last executing test programs: 1.20948602s ago: executing program 1 (id=1666): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x3}, 0x200, 0x0, 0x0, 0x7, 0x0, 0x7fffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000100)='(()}^+&)\x00') setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f00000001c0)='w\xde\xa3\x05\xff\a\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x86\xef\\\xc0\x89\av\x9f\xd6\xd1\x98<\xc8\x18E/\x8c\x1a\xe3\xbd') r3 = perf_event_open(&(0x7f00000005c0)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f00000001c0)=r3}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10) socket$nl_route(0x10, 0x3, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r6, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210021ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) r10 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r10, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f00000002c0)=0x10) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080), 0x8) sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000006880)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)={0x24, r9, 0x1, 0x0, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x0) 1.111408132s ago: executing program 0 (id=1668): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001740)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010700000000000000a6670000000800c300000000000800c4"], 0x2c}}, 0x0) 1.081974402s ago: executing program 0 (id=1669): socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48) (async) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x14, &(0x7f0000000280)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) (async) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)='%+9llu \x00'}, 0x20) (async, rerun: 32) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000007c0)={'sit0\x00', &(0x7f0000000680)={'syztnl1\x00', 0x0, 0x8, 0x8, 0x4, 0x5, {{0x1d, 0x4, 0x1, 0x3, 0x74, 0x65, 0x0, 0x7, 0x2f, 0x0, @multicast1, @loopback, {[@generic={0x88, 0x11, "df773226fd8347779bb5322f52f427"}, @timestamp={0x44, 0x1c, 0x2a, 0x0, 0xb, [0x8, 0x46, 0x9, 0xd4f, 0x9, 0xfffff801]}, @ssrr={0x89, 0xb, 0x12, [@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101]}, @end, @timestamp_addr={0x44, 0x1c, 0x13, 0x1, 0x2, [{@empty, 0x4}, {@local, 0x100}, {@remote, 0x5}]}, @generic={0x94, 0xb, "32449fbc0372ce10cd"}]}}}}}) (rerun: 32) r5 = dup3(r0, r0, 0x0) (async) r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000880)={0xffffffffffffffff, 0x88, 0x8}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x18, 0x5, &(0x7f0000000200)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x4}, @map_fd={0x18, 0xa, 0x1, 0x0, r3}], &(0x7f0000000540)='GPL\x00', 0x7fffffff, 0xea, &(0x7f0000000580)=""/234, 0x41000, 0x1, '\x00', r4, @fallback=0x1a, r5, 0x8, &(0x7f0000000800)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x2, 0x10, 0x56, 0xafb9}, 0x10, 0xffffffffffffffff, r0, 0x5, &(0x7f00000008c0)=[r1, r6, r1, r1, r1], &(0x7f0000000900)=[{0x3, 0x5, 0x3, 0xc}, {0x4, 0x3, 0xe, 0x6}, {0x4, 0x4, 0x6, 0x5}, {0x81, 0x5, 0x4, 0x3}, {0x4, 0x3, 0x3, 0x5}], 0x10, 0x6, @void, @value}, 0x94) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000001740)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010700000000000000a6670000000800c300000000000800c4"], 0x2c}}, 0x0) r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r9) ptrace$peeksig(0x4209, r9, &(0x7f0000000000)={0x2005, 0x0, 0xffffffffffffffd1}, &(0x7f0000000a40)) r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1200"/12, @ANYRES32=0x0, @ANYBLOB="5fe1"], 0x20) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000fc0)={'tunl0\x00', &(0x7f00000004c0)={'erspan0\x00', r11, 0x7, 0x7, 0x6aa4, 0x76ec, {{0x16, 0x4, 0x2, 0x2e, 0x58, 0x67, 0x0, 0x2, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x18}, @multicast2, {[@generic={0x86, 0x8, "0768663ec89c"}, @rr={0x7, 0x1b, 0x62, [@loopback, @multicast2, @remote, @multicast2, @empty, @empty]}, @ra={0x94, 0x4}, @timestamp={0x44, 0x10, 0x85, 0x0, 0x1, [0x6, 0x4, 0x7]}, @generic={0x83, 0xc, "3f64a6298bf68d72995f"}, @end]}}}}}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x1c, r10, 0xb21, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r12}]}, 0x1c}}, 0x0) (async) r13 = socket$nl_route(0x10, 0x3, 0x0) (async) r14 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r14, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r13, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r15, @ANYBLOB="0000000003120100500012800b000100627269646765000040000280080005000100000006002700000000000800010015000800050025000000000008000400000000000c002e00"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00'}) 965.360504ms ago: executing program 0 (id=1671): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3fffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) close(r2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fdf, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = dup2(r4, r3) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x11, 0xf, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10) getrandom(&(0x7f0000000040)=""/133, 0xfffffffffffffdde, 0x2) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000080)='kfree\x00'}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x44, 0x2, [@TCA_FQ_FLOW_PLIMIT={0x8, 0x2, 0xffffffff}, @TCA_FQ_QUANTUM={0x8, 0x3, 0x6}, @TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x1}, @TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x800}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0xfffffff7}, @TCA_FQ_BUCKETS_LOG={0x8, 0x8, 0x4}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x7a3edbe6}, @TCA_FQ_FLOW_PLIMIT={0x8, 0x2, 0x1}]}}]}, 0x70}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r5) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'}) r11 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x20a02, 0x0) ioctl$TIOCSSOFTCAR(r11, 0x5453, 0x0) 694.156018ms ago: executing program 3 (id=1676): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002800600"], 0xac}}, 0x0) 667.321199ms ago: executing program 2 (id=1677): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r2}, 0x10) syz_io_uring_setup(0x362a, &(0x7f0000000040)={0x0, 0xb0da, 0x2, 0x2, 0x2f7}, &(0x7f0000000140), &(0x7f0000000180)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="14000000000300000300"/20], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) syz_mount_image$vfat(&(0x7f0000001400), &(0x7f0000000040)='./file1\x00', 0x10, &(0x7f0000003a00)=ANY=[], 0x1, 0x2b4, &(0x7f00000001c0)="$eJzs3c9qK2UUAPAzydw06iJF3CiCA7pwVW7dummUChezUiKoCw3ee0GScOEWAlYw3lWfwKXv4SO4ceMbCG4Fd+2iMjKZmSZt0z+0MYX6+60O880538l8IVnl5Os3x8PHz5J4cfhHtNtJNHZiJ46S2IxG1H6MNACA++Moz+Pv/CaZaWP13QAA61B+/5fuuhcAYD0+/fyLj7u93u4nWdaO1zsHk34SEeODSb9c7z6Nb2MUT+JhdOI4Ij9Rxh896u1GmhU2453xdNIvMsdf/VbV7/4VMcvfjk5sLs/fzkp1frPKfTmy6D59ULfaidfO5KcR8ai3+96Z/IjxNPqtePfthf63ohO/fxPPYhSPo6gz3/+H7Sz7MP/p8Psvi22K/KQR/Y3ZfXN5c11nAgAAAAAAAAAAAAAAAAAAAADA/beVZUk5vmc2v6e4NJufM+k3j2frW1ltcb7PtJ4PlNSFyvlAeVQjeqZ5/FzP13mYZVle3TjPT+ON1B8LAAAAAAAAAAAAAAAAAAAAQGHvu/3hYDR68nwlQT0NoP5Z/03r7CxceSv2h4PmxQU3rr/X4rSBotdLb440jRU9lquCl4p+Vl55Y364n0UZ1Aez0r1e/aAsuj8cZNVS/ZCHg+Sqvdr1wf0yX4q0FbdtLJ+9JY7z02faPmn1dFZrRU+j9crilb36vfZPnufXq/P+n+UZVVeS2YiN6+3+oAqWvsAiaJ8/i18vLnjhR0bz1h86AAAAAAAAAAAAAAAAAADAUvMf/S5ZfHFpauM/awoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1mz+//910I6IwShZuHIumFbJl91TBa14vnfHLxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/gX8DAAD//3boRtk=") r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r5 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=0x0) timer_settime(r6, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) preadv2(r7, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r4, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000c80)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001}}, &(0x7f0000000180)='syzkaller\x00', 0x9, 0xc5, &(0x7f00000002c0)=""/197, 0x0, 0x8, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r8 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_NEXT_CMD_LEN(r8, 0x2283, &(0x7f0000000380)=0x3) 650.611529ms ago: executing program 3 (id=1678): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$OBJ_PIN_PROG(0x6, &(0x7f000001fac0)=@generic={0x0}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) perf_event_open(&(0x7f0000001700)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x1}, 0x8806, 0x3, 0x634e, 0x0, 0x0, 0x1, 0xfff6, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x25}]}, @NFT_MSG_NEWSETELEM={0x54, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x28, 0x3, 0x0, 0x1, [{0x24, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x18, 0xb, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x4}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd8}}, 0x0) 578.805911ms ago: executing program 3 (id=1681): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r1}, 0x10) syz_io_uring_setup(0x362a, &(0x7f0000000040)={0x0, 0xb0da, 0x2, 0x2, 0x2f7}, &(0x7f0000000140), &(0x7f0000000180)) socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$vfat(&(0x7f0000001400), &(0x7f0000000040)='./file1\x00', 0x10, &(0x7f0000003a00)=ANY=[], 0x1, 0x2b4, &(0x7f00000001c0)="$eJzs3c9qK2UUAPAzydw06iJF3CiCA7pwVW7dummUChezUiKoCw3ee0GScOEWAlYw3lWfwKXv4SO4ceMbCG4Fd+2iMjKZmSZt0z+0MYX6+60O880538l8IVnl5Os3x8PHz5J4cfhHtNtJNHZiJ46S2IxG1H6MNACA++Moz+Pv/CaZaWP13QAA61B+/5fuuhcAYD0+/fyLj7u93u4nWdaO1zsHk34SEeODSb9c7z6Nb2MUT+JhdOI4Ij9Rxh896u1GmhU2453xdNIvMsdf/VbV7/4VMcvfjk5sLs/fzkp1frPKfTmy6D59ULfaidfO5KcR8ai3+96Z/IjxNPqtePfthf63ohO/fxPPYhSPo6gz3/+H7Sz7MP/p8Psvi22K/KQR/Y3ZfXN5c11nAgAAAAAAAAAAAAAAAAAAAADA/beVZUk5vmc2v6e4NJufM+k3j2frW1ltcb7PtJ4PlNSFyvlAeVQjeqZ5/FzP13mYZVle3TjPT+ON1B8LAAAAAAAAAAAAAAAAAAAAQGHvu/3hYDR68nwlQT0NoP5Z/03r7CxceSv2h4PmxQU3rr/X4rSBotdLb440jRU9lquCl4p+Vl55Y364n0UZ1Aez0r1e/aAsuj8cZNVS/ZCHg+Sqvdr1wf0yX4q0FbdtLJ+9JY7z02faPmn1dFZrRU+j9crilb36vfZPnufXq/P+n+UZVVeS2YiN6+3+oAqWvsAiaJ8/i18vLnjhR0bz1h86AAAAAAAAAAAAAAAAAADAUvMf/S5ZfHFpauM/awoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1mz+//910I6IwShZuHIumFbJl91TBa14vnfHLxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/gX8DAAD//3boRtk=") r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r3 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) timer_settime(r4, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) preadv2(r5, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r2, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000c80)=@bpf_lsm={0x6, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001}, [@ldst={0x3, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffc}]}, &(0x7f0000000180)='syzkaller\x00', 0x9, 0xc5, &(0x7f00000002c0)=""/197, 0x0, 0x8, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_NEXT_CMD_LEN(r6, 0x2283, &(0x7f0000000380)=0x3) 524.456562ms ago: executing program 2 (id=1682): symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file0\x00', 0x414, &(0x7f0000000080)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2a1, &(0x7f0000000f40)="$eJzs3MFqE18Ux/Hzb/pv0pQ2EURQUA+60c3QxgfQIC2IAaU2RV0IUzvRkDEpM0MlIjYbcetzFJfuBPUFuhE37t0VQXDThTjiTKZN2rSmbdLE9PuBck9y7o+5bdNyUuis3339pFRwjYLpyVBCZUikJhsi6T9V3X/1dSioR6RRTS6P/fhy9s69+zezudz0rOpMdu5KRlUnzr9/+vzNhY/e2PzbiXdxWUs/WP+e+bp2au30+q+5x0VXi66WK56aulCpeOaCbeli0S0Zqrdty3QtLZZdy2nqF+zK0lJVzfLieHLJsVxXzXJVS1ZVvYp6TlXNR2axrIZh6HhSjrfhNvbkV2dnzeyubT/W0ROh60ZbPek42VrrZn71CM4EAAD6zN7zfzjr7z7/5+bDtcPzvwjzf5fUmh79Zf7HQHCcrJms//w2Y/4HAAAAAAAAAAAAAAAAAAAAAOBfsOH7Kd/3U9EafcRFJCEi0eNenxPdccDv/9UeHRcd1vCPewkR+9VyfjkfrmE/W5Ci2GLJpKTkZ/B6qAvrmRu56UkNpOWDvVLPryznYxKP8pF0q/y5E1NhXpvz/0uy8foZScnJ1tfPtMyPyKWLDXlDUvLpoVTElsXgdb2VfzGlev1Wblt+NNgHAAAAAMAgMHTTjvfvQT/YkJCd/TC/j78PbHt/PSxn2rlFJQAAAAAAODS3+qxk2rblHKCIi8gh4oNaxKQvjrGtuCYifXCMoyoSIhI+oweJf9uMt5Xy29gzLCI9/7Lso+j1byYAAAAAnbY19O8j9PllF08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDx0+79wKL9O1pRY494w+ViR/4JAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH3kdwAAAP//R8IgDA==") writev(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mount$9p_fd(0x0, &(0x7f0000002300)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f00000002c0), 0x42, &(0x7f0000000300)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x8}}, {@cache_mmap}, {@debug={'debug', 0x3d, 0x3}}, {@directio}], [{@euid_gt}]}}) 415.528633ms ago: executing program 3 (id=1685): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) connect$pppl2tp(r0, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000cc0)={0x34, r3, 0x1, 0x70bd24, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PORT={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20009005}, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="18020000000020000000000000000000850000003600000095"], &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r5, r6, 0x25, 0x0, @void}, 0x10) bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r5}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x22, '\x00', r6, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000280)={{0x1, 0x1, 0x18, r1, {0x4}}, './file0\x00'}) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x4, '\x00', 0x0, r7, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r9}, 0x10) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) close(r10) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1) 369.057564ms ago: executing program 2 (id=1686): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32, @ANYBLOB="00000000100000001c001a80080002"], 0x44}}, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000340)=ANY=[@ANYBLOB="0600000004000000be7000005c00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200", @ANYRES8=r1, @ANYRESOCT=r2], 0x48) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x24, 0x5f, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x5, 0x2}, {0x1, 0xe}}}, 0x24}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x20040884}, 0x40000) r4 = socket(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0x0) 303.598785ms ago: executing program 1 (id=1688): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002800600018014000300fe8000000000000000000000000000aa14000400fe8000000000000000000000000000000c"], 0xac}}, 0x0) 302.999585ms ago: executing program 4 (id=1689): symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file0\x00', 0x414, &(0x7f0000000080)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2a1, &(0x7f0000000f40)="$eJzs3MFqE18Ux/Hzb/pv0pQ2EURQUA+60c3QxgfQIC2IAaU2RV0IUzvRkDEpM0MlIjYbcetzFJfuBPUFuhE37t0VQXDThTjiTKZN2rSmbdLE9PuBck9y7o+5bdNyUuis3339pFRwjYLpyVBCZUikJhsi6T9V3X/1dSioR6RRTS6P/fhy9s69+zezudz0rOpMdu5KRlUnzr9/+vzNhY/e2PzbiXdxWUs/WP+e+bp2au30+q+5x0VXi66WK56aulCpeOaCbeli0S0Zqrdty3QtLZZdy2nqF+zK0lJVzfLieHLJsVxXzXJVS1ZVvYp6TlXNR2axrIZh6HhSjrfhNvbkV2dnzeyubT/W0ROh60ZbPek42VrrZn71CM4EAAD6zN7zfzjr7z7/5+bDtcPzvwjzf5fUmh79Zf7HQHCcrJms//w2Y/4HAAAAAAAAAAAAAAAAAAAAAOBfsOH7Kd/3U9EafcRFJCEi0eNenxPdccDv/9UeHRcd1vCPewkR+9VyfjkfrmE/W5Ci2GLJpKTkZ/B6qAvrmRu56UkNpOWDvVLPryznYxKP8pF0q/y5E1NhXpvz/0uy8foZScnJ1tfPtMyPyKWLDXlDUvLpoVTElsXgdb2VfzGlev1Wblt+NNgHAAAAAMAgMHTTjvfvQT/YkJCd/TC/j78PbHt/PSxn2rlFJQAAAAAAODS3+qxk2rblHKCIi8gh4oNaxKQvjrGtuCYifXCMoyoSIhI+oweJf9uMt5Xy29gzLCI9/7Lso+j1byYAAAAAnbY19O8j9PllF08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDx0+79wKL9O1pRY494w+ViR/4JAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH3kdwAAAP//R8IgDA==") writev(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mount$9p_fd(0x0, &(0x7f0000002300)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f00000002c0), 0x42, &(0x7f0000000300)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x8}}, {@cache_mmap}, {@debug={'debug', 0x3d, 0x3}}, {@directio}], [{@euid_gt}]}}) 299.749375ms ago: executing program 2 (id=1690): ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, &(0x7f00000004c0)) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f0000000340)=""/25, 0x19}], 0x1, 0x1, 0x7) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$unix(0x1, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006d616373656300000400038008000500", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x80c4}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000006c0)=ANY=[@ANYBLOB="385d31000020000100000000000000000002002000030000000000000008000200ac1e000114000300776730000000000000000000000000002875a8665a40680f9c73601d522813b89b2697d7b12dd4f236a9f200bd1021cf1b63746577d61f7a65d3ad0f05fe075f3a3c57c364e090cd9d71fa4489372be8c0a4d1fba0ed044c6f61e687bbb7026c6282b83fa583e201e0348a460e54a024be0e068453d777d6b60c760f0f69da2c4c3474339acb0e"], 0x38}}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) 238.901736ms ago: executing program 1 (id=1691): munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) unshare(0x10c00) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) r0 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000040)=@name, &(0x7f0000000080)=0x10, 0x0) r1 = socket$caif_stream(0x25, 0x1, 0x4) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {r1}}, './file0\x00'}) syz_emit_ethernet(0x18c, &(0x7f0000000100)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}, @broadcast, @void, {@mpls_mc={0x8848, {[{0x200, 0x0, 0x1}, {0x5, 0x0, 0x1}, {0x9}, {}, {0x3}], @ipv4=@generic={{0x39, 0x4, 0x3, 0x7, 0x16a, 0x66, 0x0, 0x8, 0xc, 0x0, @loopback, @local, {[@rr={0x7, 0x7, 0xe6, [@multicast2]}, @rr={0x7, 0xb, 0xd9, [@broadcast, @broadcast]}, @cipso={0x86, 0x5a, 0x47a7365a216f4495, [{0x5, 0x2}, {0x2, 0x8, "7e5c91290244"}, {0x2, 0x5, "a3c54a"}, {0x1, 0x5, "3fb85e"}, {0x1, 0x9, "69798879333863"}, {0x6, 0x4, '0\n'}, {0x6, 0xb, "db5ffcd64958ab93af"}, {0x0, 0x9, "0fd10020d6b2b7"}, {0x7, 0xf, "96d12d0d813c736770256ceba8"}, {0x2, 0x10, "5d61d021e7d5b3ee22468eec2bf6"}]}, @end, @cipso={0x86, 0x23, 0x2, [{0x1, 0x6, "ccb3d27e"}, {0x6d516ab3ac9f173e, 0xe, "aad52f5e59576525612775fc"}, {0x2, 0x6, "400da62f"}, {0x5, 0x3, "ef"}]}, @timestamp_addr={0x44, 0x2c, 0xd1, 0x1, 0xa, [{@dev={0xac, 0x14, 0x14, 0x3d}, 0x6}, {@empty, 0x1}, {@multicast1}, {@broadcast, 0x5}, {@loopback, 0x2}]}, @generic={0x94, 0x7, "d949296b5c"}, @lsrr={0x83, 0xb, 0xdd, [@local, @multicast1]}]}}, "053530ed0bdbb78b45b812bd636d77acc68f772768ca7b2b5c2cabbdfc1e0357a7ef1880a795f6d819fe75de187b94e393e0967e2274c017626903c62202cdd1cce7e5d29b8e158722ee3ba4f108d4442868d4cf8284ee581e45d9e4f57bfeff397be9de04e8ad5b806474e76aadbd6f9208c856f418a39dc51fe368c8c5c2955051eafc279b"}}}}}, &(0x7f00000002c0)={0x1, 0x2, [0x2e5, 0x882, 0xc01, 0x1b9]}) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000300)={0x80, 0x8, 0x4, 0x1000, 0x14, "1a04d3fa52b74a64"}) socket$netlink(0x10, 0x3, 0x7) mmap$xdp(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x10, r2, 0x80000000) getpeername$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000380)=0x14) ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f00000003c0)=0x0) get_robust_list(r4, &(0x7f0000000540)=&(0x7f0000000500)={&(0x7f0000000440)={&(0x7f0000000400)}, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)}}, &(0x7f0000000580)=0x18) 