof+0x7d/0xb0 [ 110.657687][ T6844] ? xskq_create+0x80/0xe0 [ 110.657708][ T6844] xskq_create+0x80/0xe0 [ 110.657804][ T6844] xsk_init_queue+0x95/0xf0 [ 110.657825][ T6844] xsk_setsockopt+0x35c/0x510 [ 110.657846][ T6844] ? __pfx_xsk_setsockopt+0x10/0x10 [ 110.657870][ T6844] __sys_setsockopt+0x181/0x200 [ 110.657961][ T6844] __x64_sys_setsockopt+0x64/0x80 [ 110.657993][ T6844] x64_sys_call+0x2bd5/0x2fb0 [ 110.658013][ T6844] do_syscall_64+0xd2/0x200 [ 110.658073][ T6844] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 110.658107][ T6844] ? clear_bhb_loop+0x40/0x90 [ 110.658131][ T6844] ? clear_bhb_loop+0x40/0x90 [ 110.658215][ T6844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.658235][ T6844] RIP: 0033:0x7fc6e9f5e929 [ 110.658260][ T6844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.658277][ T6844] RSP: 002b:00007fc6e85c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 110.658334][ T6844] RAX: ffffffffffffffda RBX: 00007fc6ea185fa0 RCX: 00007fc6e9f5e929 [ 110.658352][ T6844] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000005 [ 110.658374][ T6844] RBP: 00007fc6e9fe0b39 R08: 0000000000000004 R09: 0000000000000000 [ 110.658390][ T6844] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.658407][ T6844] R13: 0000000000000000 R14: 00007fc6ea185fa0 R15: 00007ffc66618b28 [ 110.658436][ T6844] [ 110.658443][ T6844] Mem-Info: [ 110.709646][ T6847] loop0: detected capacity change from 0 to 512 [ 110.712150][ T6844] active_anon:65409 inactive_anon:2 isolated_anon:0 [ 110.712150][ T6844] active_file:8038 inactive_file:10617 isolated_file:0 [ 110.712150][ T6844] unevictable:0 dirty:89 writeback:0 [ 110.712150][ T6844] slab_reclaimable:3207 slab_unreclaimable:14354 [ 110.712150][ T6844] mapped:32089 shmem:59735 pagetables:2458 [ 110.712150][ T6844] sec_pagetables:0 bounce:0 [ 110.712150][ T6844] kernel_misc_reclaimable:0 [ 110.712150][ T6844] free:1820568 free_pcp:10703 free_cma:0 [ 110.718121][ T6847] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 110.722181][ T6844] Node 0 active_anon:261636kB inactive_anon:8kB active_file:32152kB inactive_file:42468kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:128356kB dirty:356kB writeback:0kB shmem:238940kB writeback_tmp:0kB kernel_stack:4144kB pagetables:9832kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 110.744365][ T6847] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.747662][ T6844] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 110.752465][ T6847] ext4 filesystem being mounted at /195/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.756657][ T6844] lowmem_reserve[]: 0 2882 7860 7860 [ 111.042327][ T6844] Node 0 DMA32 free:2947740kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951368kB mlocked:0kB bounce:0kB free_pcp:3628kB local_pcp:3528kB free_cma:0kB [ 111.073270][ T6844] lowmem_reserve[]: 0 0 4978 4978 [ 111.078472][ T6844] Node 0 Normal free:4318940kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:261668kB inactive_anon:8kB active_file:32152kB inactive_file:42436kB unevictable:0kB writepending:432kB present:5242880kB managed:5098232kB mlocked:0kB bounce:0kB free_pcp:39540kB local_pcp:34644kB free_cma:0kB [ 111.111336][ T6844] lowmem_reserve[]: 0 0 0 0 [ 111.115897][ T6844] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 111.128779][ T6844] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 4*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947740kB [ 111.145051][ T6844] Node 0 Normal: 85*4kB (M) 28*8kB (UME) 136*16kB (UME) 198*32kB (UME) 46*64kB (UME) 16*128kB (UM) 52*256kB (UME) 44*512kB (UM) 53*1024kB (UME) 32*2048kB (UME) 1013*4096kB (UME) = 4318964kB [ 111.165143][ T6844] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 111.175657][ T6844] 78381 total pagecache pages [ 111.180409][ T6844] 9 pages in swap cache [ 111.184661][ T6844] Free swap = 124640kB [ 111.188925][ T6844] Total swap = 124996kB [ 111.193105][ T6844] 2097051 pages RAM [ 111.197018][ T6844] 0 pages HighMem/MovableOnly [ 111.201878][ T6844] 80811 pages reserved [ 111.411539][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.599344][ T6870] syzkaller0: entered promiscuous mode [ 111.604985][ T6870] syzkaller0: entered allmulticast mode [ 111.620547][ T6873] tipc: Cannot configure node identity twice [ 111.741285][ T6880] loop4: detected capacity change from 0 to 128 [ 111.814975][ T6880] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 111.837493][ T6880] ext4 filesystem being mounted at /167/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.172568][ T29] kauditd_printk_skb: 185 callbacks suppressed [ 112.172661][ T29] audit: type=1326 audit(1750010673.719:4598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6894 comm="syz.3.978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fe82e86e929 code=0x7ffc0000 [ 112.237176][ T3312] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 112.349310][ T29] audit: type=1326 audit(1750010673.889:4599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6905 comm="syz.2.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 112.471531][ T29] audit: type=1326 audit(1750010673.919:4600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6905 comm="syz.2.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 112.495722][ T29] audit: type=1326 audit(1750010673.929:4601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6905 comm="syz.2.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 112.519511][ T29] audit: type=1326 audit(1750010673.929:4602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6905 comm="syz.2.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 112.543151][ T29] audit: type=1326 audit(1750010673.929:4603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6905 comm="syz.2.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 112.567018][ T29] audit: type=1326 audit(1750010673.939:4604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6905 comm="syz.2.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 112.590751][ T29] audit: type=1326 audit(1750010673.939:4605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6905 comm="syz.2.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 112.614401][ T29] audit: type=1326 audit(1750010673.939:4606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6905 comm="syz.2.