last executing test programs: 2.844238884s ago: executing program 1 (id=172): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000000)={0x1, 0x0, 0x0, 0xffffffff}) 2.782516894s ago: executing program 1 (id=175): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x6, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000002000000000000000000000085000000bc00000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x41000, 0x6c, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) write$evdev(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, r2, 0x25, 0x0, @val=@iter={0x0}}, 0x20) syz_emit_ethernet(0x2dc00, &(0x7f0000000300)=ANY=[], 0x0) 2.752448404s ago: executing program 1 (id=177): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) timer_create(0x2, &(0x7f0000000480)={0x0, 0x21, 0x2}, &(0x7f00000004c0)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 1.149628394s ago: executing program 0 (id=209): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x14, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000ac0)={r2, r3}, 0xc) 1.093472924s ago: executing program 4 (id=212): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0xf5, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a30"], 0x84}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000) 1.058428235s ago: executing program 4 (id=213): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000020850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r3 = dup2(r2, r2) write$tun(r3, 0x0, 0x46) lsetxattr$security_selinux(0x0, 0x0, 0x0, 0x0, 0x2) 1.043526144s ago: executing program 0 (id=214): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001080)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xe, 0xffff}, {0x3, 0xfff1}, {0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0xc040) 998.300005ms ago: executing program 4 (id=217): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[], 0xa0}}, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="5800000010000300"/20, @ANYRES32=r3, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028005000c00"], 0x58}, 0x1, 0x2}, 0x0) sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0) 921.486745ms ago: executing program 0 (id=219): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7dc470d00281f324, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x47, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x18) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r2, 0x2007ffc) sendfile(r2, r2, 0x0, 0x800000009) 921.202815ms ago: executing program 1 (id=220): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r1}, 0x10) r2 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, 0x0, 0xf00) 872.682765ms ago: executing program 1 (id=222): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)={0x114, 0x29, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x103, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac0b}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @loopback}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8", @typed={0x8, 0x145, 0x0, 0x0, @ipv4=@remote}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) 796.678676ms ago: executing program 4 (id=223): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r2, 0x0, 0xf3a, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000240)=0x1) ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x10001) write(r0, 0x0, 0x0) 724.715876ms ago: executing program 2 (id=224): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r0}, &(0x7f0000000740), &(0x7f0000000780)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r1, 0x0, 0x2}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e000000080000000000180003801400038010"], 0x44}}, 0x20008000) 703.801276ms ago: executing program 3 (id=225): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @loopback}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) 691.608257ms ago: executing program 1 (id=226): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@nobarrier}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x4, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r2, &(0x7f00000001c0)="f1", 0x1) sendfile(r2, r0, 0x0, 0x40001) sendfile(r2, r1, 0x0, 0x7ffff000) creat(&(0x7f00000000c0)='./bus\x00', 0x182) 592.298527ms ago: executing program 2 (id=227): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$iso9660(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="63727566742c6d61703d6e6f726d616c2c73657373696f6e3d3078303030303030303030303030303031362c636865636b3d72656c617865642c636865636b3d72656c617865642c004ebe02d83839c183098ea4c343c253a3817a1be99fce11d4eb199c8293a8e4edde99717f074b2f8657ce6ba6ad43223cc53c7956558e58c034cc0480ac8c6aa3dc369cd820bf5e83cbc56c0a80d15de24e02d679ed41f8c6c857ae056f277f0cf61fd89cdbf69e958ecb1fb37260f1579c4aa969bbd1f441590c9176efa1e5b98583b0ed66fdc6f1c3311d3033b260303cc6556bd6ce3d5e3c85b1d4cf3d35b7dbce8b8545f832c1346e6a0dd95ed6144444fba9592efe8559", @ANYRES8, @ANYRES32=0x0, @ANYRES64], 0x1, 