230.516296ms ago: executing program 4 (id=1692): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x20) (async) r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000180)) (async) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r1, &(0x7f0000000400)=[{&(0x7f0000000100)='X', 0x1}], 0x1) (async) sched_setscheduler(0x0, 0x2395757c4bbc412c, &(0x7f0000000080)=0x7) r2 = getpid() r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='setgroups\x00') writev(r5, &(0x7f0000000300)=[{&(0x7f0000001440)='y;', 0x2}], 0x1) (async) sendmsg$nl_route_sched(r4, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000580)=@newtaction={0x70, 0x30, 0x9, 0x0, 0x25dfdbff, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x1, 0x8, 0x0, 0x3}}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x7}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0xdc7}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0x3b}}}}]}]}, 0x70}}, 0x0) (async) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NETID(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r6, 0x1, 0x0, 0x0, {{}, {0x0, 0x4102}}}, 0x1c}}, 0x0) (async) sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f00008f1000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x8031, r3, 0xfe25b000) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1c, 0xb, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYBLOB="aaa931ccb98f30bb586aaea60d6c6bc04657389c0b654aba84a9bc1faa2056b6e7e052081917b18ded1e8e805c3d89b830c015ec266466f3d4e31b9d4c06536d5ea052a5b437946fb55276949969dcedbfb6f745f05ea92a5ac5e095494249d6c989d1a3284700218f4c8fde3d42cf5554485307540642b4479549a6ce22ce34898830925d30d83bcd626340e06e333b20d0ceb13a91e9bb2ef64def04f238e2059d74122cae4ea5", @ANYBLOB="d70ed807f59ff0bf0b234372d2ecdb14175cba8bc05f1b58b4217f1bc393293eed938bc9df3f9e70239bc8428ac6dfceffc11bfbec302c7d0162b5ad9f195b91614cbffdb50a7617b0bcedaf4b7fa02f437d74ef08637afbe2dcdf83a30a93c0b98ae8e4a81f"], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='cachefiles_coherency\x00'}, 0x42) (async) syz_clone(0x20180000, 0x0, 0x10, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async) syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r7 = memfd_create(&(0x7f0000001cc0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc0sr\x95\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\x00\x01\x00\x00\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) execveat(r7, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000006000000080000000800007f88320200f7589d23dbb2980f8212277358e2018d6595bc9ab92ee7292019957e6e3b79c3146c7b4f1ee724870cd65329c42589b37ebe098109d9105a7f85e2eb7b2148506c42", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000002bfa200000000040007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r9}, 0x10) statx(0xffffffffffffffff, 0x0, 0x2000, 0x1, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syz_tun\x00', 0x8000}) (async) mkdir(0x0, 0x8) 166.973117ms ago: executing program 3 (id=1693): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0xffef, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @counter={{0xc}, @void}}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd0}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 166.540627ms ago: executing program 1 (id=1694): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r2}, 0x10) syz_io_uring_setup(0x362a, &(0x7f0000000040)={0x0, 0xb0da, 0x2, 0x2, 0x2f7}, &(0x7f0000000140), &(0x7f0000000180)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="14000000000300000300"/20], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) syz_mount_image$vfat(&(0x7f0000001400), &(0x7f0000000040)='./file1\x00', 0x10, &(0x7f0000003a00)=ANY=[], 0x1, 0x2b4, &(0x7f00000001c0)="$eJzs3c9qK2UUAPAzydw06iJF3CiCA7pwVW7dummUChezUiKoCw3ee0GScOEWAlYw3lWfwKXv4SO4ceMbCG4Fd+2iMjKZmSZt0z+0MYX6+60O880538l8IVnl5Os3x8PHz5J4cfhHtNtJNHZiJ46S2IxG1H6MNACA++Moz+Pv/CaZaWP13QAA61B+/5fuuhcAYD0+/fyLj7u93u4nWdaO1zsHk34SEeODSb9c7z6Nb2MUT+JhdOI4Ij9Rxh896u1GmhU2453xdNIvMsdf/VbV7/4VMcvfjk5sLs/fzkp1frPKfTmy6D59ULfaidfO5KcR8ai3+96Z/IjxNPqtePfthf63ohO/fxPPYhSPo6gz3/+H7Sz7MP/p8Psvi22K/KQR/Y3ZfXN5c11nAgAAAAAAAAAAAAAAAAAAAADA/beVZUk5vmc2v6e4NJufM+k3j2frW1ltcb7PtJ4PlNSFyvlAeVQjeqZ5/FzP13mYZVle3TjPT+ON1B8LAAAAAAAAAAAAAAAAAAAAQGHvu/3hYDR68nwlQT0NoP5Z/03r7CxceSv2h4PmxQU3rr/X4rSBotdLb440jRU9lquCl4p+Vl55Y364n0UZ1Aez0r1e/aAsuj8cZNVS/ZCHg+Sqvdr1wf0yX4q0FbdtLJ+9JY7z02faPmn1dFZrRU+j9crilb36vfZPnufXq/P+n+UZVVeS2YiN6+3+oAqWvsAiaJ8/i18vLnjhR0bz1h86AAAAAAAAAAAAAAAAAADAUvMf/S5ZfHFpauM/awoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1mz+//910I6IwShZuHIumFbJl91TBa14vnfHLxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/gX8DAAD//3boRtk=") r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r5 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=0x0) timer_settime(r6, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) preadv2(r7, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r4, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000c80)=@bpf_lsm={0x6, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001}, [@ldst={0x3, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffc}]}, &(0x7f0000000180)='syzkaller\x00', 0x9, 0xc5, &(0x7f00000002c0)=""/197, 0x0, 0x8, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r8 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_NEXT_CMD_LEN(r8, 0x2283, &(0x7f0000000380)=0x3) 166.216117ms ago: executing program 4 (id=1695): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$OBJ_PIN_PROG(0x6, &(0x7f000001fac0)=@generic={0x0}, 0x18) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x25}]}, @NFT_MSG_NEWSETELEM={0x54, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x28, 0x3, 0x0, 0x1, [{0x24, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x18, 0xb, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x4}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd8}}, 0x0) 160.543648ms ago: executing program 3 (id=1696): creat(&(0x7f00000000c0)='./file0\x00', 0x0) mount$cgroup2(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x800, &(0x7f0000000680)=ANY=[]) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000000f6000000006debff00850000007b000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = msgget(0x2, 0x3a8) msgrcv(r1, 0x0, 0x0, 0x3, 0x0) msgctl$IPC_RMID(r1, 0x0) msgctl$IPC_RMID(r1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="00000000000057b6b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffec5, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000400396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={0x0, &(0x7f0000000340)=""/7, 0x0, 0x7, 0x0, 0x8, 0x0, @void, @value}, 0x28) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x18) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000024006000200035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40) msgctl$IPC_RMID(r1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b0000000000000000000000008000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000a769b13f3a045ac7b1dda0f2247700"/28], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000080)='mem\x00\x10\x00\x00\x00\x00\x00\x00I\xa2l') write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)={[{0x0, 'io'}]}, 0x4) read(r7, &(0x7f0000000040)=""/148, 0xffffff96) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10) 146.999178ms ago: executing program 4 (id=1697): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="380000001a000100000000000000000002202000e2"], 0x38}, 0x1, 0x0, 0x0, 0x200008c0}, 0x0) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x3, &(0x7f0000000380)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x80040, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x18) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x208000, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000580)={'sit0\x00', &(0x7f0000000440)={'syztnl1\x00', 0x0, 0x8000, 0x8, 0x7, 0x9, {{0xe, 0x4, 0x0, 0x1, 0x38, 0x64, 0x0, 0x0, 0x29, 0x0, @private=0xa010100, @multicast1, {[@generic={0x88, 0xe, "2ef33dcca069c011eb84903a"}, @cipso={0x86, 0x13, 0x1, [{0x5, 0xb, "7807a0139c32a95274"}, {0x1, 0x2}]}]}}}}}) sendmsg$nl_route_sched(r4, &(0x7f0000000680)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)=@getchain={0x64, 0x66, 0x20, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {}, {0xfff2, 0xfff4}, {0x7, 0xfff2}}, [{0x8, 0xb, 0xc}, {0x8, 0xb, 0x8}, {0x8, 0xb, 0x9}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0x7}, {0x8, 0xb, 0x7fb}, {0x8, 0xb, 0x7fffffff}, {0x8, 0xb, 0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x9c92caf1c6872464) r6 = socket(0x40000000015, 0x5, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r8, 0x0, 0xc763}, 0x18) r9 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r9, &(0x7f0000000000)={0x27, 0x3, 0x1}, 0x6) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8311, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet(r6, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r6, &(0x7f0000000240)={0x2, 0x4e20, @loopback}, 0x10) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff, 0x2000000}, 0xc) sendmsg$xdp(r6, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r10 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$GIO_UNIMAP(r10, 0x4b66, &(0x7f00000000c0)={0x6, &(0x7f0000000000)=[{}, {}, {}, {}, {}, {}]}) close_range(r3, 0xffffffffffffffff, 0x0) 145.503958ms ago: executing program 2 (id=1698): r0 = socket$nl_generic(0x10, 0x3, 0x10) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa88"], 0xfdef) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0, 0x4, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000900)={0xffffffffffffffff, 0xffffffffffffffff}) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) sendmsg$inet(r2, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0xa}, 0x20) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0xfdef) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000002d00090027bd70000000000200"], 0x20}}, 0x84) 102.661779ms ago: executing program 2 (id=1699): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x1, 0x0}, 0x8) ppoll(0x0, 0x0, &(0x7f0000000180), &(0x7f0000000400)={[0x5]}, 0xfffffffffffffdc8) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200), 0x200000, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="00000000005da2ab32a610a2a0000000b70800000010009c8af8ff00000000bf"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000001280)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=") r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r3}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x210, 0x320, 0xa, 0x148, 0x368, 0x60, 0x400, 0x2a8, 0x2a8, 0x400, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x70, 0xe0, 0x0, {0x200003ae, 0x7f00}}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x270) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x35}]}, @NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x101e}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x2, 0x84}}}, 0xcc}}, 0x20008844) open(&(0x7f0000000040)='./file1\x00', 0x1a1142, 0x0) 102.268038ms ago: executing program 0 (id=1700): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x2}, 0x8) sendto$inet(r2, &(0x7f0000000100)="ab", 0x34000, 0x40048c4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10) 101.973149ms ago: executing program 4 (id=1701): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002800600018014000300fe8000000000000000000000000000aa"], 0xac}}, 0x0) 98.231288ms ago: executing program 1 (id=1702): symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file0\x00', 0x414, &(0x7f0000000080)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2a1, &(0x7f0000000f40)="$eJzs3MFqE18Ux/Hzb/pv0pQ2EURQUA+60c3QxgfQIC2IAaU2RV0IUzvRkDEpM0MlIjYbcetzFJfuBPUFuhE37t0VQXDThTjiTKZN2rSmbdLE9PuBck9y7o+5bdNyUuis3339pFRwjYLpyVBCZUikJhsi6T9V3X/1dSioR6RRTS6P/fhy9s69+zezudz0rOpMdu5KRlUnzr9/+vzNhY/e2PzbiXdxWUs/WP+e+bp2au30+q+5x0VXi66WK56aulCpeOaCbeli0S0Zqrdty3QtLZZdy2nqF+zK0lJVzfLieHLJsVxXzXJVS1ZVvYp6TlXNR2axrIZh6HhSjrfhNvbkV2dnzeyubT/W0ROh60ZbPek42VrrZn71CM4EAAD6zN7zfzjr7z7/5+bDtcPzvwjzf5fUmh79Zf7HQHCcrJms//w2Y/4HAAAAAAAAAAAAAAAAAAAAAOBfsOH7Kd/3U9EafcRFJCEi0eNenxPdccDv/9UeHRcd1vCPewkR+9VyfjkfrmE/W5Ci2GLJpKTkZ/B6qAvrmRu56UkNpOWDvVLPryznYxKP8pF0q/y5E1NhXpvz/0uy8foZScnJ1tfPtMyPyKWLDXlDUvLpoVTElsXgdb2VfzGlev1Wblt+NNgHAAAAAMAgMHTTjvfvQT/YkJCd/TC/j78PbHt/PSxn2rlFJQAAAAAAODS3+qxk2rblHKCIi8gh4oNaxKQvjrGtuCYifXCMoyoSIhI+oweJf9uMt5Xy29gzLCI9/7Lso+j1byYAAAAAnbY19O8j9PllF08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDx0+79wKL9O1pRY494w+ViR/4JAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH3kdwAAAP//R8IgDA==") writev(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mount$9p_fd(0x0, &(0x7f0000002300)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f00000002c0), 0x42, &(0x7f0000000300)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x8}}, {@cache_mmap}, {@debug={'debug', 0x3d, 0x3}}, {@directio}], [{@euid_gt}]}}) 59.960929ms ago: executing program 4 (id=1703): mkdir(&(0x7f0000000400)='./file0\x00', 0x48) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='ext4_es_lookup_extent_enter\x00', r0, 0x0, 0x6}, 0x18) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000001100)=0x804, 0x4) sendto$inet6(r2, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r4 = dup(r3) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64=r0, @ANYRES8=r0, @ANYRESHEX=r0, @ANYRES16=r1, @ANYBLOB="ebd514c63d37316a866d52c96054967b69b7a88e8563b43ed053327d02bf10ea6f318939930dfd2762bdcfa2edb7a5323cccf5f2c3084bfdf5", @ANYRES32=r2, @ANYRES8=r4, @ANYRESHEX=r4, @ANYRESDEC=0x0, @ANYBLOB="f49ec02ca82620ff59b53d23f44f4959c93b308501f23feb9c214935fc8b7a3938c46c0117c40a13fd0eb22ed05dfe411724b8d3e2e0bf685dd5d99bd80af7df9437d77ec556b2fc0f5ce687b8a89801e3b63ef597c32fe62f03635c722d8c99cd90d7e772de62aacba0491a02a82b1400845fe7f1846505096cd29d65299d4e0e76e23d87f3a250ab5c94894b89fcbfeeb3ecd347d68fdeb07d101bc596ce2440e5ce5bb8aca307771adc4b447abbf2626a17c933b3fbd1ca797c243b43657031"], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000280)='f2fs_direct_IO_enter\x00', r5, 0x0, 0x65b83065}, 0x18) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000080)='./file0\x00', r1}, 0x18) r6 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x3000) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x1) ioctl$sock_SIOCGPGRP(r6, 0x8904, &(0x7f00000005c0)=0x0) r8 = epoll_create1(0x0) kcmp(0xffffffffffffffff, r7, 0x6, r8, r0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x3, 0xc7, 0x0, 0x103, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xe}, 0x118102, 0x0, 0xfffffffc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='kmem_cache_free\x00', r10}, 0x18) r11 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r11, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000940)=ANY=[@ANYBLOB="500100001400040b28bd7000fddbdf2500000000000000000000ffff7f000001ac1414190000000000000000000000004e2100004e2100040a008000ff000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b66b6e0000000000e4000600ff010000000000000000000000000001fc0000000000000000000000000000004e2200014e21000c0a002080f8000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="7f000001000000000000000000000000000004d533000000000000000000000000000000000000000f000000000000000100000000000080873dfffffffffffff507000000000000090000000000000000000000000000000300000000000000f6ffffffffffffff180000000000000000000000000000006b50ffffffffffff00000000000000000900000008000000f7ffffff28bd700001350000000000011500000000000000050019003200000014000e00e0000001000000000000000000000000c2b1909f3cf300f3f994e086dbeb57f0895fe0e19489429f356a6fe7d8ed251c49fdd2a8c6a3c308582dde"], 0x150}, 0x1, 0x0, 0x0, 0x24000004}, 0x0) 43.751939ms ago: executing program 0 (id=1704): munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) unshare(0x10c00) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) r0 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000040)=@name, &(0x7f0000000080)=0x10, 0x0) r1 = socket$caif_stream(0x25, 0x1, 0x4) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {r1}}, './file0\x00'}) syz_emit_ethernet(0x18c, &(0x7f0000000100)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}, @broadcast, @void, {@mpls_mc={0x8848, {[{0x200, 0x0, 0x1}, {0x5, 0x0, 0x1}, {0x9}, {}, {0x3}], @ipv4=@generic={{0x39, 0x4, 0x3, 0x7, 0x16a, 0x66, 0x0, 0x8, 0xc, 0x0, @loopback, @local, {[@rr={0x7, 0x7, 0xe6, [@multicast2]}, @rr={0x7, 0xb, 0xd9, [@broadcast, @broadcast]}, @cipso={0x86, 0x5a, 0x47a7365a216f4495, [{0x5, 0x2}, {0x2, 0x8, "7e5c91290244"}, {0x2, 0x5, "a3c54a"}, {0x1, 0x5, "3fb85e"}, {0x1, 0x9, "69798879333863"}, {0x6, 0x4, '0\n'}, {0x6, 0xb, "db5ffcd64958ab93af"}, {0x0, 0x9, "0fd10020d6b2b7"}, {0x7, 0xf, "96d12d0d813c736770256ceba8"}, {0x2, 0x10, "5d61d021e7d5b3ee22468eec2bf6"}]}, @end, @cipso={0x86, 0x23, 0x2, [{0x1, 0x6, "ccb3d27e"}, {0x6d516ab3ac9f173e, 0xe, "aad52f5e59576525612775fc"}, {0x2, 0x6, "400da62f"}, {0x5, 0x3, "ef"}]}, @timestamp_addr={0x44, 0x2c, 0xd1, 0x1, 0xa, [{@dev={0xac, 0x14, 0x14, 0x3d}, 0x6}, {@empty, 0x1}, {@multicast1}, {@broadcast, 0x5}, {@loopback, 0x2}]}, @generic={0x94, 0x7, "d949296b5c"}, @lsrr={0x83, 0xb, 0xdd, [@local, @multicast1]}]}}, "053530ed0bdbb78b45b812bd636d77acc68f772768ca7b2b5c2cabbdfc1e0357a7ef1880a795f6d819fe75de187b94e393e0967e2274c017626903c62202cdd1cce7e5d29b8e158722ee3ba4f108d4442868d4cf8284ee581e45d9e4f57bfeff397be9de04e8ad5b806474e76aadbd6f9208c856f418a39dc51fe368c8c5c2955051eafc279b"}}}}}, &(0x7f00000002c0)={0x1, 0x2, [0x2e5, 0x882, 0xc01, 0x1b9]}) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000300)={0x80, 0x8, 0x4, 0x1000, 0x14, "1a04d3fa52b74a64"}) socket$netlink(0x10, 0x3, 0x7) mmap$xdp(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x10, r2, 0x80000000) getpeername$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000380)=0x14) ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f00000003c0)=0x0) get_robust_list(r4, &(0x7f0000000540)=&(0x7f0000000500)={&(0x7f0000000440)={&(0x7f0000000400)}, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)}}, &(0x7f0000000580)=0x18) 528.15µs ago: executing program 0 (id=1705): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f00000000c0), 0x1, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e") (async) open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) (async) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) (async) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000002, 0x6031, 0xffffffffffffffff, 0x0) (async, rerun: 64) mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) (async, rerun: 64) munlock(&(0x7f0000e4a000/0x1000)=nil, 0x1000) (async) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000100)={0x1f00}) open(&(0x7f0000000000)='./file1\x00', 0x4000, 0xb4) 0s ago: executing program 1 (id=1706): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r2}, 0x10) syz_io_uring_setup(0x362a, &(0x7f0000000040)={0x0, 