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 112.637854][ T29] audit: type=1326 audit(1750010673.939:4607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6905 comm="syz.2.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 112.875258][ T6923] loop2: detected capacity change from 0 to 2048 [ 112.918928][ T6923] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 112.950844][ T6932] loop3: detected capacity change from 0 to 128 [ 113.031865][ T6932] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 113.049521][ T6932] ext4 filesystem being mounted at /170/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 113.087647][ T6938] loop2: detected capacity change from 0 to 1024 [ 113.115518][ T6938] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.285946][ T6944] loop4: detected capacity change from 0 to 512 [ 113.295095][ T3314] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 113.320867][ T6944] EXT4-fs (loop4): 1 orphan inode deleted [ 113.335091][ T6944] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.350101][ T6944] ext4 filesystem being mounted at /171/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 113.350604][ T5036] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 1 [ 113.403092][ T6960] loop0: detected capacity change from 0 to 512 [ 113.428813][ T6961] netlink: 'syz.1.994': attribute type 4 has an invalid length. [ 113.442780][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.456381][ T6960] EXT4-fs (loop0): 1 orphan inode deleted [ 113.463929][ T6960] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.479057][ T5036] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 1 [ 113.495638][ T6960] ext4 filesystem being mounted at /203/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 113.511471][ T6960] FAULT_INJECTION: forcing a failure. [ 113.511471][ T6960] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 113.524886][ T6960] CPU: 1 UID: 0 PID: 6960 Comm: syz.0.997 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 113.524921][ T6960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.524938][ T6960] Call Trace: [ 113.524984][ T6960] [ 113.524995][ T6960] __dump_stack+0x1d/0x30 [ 113.525017][ T6960] dump_stack_lvl+0xe8/0x140 [ 113.525092][ T6960] dump_stack+0x15/0x1b [ 113.525107][ T6960] should_fail_ex+0x265/0x280 [ 113.525139][ T6960] should_fail+0xb/0x20 [ 113.525175][ T6960] should_fail_usercopy+0x1a/0x20 [ 113.525220][ T6960] _copy_from_user+0x1c/0xb0 [ 113.525241][ T6960] ___sys_sendmsg+0xc1/0x1d0 [ 113.525280][ T6960] __sys_sendmmsg+0x178/0x300 [ 113.525384][ T6960] __x64_sys_sendmmsg+0x57/0x70 [ 113.525407][ T6960] x64_sys_call+0x2f2f/0x2fb0 [ 113.525434][ T6960] do_syscall_64+0xd2/0x200 [ 113.525518][ T6960] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 113.525547][ T6960] ? clear_bhb_loop+0x40/0x90 [ 113.525567][ T6960] ? clear_bhb_loop+0x40/0x90 [ 113.525588][ T6960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.525610][ T6960] RIP: 0033:0x7fb6f30ee929 [ 113.525702][ T6960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.525720][ T6960] RSP: 002b:00007fb6f1757038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 113.525743][ T6960] RAX: ffffffffffffffda RBX: 00007fb6f3315fa0 RCX: 00007fb6f30ee929 [ 113.525834][ T6960] RDX: 0000000000000002 RSI: 0000200000000580 RDI: 0000000000000004 [ 113.525851][ T6960] RBP: 00007fb6f1757090 R08: 0000000000000000 R09: 0000000000000000 [ 113.525866][ T6960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.525881][ T6960] R13: 0000000000000000 R14: 00007fb6f3315fa0 R15: 00007ffd513a60d8 [ 113.525953][ T6960] [ 113.743316][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.771917][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.810737][ T6979] __nla_validate_parse: 20 callbacks suppressed [ 113.810757][ T6979] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1003'. [ 113.906648][ T6984] loop2: detected capacity change from 0 to 128 [ 113.917310][ T6984] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 113.932238][ T6984] ext4 filesystem being mounted at /229/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 114.009096][ T3306] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 114.547377][ T7007] loop3: detected capacity change from 0 to 512 [ 114.585778][ T7007] EXT4-fs: Ignoring removed mblk_io_submit option [ 114.715930][ T7007] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.1012: inode #13: comm syz.3.1012: iget: illegal inode # [ 114.736384][ T7013] netlink: 'syz.4.1011': attribute type 4 has an invalid length. [ 114.754161][ T7015] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1014'. [ 114.764807][ T7007] EXT4-fs (loop3): Remounting filesystem read-only [ 114.772049][ T7007] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.838279][ T7007] lo speed is unknown, defaulting to 1000 [ 114.949064][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.013277][ T7022] loop2: detected capacity change from 0 to 512 [ 115.038096][ T7023] netlink: 'syz.1.1017': attribute type 4 has an invalid length. [ 115.063140][ T7022] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.099311][ T7022] ext4 filesystem being mounted at /234/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 115.121992][ T7025] loop3: detected capacity change from 0 to 512 [ 115.144023][ T7025] EXT4-fs (loop3): 1 orphan inode deleted [ 115.157330][ T7025] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.182306][ T37] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:2: Failed to release dquot type 1 [ 115.197990][ T7025] ext4 filesystem being mounted at /175/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 115.212279][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.378358][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.412168][ T7037] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 115.642388][ T7052] netlink: 'syz.4.1029': attribute type 4 has an invalid length. [ 115.656986][ T7052] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 115.725239][ T7056] xt_hashlimit: size too large, truncated to 1048576 [ 116.206271][ T7069] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 116.240412][ T7068] netlink: 'syz.1.1034': attribute type 4 has an invalid length. [ 116.247082][ T7070] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1036'. [ 116.274630][ T7070] netlink: 'syz.2.1036': attribute type 13 has an invalid length. [ 116.402057][ T7087] loop4: detected capacity change from 0 to 128 [ 116.427084][ T7087] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 116.467194][ T7087] ext4 filesystem being mounted at /183/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.484521][ T7085] syzkaller0: entered promiscuous mode [ 116.490290][ T7085] syzkaller0: entered allmulticast mode [ 116.614426][ T3312] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 116.658249][ T7105] FAULT_INJECTION: forcing a failure. [ 116.658249][ T7105] name failslab, interval 1, probability 0, space 0, times 0 [ 116.671695][ T7105] CPU: 1 UID: 0 PID: 7105 Comm: syz.4.1047 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 116.671729][ T7105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.671775][ T7105] Call Trace: [ 116.671794][ T7105] [ 116.671803][ T7105] __dump_stack+0x1d/0x30 [ 116.671829][ T7105] dump_stack_lvl+0xe8/0x140 [ 116.671972][ T7105] dump_stack+0x15/0x1b [ 116.671994][ T7105] should_fail_ex+0x265/0x280 [ 116.672032][ T7105] should_failslab+0x8c/0xb0 [ 116.672059][ T7105] kmem_cache_alloc_noprof+0x50/0x310 [ 116.672164][ T7105] ? audit_log_start+0x365/0x6c0 [ 116.672207][ T7105] audit_log_start+0x365/0x6c0 [ 116.672246][ T7105] ? __list_add_valid_or_report+0x38/0xe0 [ 116.672319][ T7105] audit_seccomp+0x48/0x100 [ 116.672406][ T7105] ? __seccomp_filter+0x68c/0x10d0 [ 116.672436][ T7105] __seccomp_filter+0x69d/0x10d0 [ 116.672472][ T7105] ? __alloc_frozen_pages_noprof+0x15f/0x360 [ 116.672564][ T7105] ? __rcu_read_unlock+0x4f/0x70 [ 116.672584][ T7105] ? __mod_node_page_state+0x1c/0x80 [ 116.672619][ T7105] __secure_computing+0x82/0x150 [ 116.672677][ T7105] syscall_trace_enter+0xcf/0x1e0 [ 116.672701][ T7105] do_syscall_64+0xac/0x200 [ 116.672797][ T7105] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 116.672825][ T7105] ? clear_bhb_loop+0x40/0x90 [ 116.673023][ T7105] ? clear_bhb_loop+0x40/0x90 [ 116.673049][ T7105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.673076][ T7105] RIP: 0033:0x7f597a75d33c [ 116.673096][ T7105] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 116.673118][ T7105] RSP: 002b:00007f5978dc7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 116.673198][ T7105] RAX: ffffffffffffffda RBX: 00007f597a985fa0 RCX: 00007f597a75d33c [ 116.673215][ T7105] RDX: 000000000000000f RSI: 00007f5978dc70a0 RDI: 0000000000000006 [ 116.673229][ T7105] RBP: 00007f5978dc7090 R08: 0000000000000000 R09: 0000000000000000 [ 116.673279][ T7105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.673291][ T7105] R13: 0000000000000000 R14: 00007f597a985fa0 R15: 00007fff4bb6a058 [ 116.673320][ T7105] [ 117.255757][ T29] kauditd_printk_skb: 544 callbacks suppressed [ 117.255776][ T29] audit: type=1326 audit(1750010678.799:5147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7120 comm="syz.4.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 117.297399][ T7123] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1055'. [ 117.348192][ T7125] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1055'. [ 117.389569][ T29] audit: type=1326 audit(1750010678.839:5148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7120 comm="syz.4.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 117.413284][ T29] audit: type=1326 audit(1750010678.839:5149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7120 comm="syz.4.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 117.436941][ T29] audit: type=1326 audit(1750010678.839:5150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7120 comm="syz.4.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 117.460607][ T29] audit: type=1326 audit(1750010678.839:5151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7120 comm="syz.4.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 117.485298][ T29] audit: type=1326 audit(1750010678.839:5152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7120 comm="syz.4.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 117.509491][ T29] audit: type=1326 audit(1750010678.839:5153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7120 comm="syz.4.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 117.533511][ T29] audit: type=1326 audit(1750010678.839:5154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7120 comm="syz.4.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 117.557258][ T29] audit: type=1326 audit(1750010678.839:5155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7120 comm="syz.4.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 117.580983][ T29] audit: type=1326 audit(1750010678.839:5156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7120 comm="syz.4.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 117.767279][ T7127] loop4: detected capacity change from 0 to 128 [ 117.860865][ T7127] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 117.877277][ T7136] loop0: detected capacity change from 0 to 512 [ 117.885958][ T7127] ext4 filesystem being mounted at /188/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 117.917325][ T7136] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.941537][ T7136] ext4 filesystem being mounted at /215/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 118.040463][ T7142] syzkaller0: entered promiscuous mode [ 118.046010][ T7142] syzkaller0: entered allmulticast mode [ 118.055592][ T7144] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1061'. [ 118.097397][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.128340][ T3312] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 118.189337][ T7144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.196807][ T7144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 118.230070][ T7144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.237812][ T7144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 118.408069][ T7156] netlink: 'syz.4.1065': attribute type 4 has an invalid length. [ 118.741251][ T7163] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1069'. [ 