0xb0da, 0x2, 0x2, 0x2f7}, &(0x7f0000000140), &(0x7f0000000180)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="14000000000300000300"/20], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) syz_mount_image$vfat(&(0x7f0000001400), &(0x7f0000000040)='./file1\x00', 0x10, &(0x7f0000003a00)=ANY=[], 0x1, 0x2b4, &(0x7f00000001c0)="$eJzs3c9qK2UUAPAzydw06iJF3CiCA7pwVW7dummUChezUiKoCw3ee0GScOEWAlYw3lWfwKXv4SO4ceMbCG4Fd+2iMjKZmSZt0z+0MYX6+60O880538l8IVnl5Os3x8PHz5J4cfhHtNtJNHZiJ46S2IxG1H6MNACA++Moz+Pv/CaZaWP13QAA61B+/5fuuhcAYD0+/fyLj7u93u4nWdaO1zsHk34SEeODSb9c7z6Nb2MUT+JhdOI4Ij9Rxh896u1GmhU2453xdNIvMsdf/VbV7/4VMcvfjk5sLs/fzkp1frPKfTmy6D59ULfaidfO5KcR8ai3+96Z/IjxNPqtePfthf63ohO/fxPPYhSPo6gz3/+H7Sz7MP/p8Psvi22K/KQR/Y3ZfXN5c11nAgAAAAAAAAAAAAAAAAAAAADA/beVZUk5vmc2v6e4NJufM+k3j2frW1ltcb7PtJ4PlNSFyvlAeVQjeqZ5/FzP13mYZVle3TjPT+ON1B8LAAAAAAAAAAAAAAAAAAAAQGHvu/3hYDR68nwlQT0NoP5Z/03r7CxceSv2h4PmxQU3rr/X4rSBotdLb440jRU9lquCl4p+Vl55Y364n0UZ1Aez0r1e/aAsuj8cZNVS/ZCHg+Sqvdr1wf0yX4q0FbdtLJ+9JY7z02faPmn1dFZrRU+j9crilb36vfZPnufXq/P+n+UZVVeS2YiN6+3+oAqWvsAiaJ8/i18vLnjhR0bz1h86AAAAAAAAAAAAAAAAAADAUvMf/S5ZfHFpauM/awoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1mz+//910I6IwShZuHIumFbJl91TBa14vnfHLxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/gX8DAAD//3boRtk=") r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r5 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=0x0) timer_settime(r6, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) preadv2(r7, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r4, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000c80)=@bpf_lsm={0x6, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001}, [@ldst={0x3, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffc}]}, &(0x7f0000000180)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r8 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_NEXT_CMD_LEN(r8, 0x2283, &(0x7f0000000380)=0x3) kernel console output (not intermixed with test programs): (loop1): error, corrupted file size (i_pos 196, 2097162) [ 73.547517][ T3534] FAT-fs (loop1): Filesystem has been set read-only [ 73.547533][ T3534] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097162) [ 73.547678][ T3534] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097162) [ 73.547701][ T3534] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097162) [ 73.587182][ T29] audit: type=1400 audit(1743903502.914:2934): avc: denied { write } for pid=6241 comm="syz.1.967" name="001" dev="devtmpfs" ino=153 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 73.607726][ T57] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 73.607753][ T57] FAT-fs (loop0): Filesystem has been set read-only [ 73.607849][ T57] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 73.607983][ T57] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 73.608008][ T57] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 73.767745][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.224757][ T6269] FAULT_INJECTION: forcing a failure. [ 74.224757][ T6269] name failslab, interval 1, probability 0, space 0, times 0 [ 74.224783][ T6269] CPU: 0 UID: 0 PID: 6269 Comm: syz.2.976 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 74.224840][ T6269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 74.224855][ T6269] Call Trace: [ 74.224861][ T6269] [ 74.224869][ T6269] dump_stack_lvl+0xf6/0x150 [ 74.224895][ T6269] dump_stack+0x15/0x1a [ 74.224916][ T6269] should_fail_ex+0x261/0x270 [ 74.224951][ T6269] should_failslab+0x8f/0xb0 [ 74.225005][ T6269] kmem_cache_alloc_noprof+0x59/0x340 [ 74.225088][ T6269] ? getname_flags+0x81/0x3b0 [ 74.225115][ T6269] getname_flags+0x81/0x3b0 [ 74.225160][ T6269] __x64_sys_symlink+0x33/0x60 [ 74.225199][ T6269] x64_sys_call+0x2a77/0x2e10 [ 74.225227][ T6269] do_syscall_64+0xc9/0x1c0 [ 74.225264][ T6269] ? clear_bhb_loop+0x25/0x80 [ 74.225326][ T6269] ? clear_bhb_loop+0x25/0x80 [ 74.225354][ T6269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.225380][ T6269] RIP: 0033:0x7fee1b60d169 [ 74.225398][ T6269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.225436][ T6269] RSP: 002b:00007fee19c77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 74.225459][ T6269] RAX: ffffffffffffffda RBX: 00007fee1b825fa0 RCX: 00007fee1b60d169 [ 74.225475][ T6269] RDX: 0000000000000000 RSI: 00002000000008c0 RDI: 0000200000000880 [ 74.225490][ T6269] RBP: 00007fee19c77090 R08: 0000000000000000 R09: 0000000000000000 [ 74.225504][ T6269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 74.225519][ T6269] R13: 0000000000000000 R14: 00007fee1b825fa0 R15: 00007ffcd0f16de8 [ 74.225606][ T6269] [ 74.397142][ T6272] loop2: detected capacity change from 0 to 256 [ 74.483999][ T6274] loop1: detected capacity change from 0 to 256 [ 74.568060][ T3595] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097162) [ 74.568086][ T3595] FAT-fs (loop1): Filesystem has been set read-only [ 74.568108][ T3595] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097162) [ 74.568257][ T3595] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097162) [ 74.568338][ T3595] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097162) [ 74.592288][ T6285] netlink: 28 bytes leftover after parsing attributes in process `syz.0.981'. [ 74.592623][ T6285] netlink: 28 bytes leftover after parsing attributes in process `syz.0.981'. [ 74.632410][ T3595] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 74.719661][ T3595] FAT-fs (loop2): Filesystem has been set read-only [ 74.719961][ T3595] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 74.720294][ T3595] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 74.720319][ T3595] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 74.865560][ T6314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.994'. [ 74.875254][ T6314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.994'. [ 74.886258][ T6312] netlink: 4 bytes leftover after parsing attributes in process `syz.2.993'. [ 74.921861][ T6312] hsr_slave_1 (unregistering): left promiscuous mode [ 75.072735][ T6342] loop2: detected capacity change from 0 to 164 [ 75.079529][ T6336] loop0: detected capacity change from 0 to 512 [ 75.099005][ T6342] Unable to read rock-ridge attributes [ 75.107204][ T6336] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 75.128765][ T6342] Unable to read rock-ridge attributes [ 75.136668][ T6347] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1007'. [ 75.153321][ T6336] EXT4-fs (loop0): orphan cleanup on readonly fs [ 75.165250][ T6336] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1002: bg 0: block 248: padding at end of block bitmap is not set [ 75.252415][ T6336] EXT4-fs error (device loop0): ext4_acquire_dquot:6935: comm syz.0.1002: Failed to acquire dquot type 1 [ 75.286147][ T6356] netlink: 'syz.1.1009': attribute type 21 has an invalid length. [ 75.338497][ T6336] EXT4-fs (loop0): 1 truncate cleaned up [ 75.346816][ T6336] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 75.398731][ T6368] loop4: detected capacity change from 0 to 256 [ 75.419112][ T6336] syz.0.1002 (6336) used greatest stack depth: 9216 bytes left [ 75.428581][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.577586][ T3715] FAT-fs (loop4): error, corrupted file size (i_pos 196, 2097162) [ 75.585623][ T3715] FAT-fs (loop4): Filesystem has been set read-only [ 75.601542][ T3715] FAT-fs (loop4): error, corrupted file size (i_pos 196, 2097162) [ 75.616453][ T3715] FAT-fs (loop4): error, corrupted file size (i_pos 196, 2097162) [ 75.632771][ T3715] FAT-fs (loop4): error, corrupted file size (i_pos 196, 2097162) [ 75.644907][ T6383] loop1: detected capacity change from 0 to 1024 [ 75.678804][ T6383] EXT4-fs warning (device loop1): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 75.699256][ T6393] loop3: detected capacity change from 0 to 128 [ 75.806561][ T6409] loop3: detected capacity change from 0 to 256 [ 75.819205][ T6408] netlink: 'syz.2.1028': attribute type 21 has an invalid length. [ 75.833399][ T6414] loop1: detected capacity change from 0 to 256 [ 75.887948][ T3571] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097162) [ 75.896008][ T3571] FAT-fs (loop1): Filesystem has been set read-only [ 75.932773][ T3571] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097162) [ 75.952329][ T3727] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 75.960342][ T3727] FAT-fs (loop3): Filesystem has been set read-only [ 75.963979][ T3571] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097162) [ 75.967800][ T3727] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 75.974833][ T3571] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097162) [ 76.052280][ T6433] loop4: detected capacity change from 0 to 1024 [ 76.059393][ T6433] EXT4-fs warning (device loop4): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 76.059437][ T3599] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 76.081867][ T3599] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 76.106364][ T6435] loop0: detected capacity change from 0 to 256 [ 76.135926][ T6440] loop2: detected capacity change from 0 to 256 [ 76.191564][ T6453] loop2: detected capacity change from 0 to 256 [ 76.233364][ T3571] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 76.241288][ T3571] FAT-fs (loop0): Filesystem has been set read-only [ 76.249281][ T3571] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 76.257998][ T3727] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 76.265841][ T3727] FAT-fs (loop2): Filesystem has been set read-only [ 76.272923][ T3727] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 76.282116][ T3599] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 76.292299][ T3727] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 76.292297][ T3599] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 76.300370][ T3727] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 76.398231][ T6472] netlink: 'syz.3.1054': attribute type 21 has an invalid length. [ 76.588410][ T6493] loop3: detected capacity change from 0 to 256 [ 77.163333][ T6528] loop0: detected capacity change from 0 to 128 [ 77.240431][ T6531] netlink: 'syz.3.1073': attribute type 21 has an invalid length. [ 77.257822][ T6531] __nla_validate_parse: 8 callbacks suppressed [ 77.257841][ T6531] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1073'. [ 77.289435][ T6540] loop1: detected capacity change from 0 to 256 [ 77.417718][ T6549] loop0: detected capacity change from 0 to 1024 [ 77.468820][ T6549] EXT4-fs: Ignoring removed bh option [ 77.496094][ T6549] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 77.507030][ T6560] loop2: detected capacity change from 0 to 128 [ 77.514455][ T6549] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 77.524855][ T6549] EXT4-fs (loop0): can't mount with commit=, fs mounted w/o journal [ 77.537479][ T6563] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1085'. [ 77.561563][ T6563] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1085'. [ 77.575594][ T6567] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1088'. [ 77.940279][ T6588] program syz.0.1095 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 78.621179][ T6602] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1101'. [ 78.683813][ T6604] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 78.691193][ T6604] IPv6: NLM_F_CREATE should be set when creating new route [ 78.698484][ T6604] IPv6: NLM_F_CREATE should be set when creating new route [ 78.705690][ T6604] IPv6: NLM_F_CREATE should be set when creating new route [ 78.761721][ T29] kauditd_printk_skb: 133 callbacks suppressed [ 78.761737][ T29] audit: type=1326 audit(1743903508.094:3066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6607 comm="syz.2.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee1b60d169 code=0x7ffc0000 [ 78.833455][ T29] audit: type=1326 audit(1743903508.124:3067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6607 comm="syz.2.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fee1b60d169 code=0x7ffc0000 [ 78.851996][ T6604] loop1: detected capacity change from 0 to 512 [ 78.857177][ T29] audit: type=1326 audit(1743903508.124:3068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6607 comm="syz.2.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee1b60d169 code=0x7ffc0000 [ 78.875368][ T6604] EXT4-fs: test_dummy_encryption option not supported [ 78.886663][ T29] audit: type=1326 audit(1743903508.124:3069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6607 comm="syz.2.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee1b60d169 code=0x7ffc0000 [ 78.917003][ T29] audit: type=1326 audit(1743903508.134:3070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6607 comm="syz.2.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fee1b60d169 code=0x7ffc0000 [ 78.940411][ T29] audit: type=1326 audit(1743903508.134:3071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6607 comm="syz.2.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee1b60d169 code=0x7ffc0000 [ 78.963885][ T29] audit: type=1326 audit(1743903508.134:3072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6607 comm="syz.2.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fee1b60d169 code=0x7ffc0000 [ 78.987515][ T29] audit: type=1326 audit(1743903508.134:3073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6607 comm="syz.2.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee1b60d169 code=0x7ffc0000 [ 79.011086][ T29] audit: type=1326 audit(1743903508.134:3074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6607 comm="syz.2.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fee1b60d169 code=0x7ffc0000 [ 79.034572][ T29] audit: type=1326 audit(1743903508.134:3075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6607 comm="syz.2.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee1b60d169 code=0x7ffc0000 [ 79.108021][ T6609] netlink: 'syz.1.1102': attribute type 2 has an invalid length. [ 79.144823][ T6613] loop2: detected capacity change from 0 to 256 [ 79.443402][ T6636] loop1: detected capacity change from 0 to 128 [ 79.506017][ T6638] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1113'. [ 79.849763][ T6650] loop3: detected capacity change from 0 to 1024 [ 79.850087][ T6650] EXT4-fs: Ignoring removed bh option [ 79.863728][ T6650] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 79.863849][ T6650] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 79.863876][ T6650] EXT4-fs (loop3): can't mount with commit=, fs mounted w/o journal [ 79.980220][ T6652] loop3: detected capacity change from 0 to 128 [ 79.990466][ T3586] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 79.990491][ T3586] FAT-fs (loop2): Filesystem has been set read-only [ 80.010621][ T3586] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 80.010961][ T3586] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 80.011054][ T3586] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 80.143813][ T6668] xt_hashlimit: size too large, truncated to 1048576 [ 80.591754][ T6688] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1128'. [ 80.592319][ T6688] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1128'. [ 80.627506][ T6690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1129'. [ 80.636896][ T6690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1129'. [ 80.666309][ T6693] process 'syz.1.1130' launched './file0' with NULL argv: empty string added [ 81.019820][ T6714] netlink: 'syz.2.1135': attribute type 21 has an invalid length. [ 81.670609][ T6740] loop2: detected capacity change from 0 to 256 [ 81.686100][ T6747] loop1: detected capacity change from 0 to 2048 [ 81.734383][ T6747] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.755667][ T3539] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 81.755717][ T3539] FAT-fs (loop2): Filesystem has been set read-only [ 81.755736][ T3539] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 81.755887][ T3539] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 81.755911][ T3539] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 81.820731][ T6756] loop0: detected capacity change from 0 to 2048 [ 81.874842][ T6756] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.876878][ T6756] FAULT_INJECTION: forcing a failure. [ 81.876878][ T6756] name failslab, interval 1, probability 0, space 0, times 0 [ 81.899993][ T6756] CPU: 1 UID: 0 PID: 6756 Comm: syz.0.1149 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 81.900092][ T6756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 81.900106][ T6756] Call Trace: [ 81.900115][ T6756] [ 81.900123][ T6756] dump_stack_lvl+0xf6/0x150 [ 81.900150][ T6756] dump_stack+0x15/0x1a [ 81.900170][ T6756] should_fail_ex+0x261/0x270 [ 81.900247][ T6756] should_failslab+0x8f/0xb0 [ 81.900286][ T6756] __kmalloc_cache_noprof+0x55/0x320 [ 81.900313][ T6756] ? alloc_pipe_info+0xb0/0x360 [ 81.900346][ T6756] alloc_pipe_info+0xb0/0x360 [ 81.900430][ T6756] splice_direct_to_actor+0x621/0x680 [ 81.900463][ T6756] ? __pfx_direct_splice_actor+0x10/0x10 [ 81.900499][ T6756] ? __rcu_read_unlock+0x4e/0x70 [ 81.900532][ T6756] ? avc_policy_seqno+0x15/0x20 [ 81.900570][ T6756] ? selinux_file_permission+0x22d/0x360 [ 81.900599][ T6756] do_splice_direct+0xd9/0x150 [ 81.900641][ T6756] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 81.900677][ T6756] do_sendfile+0x40a/0x690 [ 81.900706][ T6756] __x64_sys_sendfile64+0x113/0x160 [ 81.900732][ T6756] x64_sys_call+0xfc3/0x2e10 [ 81.900824][ T6756] do_syscall_64+0xc9/0x1c0 [ 81.900852][ T6756] ? clear_bhb_loop+0x25/0x80 [ 81.900874][ T6756] ? clear_bhb_loop+0x25/0x80 [ 81.900900][ T6756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.900924][ T6756] RIP: 0033:0x7f478f9ad169 [ 81.900958][ T6756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.901049][ T6756] RSP: 002b:00007f478e017038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 81.901067][ T6756] RAX: ffffffffffffffda RBX: 00007f478fbc5fa0 RCX: 00007f478f9ad169 [ 81.901079][ T6756] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000006 [ 81.901091][ T6756] RBP: 00007f478e017090 R08: 0000000000000000 R09: 0000000000000000 [ 81.901106][ T6756] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001 [ 81.901120][ T6756] R13: 0000000000000000 R14: 00007f478fbc5fa0 R15: 00007fffc6cd3a48 [ 81.901143][ T6756] [ 81.945770][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.133180][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.173275][ T6777] loop0: detected capacity change from 0 to 1024 [ 82.213827][ T6781] loop2: detected capacity change from 0 to 1024 [ 82.221461][ T6777] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.227881][ T6781] EXT4-fs: Ignoring removed bh option [ 82.262886][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.294853][ T6781] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 82.313243][ T6797] __nla_validate_parse: 9 callbacks suppressed [ 82.313260][ T6797] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1162'. [ 82.314765][ T6799] loop3: detected capacity change from 0 to 128 [ 82.335047][ T6797] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1162'. [ 82.339384][ T6781] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 82.354271][ T6781] EXT4-fs (loop2): can't mount with commit=, fs mounted w/o journal [ 82.420169][ T6805] loop3: detected capacity change from 0 to 1024 [ 82.438207][ T6810] loop2: detected capacity change from 0 to 512 [ 82.445401][ T6805] EXT4-fs warning (device loop3): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 82.446751][ T6810] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.446866][ T6810] ext4 filesystem being mounted at /232/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 82.512813][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.560832][ T6822] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1172'. [ 82.605055][ T6828] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1174'. [ 82.630637][ T6834] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1176'. [ 82.650781][ T6828] loop7: detected capacity change from 0 to 16384 [ 82.743186][ T6828] I/O error, dev loop7, sector 8192 op 0x0:(READ) flags 0x80700 phys_seg 5 prio class 0 [ 82.744416][ T6828] I/O error, dev loop7, sector 8448 op 0x0:(READ) flags 0x80700 phys_seg 5 prio class 0 [ 82.783340][ T6828] I/O error, dev loop7, sector 8192 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 82.792804][ T6828] Buffer I/O error on dev loop7, logical block 1024, async page read [ 82.826227][ T6847] FAULT_INJECTION: forcing a failure. [ 82.826227][ T6847] name failslab, interval 1, probability 0, space 0, times 0 [ 82.839110][ T6847] CPU: 0 UID: 0 PID: 6847 Comm: syz.2.1181 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 82.839178][ T6847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 82.839193][ T6847] Call Trace: [ 82.839200][ T6847] [ 82.839207][ T6847] dump_stack_lvl+0xf6/0x150 [ 82.839235][ T6847] dump_stack+0x15/0x1a [ 82.839303][ T6847] should_fail_ex+0x261/0x270 [ 82.839336][ T6847] should_failslab+0x8f/0xb0 [ 82.839382][ T6847] kmem_cache_alloc_node_noprof+0x5c/0x340 [ 82.839409][ T6847] ? __alloc_skb+0x10d/0x320 [ 82.839438][ T6847] __alloc_skb+0x10d/0x320 [ 82.839497][ T6847] netlink_alloc_large_skb+0xad/0xe0 [ 82.839539][ T6847] netlink_sendmsg+0x3da/0x720 [ 82.839573][ T6847] ? __pfx_netlink_sendmsg+0x10/0x10 [ 82.839602][ T6847] __sock_sendmsg+0x140/0x180 [ 82.839642][ T6847] ____sys_sendmsg+0x350/0x4e0 [ 82.839691][ T6847] __sys_sendmsg+0x1a0/0x240 [ 82.839733][ T6847] __x64_sys_sendmsg+0x46/0x50 [ 82.839763][ T6847] x64_sys_call+0x26f3/0x2e10 [ 82.839789][ T6847] do_syscall_64+0xc9/0x1c0 [ 82.839897][ T6847] ? clear_bhb_loop+0x25/0x80 [ 82.839922][ T6847] ? clear_bhb_loop+0x25/0x80 [ 82.839947][ T6847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.839980][ T6847] RIP: 0033:0x7fee1b60d169 [ 82.839996][ T6847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.840016][ T6847] RSP: 002b:00007fee19c77038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 82.840094][ T6847] RAX: ffffffffffffffda RBX: 00007fee1b825fa0 RCX: 00007fee1b60d169 [ 82.840105][ T6847] RDX: 000000003000c81c RSI: 0000200000000340 RDI: 0000000000000007 [ 82.840119][ T6847] RBP: 00007fee19c77090 R08: 0000000000000000 R09: 0000000000000000 [ 82.840130][ T6847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 82.840140][ T6847] R13: 0000000000000000 R14: 00007fee1b825fa0 R15: 00007ffcd0f16de8 [ 82.840240][ T6847] [ 82.843601][ T6827] I/O error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 82.854470][ T6847] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1181'. [ 82.862908][ T6827] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 83.063376][ T6827] Buffer I/O error on dev loop7, logical block 1, lost async page write [ 83.071923][ T6827] Buffer I/O error on dev loop7, logical block 2, lost async page write [ 83.071945][ T6827] Buffer I/O error on dev loop7, logical block 3, lost async page write [ 83.071964][ T6827] Buffer I/O error on dev loop7, logical block 4, lost async page write [ 83.071983][ T6827] Buffer I/O error on dev loop7, logical block 5, lost async page write [ 83.072002][ T6827] Buffer I/O error on dev loop7, logical block 6, lost async page write [ 83.072021][ T6827] Buffer I/O error on dev loop7, logical block 7, lost async page write [ 83.072054][ T6827] Buffer I/O error on dev loop7, logical block 8, lost async page write [ 83.075440][ T6827] I/O error, dev loop7, sector 1024 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 83.147111][ T6827] I/O error, dev loop7, sector 2048 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 83.153497][ T6827] I/O error, dev loop7, sector 3072 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 83.171891][ T6827] I/O error, dev loop7, sector 4096 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 83.185255][ T6827] I/O error, dev loop7, sector 5120 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 83.199936][ T6827] I/O error, dev loop7, sector 6144 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 83.291486][ T6858] FAULT_INJECTION: forcing a failure. [ 83.291486][ T6858] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 83.304869][ T6858] CPU: 0 UID: 0 PID: 6858 Comm: syz.0.1185 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 83.304902][ T6858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 83.304917][ T6858] Call Trace: [ 83.304925][ T6858] [ 83.304934][ T6858] dump_stack_lvl+0xf6/0x150 [ 83.304963][ T6858] dump_stack+0x15/0x1a [ 83.305046][ T6858] should_fail_ex+0x261/0x270 [ 83.305085][ T6858] should_fail_alloc_page+0xfd/0x110 [ 83.305137][ T6858] __alloc_frozen_pages_noprof+0x11d/0x360 [ 83.305172][ T6858] alloc_pages_mpol+0xb6/0x260 [ 83.305201][ T6858] alloc_pages_noprof+0xe8/0x130 [ 83.305229][ T6858] __pmd_alloc+0x4d/0x440 [ 83.305317][ T6858] handle_mm_fault+0x188d/0x2e80 [ 83.305377][ T6858] exc_page_fault+0x296/0x6a0 [ 83.305403][ T6858] asm_exc_page_fault+0x26/0x30 [ 83.305422][ T6858] RIP: 0010:__put_user_8+0xd/0x20 [ 83.305452][ T6858] Code: 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca c3 cc cc cc cc 66 0f 1f 44 00 00 90 90 90 [ 83.305471][ T6858] RSP: 0018:ffffc900011dfeb0 EFLAGS: 00050202 [ 83.305489][ T6858] RAX: 0000000000000007 RBX: 0000000000000000 RCX: 0000200000000080 [ 83.305542][ T6858] RDX: 0000000000000d92 RSI: 0000000000000000 RDI: ffff88811fe16ff0 [ 83.305600][ T6858] RBP: ffff88811fe16300 R08: 000188810778b757 R09: 0000000000000000 [ 83.305614][ T6858] R10: 0001ffffffffffff R11: ffff88810778b180 R12: 0000000000000000 [ 83.305629][ T6858] R13: 0000000000000000 R14: ffffc900011dff58 R15: 0000000000000000 [ 83.305651][ T6858] fpu_xstate_prctl+0x131/0x700 [ 83.305676][ T6858] x64_sys_call+0x1061/0x2e10 [ 83.305697][ T6858] do_syscall_64+0xc9/0x1c0 [ 83.305723][ T6858] ? clear_bhb_loop+0x25/0x80 [ 83.305815][ T6858] ? clear_bhb_loop+0x25/0x80 [ 83.305841][ T6858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.305883][ T6858] RIP: 0033:0x7f478f9ad169 [ 83.305897][ T6858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.305914][ T6858] RSP: 002b:00007f478e017038 EFLAGS: 00000246 ORIG_RAX: 000000000000009e [ 83.305957][ T6858] RAX: ffffffffffffffda RBX: 00007f478fbc5fa0 RCX: 00007f478f9ad169 [ 83.305972][ T6858] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000001024 [ 83.306048][ T6858] RBP: 00007f478e017090 R08: 0000000000000000 R09: 0000000000000000 [ 83.306069][ T6858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 83.306150][ T6858] R13: 0000000000000001 R14: 00007f478fbc5fa0 R15: 00007fffc6cd3a48 [ 83.306169][ T6858] [ 83.569491][ T6856] loop2: detected capacity change from 0 to 1024 [ 83.576623][ T6856] EXT4-fs warning (device loop2): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 83.615809][ T6865] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1188'. [ 84.131353][ T6885] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1197'. [ 84.267140][ T29] kauditd_printk_skb: 216 callbacks suppressed [ 84.267157][ T29] audit: type=1400 audit(1743903513.594:3292): avc: denied { read } for pid=6896 comm="syz.4.1200" name="rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 84.326708][ T6907] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1203'. [ 84.345657][ T29] audit: type=1400 audit(1743903513.674:3293): avc: denied { execute } for pid=6896 comm="syz.4.1200" path="/250/file1" dev="tmpfs" ino=1351 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 84.680540][ T29] audit: type=1400 audit(1743903514.014:3294): avc: denied { mounton } for pid=6932 comm="syz.0.1214" path="/219/file1" dev="tmpfs" ino=1197 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 84.725985][ T6938] loop3: detected capacity change from 0 to 128 [ 84.762443][ T6940] loop0: detected capacity change from 0 to 1024 [ 84.787843][ T6940] EXT4-fs: Ignoring removed orlov option [ 84.793611][ T6940] EXT4-fs: Ignoring removed nomblk_io_submit option [ 84.823774][ T6940] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.846646][ T6940] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.319475][ T6957] loop2: detected capacity change from 0 to 1024 [ 85.363844][ T6957] EXT4-fs warning (device loop2): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 85.672917][ T29] audit: type=1400 audit(1743903515.004:3295): avc: denied { create } for pid=6969 comm="syz.1.1225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 85.695935][ T6970] FAULT_INJECTION: forcing a failure. [ 85.695935][ T6970] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 85.695961][ T6970] CPU: 1 UID: 0 PID: 6970 Comm: syz.1.1225 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 85.696063][ T6970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 85.696078][ T6970] Call Trace: [ 85.696084][ T6970] [ 85.696091][ T6970] dump_stack_lvl+0xf6/0x150 [ 85.696120][ T6970] dump_stack+0x15/0x1a [ 85.696149][ T6970] should_fail_ex+0x261/0x270 [ 85.696181][ T6970] should_fail+0xb/0x10 [ 85.696210][ T6970] should_fail_usercopy+0x1a/0x20 [ 85.696243][ T6970] _copy_from_user+0x1c/0xa0 [ 85.696304][ T6970] copy_msghdr_from_user+0x54/0x2b0 [ 85.696345][ T6970] ? __fget_files+0x186/0x1c0 [ 85.696370][ T6970] do_recvmmsg+0x24d/0x6e0 [ 85.696424][ T6970] __x64_sys_recvmmsg+0xe4/0x170 [ 85.696459][ T6970] x64_sys_call+0x1b90/0x2e10 [ 85.696486][ T6970] do_syscall_64+0xc9/0x1c0 [ 85.696521][ T6970] ? clear_bhb_loop+0x25/0x80 [ 85.696547][ T6970] ? clear_bhb_loop+0x25/0x80 [ 85.696589][ T6970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.696611][ T6970] RIP: 0033:0x7efc52edd169 [ 85.696625][ T6970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.696645][ T6970] RSP: 002b:00007efc5153f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 85.696666][ T6970] RAX: ffffffffffffffda RBX: 00007efc530f5fa0 RCX: 00007efc52edd169 [ 85.696680][ T6970] RDX: 0000000000000001 RSI: 0000200000002700 RDI: 0000000000000005 [ 85.696695][ T6970] RBP: 00007efc5153f090 R08: 0000000000000000 R09: 0000000000000000 [ 85.696756][ T6970] R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000001 [ 85.696773][ T6970] R13: 0000000000000000 R14: 00007efc530f5fa0 R15: 00007fff2519ca58 [ 85.696797][ T6970] [ 85.706579][ T6970] loop1: detected capacity change from 0 to 512 [ 85.753747][ T29] audit: type=1400 audit(1743903515.024:3296): avc: denied { create } for pid=6969 comm="syz.1.1225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 85.789910][ T6970] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 85.794197][ T29] audit: type=1400 audit(1743903515.024:3297): avc: denied { setopt } for pid=6969 comm="syz.1.1225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 85.846583][ T6970] EXT4-fs (loop1): orphan cleanup on readonly fs [ 85.851521][ T29] audit: type=1400 audit(1743903515.144:3298): avc: denied { create } for pid=6967 comm="syz.0.1224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 85.895576][ T6970] EXT4-fs error (device loop1): ext4_orphan_get:1390: inode #15: comm syz.1.1225: iget: bad extended attribute block 19 [ 85.911757][ T29] audit: type=1400 audit(1743903515.144:3299): avc: denied { write } for pid=6967 comm="syz.0.1224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 85.932278][ T6970] EXT4-fs error (device loop1): ext4_orphan_get:1395: comm syz.1.1225: couldn't read orphan inode 15 (err -117) [ 86.055327][ T6978] loop3: detected capacity change from 0 to 256 [ 86.059677][ T29] audit: type=1400 audit(1743903515.384:3300): avc: denied { mount } for pid=6976 comm="syz.3.1229" name="/" dev="loop3" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 86.095139][ T6970] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 86.117146][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.166211][ T29] audit: type=1400 audit(1743903515.474:3301): avc: denied { mount } for pid=6980 comm="syz.0.1230" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 86.286795][ T6999] netlink: 'syz.4.1234': attribute type 3 has an invalid length. [ 86.308363][ T7003] loop1: detected capacity change from 0 to 512 [ 86.321624][ T7003] netlink: 'syz.1.1236': attribute type 2 has an invalid length. [ 86.371398][ T7005] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1237'. [ 86.505956][ T7013] loop2: detected capacity change from 0 to 1024 [ 86.506232][ T7013] EXT4-fs: Ignoring removed bh option [ 86.514125][ T7013] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 86.527929][ T7013] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 86.538342][ T7013] EXT4-fs (loop2): can't mount with commit=, fs mounted w/o journal [ 86.689542][ T7018] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 32 [ 86.692609][ T7018] netlink: 'syz.4.1242': attribute type 10 has an invalid length. [ 86.713166][ T7018] batman_adv: batadv0: Adding interface: team0 [ 86.719486][ T7018] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.719531][ T7018] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 86.722851][ T7018] netlink: 'syz.4.1242': attribute type 10 has an invalid length. [ 86.795841][ T7018] team0: entered promiscuous mode [ 86.795905][ T7018] team_slave_0: entered promiscuous mode [ 86.796046][ T7018] team_slave_1: entered promiscuous mode [ 86.797835][ T7018] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.799683][ T7018] batman_adv: batadv0: Interface activated: team0 [ 86.799871][ T7018] batman_adv: batadv0: Interface deactivated: team0 [ 86.799925][ T7018] batman_adv: batadv0: Removing interface: team0 [ 86.810840][ T3534] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 86.810865][ T3534] FAT-fs (loop3): Filesystem has been set read-only [ 86.810884][ T3534] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 86.811031][ T3534] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 86.811127][ T3534] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 86.819765][ T7018] bridge0: port 3(team0) entered blocking state [ 86.819841][ T7018] bridge0: port 3(team0) entered disabled state [ 86.819998][ T7018] team0: entered allmulticast mode [ 86.820023][ T7018] team_slave_0: entered allmulticast mode [ 86.820143][ T7018] team_slave_1: entered allmulticast mode [ 86.822503][ T7018] bridge0: port 3(team0) entered blocking state [ 86.822558][ T7018] bridge0: port 3(team0) entered forwarding state [ 86.924920][ T7031] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 87.007886][ T7034] netlink: 'syz.3.1247': attribute type 21 has an invalid length. [ 87.190042][ T7038] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 87.552596][ T7052] netlink: 'syz.2.1254': attribute type 21 has an invalid length. [ 87.552659][ T7052] __nla_validate_parse: 2 callbacks suppressed [ 87.552673][ T7052] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1254'. [ 88.624672][ T7088] FAULT_INJECTION: forcing a failure. [ 88.624672][ T7088] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 88.637998][ T7088] CPU: 0 UID: 0 PID: 7088 Comm: syz.1.1261 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 88.638080][ T7088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 88.638092][ T7088] Call Trace: [ 88.638099][ T7088] [ 88.638107][ T7088] dump_stack_lvl+0xf6/0x150 [ 88.638133][ T7088] dump_stack+0x15/0x1a [ 88.638152][ T7088] should_fail_ex+0x261/0x270 [ 88.638181][ T7088] should_fail_alloc_page+0xfd/0x110 [ 88.638216][ T7088] __alloc_frozen_pages_noprof+0x11d/0x360 [ 88.638250][ T7088] alloc_pages_mpol+0xb6/0x260 [ 88.638323][ T7088] vma_alloc_folio_noprof+0x19c/0x300 [ 88.638413][ T7088] handle_mm_fault+0xdda/0x2e80 [ 88.638459][ T7088] ? mas_walk+0x204/0x320 [ 88.638487][ T7088] ? __rcu_read_unlock+0x4e/0x70 [ 88.638522][ T7088] exc_page_fault+0x3b9/0x6a0 [ 88.638595][ T7088] ? do_syscall_64+0xd6/0x1c0 [ 88.638629][ T7088] asm_exc_page_fault+0x26/0x30 [ 88.638649][ T7088] RIP: 0033:0x7efc52e8a78b [ 88.638666][ T7088] Code: c0 8b 87 c0 00 00 00 66 0f 6c c0 85 c0 0f 85 44 01 00 00 c7 87 c0 00 00 00 ff ff ff ff 48 8d 84 24 20 21 00 00 48 8d 7c 24 20 <0f> 29 44 24 40 49 89 e4 48 89 44 24 50 8b 43 74 48 89 9c 24 00 01 [ 88.638683][ T7088] RSP: 002b:00007efc5153ce10 EFLAGS: 00010246 [ 88.638757][ T7088] RAX: 00007efc5153ef30 RBX: 00007efc530cc620 RCX: 0000000000000000 [ 88.638769][ T7088] RDX: 00007efc5153ef78 RSI: 00007efc52f3cbd8 RDI: 00007efc5153ce30 [ 88.638781][ T7088] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000 [ 88.638792][ T7088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 88.638860][ T7088] R13: 0000000000000000 R14: 00007efc530f5fa0 R15: 00007fff2519ca58 [ 88.638882][ T7088] [ 88.638893][ T7088] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 88.652701][ T7089] loop2: detected capacity change from 0 to 256 [ 88.794616][ T7091] loop1: detected capacity change from 0 to 1024 [ 88.938691][ T7091] EXT4-fs warning (device loop1): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 89.093135][ T7100] FAULT_INJECTION: forcing a failure. [ 89.093135][ T7100] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 89.106296][ T7100] CPU: 0 UID: 0 PID: 7100 Comm: syz.1.1270 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 89.106328][ T7100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 89.106341][ T7100] Call Trace: [ 89.106349][ T7100] [ 89.106357][ T7100] dump_stack_lvl+0xf6/0x150 [ 89.106436][ T7100] dump_stack+0x15/0x1a [ 89.106456][ T7100] should_fail_ex+0x261/0x270 [ 89.106488][ T7100] should_fail+0xb/0x10 [ 89.106530][ T7100] should_fail_usercopy+0x1a/0x20 [ 89.106588][ T7100] _copy_from_user+0x1c/0xa0 [ 89.106686][ T7100] copy_msghdr_from_user+0x54/0x2b0 [ 89.106749][ T7100] ? __fget_files+0x186/0x1c0 [ 89.106774][ T7100] __sys_sendmsg+0x141/0x240 [ 89.106812][ T7100] __x64_sys_sendmsg+0x46/0x50 [ 89.106839][ T7100] x64_sys_call+0x26f3/0x2e10 [ 89.106921][ T7100] do_syscall_64+0xc9/0x1c0 [ 89.106949][ T7100] ? clear_bhb_loop+0x25/0x80 [ 89.106969][ T7100] ? clear_bhb_loop+0x25/0x80 [ 89.106988][ T7100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.107012][ T7100] RIP: 0033:0x7efc52edd169 [ 89.107028][ T7100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.107057][ T7100] RSP: 002b:00007efc5153f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 89.107081][ T7100] RAX: ffffffffffffffda RBX: 00007efc530f5fa0 RCX: 00007efc52edd169 [ 89.107092][ T7100] RDX: 0000000000044004 RSI: 00002000000003c0 RDI: 0000000000000003 [ 89.107103][ T7100] RBP: 00007efc5153f090 R08: 0000000000000000 R09: 0000000000000000 [ 89.107114][ T7100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.107124][ T7100] R13: 0000000000000000 R14: 00007efc530f5fa0 R15: 00007fff2519ca58 [ 89.107144][ T7100] [ 89.300270][ T3579] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 89.308502][ T3579] FAT-fs (loop2): Filesystem has been set read-only [ 89.345947][ T3579] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 89.376885][ T3719] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 89.392497][ T3719] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 89.444445][ T29] kauditd_printk_skb: 115 callbacks suppressed [ 89.444462][ T29] audit: type=1400 audit(1743903518.774:3417): avc: denied { read } for pid=7109 comm="syz.1.1274" name="usbmon0" dev="devtmpfs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 89.482816][ T7110] loop1: detected capacity change from 0 to 2048 [ 89.489729][ T29] audit: type=1400 audit(1743903518.774:3418): avc: denied { open } for pid=7109 comm="syz.1.1274" path="/dev/usbmon0" dev="devtmpfs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 89.532854][ T7110] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 89.545687][ T7124] loop0: detected capacity change from 0 to 256 [ 89.631625][ T3716] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 89.631679][ T3716] FAT-fs (loop0): Filesystem has been set read-only [ 89.631702][ T3716] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 89.631854][ T3716] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 89.631874][ T3716] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 89.656147][ T29] audit: type=1326 audit(1743903518.984:3419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7126 comm="syz.1.