118.772708][ T7163] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1069'. [ 119.001148][ T7167] loop3: detected capacity change from 0 to 128 [ 119.036788][ T7167] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 119.085245][ T7167] ext4 filesystem being mounted at /180/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 119.187253][ T3314] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 119.230443][ T7175] loop4: detected capacity change from 0 to 128 [ 119.265286][ T7175] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 119.282333][ T7180] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 119.306740][ T7175] ext4 filesystem being mounted at /191/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 119.432978][ T7187] xt_hashlimit: size too large, truncated to 1048576 [ 119.470152][ T3312] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 119.692707][ T7190] syzkaller0: entered promiscuous mode [ 119.698314][ T7190] syzkaller0: entered allmulticast mode [ 119.707069][ T7194] loop4: detected capacity change from 0 to 512 [ 119.776670][ T7194] EXT4-fs (loop4): 1 orphan inode deleted [ 119.795555][ T37] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:2: Failed to release dquot type 1 [ 119.819466][ T7194] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.847405][ T7194] ext4 filesystem being mounted at /192/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 119.910718][ T7200] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 120.041677][ T7207] loop3: detected capacity change from 0 to 128 [ 120.070615][ T7207] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 120.072753][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.111168][ T7207] ext4 filesystem being mounted at /185/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 120.202907][ T7159] loop0: detected capacity change from 0 to 256 [ 120.212169][ T3314] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 120.233641][ T7159] FAT-fs (loop0): Directory bread(block 64) failed [ 120.240358][ T7159] FAT-fs (loop0): Directory bread(block 65) failed [ 120.247152][ T7159] FAT-fs (loop0): Directory bread(block 66) failed [ 120.259234][ T7159] FAT-fs (loop0): Directory bread(block 67) failed [ 120.269300][ T7159] FAT-fs (loop0): Directory bread(block 68) failed [ 120.276118][ T7159] FAT-fs (loop0): Directory bread(block 69) failed [ 120.284132][ T7159] FAT-fs (loop0): Directory bread(block 70) failed [ 120.288981][ T7217] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 120.293570][ T7216] random: crng reseeded on system resumption [ 120.319221][ T7159] FAT-fs (loop0): Directory bread(block 71) failed [ 120.338838][ T7159] FAT-fs (loop0): Directory bread(block 72) failed [ 120.353423][ T7159] FAT-fs (loop0): Directory bread(block 73) failed [ 120.415656][ T7226] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1087'. [ 120.477241][ T7232] loop4: detected capacity change from 0 to 512 [ 120.505521][ T7232] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.518725][ T7232] ext4 filesystem being mounted at /195/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 120.562474][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.621313][ T7243] loop4: detected capacity change from 0 to 1024 [ 120.640464][ T7243] EXT4-fs (loop4): can't mount with journal_async_commit, fs mounted w/o journal [ 120.715130][ T7243] loop4: detected capacity change from 0 to 8192 [ 120.755564][ T7249] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 120.855236][ T7252] loop3: detected capacity change from 0 to 512 [ 120.904263][ T7252] EXT4-fs (loop3): 1 orphan inode deleted [ 120.920577][ T12] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:0: Failed to release dquot type 1 [ 120.927956][ T7252] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.960815][ T7252] ext4 filesystem being mounted at /188/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 120.977447][ T7263] loop0: detected capacity change from 0 to 128 [ 121.042911][ T7263] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 121.081408][ T7263] ext4 filesystem being mounted at /220/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 121.096040][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.141637][ T3310] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 121.232733][ T7274] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 121.347270][ T7282] loop2: detected capacity change from 0 to 128 [ 121.365769][ T7282] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 121.385130][ T7284] loop0: detected capacity change from 0 to 512 [ 121.395970][ T7282] ext4 filesystem being mounted at /251/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 121.424583][ T7284] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.454570][ T7283] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1104'. [ 121.499250][ T7284] ext4 filesystem being mounted at /222/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 121.521084][ T3306] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 121.688603][ T7298] loop2: detected capacity change from 0 to 512 [ 121.696472][ T7298] EXT4-fs: Ignoring removed i_version option [ 121.704603][ T7298] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 121.717825][ T7298] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e12c, mo2=0002] [ 121.751279][ T7298] System zones: 1-12 [ 121.764280][ T7298] EXT4-fs (loop2): orphan cleanup on readonly fs [ 121.782364][ T7298] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.1107: invalid indirect mapped block 12 (level 1) [ 121.814232][ T7298] EXT4-fs (loop2): Remounting filesystem read-only [ 121.824033][ T7298] EXT4-fs (loop2): 1 truncate cleaned up [ 121.830697][ T7298] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 121.926426][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 122.104786][ T7316] loop2: detected capacity change from 0 to 1024 [ 122.122463][ T7316] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.149736][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.161261][ T7316] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1117'. [ 122.196398][ T7320] FAULT_INJECTION: forcing a failure. [ 122.196398][ T7320] name failslab, interval 1, probability 