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efc52ed4127 code=0x7ffc0000 [ 89.656230][ T29] audit: type=1326 audit(1743903518.984:3420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7126 comm="syz.1.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efc52e79359 code=0x7ffc0000 [ 89.656256][ T29] audit: type=1326 audit(1743903518.984:3421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7126 comm="syz.1.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efc52ed4127 code=0x7ffc0000 [ 89.656281][ T29] audit: type=1326 audit(1743903518.984:3422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7126 comm="syz.1.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efc52e79359 code=0x7ffc0000 [ 89.656306][ T29] audit: type=1326 audit(1743903518.984:3423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7126 comm="syz.1.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc52edd169 code=0x7ffc0000 [ 89.656370][ T29] audit: type=1326 audit(1743903518.984:3424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7126 comm="syz.1.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efc52edd169 code=0x7ffc0000 [ 89.656400][ T29] audit: type=1326 audit(1743903518.984:3425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7126 comm="syz.1.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc52edd169 code=0x7ffc0000 [ 89.656431][ T29] audit: type=1326 audit(1743903518.984:3426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7126 comm="syz.1.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc52edd169 code=0x7ffc0000 [ 89.705226][ T7129] netlink: 'syz.0.1279': attribute type 21 has an invalid length. [ 89.892815][ T7129] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1279'. [ 90.464680][ T7158] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1289'. [ 90.536215][ T7162] netlink: 'syz.1.1290': attribute type 21 has an invalid length. [ 90.536316][ T7162] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1290'. [ 90.662598][ T7168] loop3: detected capacity change from 0 to 256 [ 90.715705][ T12] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 90.715758][ T12] FAT-fs (loop3): Filesystem has been set read-only [ 90.715778][ T12] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 90.715964][ T12] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 90.746153][ T12] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 90.748830][ T7171] FAULT_INJECTION: forcing a failure. [ 90.748830][ T7171] name failslab, interval 1, probability 0, space 0, times 0 [ 90.766754][ T7171] CPU: 0 UID: 0 PID: 7171 Comm: syz.1.1293 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 90.766803][ T7171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 90.766819][ T7171] Call Trace: [ 90.766827][ T7171] [ 90.766862][ T7171] dump_stack_lvl+0xf6/0x150 [ 90.766917][ T7171] dump_stack+0x15/0x1a [ 90.766933][ T7171] should_fail_ex+0x261/0x270 [ 90.766961][ T7171] should_failslab+0x8f/0xb0 [ 90.766999][ T7171] kmem_cache_alloc_node_noprof+0x5c/0x340 [ 90.767026][ T7171] ? __alloc_skb+0x10d/0x320 [ 90.767085][ T7171] __alloc_skb+0x10d/0x320 [ 90.767108][ T7171] netlink_alloc_large_skb+0xad/0xe0 [ 90.767129][ T7171] netlink_sendmsg+0x3da/0x720 [ 90.767164][ T7171] ? __pfx_netlink_sendmsg+0x10/0x10 [ 90.767258][ T7171] __sock_sendmsg+0x140/0x180 [ 90.767298][ T7171] ____sys_sendmsg+0x350/0x4e0 [ 90.767337][ T7171] __sys_sendmsg+0x1a0/0x240 [ 90.767388][ T7171] __x64_sys_sendmsg+0x46/0x50 [ 90.767522][ T7171] x64_sys_call+0x26f3/0x2e10 [ 90.767549][ T7171] do_syscall_64+0xc9/0x1c0 [ 90.767642][ T7171] ? clear_bhb_loop+0x25/0x80 [ 90.767668][ T7171] ? clear_bhb_loop+0x25/0x80 [ 90.767695][ T7171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.767717][ T7171] RIP: 0033:0x7efc52edd169 [ 90.767806][ T7171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.767895][ T7171] RSP: 002b:00007efc5153f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 90.767915][ T7171] RAX: ffffffffffffffda RBX: 00007efc530f5fa0 RCX: 00007efc52edd169 [ 90.767947][ T7171] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000008 [ 90.767961][ T7171] RBP: 00007efc5153f090 R08: 0000000000000000 R09: 0000000000000000 [ 90.767974][ T7171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 90.767987][ T7171] R13: 0000000000000000 R14: 00007efc530f5fa0 R15: 00007fff2519ca58 [ 90.768008][ T7171] [ 90.801122][ T7173] loop3: detected capacity change from 0 to 256 [ 90.919553][ T12] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 90.919578][ T12] FAT-fs (loop3): Filesystem has been set read-only [ 90.919595][ T12] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 90.919781][ T12] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 90.919810][ T12] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 90.973611][ T7182] loop3: detected capacity change from 0 to 1024 [ 91.056260][ T7182] EXT4-fs warning (device loop3): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 91.153360][ T7192] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1301'. [ 91.162391][ T7190] loop3: detected capacity change from 0 to 512 [ 91.190989][ T7190] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.204931][ T7190] ext4 filesystem being mounted at /273/wÅü5ÔTÕÔ)­`)YFæ¾nA­½@T<Ÿ3»Ú‚$¢ó×rçcnH³<¿pƒrèñ¹“>ÅwC¾" žð-ùËòöè€Ó8 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.246650][ T7197] netlink: 'syz.0.1303': attribute type 21 has an invalid length. [ 91.257015][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.325797][ T7197] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1303'. [ 91.361530][ T7207] xt_l2tp: v2 tid > 0xffff: 150994944 [ 91.456341][ T7218] netlink: 'syz.0.1310': attribute type 10 has an invalid length. [ 91.466456][ T7218] batman_adv: batadv0: Adding interface: team0 [ 91.466470][ T7218] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.466547][ T7218] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 91.467606][ T7218] netlink: 'syz.0.1310': attribute type 10 has an invalid length. [ 91.516640][ T7218] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1310'. [ 91.523766][ T7218] team0: entered promiscuous mode [ 91.535408][ T7218] team_slave_0: entered promiscuous mode [ 91.541162][ T7218] team_slave_1: entered promiscuous mode [ 91.570140][ T7218] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.588315][ T7218] batman_adv: batadv0: Interface activated: team0 [ 91.588422][ T7218] batman_adv: batadv0: Interface deactivated: team0 [ 91.588466][ T7218] batman_adv: batadv0: Removing interface: team0 [ 91.589098][ T7218] bridge0: port 3(team0) entered blocking state [ 91.589136][ T7218] bridge0: port 3(team0) entered disabled state [ 91.589269][ T7218] team0: entered allmulticast mode [ 91.589285][ T7218] team_slave_0: entered allmulticast mode [ 91.589313][ T7218] team_slave_1: entered allmulticast mode [ 91.591799][ T7218] bridge0: port 3(team0) entered blocking state [ 91.645056][ T7218] bridge0: port 3(team0) entered forwarding state [ 91.686718][ T7233] SELinux: failed to load policy [ 91.704600][ T7233] 9pnet: Could not find request transport: rdmaap [ 91.728772][ T7236] loop3: detected capacity change from 0 to 256 [ 91.852023][ T7251] loop0: detected capacity change from 0 to 256 [ 91.871259][ T3721] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 91.871285][ T3721] FAT-fs (loop3): Filesystem has been set read-only [ 91.871309][ T3721] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 91.871366][ T3721] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 91.871460][ T3721] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 91.933155][ T3544] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 91.941033][ T3544] FAT-fs (loop0): Filesystem has been set read-only [ 91.941061][ T3544] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 91.949313][ T3544] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 91.949346][ T3544] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 92.477743][ T7287] loop1: detected capacity change from 0 to 256 [ 92.478118][ T7284] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1331'. [ 92.493369][ T7284] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1331'. [ 92.794777][ T7303] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1336'. [ 92.870303][ T7309] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 92.877009][ T7309] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 92.882412][ T7313] loop2: detected capacity change from 0 to 256 [ 92.884758][ T7309] vhci_hcd vhci_hcd.0: Device attached [ 92.905790][ T7311] vhci_hcd: connection closed [ 92.906174][ T3563] vhci_hcd: stop threads [ 92.915427][ T3563] vhci_hcd: release socket [ 92.919971][ T3563] vhci_hcd: disconnect device [ 92.974751][ T3568] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 92.983040][ T3568] FAT-fs (loop2): Filesystem has been set read-only [ 92.993309][ T3568] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 93.001954][ T3553] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 93.019465][ T3553] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 93.055907][ T7317] loop2: detected capacity change from 0 to 1024 [ 93.072831][ T7317] EXT4-fs: Ignoring removed nobh option [ 93.086199][ T7317] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 93.117126][ T7317] EXT4-fs error (device loop2): ext4_ext_check_inode:524: inode #11: comm syz.2.1341: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 93.151581][ T7317] EXT4-fs error (device loop2): ext4_orphan_get:1395: comm syz.2.1341: couldn't read orphan inode 11 (err -117) [ 93.185659][ T7317] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.225038][ T7317] FAULT_INJECTION: forcing a failure. [ 93.225038][ T7317] name failslab, interval 1, probability 0, space 0, times 0 [ 93.237837][ T7317] CPU: 1 UID: 0 PID: 7317 Comm: syz.2.1341 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 93.237925][ T7317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 93.237965][ T7317] Call Trace: [ 93.237974][ T7317] [ 93.237983][ T7317] dump_stack_lvl+0xf6/0x150 [ 93.238034][ T7317] dump_stack+0x15/0x1a [ 93.238050][ T7317] should_fail_ex+0x261/0x270 [ 93.238080][ T7317] should_failslab+0x8f/0xb0 [ 93.238111][ T7317] kmem_cache_alloc_noprof+0x59/0x340 [ 93.238143][ T7317] ? __es_insert_extent+0x563/0xed0 [ 93.238166][ T7317] ? ttwu_do_activate+0x1ce/0x210 [ 93.238243][ T7317] __es_insert_extent+0x563/0xed0 [ 93.238264][ T7317] ? __rcu_read_unlock+0x34/0x70 [ 93.238294][ T7317] ext4_es_cache_extent+0x2be/0x3d0 [ 93.238320][ T7317] ext4_find_extent+0x34f/0x7e0 [ 93.238404][ T7317] ext4_ext_map_blocks+0x121/0x36a0 [ 93.238440][ T7317] ? blk_mq_request_issue_directly+0x30f/0x390 [ 93.238541][ T7317] ? blk_mq_plug_issue_direct+0x3de/0x570 [ 93.238590][ T7317] ? xas_load+0x3ba/0x3d0 [ 93.238650][ T7317] ? xas_load+0x3ba/0x3d0 [ 93.238683][ T7317] ? down_read+0x173/0x4c0 [ 93.238767][ T7317] ext4_map_query_blocks+0x71/0x180 [ 93.238790][ T7317] ext4_map_blocks+0x250/0xdf0 [ 93.238811][ T7317] ? xas_load+0x3ba/0x3d0 [ 93.238843][ T7317] ? __rcu_read_unlock+0x4e/0x70 [ 93.238875][ T7317] ext4_getblk+0x121/0x550 [ 93.238895][ T7317] ext4_bread_batch+0x5b/0x360 [ 93.238943][ T7317] __ext4_find_entry+0x85b/0xf40 [ 93.238984][ T7317] ? d_set_d_op+0xa0/0x1f0 [ 93.239015][ T7317] ? __rcu_read_unlock+0x4e/0x70 [ 93.239041][ T7317] ? d_alloc_parallel+0xc09/0xcb0 [ 93.239130][ T7317] ext4_lookup+0xbd/0x3a0 [ 93.239167][ T7317] __lookup_slow+0x193/0x280 [ 93.239210][ T7317] lookup_slow+0x3c/0x60 [ 93.239256][ T7317] walk_component+0x204/0x240 [ 93.239278][ T7317] ? path_lookupat+0xf6/0x2a0 [ 93.239299][ T7317] path_lookupat+0x103/0x2a0 [ 93.239421][ T7317] filename_lookup+0x14b/0x340 [ 93.239532][ T7317] user_path_at+0x3c/0x140 [ 93.239556][ T7317] do_fchownat+0x9a/0x1b0 [ 93.239576][ T7317] __x64_sys_lchown+0x4a/0x60 [ 93.239624][ T7317] x64_sys_call+0x1c04/0x2e10 [ 93.239646][ T7317] do_syscall_64+0xc9/0x1c0 [ 93.239673][ T7317] ? clear_bhb_loop+0x25/0x80 [ 93.239696][ T7317] ? clear_bhb_loop+0x25/0x80 [ 93.239778][ T7317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.239799][ T7317] RIP: 0033:0x7fee1b60d169 [ 93.239832][ T7317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.239850][ T7317] RSP: 002b:00007fee19c77038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e [ 93.239924][ T7317] RAX: ffffffffffffffda RBX: 00007fee1b825fa0 RCX: 00007fee1b60d169 [ 93.239975][ T7317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000340 [ 93.239989][ T7317] RBP: 00007fee19c77090 R08: 0000000000000000 R09: 0000000000000000 [ 93.240069][ T7317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 93.240080][ T7317] R13: 0000000000000000 R14: 00007fee1b825fa0 R15: 00007ffcd0f16de8 [ 93.240098][ T7317] [ 93.586287][ T7317] EXT4-fs error (device loop2): ext4_ext_check_inode:524: inode #15: comm syz.2.1341: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 93.642137][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.735012][ T7331] loop0: detected capacity change from 0 to 256 [ 93.841122][ T7346] netlink: 'syz.2.1352': attribute type 2 has an invalid length. [ 93.849049][ T7346] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1352'. [ 93.873600][ T7349] FAULT_INJECTION: forcing a failure. [ 93.873600][ T7349] name failslab, interval 1, probability 0, space 0, times 0 [ 93.886372][ T7349] CPU: 1 UID: 0 PID: 7349 Comm: syz.0.1353 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 93.886404][ T7349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 93.886420][ T7349] Call Trace: [ 93.886427][ T7349] [ 93.886436][ T7349] dump_stack_lvl+0xf6/0x150 [ 93.886465][ T7349] dump_stack+0x15/0x1a [ 93.886485][ T7349] should_fail_ex+0x261/0x270 [ 93.886599][ T7349] should_failslab+0x8f/0xb0 [ 93.886650][ T7349] kmem_cache_alloc_node_noprof+0x5c/0x340 [ 93.886678][ T7349] ? __alloc_skb+0x10d/0x320 [ 93.886707][ T7349] __alloc_skb+0x10d/0x320 [ 93.886736][ T7349] netlink_alloc_large_skb+0xad/0xe0 [ 93.886849][ T7349] netlink_sendmsg+0x3da/0x720 [ 93.886890][ T7349] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.886918][ T7349] __sock_sendmsg+0x140/0x180 [ 93.886959][ T7349] ____sys_sendmsg+0x350/0x4e0 [ 93.887070][ T7349] __sys_sendmsg+0x1a0/0x240 [ 93.887117][ T7349] __x64_sys_sendmsg+0x46/0x50 [ 93.887216][ T7349] x64_sys_call+0x26f3/0x2e10 [ 93.887268][ T7349] do_syscall_64+0xc9/0x1c0 [ 93.887300][ T7349] ? clear_bhb_loop+0x25/0x80 [ 93.887321][ T7349] ? clear_bhb_loop+0x25/0x80 [ 93.887342][ T7349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.887384][ T7349] RIP: 0033:0x7f478f9ad169 [ 93.887400][ T7349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.887418][ T7349] RSP: 002b:00007f478e017038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.887484][ T7349] RAX: ffffffffffffffda RBX: 00007f478fbc5fa0 RCX: 00007f478f9ad169 [ 93.887500][ T7349] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 93.887515][ T7349] RBP: 00007f478e017090 R08: 0000000000000000 R09: 0000000000000000 [ 93.887529][ T7349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 93.887573][ T7349] R13: 0000000000000000 R14: 00007f478fbc5fa0 R15: 00007fffc6cd3a48 [ 93.887597][ T7349] [ 93.914828][ T7350] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1352'. [ 93.971482][ T7342] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1347'. [ 93.973721][ T7350] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1352'. [ 94.271779][ T7350] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 94.280699][ T7350] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 94.289468][ T7350] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 94.298236][ T7350] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 94.481411][ T29] kauditd_printk_skb: 527 callbacks suppressed [ 94.481425][ T29] audit: type=1400 audit(1743903523.814:3954): avc: denied { read } for pid=7360 comm="syz.1.1356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 94.641072][ T29] audit: type=1400 audit(1743903523.974:3955): avc: denied { mount } for pid=7373 comm="syz.0.1362" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 94.687012][ T29] audit: type=1400 audit(1743903524.014:3956): avc: denied { name_bind } for pid=7373 comm="syz.0.1362" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 94.708246][ T29] audit: type=1400 audit(1743903524.014:3957): avc: denied { connect } for pid=7373 comm="syz.0.1362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 94.728459][ T29] audit: type=1400 