0, space 0, times 0 [ 122.209634][ T7320] CPU: 0 UID: 0 PID: 7320 Comm: syz.0.1118 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 122.209665][ T7320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.209677][ T7320] Call Trace: [ 122.209682][ T7320] [ 122.209721][ T7320] __dump_stack+0x1d/0x30 [ 122.209747][ T7320] dump_stack_lvl+0xe8/0x140 [ 122.209774][ T7320] dump_stack+0x15/0x1b [ 122.209851][ T7320] should_fail_ex+0x265/0x280 [ 122.209885][ T7320] should_failslab+0x8c/0xb0 [ 122.209912][ T7320] __kmalloc_node_noprof+0xa9/0x410 [ 122.209958][ T7320] ? crypto_create_tfm_node+0x5c/0x250 [ 122.210045][ T7320] crypto_create_tfm_node+0x5c/0x250 [ 122.210142][ T7320] ? crypto_alg_mod_lookup+0x2f9/0x490 [ 122.210168][ T7320] crypto_alloc_tfm_node+0xdc/0x2b0 [ 122.210190][ T7320] ? __kmalloc_node_track_caller_noprof+0x1e5/0x410 [ 122.210329][ T7320] crypto_alloc_sync_skcipher+0x39/0xa0 [ 122.210355][ T7320] set_secret+0xec/0x250 [ 122.210435][ T7320] ceph_crypto_key_decode+0x104/0x170 [ 122.210477][ T7320] ceph_key_preparse+0xbb/0x140 [ 122.210513][ T7320] __key_create_or_update+0x288/0x750 [ 122.210606][ T7320] ? key_validate+0xad/0xd0 [ 122.210675][ T7320] key_create_or_update+0x42/0x60 [ 122.210697][ T7320] __se_sys_add_key+0x296/0x350 [ 122.210729][ T7320] __x64_sys_add_key+0x67/0x80 [ 122.210753][ T7320] x64_sys_call+0x1d0d/0x2fb0 [ 122.210889][ T7320] do_syscall_64+0xd2/0x200 [ 122.210906][ T7320] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 122.210934][ T7320] ? clear_bhb_loop+0x40/0x90 [ 122.210961][ T7320] ? clear_bhb_loop+0x40/0x90 [ 122.210991][ T7320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.211018][ T7320] RIP: 0033:0x7fb6f30ee929 [ 122.211037][ T7320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.211055][ T7320] RSP: 002b:00007fb6f1757038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 122.211073][ T7320] RAX: ffffffffffffffda RBX: 00007fb6f3315fa0 RCX: 00007fb6f30ee929 [ 122.211109][ T7320] RDX: 0000200000000bc0 RSI: 0000000000000000 RDI: 0000200000000040 [ 122.211125][ T7320] RBP: 00007fb6f1757090 R08: 0000000003b31528 R09: 0000000000000000 [ 122.211162][ T7320] R10: 000000000000012d R11: 0000000000000246 R12: 0000000000000001 [ 122.211178][ T7320] R13: 0000000000000000 R14: 00007fb6f3315fa0 R15: 00007ffd513a60d8 [ 122.211206][ T7320] [ 122.489024][ T29] kauditd_printk_skb: 353 callbacks suppressed [ 122.495834][ T29] audit: type=1326 audit(1750010684.029:5508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7322 comm="syz.4.1119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 122.520980][ T7325] FAULT_INJECTION: forcing a failure. [ 122.520980][ T7325] name failslab, interval 1, probability 0, space 0, times 0 [ 122.534070][ T7325] CPU: 1 UID: 0 PID: 7325 Comm: +}[@ Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 122.534103][ T7325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.534119][ T7325] Call Trace: [ 122.534126][ T7325] [ 122.534135][ T7325] __dump_stack+0x1d/0x30 [ 122.534219][ T7325] dump_stack_lvl+0xe8/0x140 [ 122.534279][ T7325] dump_stack+0x15/0x1b [ 122.534305][ T7325] should_fail_ex+0x265/0x280 [ 122.534345][ T7325] should_failslab+0x8c/0xb0 [ 122.534375][ T7325] kmem_cache_alloc_node_noprof+0x57/0x320 [ 122.534465][ T7325] ? __alloc_skb+0x101/0x320 [ 122.534496][ T7325] __alloc_skb+0x101/0x320 [ 122.534548][ T7325] ? audit_log_start+0x365/0x6c0 [ 122.534591][ T7325] audit_log_start+0x380/0x6c0 [ 122.534632][ T7325] audit_seccomp+0x48/0x100 [ 122.534745][ T7325] ? __seccomp_filter+0x68c/0x10d0 [ 122.534772][ T7325] __seccomp_filter+0x69d/0x10d0 [ 122.534804][ T7325] ? perf_event_comm+0x188/0x210 [ 122.534881][ T7325] ? proc_comm_connector+0x159/0x2c0 [ 122.534917][ T7325] __secure_computing+0x82/0x150 [ 122.535002][ T7325] syscall_trace_enter+0xcf/0x1e0 [ 122.535027][ T7325] do_syscall_64+0xac/0x200 [ 122.535045][ T7325] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 122.535086][ T7325] ? clear_bhb_loop+0x40/0x90 [ 122.535108][ T7325] ? clear_bhb_loop+0x40/0x90 [ 122.535132][ T7325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.535152][ T7325] RIP: 0033:0x7fb6f30ed33c [ 122.535166][ T7325] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 122.535241][ T7325] RSP: 002b:00007fb6f1757030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 122.535261][ T7325] RAX: ffffffffffffffda RBX: 00007fb6f3315fa0 RCX: 00007fb6f30ed33c [ 122.535273][ T7325] RDX: 000000000000000f RSI: 00007fb6f17570a0 RDI: 0000000000000005 [ 122.535359][ T7325] RBP: 00007fb6f1757090 R08: 0000000000000000 R09: 0000000000000000 [ 122.535411][ T7325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.535427][ T7325] R13: 0000000000000000 R14: 00007fb6f3315fa0 R15: 00007ffd513a60d8 [ 122.535458][ T7325] [ 122.535565][ T7325] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64 [ 122.558591][ T29] audit: type=1326 audit(1750010684.029:5509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7322 comm="syz.4.1119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 122.558657][ T29] audit: type=1326 audit(1750010684.039:5510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7322 comm="syz.4.1119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 122.558743][ T29] audit: type=1326 audit(1750010684.039:5511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7322 comm="syz.4.1119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 122.562520][ T7325] audit: out of memory in audit_log_start [ 122.565170][ T29] audit: type=1326 audit(1750010684.039:5512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7322 comm="syz.4.1119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 122.855713][ T7336] loop4: detected capacity change from 0 to 512 [ 122.864723][ T29] audit: type=1326 audit(1750010684.039:5513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7322 comm="syz.4.1119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 122.894844][ T29] audit: type=1326 audit(1750010684.039:5514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7322 comm="syz.4.1119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597a75e929 code=0x7ffc0000 [ 122.904280][ T7337] xt_hashlimit: size too large, truncated to 1048576 [ 122.918496][ T29] audit: type=1400 