audit(1743903524.014:3958): avc: denied { nlmsg_write } for pid=7373 comm="syz.0.1362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 94.752292][ T7380] FAULT_INJECTION: forcing a failure. [ 94.752292][ T7380] name failslab, interval 1, probability 0, space 0, times 0 [ 94.764981][ T7380] CPU: 0 UID: 0 PID: 7380 Comm: syz.1.1363 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 94.765015][ T7380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 94.765073][ T7380] Call Trace: [ 94.765079][ T7380] [ 94.765086][ T7380] dump_stack_lvl+0xf6/0x150 [ 94.765110][ T7380] dump_stack+0x15/0x1a [ 94.765128][ T7380] should_fail_ex+0x261/0x270 [ 94.765184][ T7380] should_failslab+0x8f/0xb0 [ 94.765220][ T7380] __kmalloc_cache_noprof+0x55/0x320 [ 94.765255][ T7380] ? getname_flags+0x1f3/0x3b0 [ 94.765281][ T7380] getname_flags+0x1f3/0x3b0 [ 94.765341][ T7380] user_path_at+0x26/0x140 [ 94.765365][ T7380] do_sys_truncate+0x5f/0x130 [ 94.765395][ T7380] __x64_sys_truncate+0x31/0x40 [ 94.765426][ T7380] x64_sys_call+0x268f/0x2e10 [ 94.765535][ T7380] do_syscall_64+0xc9/0x1c0 [ 94.765632][ T7380] ? clear_bhb_loop+0x25/0x80 [ 94.765658][ T7380] ? clear_bhb_loop+0x25/0x80 [ 94.765745][ T7380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.765813][ T7380] RIP: 0033:0x7efc52edd169 [ 94.765838][ T7380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.765860][ T7380] RSP: 002b:00007efc5153f038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 94.765883][ T7380] RAX: ffffffffffffffda RBX: 00007efc530f5fa0 RCX: 00007efc52edd169 [ 94.765898][ T7380] RDX: 0000000000000000 RSI: 000000007fffffff RDI: 0000200000002300 [ 94.765910][ T7380] RBP: 00007efc5153f090 R08: 0000000000000000 R09: 0000000000000000 [ 94.765922][ T7380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.765933][ T7380] R13: 0000000000000000 R14: 00007efc530f5fa0 R15: 00007fff2519ca58 [ 94.765952][ T7380] [ 94.766187][ T29] audit: type=1400 audit(1743903524.044:3959): avc: denied { unmount } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 94.969272][ T7382] loop2: detected capacity change from 0 to 256 [ 94.979113][ T7387] loop1: detected capacity change from 0 to 128 [ 94.986848][ T7387] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 94.999322][ T7387] ext4 filesystem being mounted at /276/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.089436][ T7393] loop3: detected capacity change from 0 to 1024 [ 95.096116][ T7393] EXT4-fs: Ignoring removed nobh option [ 95.111607][ T7402] sch_fq: defrate 2048 ignored. [ 95.117812][ T7387] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 95.125121][ T7387] vhci_hcd: default hub control req: 2314 v0008 i0002 l0 [ 95.148523][ T7393] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 95.161165][ T7393] EXT4-fs error (device loop3): ext4_ext_check_inode:524: inode #11: comm syz.3.1368: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 95.161283][ T7393] EXT4-fs error (device loop3): ext4_orphan_get:1395: comm syz.3.1368: couldn't read orphan inode 11 (err -117) [ 95.161737][ T7393] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.166023][ T29] audit: type=1400 audit(1743903524.494:3960): avc: denied { read } for pid=7392 comm="syz.3.1368" name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 95.166053][ T29] audit: type=1400 audit(1743903524.494:3961): avc: denied { open } for pid=7392 comm="syz.3.1368" path="/dev/loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 95.166162][ T29] audit: type=1400 audit(1743903524.494:3962): avc: denied { ioctl } for pid=7392 comm="syz.3.1368" path="/dev/loop-control" dev="devtmpfs" ino=99 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 95.166227][ T7393] EXT4-fs error (device loop3): ext4_ext_check_inode:524: inode #15: comm syz.3.1368: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 95.236577][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.237205][ T7406] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1370'. [ 95.251651][ T29] audit: type=1400 audit(1743903524.564:3963): avc: denied { write } for pid=7395 comm="syz.2.1370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 95.323519][ T7413] pim6reg: entered allmulticast mode [ 95.325464][ T7413] pim6reg: left allmulticast mode [ 95.351128][ T7414] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1373'. [ 95.481189][ T7414] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 95.491680][ T3303] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 95.520510][ T7414] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 95.693970][ T7429] loop3: detected capacity change from 0 to 256 [ 95.909964][ T3580] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 95.917884][ T3580] FAT-fs (loop3): Filesystem has been set read-only [ 95.926573][ T7435] loop0: detected capacity change from 0 to 128 [ 95.933355][ T7435] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 95.943795][ T3580] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 95.978870][ T3579] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 96.004046][ T3579] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 96.006434][ T7435] team0: left allmulticast mode [ 96.016876][ T7435] team_slave_0: left allmulticast mode [ 96.022502][ T7435] team_slave_1: left allmulticast mode [ 96.028174][ T7435] bridge0: port 3(team0) entered disabled state [ 96.076010][ T7443] FAULT_INJECTION: forcing a failure. [ 96.076010][ T7443] name failslab, interval 1, probability 0, space 0, times 0 [ 96.088738][ T7443] CPU: 1 UID: 0 PID: 7443 Comm: syz.4.1385 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 96.088770][ T7443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 96.088829][ T7443] Call Trace: [ 96.088835][ T7443] [ 96.088842][ T7443] dump_stack_lvl+0xf6/0x150 [ 96.088870][ T7443] dump_stack+0x15/0x1a [ 96.088890][ T7443] should_fail_ex+0x261/0x270 [ 96.088924][ T7443] should_failslab+0x8f/0xb0 [ 96.089033][ T7443] kmem_cache_alloc_node_noprof+0x5c/0x340 [ 96.089084][ T7443] ? __alloc_skb+0x10d/0x320 [ 96.089108][ T7443] __alloc_skb+0x10d/0x320 [ 96.089131][ T7443] netlink_alloc_large_skb+0xad/0xe0 [ 96.089155][ T7443] netlink_sendmsg+0x3da/0x720 [ 96.089188][ T7443] ? __pfx_netlink_sendmsg+0x10/0x10 [ 96.089250][ T7443] __sock_sendmsg+0x140/0x180 [ 96.089288][ T7443] ____sys_sendmsg+0x350/0x4e0 [ 96.089325][ T7443] __sys_sendmsg+0x1a0/0x240 [ 96.089428][ T7443] __x64_sys_sendmsg+0x46/0x50 [ 96.089459][ T7443] x64_sys_call+0x26f3/0x2e10 [ 96.089486][ T7443] do_syscall_64+0xc9/0x1c0 [ 96.089567][ T7443] ? clear_bhb_loop+0x25/0x80 [ 96.089588][ T7443] ? clear_bhb_loop+0x25/0x80 [ 96.089625][ T7443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.089697][ T7443] RIP: 0033:0x7fab7f8ed169 [ 96.089714][ T7443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.089731][ T7443] RSP: 002b:00007fab7df57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 96.089762][ T7443] RAX: ffffffffffffffda RBX: 00007fab7fb05fa0 RCX: 00007fab7f8ed169 [ 96.089800][ T7443] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003 [ 96.089813][ T7443] RBP: 00007fab7df57090 R08: 0000000000000000 R09: 0000000000000000 [ 96.089899][ T7443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 96.089910][ T7443] R13: 0000000000000000 R14: 00007fab7fb05fa0 R15: 00007fffd5476078 [ 96.089932][ T7443] [ 96.093240][ T7441] loop3: detected capacity change from 0 to 2048 [ 96.100215][ T7435] bridge_slave_0: left allmulticast mode [ 96.130434][ T7441] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.130826][ T7435] bridge_slave_0: left promiscuous mode [ 96.318947][ T7435] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.329523][ T7435] bridge_slave_1: left allmulticast mode [ 96.335194][ T7435] bridge_slave_1: left promiscuous mode [ 96.341051][ T7435] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.401302][ T7435] bond0: (slave bond_slave_0): Releasing backup interface [ 96.441434][ T7435] bond0: (slave bond_slave_1): Releasing backup interface [ 96.530756][ T7435] team_slave_0: left promiscuous mode [ 96.538393][ T7435] team0: Port device team_slave_0 removed [ 96.545381][ T7435] team_slave_1: left promiscuous mode [ 96.563282][ T7435] team0: Port device team_slave_1 removed [ 96.572114][ T7435] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 96.579789][ T7435] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 96.592911][ T7435] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 96.600412][ T7435] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 96.641921][ T7468] loop1: detected capacity change from 0 to 256 [ 96.742790][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.773830][ T7479] loop2: detected capacity change from 0 to 512 [ 96.810932][ T7479] EXT4-fs: Ignoring removed mblk_io_submit option [ 96.831999][ T7479] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 96.858025][ T7479] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 96.876692][ T7479] EXT4-fs (loop2): 1 truncate cleaned up [ 96.883550][ T7479] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.907010][ T7490] Cannot find add_set index 0 as target [ 96.914240][ T7490] loop1: detected capacity change from 0 to 128 [ 96.939763][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.955907][ T7491] netlink: 'syz.3.1402': attribute type 21 has an invalid length. [ 96.966510][ T7491] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1402'. [ 97.016420][ T7495] loop2: detected capacity change from 0 to 128 [ 97.242002][ T7500] loop2: detected capacity change from 0 to 256 [ 97.329523][ T1726] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 97.337546][ T1726] FAT-fs (loop2): Filesystem has been set read-only [ 97.345411][ T1726] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 97.368889][ T1726] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 97.378304][ T7504] loop3: detected capacity change from 0 to 256 [ 97.381830][ T1726] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 97.500459][ T7486] capability: warning: `syz.0.1400' uses deprecated v2 capabilities in a way that may be insecure [ 97.515409][ T3720] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 97.523497][ T3720] FAT-fs (loop3): Filesystem has been set read-only [ 97.534305][ T3720] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 97.542738][ T3720] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 97.551617][ T3720] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 97.603309][ T7515] loop2: detected capacity change from 0 to 256 [ 97.613259][ T7517] netlink: 'syz.3.1413': attribute type 2 has an invalid length. [ 97.621296][ T7517] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1413'. [ 97.685931][ T7526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1413'. [ 97.699809][ T7526] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.708717][ T7526] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.717582][ T7526] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.726313][ T7526] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.804000][ T7531] loop2: detected capacity change from 0 to 256 [ 97.924912][ T7542] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 32 [ 98.086572][ T7552] loop0: detected capacity change from 0 to 128 [ 98.142620][ T7552] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 98.199659][ T7552] ext4 filesystem being mounted at /259/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.422452][ T3306] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 98.523138][ T7557] loop0: detected capacity change from 0 to 256 [ 98.678159][ T3721] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 98.686078][ T3721] FAT-fs (loop2): Filesystem has been set read-only [ 98.711559][ T7525] syz.4.1415 (7525) used greatest stack depth: 6256 bytes left [ 98.715314][ T3721] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 98.737529][ T3717] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 98.746542][ T3717] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 98.831477][ T7560] loop2: detected capacity change from 0 to 1024 [ 98.855092][ T7560] EXT4-fs: Ignoring removed bh option [ 98.871290][ T7560] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 98.882795][ T7560] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 98.893210][ T7560] EXT4-fs (loop2): can't mount with commit=, fs mounted w/o journal [ 98.893261][ T7575] loop3: detected capacity change from 0 to 128 [ 98.909272][ T7575] EXT4-fs: test_dummy_encryption option not supported [ 98.921338][ T7575] __nla_validate_parse: 1 callbacks suppressed [ 98.921352][ T7575] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1435'. [ 98.940020][ T7575] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1435'. [ 98.971863][ T7581] loop3: detected capacity change from 0 to 128 [ 98.983123][ T7581] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 99.007629][ T7581] ext4 filesystem being mounted at /301/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.020724][ T7587] FAULT_INJECTION: forcing a failure. [ 99.020724][ T7587] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.033862][ T7587] CPU: 1 UID: 0 PID: 7587 Comm: syz.2.1439 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 99.033892][ T7587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 99.033907][ T7587] Call Trace: [ 99.033915][ T7587] [ 99.033924][ T7587] dump_stack_lvl+0xf6/0x150 [ 99.033984][ T7587] dump_stack+0x15/0x1a [ 99.034003][ T7587] should_fail_ex+0x261/0x270 [ 99.034034][ T7587] should_fail+0xb/0x10 [ 99.034109][ T7587] should_fail_usercopy+0x1a/0x20 [ 99.034186][ T7587] strncpy_from_user+0x25/0x230 [ 99.034210][ T7587] ? getname_flags+0x81/0x3b0 [ 99.034235][ T7587] getname_flags+0xb0/0x3b0 [ 99.034287][ T7587] getname_uflags+0x21/0x30 [ 99.034307][ T7587] __x64_sys_execveat+0x5e/0x90 [ 99.034337][ T7587] x64_sys_call+0x2ac7/0x2e10 [ 99.034363][ T7587] do_syscall_64+0xc9/0x1c0 [ 99.034392][ T7587] ? clear_bhb_loop+0x25/0x80 [ 99.034427][ T7587] ? clear_bhb_loop+0x25/0x80 [ 99.034452][ T7587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.034477][ T7587] RIP: 0033:0x7fee1b60d169 [ 99.034502][ T7587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.034621][ T7587] RSP: 002b:00007fee19c77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 99.034643][ T7587] RAX: ffffffffffffffda RBX: 00007fee1b825fa0 RCX: 00007fee1b60d169 [ 99.034658][ T7587] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 99.034673][ T7587] RBP: 00007fee19c77090 R08: 0000000000001000 R09: 0000000000000000 [ 99.034687][ T7587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.034699][ T7587] R13: 0000000000000000 R14: 00007fee1b825fa0 R15: 00007ffcd0f16de8 [ 99.034717][ T7587] [ 99.271211][ T3302] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 99.323167][ T3720] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 99.331198][ T3720] FAT-fs (loop0): Filesystem has been set read-only [ 99.344950][ T3720] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 99.359284][ T3720] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 99.369957][ T3720] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 99.415235][ T7610] netlink: 'syz.2.1450': attribute type 10 has an invalid length. [ 99.426930][ T7610] netlink: 'syz.2.1450': attribute type 10 has an invalid length. [ 99.435118][ T7610] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1450'. [ 99.569774][ T7622] loop0: detected capacity change from 0 to 128 [ 99.594709][ T7622] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 99.608251][ T7622] ext4 filesystem being mounted at /262/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.631734][ T7631] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.646097][ T29] kauditd_printk_skb: 157 callbacks suppressed [ 99.646129][ T29] audit: type=1400 audit(1743903528.974:4121): avc: denied { shutdown } for pid=7630 comm="syz.3.1459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 99.651203][ T7632] loop2: detected capacity change from 0 to 256 [ 99.679020][ T29] audit: type=1400 audit(1743903529.014:4122): avc: denied { getopt } for pid=7630 comm="syz.3.1459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 99.749448][ T3306] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 99.768820][ T7631] loop3: detected capacity change from 0 to 2048 [ 99.792905][ T7631] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.831440][ T29] audit: type=1400 audit(1743903529.164:4123): avc: denied { read write } for pid=7630 comm="syz.3.1459" name="file2" dev="loop3" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 99.856779][ T29] audit: type=1400 audit(1743903529.164:4124): avc: denied { open } for pid=7630 comm="syz.3.1459" path="/310/file2/file2" dev="loop3" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 99.928978][ T31] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 99.936829][ T31] FAT-fs (loop2): Filesystem has been set read-only [ 99.951561][ T31] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 99.981797][ T31] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 99.990731][ T31] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 100.025402][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.026596][ T7651] netlink: 'syz.2.1464': attribute type 10 has an invalid length. [ 100.034480][ T29] audit: type=1326 audit(1743903529.354:4125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7650 comm="syz.2.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fee1b604127 code=0x7ffc0000 [ 100.034518][ T29] audit: type=1326 audit(1743903529.354:4126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7650 comm="syz.2.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fee1b5a9359 code=0x7ffc0000 [ 100.034550][ T29] audit: type=1326 audit(1743903529.354:4127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7650 comm="syz.2.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fee1b604127 code=0x7ffc0000 [ 100.045050][ T7651] netlink: 'syz.2.1464': attribute type 10 has an invalid length. [ 100.065695][ T29] audit: type=1326 audit(1743903529.354:4128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7650 comm="syz.2.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fee1b5a9359 code=0x7ffc0000 [ 100.065732][ T29] audit: type=1326 audit(1743903529.354:4129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7650 comm="syz.2.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee1b60d169 code=0x7ffc0000 [ 100.065787][ T29] audit: type=1326 audit(1743903529.354:4130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7650 comm="syz.2.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7fee1b60d169 code=0x7ffc0000 [ 100.089310][ T7651] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1464'. [ 100.113336][ T7652] sch_fq: defrate 2048 ignored. [ 100.199844][ T7649] loop0: detected capacity change from 0 to 256 [ 100.323227][ T295] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 100.331219][ T295] FAT-fs (loop0): Filesystem has been set read-only [ 100.341324][ T295] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 100.359699][ T295] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 100.369792][ T295] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097162) [ 100.372959][ T7665] usb usb5: usbfs: process 7665 (syz.3.1472) did not claim interface 0 before use [ 100.392490][ T7665] hub 5-0:1.0: USB hub found [ 100.397352][ T7665] hub 5-0:1.0: 8 ports detected [ 100.432340][ T7671] loop0: detected capacity change from 0 to 128 [ 100.444651][ T7673] loop3: detected capacity change from 0 to 256 [ 100.459055][ T7671] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 100.504102][ T7671] ext4 filesystem being mounted at /266/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.591829][ T3306] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 100.620786][ T295] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 100.628787][ T295] FAT-fs (loop3): Filesystem has been set read-only [ 100.670975][ T295] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 100.681085][ T3564] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 100.694102][ T3564] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 100.705068][ T7688] netlink: 'syz.0.1479': attribute type 10 has an invalid length. [ 100.713924][ T7688] team0: left promiscuous mode [ 100.722089][ T7688] batman_adv: batadv0: Adding interface: team0 [ 100.728727][ T7688] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.754010][ T7688] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 100.771750][ T7692] netlink: 'syz.0.1479': attribute type 10 has an invalid length. [ 100.776228][ T7690] pim6reg1: entered promiscuous mode [ 100.779614][ T7692] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1479'. [ 100.793844][ T7690] pim6reg1: entered allmulticast mode [ 100.819589][ T7692] team0: entered promiscuous mode [ 100.826255][ T7692] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.853486][ T7692] batman_adv: batadv0: Interface activated: team0 [ 100.860035][ T7692] batman_adv: batadv0: Interface deactivated: team0 [ 100.866690][ T7692] batman_adv: batadv0: Removing interface: team0 [ 100.934052][ T7692] bridge0: port 1(team0) entered blocking state [ 100.940435][ T7692] bridge0: port 1(team0) entered disabled state [ 100.962314][ T7692] team0: entered allmulticast mode [ 101.190873][ T7710] loop0: detected capacity change from 0 to 128 [ 101.219263][ T7710] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 101.253393][ T7710] ext4 filesystem being mounted at /270/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 101.301011][ T3306] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 101.604035][ T7736] loop2: detected capacity change from 0 to 512 [ 101.607107][ T7736] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 101.680237][ T7744] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1494'. [ 101.680471][ T7744] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1494'. [ 101.814072][ T7750] netlink: 'syz.2.1497': attribute type 21 has an invalid length. [ 101.814101][ T7750] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1497'. [ 101.993288][ T7768] loop2: detected capacity change from 0 to 1024 [ 101.993576][ T7768] EXT4-fs: Ignoring removed bh option [ 102.109991][ T7768] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 102.124884][ T7770] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 102.124925][ T7770] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.152156][ T7768] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 102.152195][ T7768] EXT4-fs (loop2): can't mount with commit=, fs mounted w/o journal [ 102.359925][ T7770] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 102.370320][ T7770] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.495413][ T7780] loop2: detected capacity change from 0 to 256 [ 102.560077][ T7770] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 102.560118][ T7770] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.613102][ T7770] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 102.613185][ T7770] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.656389][ T7770] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 102.656545][ T7770] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.662313][ T7770] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 102.662357][ T7770] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.668963][ T7770] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 102.669008][ T7770] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.675921][ T7770] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 102.676056][ T7770] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.951413][ T3538] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 102.951513][ T3538] FAT-fs (loop2): Filesystem has been set read-only [ 102.951577][ T3538] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 102.951674][ T3538] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 102.951701][ T3538] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 102.952119][ T7796] loop3: detected capacity change from 0 to 128 [ 103.055746][ T7801] loop2: detected capacity change from 0 to 256 [ 103.119064][ T7805] netlink: 'syz.3.1515': attribute type 21 has an invalid length. [ 103.126961][ T7805] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1515'. [ 103.292907][ T7820] loop3: detected capacity change from 0 to 128 [ 103.339676][ T7823] loop3: detected capacity change from 0 to 128 [ 103.354287][ T7823] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 103.418121][ T7823] ext4 filesystem being mounted at /322/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.492791][ T3302] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 103.698366][ T7843] netlink: 'syz.1.1532': attribute type 21 has an invalid length. [ 103.716257][ T7843] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1532'. [ 103.883813][ T3543] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 103.891777][ T3543] FAT-fs (loop2): Filesystem has been set read-only [ 103.977301][ T3543] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 103.985830][ T3722] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 103.993805][ T3722] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 104.082050][ T7857] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1536'. [ 104.962612][ T7886] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1547'. [ 105.384131][ T7914] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1557'. [ 105.393153][ T7914] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1557'. [ 105.769797][ T7940] loop3: detected capacity change from 0 to 256 [ 105.810458][ T7944] loop2: detected capacity change from 0 to 128 [ 105.812211][ T29] kauditd_printk_skb: 177 callbacks suppressed [ 105.812229][ T29] audit: type=1400 audit(1743903535.144:4308): avc: denied { create } for pid=7945 comm="syz.1.1567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=decnet_socket permissive=1 [ 105.844518][ T7944] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 105.861164][ T7944] ext4 filesystem being mounted at /315/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.873719][ T29] audit: type=1400 audit(1743903535.204:4309): avc: denied { create } for pid=7943 comm="syz.2.1566" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 105.873851][ T7946] netlink: '\': attribute type 11 has an invalid length. [ 105.908730][ T29] audit: type=1400 audit(1743903535.224:4310): avc: denied { write } for pid=7943 comm="syz.2.1566" name="file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 105.930734][ T29] audit: type=1400 audit(1743903535.224:4311): avc: denied { setattr } for pid=7943 comm="syz.2.1566" name="file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 105.949622][ T7946] netlink: 448 bytes leftover after parsing attributes in process `\'. [ 105.964433][ T3307] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 105.996061][ T29] audit: type=1326 audit(1743903535.314:4312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7953 comm="syz.3.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5923ddd169 code=0x7ffc0000 [ 106.019772][ T29] audit: type=1326 audit(1743903535.314:4313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7953 comm="syz.3.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f5923ddd169 code=0x7ffc0000 [ 106.043207][ T29] audit: type=1326 audit(1743903535.314:4314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7953 comm="syz.3.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5923ddd169 code=0x7ffc0000 [ 106.066683][ T29] audit: type=1326 audit(1743903535.314:4315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7953 comm="syz.3.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5923ddd169 code=0x7ffc0000 [ 106.090107][ T29] audit: type=1326 audit(1743903535.314:4316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7953 comm="syz.3.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5923ddd169 code=0x7ffc0000 [ 106.113928][ T29] audit: type=1326 audit(1743903535.314:4317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7953 comm="syz.3.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5923ddd169 code=0x7ffc0000 [ 106.876390][ T7984] loop0: detected capacity change from 0 to 1024 [ 106.876737][ T7984] EXT4-fs: Ignoring removed bh option [ 106.878867][ T7984] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 106.957532][ T7984] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 106.957580][ T7984] EXT4-fs (loop0): can't mount with commit=, fs mounted w/o journal [ 107.085287][ T7991] loop0: detected capacity change from 0 to 256 [ 107.321933][ T8011] loop0: detected capacity change from 0 to 512 [ 107.329230][ T8011] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 107.337724][ T8009] loop3: detected capacity change from 0 to 1024 [ 107.352304][ T8013] block device autoloading is deprecated and will be removed. [ 107.360021][ T8011] EXT4-fs (loop0): 1 truncate cleaned up [ 107.360244][ T8013] syz.2.1589: attempt to access beyond end of device [ 107.360244][ T8013] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 107.366156][ T8011] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.417734][ T8009] EXT4-fs: Ignoring removed bh option [ 107.423916][ T8009] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 107.434056][ T8009] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 107.444389][ T8009] EXT4-fs (loop3): can't mount with commit=, fs mounted w/o journal [ 107.462322][ T8013] loop2: detected capacity change from 0 to 512 [ 107.513387][ T8013] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 107.522874][ T8013] EXT4-fs (loop2): orphan cleanup on readonly fs [ 107.532550][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.537576][ T8023] netlink: 'syz.3.1592': attribute type 10 has an invalid length. [ 107.559508][ T8023] batman_adv: batadv0: Adding interface: team0 [ 107.559564][ T8023] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.559622][ T8023] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 107.567943][ T8023] netlink: 'syz.3.1592': attribute type 10 has an invalid length. [ 107.568037][ T8023] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1592'. [ 107.568210][ T8023] team0: entered promiscuous mode [ 107.568236][ T8023] team_slave_0: entered promiscuous mode [ 107.568468][ T8023] team_slave_1: entered promiscuous mode [ 107.570069][ T8023] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.570785][ T8023] batman_adv: batadv0: Interface activated: team0 [ 107.570904][ T8023] batman_adv: batadv0: Interface deactivated: team0 [ 107.570999][ T8023] batman_adv: batadv0: Removing interface: team0 [ 107.571786][ T8023] bridge0: port 3(team0) entered blocking state [ 107.571905][ T8023] bridge0: port 3(team0) entered disabled state [ 107.572150][ T8023] team0: entered allmulticast mode [ 107.572202][ T8023] team_slave_0: entered allmulticast mode [ 107.572226][ T8023] team_slave_1: entered allmulticast mode [ 107.574614][ T8023] bridge0: port 3(team0) entered blocking state [ 107.574706][ T8023] bridge0: port 3(team0) entered forwarding state [ 107.671699][ T8013] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.1589: Failed to acquire dquot type 1 [ 107.678067][ T8013] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1589: bg 0: block 40: padding at end of block bitmap is not set [ 107.678293][ T8013] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 107.678633][ T8013] EXT4-fs (loop2): 1 truncate cleaned up [ 107.679202][ T8013] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 107.738447][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.909680][ T8037] loop2: detected capacity change from 0 to 1024 [ 107.913661][ T8037] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 107.920731][ T8037] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.941756][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.664970][ T8061] loop0: detected capacity change from 0 to 1024 [ 108.686283][ T8061] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 108.688634][ T8063] loop3: detected capacity change from 0 to 256 [ 108.705003][ T8061] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.724764][ T8066] netlink: 'syz.4.1605': attribute type 10 has an invalid length. [ 108.772184][ T8066] bridge0: port 3(team0) entered disabled state [ 108.780457][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.806784][ T8072] netlink: 'syz.4.1605': attribute type 10 has an invalid length. [ 108.808728][ T8066] team0: left allmulticast mode [ 108.814827][ T8072] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1605'. [ 108.819602][ T8066] team_slave_0: left allmulticast mode [ 108.834127][ T8066] team_slave_1: left allmulticast mode [ 108.839740][ T8066] team0: left promiscuous mode [ 108.843961][ T8073] loop0: detected capacity change from 0 to 1024 [ 108.844552][ T8066] team_slave_0: left promiscuous mode [ 108.854480][ T8073] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 108.856557][ T8066] team_slave_1: left promiscuous mode [ 108.870794][ T8066] bridge0: port 3(team0) entered disabled state [ 108.887421][ T8073] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.929111][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.966551][ T8083] xt_l2tp: v2 tid > 0xffff: 150994944 [ 108.999072][ T8087] loop0: detected capacity change from 0 to 128 [ 109.037905][ T8087] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 109.056621][ T8066] batman_adv: batadv0: Adding interface: team0 [ 109.063213][ T8066] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.088522][ T8066] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 109.099048][ T8087] ext4 filesystem being mounted at /287/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 109.120578][ T3581] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 109.128899][ T3581] FAT-fs (loop3): Filesystem has been set read-only [ 109.145868][ T3581] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 109.169785][ T8090] FAULT_INJECTION: forcing a failure. [ 109.169785][ T8090] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.182897][ T8090] CPU: 1 UID: 0 PID: 8090 Comm: syz.1.1615 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 109.182930][ T8090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 109.182990][ T8090] Call Trace: [ 109.182997][ T8090] [ 109.183065][ T8090] dump_stack_lvl+0xf6/0x150 [ 109.183159][ T8090] dump_stack+0x15/0x1a [ 109.183179][ T8090] should_fail_ex+0x261/0x270 [ 109.183211][ T8090] should_fail+0xb/0x10 [ 109.183330][ T8090] should_fail_usercopy+0x1a/0x20 [ 109.183362][ T8090] strncpy_from_user+0x25/0x230 [ 109.183388][ T8090] ? kstrtouint_from_user+0xbf/0x100 [ 109.183422][ T8090] path_setxattrat+0xef/0x320 [ 109.183473][ T8090] __x64_sys_lsetxattr+0x71/0x90 [ 109.183529][ T8090] x64_sys_call+0x2014/0x2e10 [ 109.183551][ T8090] do_syscall_64+0xc9/0x1c0 [ 109.183584][ T8090] ? clear_bhb_loop+0x25/0x80 [ 109.183605][ T8090] ? clear_bhb_loop+0x25/0x80 [ 109.183626][ T8090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.183731][ T8090] RIP: 0033:0x7efc52edd169 [ 109.183749][ T8090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.183770][ T8090] RSP: 002b:00007efc5153f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 109.183791][ T8090] RAX: ffffffffffffffda RBX: 00007efc530f5fa0 RCX: 00007efc52edd169 [ 109.183806][ T8090] RDX: 0000200000000040 RSI: 00002000000000c0 RDI: 0000200000000100 [ 109.183866][ T8090] RBP: 00007efc5153f090 R08: 0000000000000000 R09: 0000000000000000 [ 109.183877][ T8090] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000001 [ 109.183891][ T8090] R13: 0000000000000000 R14: 00007efc530f5fa0 R15: 00007fff2519ca58 [ 109.183980][ T8090] [ 109.186370][ T8072] team0: entered promiscuous mode [ 109.194174][ T3581] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 109.198550][ T8072] team_slave_0: entered promiscuous mode [ 109.241479][ T3581] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 109.242598][ T8072] team_slave_1: entered promiscuous mode [ 109.396712][ T8072] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.404370][ T3306] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 109.404533][ T8092] loop3: detected capacity change from 0 to 512 [ 109.413488][ T8072] batman_adv: batadv0: Interface activated: team0 [ 109.426185][ T8072] batman_adv: batadv0: Interface deactivated: team0 [ 109.433057][ T8072] batman_adv: batadv0: Removing interface: team0 [ 109.457672][ T8072] bridge0: port 3(team0) entered blocking state [ 109.463269][ T8097] loop0: detected capacity change from 0 to 1024 [ 109.463976][ T8072] bridge0: port 3(team0) entered disabled state [ 109.473020][ T8097] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 109.485716][ T8072] team0: entered allmulticast mode [ 109.491001][ T8072] team_slave_0: entered allmulticast mode [ 109.496746][ T8072] team_slave_1: entered allmulticast mode [ 109.517577][ T8097] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.518017][ T8072] bridge0: port 3(team0) entered blocking state [ 109.536330][ T8072] bridge0: port 3(team0) entered forwarding state [ 109.580345][ T8092] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.612103][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.622746][ T8092] ext4 filesystem being mounted at /343/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 109.634557][ T8092] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1616'. [ 109.800728][ T8118] FAULT_INJECTION: forcing a failure. [ 109.800728][ T8118] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.805302][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.813851][ T8118] CPU: 1 UID: 0 PID: 8118 Comm: syz.2.1627 