audit(1750010684.039:5515): avc: denied { read write } for pid=7315 comm="syz.2.1117" name="nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 123.047810][ T7336] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.053410][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.068458][ T7336] ext4 filesystem being mounted at /198/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 123.195339][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.212493][ T7348] loop3: detected capacity change from 0 to 1024 [ 123.215608][ T7349] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1128'. [ 123.233108][ T7348] EXT4-fs: Ignoring removed nomblk_io_submit option [ 123.246537][ T7349] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1128'. [ 123.275049][ T7348] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 123.321942][ T7348] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.399529][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.467955][ T7362] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 123.471700][ T7349] netlink: 'syz.1.1128': attribute type 21 has an invalid length. [ 123.535840][ T7370] loop4: detected capacity change from 0 to 1024 [ 123.593665][ T7370] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. [ 123.712809][ T7383] loop0: detected capacity change from 0 to 2048 [ 123.764716][ T7383] loop0: p3 < > p4 < > [ 123.769004][ T7383] loop0: partition table partially beyond EOD, truncated [ 123.786583][ T7383] loop0: p3 start 4284289 is beyond EOD, truncated [ 123.799562][ T7390] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 123.807950][ T7390] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 123.882838][ T7395] netlink: 'syz.3.1145': attribute type 4 has an invalid length. [ 123.894795][ T7383] netlink: 8 bytes leftover after parsing attributes in process `GPL'. [ 123.905151][ T7383] IPVS: Error joining to the multicast group [ 123.941087][ T7404] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1151'. [ 123.962770][ T7404] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1151'. [ 124.098236][ T7421] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1156'. [ 124.098236][ T7418] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1157'. [ 124.253514][ T7404] netlink: 'syz.1.1151': attribute type 21 has an invalid length. [ 124.282368][ T7437] loop2: detected capacity change from 0 to 1024 [ 124.354462][ T7437] program syz.2.1163 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 124.385201][ T7437] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 124.452075][ T7453] syzkaller0: entered promiscuous mode [ 124.458216][ T7453] syzkaller0: entered allmulticast mode [ 124.505309][ T7463] loop4: detected capacity change from 0 to 1024 [ 124.514652][ T7463] EXT4-fs: Ignoring removed orlov option [ 124.527523][ T7463] EXT4-fs (loop4): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 124.615194][ T3597] IPVS: starting estimator thread 0... [ 124.617200][ T7467] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 124.720584][ T7472] IPVS: using max 2352 ests per chain, 117600 per kthread [ 124.758532][ T7482] loop0: detected capacity change from 0 to 512 [ 124.794306][ T7482] ext4 filesystem being mounted at /240/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 124.893300][ T7482] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 125.410636][ T7517] loop3: detected capacity change from 0 to 8192 [ 125.492897][ T7517] __nla_validate_parse: 6 callbacks suppressed [ 125.492913][ T7517] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1189'. [ 125.508284][ T7517] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1189'. [ 125.552950][ T7517] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1189'. [ 125.683281][ T7529] random: crng reseeded on system resumption [ 125.762170][ T7534] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1194'. [ 125.928480][ T7541] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1197'. [ 126.180149][ T7554] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1200'. [ 126.206042][ T7554] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1200'. [ 126.511515][ T7554] netlink: 'syz.2.1200': attribute type 21 has an invalid length. [ 126.857432][ T7595] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 126.875044][ T7594] loop0: detected capacity change from 0 to 2048 [ 126.903966][ T7594] ext4 filesystem being mounted at /250/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.982366][ T7594] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 126.990928][ T7594] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 127.249513][ T7611] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1213'. [ 127.263453][ T7611] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1213'. [ 127.511505][ T29] kauditd_printk_skb: 390 callbacks suppressed [ 127.511578][ T29] audit: type=1326 audit(1750010689.049:5906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7619 comm="syz.3.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fe82e86e929 code=0x7ffc0000 [ 127.546991][ T7628] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 127.573947][ T7611] netlink: 'syz.1.1213': attribute type 21 has an invalid length. [ 127.724402][ T7637] syzkaller0: entered promiscuous mode [ 127.729982][ T7637] syzkaller0: entered allmulticast mode [ 127.855780][ T7652] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1225'. [ 128.064454][ T7667] loop2: detected capacity change from 0 to 256 [ 128.074447][ T7667] FAT-fs (loop2): bogus sectors per cluster 255 [ 128.080801][ T7667] FAT-fs (loop2): Can't find a valid FAT filesystem [ 128.174506][ T29] audit: type=1326 audit(1750010689.719:5907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7675 comm="syz.0.1234" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb6f30ee929 code=0x0 [ 128.200973][ T29] audit: type=1326 audit(1750010689.719:5908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7666 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 128.224969][ T29] audit: type=1326 audit(1750010689.719:5909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7666 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 128.248884][ T29] audit: type=1326 audit(1750010689.719:5910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7666 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 128.274770][ T29] audit: type=1326 audit(1750010689.719:5911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7666 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=224 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 128.298890][ T29] audit: type=1326 audit(1750010689.719:5912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7666 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 128.322550][ T29] audit: type=1326 audit(1750010689.719:5913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7666 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 128.346537][ T29] audit: type=1326 audit(1750010689.719:5914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7666 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 128.370098][ T29] audit: type=1326 audit(1750010689.719:5915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7666 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 128.461568][ T7685] netlink: 'syz.0.1234': attribute type 4 has an invalid length. [ 128.819110][ T7715] netlink: 'syz.2.1246': attribute type 39 has an invalid length. [ 129.115040][ T7735] syzkaller0: entered promiscuous mode [ 129.120768][ T7735] syzkaller0: entered allmulticast mode [ 129.357140][ T7754] aaaaaaaaaaaaa: renamed from bond0 (while UP) [ 129.376790][ T7756] xt_hashlimit: size too large, truncated to 1048576 [ 129.387692][ T7754] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7754 comm=syz.2.1256 [ 129.697967][ T7766] netlink: 'syz.3.1259': attribute type 39 has an invalid length. [ 129.834308][ T7771] xt_hashlimit: size too large, truncated to 1048576 [ 129.933383][ T7774] loop3: detected capacity change from 0 to 1024 [ 129.986647][ T7774] EXT4-fs (loop3): can't mount with journal_async_commit, fs mounted w/o journal [ 130.158865][ T7774] loop3: detected capacity change from 0 to 8192 [ 130.303487][ T7788] syzkaller0: entered promiscuous mode [ 130.309233][ T7788] syzkaller0: entered allmulticast mode [ 130.435405][ T7806] loop3: detected capacity change from 0 to 1024 [ 130.464274][ T7806] EXT4-fs (loop3): can't mount with journal_async_commit, fs mounted w/o journal [ 130.526794][ T7806] loop3: detected capacity change from 0 to 8192 [ 131.327321][ T7879] loop0: detected capacity change from 0 to 1024 [ 131.441614][ T7879] EXT4-fs (loop0): can't mount with journal_async_commit, fs mounted w/o journal [ 131.587109][ T7879] loop0: detected capacity change from 0 to 8192 [ 131.851456][ T7908] syzkaller0: entered promiscuous mode [ 131.857047][ T7908] syzkaller0: entered allmulticast mode [ 131.866368][ T7912] 9pnet: Could not find request transport: f [ 132.064117][ T7929] __nla_validate_parse: 18 callbacks suppressed [ 132.064136][ T7929] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1312'. [ 132.095138][ T7926] xt_hashlimit: size too large, truncated to 1048576 [ 132.241492][ T7934] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 132.488615][ T7942] netlink: 'syz.0.1314': attribute type 4 has an invalid length. [ 132.567279][ T7943] netlink: 'syz.3.1315': attribute type 14 has an invalid length. [ 132.575363][ T7943] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1315'. [ 132.626474][ T7947] loop3: detected capacity change from 0 to 1024 [ 132.662275][ T29] kauditd_printk_skb: 235 callbacks suppressed [ 132.662387][ T29] audit: type=1326 audit(1750010694.199:6151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.2.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 132.694298][ T29] audit: type=1326 audit(1750010694.199:6152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.2.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 132.718162][ T29] audit: type=1326 audit(1750010694.199:6153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.2.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 132.720740][ T7947] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 132.742039][ T29] audit: type=1326 audit(1750010694.199:6154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.2.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 132.773568][ T7947] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 132.775588][ T29] audit: type=1326 audit(1750010694.199:6155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.2.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 132.799259][ T7947] EXT4-fs (loop3): orphan cleanup on readonly fs [ 132.807154][ T29] audit: type=1326 audit(1750010694.199:6156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.2.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 132.815138][ T7947] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.1315: Invalid inode table block 0 in block_group 0 [ 132.836965][ T29] audit: type=1326 audit(1750010694.199:6157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.2.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 132.850098][ T7947] EXT4-fs (loop3): Remounting filesystem read-only [ 132.873368][ T29] audit: type=1326 audit(1750010694.199:6158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.2.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e9f5e929 code=0x7ffc0000 [ 132.879886][ T7947] Quota error (device loop3): write_blk: dquota write failed [ 132.879982][ T7947] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 132.926220][ T7949] netlink: 'syz.2.1317': attribute type 1 has an invalid length. [ 132.932068][ T7947] EXT4-fs (loop3): 1 truncate cleaned up [ 132.934633][ T7949] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1317'. [ 132.950671][ T7947] EXT4-fs mount: 10 callbacks suppressed [ 132.950689][ T7947] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 133.301985][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.402250][ T7976] lo speed is unknown, defaulting to 1000 [ 133.467542][ T7990] loop2: detected capacity change from 0 to 1024 [ 133.483839][ T7993] aaaaaaaaaaaaa: renamed from bond0 (while UP) [ 133.512526][ T7993] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7993 comm=syz.3.1330 [ 133.530329][ T7990] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 133.558831][ T7995] xt_hashlimit: size too large, truncated to 1048576 [ 133.594240][ T7990] loop2: detected capacity change from 0 to 256 [ 133.620380][ T7990] vfat: Unknown parameter '00000000000000000000005' [ 133.828005][ T8001] xt_hashlimit: size too large, truncated to 1048576 [ 134.524599][ T8031] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 134.594960][ T8038] 9pnet: p9_errstr2errno: server reported unknown error [ 134.916608][ T8064] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 134.918634][ T8065] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1357'. [ 134.935686][ T8065] unsupported nla_type 65024 [ 135.230793][ T8087] netlink: 'syz.1.1368': attribute type 4 has an invalid length. [ 135.267806][ T8088] netlink: 'syz.3.1367': attribute type 4 has an invalid length. [ 135.462752][ T8103] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 135.510126][ T8108] Invalid ELF header magic: != ELF [ 135.585351][ T8113] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1379'. [ 135.595169][ T8113] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1379'. [ 135.630090][ T8113] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1379'. [ 135.639474][ T8113] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1379'. [ 135.684026][ T8113] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1379'. [ 135.693531][ T8113] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1379'. [ 135.920554][ T8128] netlink: 'syz.4.1384': attribute type 21 has an invalid length. [ 136.045565][ T8143] loop3: detected capacity change from 0 to 1024 [ 136.075900][ T8143] EXT4-fs (loop3): can't mount with journal_async_commit, fs mounted w/o journal [ 136.159375][ T8154] netlink: 'syz.1.1392': attribute type 21 has an invalid length. [ 136.200974][ T8143] loop3: detected capacity change from 0 to 8192 [ 137.632726][ T8193] xt_hashlimit: size too large, truncated to 1048576 [ 137.778423][ T8199] __nla_validate_parse: 9 callbacks suppressed [ 137.778442][ T8199] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1403'. [ 137.793874][ T8199] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1403'. [ 137.804902][ T8197] netlink: 'syz.0.1400': attribute type 4 has an invalid length. [ 137.961827][ T8199] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1403'. [ 137.971163][ T8199] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1403'. [ 138.165800][ T8199] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1403'. [ 138.175297][ T8199] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1403'. [ 138.337516][ T29] kauditd_printk_skb: 287 callbacks suppressed [ 138.337535][ T29] audit: type=1326 audit(1750010699.879:6446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8211 comm="syz.1.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 138.367550][ T29] audit: type=1326 audit(1750010699.879:6447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8211 comm="syz.1.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 138.467611][ T29] audit: type=1326 audit(1750010700.009:6448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8211 comm="syz.1.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=279 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 138.492126][ T29] audit: type=1326 audit(1750010700.009:6449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8211 comm="syz.1.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 138.497768][ T8222] loop2: detected capacity change from 0 to 1024 [ 138.516438][ T29] audit: type=1326 audit(1750010700.009:6450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8211 comm="syz.1.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 138.610314][ T2] ================================================================== [ 138.618546][ T2] BUG: KCSAN: data-race in copy_process / free_pid [ 138.625072][ T2] [ 138.627409][ T2] read-write to 0xffffffff86860860 of 4 bytes by task 3312 on cpu 0: [ 138.635704][ T2] free_pid+0x77/0x180 [ 138.640076][ T2] free_pids+0x54/0xb0 [ 138.644679][ T2] release_task+0x9a9/0xb60 [ 138.649219][ T2] wait_consider_task+0x113f/0x1650 [ 138.654587][ T2] __do_wait+0xfa/0x510 [ 138.658870][ T2] do_wait+0xb7/0x260 [ 138.663067][ T2] kernel_wait4+0x16b/0x1e0 [ 138.667728][ T2] __x64_sys_wait4+0x91/0x120 [ 138.672448][ T2] x64_sys_call+0x26c8/0x2fb0 [ 138.677240][ T2] do_syscall_64+0xd2/0x200 [ 138.681854][ T2] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.688369][ T2] [ 138.690797][ T2] read to 0xffffffff86860860 of 4 bytes by task 2 on cpu 1: [ 138.698090][ T2] copy_process+0x148f/0x1fe0 [ 138.702887][ T2] kernel_clone+0x16c/0x5b0 [ 138.707543][ T2] kernel_thread+0xac/0xe0 [ 138.711990][ T2] kthreadd+0x28d/0x360 [ 138.716161][ T2] ret_from_fork+0xda/0x150 [ 138.720785][ T2] ret_from_fork_asm+0x1a/0x30 [ 138.725665][ T2] [ 138.728013][ T2] value changed: 0x80000164 -> 0x80000163 [ 138.733950][ T2] [ 138.736286][ T2] Reported by Kernel Concurrency Sanitizer on: [ 138.742533][ T2] CPU: 1 UID: 0 PID: 2 Comm: kthreadd Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) [ 138.754634][ T2] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 138.764733][ T2] ================================================================== [ 138.778393][ T29] audit: type=1326 audit(1750010700.009:6451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8211 comm="syz.1.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 138.802417][ T29] audit: type=1326 audit(1750010700.009:6452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8211 comm="syz.1.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 138.826099][ T29] audit: type=1326 audit(1750010700.009:6453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8211 comm="syz.1.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 138.849828][ T29] audit: type=1326 audit(1750010700.009:6454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8211 comm="syz.1.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 138.853540][ T8222] EXT4-fs (loop2): can't mount with journal_async_commit, fs mounted w/o journal [ 138.873548][ T29] audit: type=1326 audit(1750010700.019:6455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8211 comm="syz.1.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f98afe929 code=0x7ffc0000 [ 138.970090][ T8222] loop2: detected capacity change from 0 to 8192