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 109.813886][ T8118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 109.813901][ T8118] Call Trace: [ 109.813907][ T8118] [ 109.813916][ T8118] dump_stack_lvl+0xf6/0x150 [ 109.813943][ T8118] dump_stack+0x15/0x1a [ 109.813964][ T8118] should_fail_ex+0x261/0x270 [ 109.814069][ T8118] should_fail+0xb/0x10 [ 109.814128][ T8118] should_fail_usercopy+0x1a/0x20 [ 109.814164][ T8118] _copy_from_user+0x1c/0xa0 [ 109.814206][ T8118] core_sys_select+0x1f0/0x6d0 [ 109.814298][ T8118] ? set_user_sigmask+0x88/0x190 [ 109.814335][ T8118] __se_sys_pselect6+0x212/0x270 [ 109.814381][ T8118] __x64_sys_pselect6+0x78/0x90 [ 109.814422][ T8118] x64_sys_call+0x1c26/0x2e10 [ 109.814487][ T8118] do_syscall_64+0xc9/0x1c0 [ 109.814531][ T8118] ? clear_bhb_loop+0x25/0x80 [ 109.814558][ T8118] ? clear_bhb_loop+0x25/0x80 [ 109.814586][ T8118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.814613][ T8118] RIP: 0033:0x7fee1b60d169 [ 109.814631][ T8118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.814688][ T8118] RSP: 002b:00007fee19c77038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 109.814713][ T8118] RAX: ffffffffffffffda RBX: 00007fee1b825fa0 RCX: 00007fee1b60d169 [ 109.814728][ T8118] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000040 [ 109.814743][ T8118] RBP: 00007fee19c77090 R08: 0000000000000000 R09: 0000000000000000 [ 109.814758][ T8118] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001 [ 109.814773][ T8118] R13: 0000000000000000 R14: 00007fee1b825fa0 R15: 00007ffcd0f16de8 [ 109.814829][ T8118] [ 110.022088][ T8130] netlink: 'syz.0.1626': attribute type 10 has an invalid length. [ 110.067049][ T8134] netlink: 'syz.3.1629': attribute type 10 has an invalid length. [ 110.075147][ T8138] netlink: 'syz.0.1626': attribute type 10 has an invalid length. [ 110.083105][ T8138] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1626'. [ 110.094825][ T8130] bridge0: port 1(team0) entered disabled state [ 110.103207][ T8130] team0: left allmulticast mode [ 110.108527][ T8130] team0: left promiscuous mode [ 110.113755][ T8130] bridge0: port 1(team0) entered disabled state [ 110.118250][ T8140] netlink: 'syz.3.1629': attribute type 10 has an invalid length. [ 110.128006][ T8140] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1629'. [ 110.150080][ T8130] batman_adv: batadv0: Adding interface: team0 [ 110.156476][ T8130] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.182121][ T8130] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 110.199757][ T8136] ªªªªªª: renamed from vlan0 (while UP) [ 110.207108][ T8138] team0: entered promiscuous mode [ 110.230628][ T8138] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.237946][ T8138] batman_adv: batadv0: Interface activated: team0 [ 110.238142][ T8145] syz.4.1636 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 110.244459][ T8138] batman_adv: batadv0: Interface deactivated: team0 [ 110.261470][ T8138] batman_adv: batadv0: Removing interface: team0 [ 110.268773][ T8138] bridge0: port 1(team0) entered blocking state [ 110.275160][ T8138] bridge0: port 1(team0) entered disabled state [ 110.308659][ T8138] team0: entered allmulticast mode [ 110.327063][ T8134] bridge0: port 3(team0) entered disabled state [ 110.350441][ T8134] team0: left allmulticast mode [ 110.355546][ T8134] team_slave_0: left allmulticast mode [ 110.361319][ T8134] team_slave_1: left allmulticast mode [ 110.366832][ T8134] team0: left promiscuous mode [ 110.371695][ T8134] team_slave_0: left promiscuous mode [ 110.377354][ T8134] team_slave_1: left promiscuous mode [ 110.383200][ T8134] bridge0: port 3(team0) entered disabled state [ 110.394749][ T8134] batman_adv: batadv0: Adding interface: team0 [ 110.401120][ T8134] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.428701][ T8134] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 110.450813][ T8140] team0: entered promiscuous mode [ 110.455958][ T8140] team_slave_0: entered promiscuous mode [ 110.461765][ T8140] team_slave_1: entered promiscuous mode [ 110.474644][ T8140] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.482419][ T8140] batman_adv: batadv0: Interface activated: team0 [ 110.488971][ T8140] batman_adv: batadv0: Interface deactivated: team0 [ 110.495674][ T8140] batman_adv: batadv0: Removing interface: team0 [ 110.504012][ T8140] bridge0: port 3(team0) entered blocking state [ 110.510369][ T8140] bridge0: port 3(team0) entered disabled state [ 110.516828][ T8140] team0: entered allmulticast mode [ 110.521990][ T8140] team_slave_0: entered allmulticast mode [ 110.527797][ T8140] team_slave_1: entered allmulticast mode [ 110.542418][ T8140] bridge0: port 3(team0) entered blocking state [ 110.548968][ T8140] bridge0: port 3(team0) entered forwarding state [ 110.560262][ T8150] pim6reg1: entered promiscuous mode [ 110.565592][ T8150] pim6reg1: entered allmulticast mode [ 110.600503][ T8159] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1641'. [ 110.626378][ T8162] FAULT_INJECTION: forcing a failure. [ 110.626378][ T8162] name failslab, interval 1, probability 0, space 0, times 0 [ 110.639266][ T8162] CPU: 1 UID: 0 PID: 8162 Comm: syz.3.1642 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 110.639361][ T8162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 110.639422][ T8162] Call Trace: [ 110.639428][ T8162] [ 110.639435][ T8162] dump_stack_lvl+0xf6/0x150 [ 110.639462][ T8162] dump_stack+0x15/0x1a [ 110.639483][ T8162] should_fail_ex+0x261/0x270 [ 110.639576][ T8162] should_failslab+0x8f/0xb0 [ 110.639614][ T8162] kmem_cache_alloc_node_noprof+0x5c/0x340 [ 110.639669][ T8162] ? __alloc_skb+0x10d/0x320 [ 110.639695][ T8162] __alloc_skb+0x10d/0x320 [ 110.639724][ T8162] netlink_alloc_large_skb+0xad/0xe0 [ 110.639747][ T8162] netlink_sendmsg+0x3da/0x720 [ 110.639775][ T8162] ? __pfx_netlink_sendmsg+0x10/0x10 [ 110.639826][ T8162] __sock_sendmsg+0x140/0x180 [ 110.639868][ T8162] ____sys_sendmsg+0x350/0x4e0 [ 110.639906][ T8162] __sys_sendmsg+0x1a0/0x240 [ 110.639994][ T8162] __x64_sys_sendmsg+0x46/0x50 [ 110.640020][ T8162] x64_sys_call+0x26f3/0x2e10 [ 110.640048][ T8162] do_syscall_64+0xc9/0x1c0 [ 110.640149][ T8162] ? clear_bhb_loop+0x25/0x80 [ 110.640171][ T8162] ? clear_bhb_loop+0x25/0x80 [ 110.640192][ T8162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.640216][ T8162] RIP: 0033:0x7f5923ddd169 [ 110.640234][ T8162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.640274][ T8162] RSP: 002b:00007f592243f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 110.640297][ T8162] RAX: ffffffffffffffda RBX: 00007f5923ff5fa0 RCX: 00007f5923ddd169 [ 110.640312][ T8162] RDX: 0000000004000810 RSI: 00002000000002c0 RDI: 0000000000000005 [ 110.640327][ T8162] RBP: 00007f592243f090 R08: 0000000000000000 R09: 0000000000000000 [ 110.640341][ T8162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 110.640355][ T8162] R13: 0000000000000000 R14: 00007f5923ff5fa0 R15: 00007ffc6a5beb88 [ 110.640374][ T8162] [ 110.858999][ T8157] xt_TCPMSS: Only works on TCP SYN packets [ 110.886202][ T8167] ALSA: seq fatal error: cannot create timer (-22) [ 110.892956][ T8169] ALSA: seq fatal error: cannot create timer (-22) [ 111.033944][ T29] kauditd_printk_skb: 194 callbacks suppressed [ 111.033961][ T29] audit: type=1400 audit(1743903540.364:4510): avc: denied { setopt } for pid=8172 comm="syz.1.1647" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 111.034266][ T8176] FAULT_INJECTION: forcing a failure. [ 111.034266][ T8176] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.073658][ T8176] CPU: 0 UID: 0 PID: 8176 Comm: syz.1.1647 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 111.073682][ T8176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 111.073694][ T8176] Call Trace: [ 111.073699][ T8176] [ 111.073706][ T8176] dump_stack_lvl+0xf6/0x150 [ 111.073727][ T8176] dump_stack+0x15/0x1a [ 111.073743][ T8176] should_fail_ex+0x261/0x270 [ 111.073768][ T8176] should_fail+0xb/0x10 [ 111.073804][ T8176] should_fail_usercopy+0x1a/0x20 [ 111.073844][ T8176] _copy_from_user+0x1c/0xa0 [ 111.073899][ T8176] copy_msghdr_from_user+0x54/0x2b0 [ 111.073929][ T8176] ? __fget_files+0x186/0x1c0 [ 111.073947][ T8176] __sys_sendmsg+0x141/0x240 [ 111.074011][ T8176] __x64_sys_sendmsg+0x46/0x50 [ 111.074034][ T8176] x64_sys_call+0x26f3/0x2e10 [ 111.074093][ T8176] do_syscall_64+0xc9/0x1c0 [ 111.074118][ T8176] ? clear_bhb_loop+0x25/0x80 [ 111.074137][ T8176] ? clear_bhb_loop+0x25/0x80 [ 111.074155][ T8176] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.074174][ T8176] RIP: 0033:0x7efc52edd169 [ 111.074187][ T8176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.074208][ T8176] RSP: 002b:00007efc5151e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.074229][ T8176] RAX: ffffffffffffffda RBX: 00007efc530f6080 RCX: 00007efc52edd169 [ 111.074240][ T8176] RDX: 0000000000000000 RSI: 0000200000000ec0 RDI: 0000000000000003 [ 111.074250][ T8176] RBP: 00007efc5151e090 R08: 0000000000000000 R09: 0000000000000000 [ 111.074260][ T8176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.074270][ T8176] R13: 0000000000000000 R14: 00007efc530f6080 R15: 00007fff2519ca58 [ 111.074322][ T8176] [ 111.351691][ T8184] netlink: 'syz.4.1649': attribute type 21 has an invalid length. [ 111.359735][ T8184] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1649'. [ 111.422823][ T8188] sch_fq: defrate 2048 ignored. [ 111.438319][ T8190] loop0: detected capacity change from 0 to 2048 [ 111.500192][ T8190] Alternate GPT is invalid, using primary GPT. [ 111.506521][ T8190] loop0: p2 p3 p7 [ 111.522898][ T29] audit: type=1326 audit(1743903540.854:4511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8189 comm="syz.0.1652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f478f9ad169 code=0x7ffc0000 [ 111.547043][ T29] audit: type=1326 audit(1743903540.854:4512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8189 comm="syz.0.1652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f478f9ad169 code=0x7ffc0000 [ 111.570642][ T29] audit: type=1326 audit(1743903540.854:4513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8189 comm="syz.0.1652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f478f9ad169 code=0x7ffc0000 [ 111.594196][ T29] audit: type=1326 audit(1743903540.854:4514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8189 comm="syz.0.1652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f478f9ad169 code=0x7ffc0000 [ 111.605216][ T8192] netlink: 'syz.4.1653': attribute type 10 has an invalid length. [ 111.617604][ T29] audit: type=1326 audit(1743903540.854:4515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8189 comm="syz.0.1652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f478f9ad169 code=0x7ffc0000 [ 111.617691][ T29] audit: type=1326 audit(1743903540.854:4516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8189 comm="syz.0.1652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f478f9ad169 code=0x7ffc0000 [ 111.640937][ T8192] bridge0: port 3(team0) entered disabled state [ 111.649245][ T29] audit: type=1326 audit(1743903540.854:4517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8189 comm="syz.0.1652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f478f9ad169 code=0x7ffc0000 [ 111.702020][ T29] audit: type=1326 audit(1743903540.854:4518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8189 comm="syz.0.1652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f478f9ad169 code=0x7ffc0000 [ 111.725412][ T29] audit: type=1326 audit(1743903540.854:4519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8189 comm="syz.0.1652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f478f9ad169 code=0x7ffc0000 [ 111.733365][ T8195] netlink: 'syz.4.1653': attribute type 10 has an invalid length. [ 111.750139][ T8192] team0: left allmulticast mode [ 111.756785][ T8195] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1653'. [ 111.770979][ T8192] team_slave_0: left allmulticast mode [ 111.776684][ T8192] team_slave_1: left allmulticast mode [ 111.782222][ T8192] team0: left promiscuous mode [ 111.787137][ T8192] team_slave_0: left promiscuous mode [ 111.792728][ T8192] team_slave_1: left promiscuous mode [ 111.798661][ T8192] bridge0: port 3(team0) entered disabled state [ 111.809066][ T8192] batman_adv: batadv0: Adding interface: team0 [ 111.815391][ T8192] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.840935][ T8192] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 111.882960][ T8197] netlink: 'syz.1.1654': attribute type 10 has an invalid length. [ 111.908831][ T8197] batman_adv: batadv0: Adding interface: team0 [ 111.915105][ T8197] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.940354][ T8197] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 111.961062][ T8198] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1654'. [ 111.970471][ T8195] team0: entered promiscuous mode [ 111.975538][ T8195] team_slave_0: entered promiscuous mode [ 111.981333][ T8195] team_slave_1: entered promiscuous mode [ 111.989480][ T8195] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.996641][ T8195] batman_adv: batadv0: Interface activated: team0 [ 112.003175][ T8195] batman_adv: batadv0: Interface deactivated: team0 [ 112.009864][ T8195] batman_adv: batadv0: Removing interface: team0 [ 112.020276][ T8195] bridge0: port 3(team0) entered blocking state [ 112.026587][ T8195] bridge0: port 3(team0) entered disabled state [ 112.034125][ T8195] team0: entered allmulticast mode [ 112.039334][ T8195] team_slave_0: entered allmulticast mode [ 112.045079][ T8195] team_slave_1: entered allmulticast mode [ 112.052706][ T8195] bridge0: port 3(team0) entered blocking state [ 112.059089][ T8195] bridge0: port 3(team0) entered forwarding state [ 112.065869][ T8198] team0: entered promiscuous mode [ 112.070963][ T8198] team_slave_0: entered promiscuous mode [ 112.076784][ T8198] team_slave_1: entered promiscuous mode [ 112.093065][ T8198] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.100537][ T8198] batman_adv: batadv0: Interface activated: team0 [ 112.107031][ T8198] batman_adv: batadv0: Interface deactivated: team0 [ 112.113687][ T8198] batman_adv: batadv0: Removing interface: team0 [ 112.121793][ T8198] bridge0: port 3(team0) entered blocking state [ 112.128262][ T8198] bridge0: port 3(team0) entered disabled state [ 112.128740][ T8198] team0: entered allmulticast mode [ 112.128756][ T8198] team_slave_0: entered allmulticast mode [ 112.128773][ T8198] team_slave_1: entered allmulticast mode [ 112.130156][ T8198] bridge0: port 3(team0) entered blocking state [ 112.158940][ T8198] bridge0: port 3(team0) entered forwarding state [ 112.307971][ T8216] loop3: detected capacity change from 0 to 128 [ 112.341225][ T8216] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 112.345686][ T8224] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1664'. [ 112.380615][ T8216] ext4 filesystem being mounted at /352/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.391590][ T8224] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1664'. [ 112.400720][ T8220] loop0: detected capacity change from 0 to 512 [ 112.436873][ T8220] EXT4-fs (loop0): filesystem is read-only [ 112.502476][ T3302] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 112.521001][ T8234] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1668'. [ 112.543291][ T8236] loop3: detected capacity change from 0 to 1024 [ 112.543737][ T8236] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 112.545664][ T8236] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.588015][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.638871][ T8246] loop3: detected capacity change from 0 to 256 [ 112.673509][ T8250] sch_fq: defrate 2048 ignored. [ 112.752731][ T3546] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 112.760645][ T3546] FAT-fs (loop3): Filesystem has been set read-only [ 112.804840][ T3546] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 112.813338][ T3546] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 112.827917][ T3546] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 112.992082][ T8263] loop2: detected capacity change from 0 to 256 [ 113.062262][ T8272] loop3: detected capacity change from 0 to 256 [ 113.096575][ T3589] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 113.104491][ T3589] FAT-fs (loop2): Filesystem has been set read-only [ 113.112914][ T3589] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 113.123920][ T3589] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 113.133049][ T3589] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097162) [ 113.170629][ T8279] loop2: detected capacity change from 0 to 128 [ 113.205998][ T3546] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 113.213973][ T3546] FAT-fs (loop3): Filesystem has been set read-only [ 113.229403][ T3546] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 113.244305][ T3546] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 113.252536][ T3546] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097162) [ 113.603762][ T8323] loop2: detected capacity change from 0 to 8192 [ 113.660261][ T8337] ================================================================== [ 113.668385][ T8337] BUG: KCSAN: data-race in call_rcu / mtree_range_walk [ 113.675268][ T8337] [ 113.677598][ T8337] write to 0xffff8881034e9908 of 8 bytes by task 8334 on cpu 1: [ 113.685322][ T8337] call_rcu+0x49/0x430 [ 113.689397][ T8337] mas_wmb_replace+0xcea/0x1510 [ 113.694250][ T8337] mas_wr_store_entry+0x158c/0x2460 [ 113.699548][ T8337] mas_store_prealloc+0x6d5/0x960 [ 113.704585][ T8337] vma_iter_store_new+0x1d3/0x210 [ 113.709611][ T8337] mmap_region+0xe0c/0x1490 [ 113.714114][ T8337] do_mmap+0x9ef/0xc80 [ 113.718190][ T8337] vm_mmap_pgoff+0x16d/0x2d0 [ 113.722788][ T8337] ksys_mmap_pgoff+0xd0/0x340 [ 113.727476][ T8337] x64_sys_call+0x1945/0x2e10 [ 113.732160][ T8337] do_syscall_64+0xc9/0x1c0 [ 113.736676][ T8337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.742571][ T8337] [ 113.744907][ T8337] read to 0xffff8881034e9908 of 8 bytes by task 8337 on cpu 0: [ 113.752684][ T8337] mtree_range_walk+0x2a7/0x460 [ 113.757545][ T8337] mas_walk+0x16e/0x320 [ 113.761709][ T8337] lock_vma_under_rcu+0xa7/0x340 [ 113.766663][ T8337] exc_page_fault+0x150/0x6a0 [ 113.771348][ T8337] asm_exc_page_fault+0x26/0x30 [ 113.776204][ T8337] [ 113.778525][ T8337] value changed: 0x0000555577834fff -> 0xffff8881034e9b08 [ 113.785637][ T8337] [ 113.787973][ T8337] Reported by Kernel Concurrency Sanitizer on: [ 113.794127][ T8337] CPU: 0 UID: 0 PID: 8337 Comm: syz.0.1705 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) [ 113.806194][ T8337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 113.816255][ T8337] ==================================================================