0x53b, &(0x7f0000000ac0)="$eJzs3d9r2+YawPFHaUJSF8rhnEMpIWnfpudACqmPbLcpppwLTX7tvK0sGUkuyVUJjVNCnW40Gyy5Gb3pNtj+iN7ujxj7h8pud5chyW6dX1ZIUzuE78e072vpsd5HstGDYksSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAglluz7ZIlnvHbq+pkbi0MmkPm95d370AzZFwRK/knMzNyM5t089+fZt9I/luQuezZnMwkzYzsXbvxj8f/mpzov35IQiOxs7v3ar3b7bwZdyJj0tC+iQLTdBpamShQ1asislKPVN14OlqLYt1UbqidOAjVontPlarVitLFtaDtN2qOp/sTH90v2/ayelJsaSeMAv9/T4qRu2I8z/iNNCaZncQ8Sj6IT02sYu00ldrc6nYqeUkmQaXTBJXzgsp2uVwqlcul5YfVh49se/LIBPsQORIx/g8txuuc9+DA2U306r94YsSXtqyKOvbhSk1CCaR5wvyefv3/7/TwcQfrf7/K3/w0e1bS+n8re3brpPp/Qi6je+zIruzJK1mXrnSlI2/GntFoHw3R4ouRSAIx0hQnnaJ6U5RUZVmWxZbnsiJ1iURJXYx4oiWSNYkkFp1+olwJRYsjsQQSipJFceWeKCnJ/nRVKqJES1HWJJC2+NKQmjjpUjZlK93ulSE5fgwqnSaoPCSI+o/Pd+77cOCs9vv1HwAAAAAAXFpW+tf35Ph/SuZFpiypG0/b404LAAAAAACco/Sb/7mkmUp682Jx/A8AAAAAwGVjpefYWSJSkNtZr38mFH8EAAAAAADgkki//7+VNIWkd1ssjv8BAAAAALhsfupffXfi0DV2/0inWpZErWnr9z8lDKest63V/1jbTjLD2b6Sve7K4SXG9Vnrem8habM82Xvm6jmrd/XLjxfB/NBrNvOu9W+dQwLyi9zJYu5sZO1Gf042SqFuPF10A+9xSRzn+kSsV+PvXm99L+nq/+w3r1uyudXtFF983d1Ic3mbLOXtdu8Cikeuozgkl29lPouZP36Np9ITMXrjFrJx7cH1n+i/cacf850sZDELhawtHFz/mWTMUvFxfz0OrX2WxfSMyGet+Tu5m8XcXbybNcdkUS6e9B70tkV5cPufaVucIotKXhaVvCyu/X9oFgAwLps5Vcg6WvjPsK8dTXV/J4tZzOJsumOdnD1mj27n7dHtz6zrvx25B9LxNbaUjvtrMu4PstXtlNJx3ycveH/iuJFXtkQmRfa3v5EbO7t797e21192XnZel8uVZfuBbT8sy9Tm1mTHTppux6b2AACOkX+PndwI60HOUfU/P/6koCgvRP7a39+QpfRsg/QXB8cutTDwM4SlnKPWwsAdXpZyjuoKAzd6OX1sZQTvBAAAo7OQU4dPU/+Xco67D9by4UfHg7UcAAB8GTr8YBXiH60wNK3npWq15MQrWoWB+1SFptbQyvixDt0Vx29o1QqDOHADL+k8MzUdqajdagVhrOpBqFpBZFbTO7+r3q3fI910/Ni4UcvTTqSVG/ix48aqZiJXtdpfeSZa0WH64qilXVM3rhObwFdR0A5dXVQq0nog0NS0H5u6Sbq+aoWm6YRr6lngtZta1XTkhqYVB9kC+2MZvx6EzXSxxXFvbAAALoid3b1X691u580X7Ix7HQEAwEFUaQAAAAAAAAAAAAAAAAAAAAAALr78E/iujuQcwYvVmb4YaYy7M3Ex0sg6M4Mf2wuQz7l1LLkQaRzujG+fBGA0/g4AAP//CXJN1A==") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x18) r2 = inotify_init() inotify_add_watch(r2, &(0x7f0000000000)='./file0\x00', 0xa0) 591.069268ms ago: executing program 3 (id=228): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r1, 0x0, 0x115}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEAUTHENTICATE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="c50f000000000000000011"], 0x24}}, 0x0) 572.409428ms ago: executing program 4 (id=229): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x77a}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) 544.760617ms ago: executing program 0 (id=230): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r1, 0x0, 0x2}, 0x18) r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$notify(r2, 0x402, 0x29) r3 = syz_open_procfs(0x0, &(0x7f0000000380)='map_files\x00') getdents64(r3, &(0x7f0000000fc0)=""/224, 0xe0) 538.680577ms ago: executing program 3 (id=231): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x9, 0x0, 0x7ffc0002}]}) r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) r3 = fsmount(r0, 0x0, 0x8) fchmodat(r3, &(0x7f0000000300)='.\x00', 0xffffffd3) 492.025078ms ago: executing program 4 (id=232): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000680)='sched_switch\x00', r1}, 0x18) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x58}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) 471.338848ms ago: executing program 3 (id=233): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x16, 0x0, 0x4, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) sendmmsg$inet(r2, &(0x7f0000000240)=[{{&(0x7f00000007c0)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a90500040000746400009e150451160200000064c6", 0x15}, {&(0x7f0000000800)="17460081ba60ccbb9d000000000000", 0xf}], 0x2}}, {{&(0x7f0000000080)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000780)="5825be06000000000000007ca2746314d1787b35", 0x14}], 0x1}}], 0x2, 0x4004040) 449.762628ms ago: executing program 2 (id=234): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x40010) 386.819028ms ago: executing program 2 (id=235): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x5, 0x4, 0x7fff, 0xc}, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002008007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000200)='signal_deliver\x00', r2}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 201.07525ms ago: executing program 0 (id=236): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001b40)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10) r2 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2082) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$SG_IO(r3, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0}) 176.00643ms ago: executing program 2 (id=237): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000840)='scmi_xfer_begin\x00', 0xffffffffffffffff, 0x0, 0x309130b6}, 0x18) r0 = syz_io_uring_setup(0x5f4b, &(0x7f0000000100)={0x0, 0x1568, 0x10000, 0x2, 0x285}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_setup(0xbdc, 0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', r4, 0x0, 0x7fffffffffffffff}, 0x18) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000000240)="5db5bd", 0x3}], 0x10000000000002a8, 0x8, 0x1, {0x2}}) io_uring_enter(r0, 0x29ab, 0xd480, 0x0, 0x0, 0x0) 174.049759ms ago: executing program 3 (id=238): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x54}}, 0x24008844) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@newtaction={0x68, 0x30, 0x301, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0x5, 0x1, 0x1, 0x80000000}, 0x4, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4081}, 0x2400c000) 98.1691ms ago: executing program 0 (id=239): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x10000802, 0x80, 0x0, 0x40000}, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7bedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e97158cf474fec87891f6d76745b686158bbcfe8875afdef00010000000029"], 0x66) 60.09312ms ago: executing program 3 (id=240): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x2}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x78, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x48, 0x2, [@TCA_BASIC_EMATCHES={0x44, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x38, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x24, 0x2, 0x0, 0x0, {{0x0, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc}, @TCA_EM_META_RVALUE={0x4}, @TCA_EM_META_LVALUE={0x8, 0x2, [@TCF_META_TYPE_INT]}]}}]}]}]}}]}, 0x78}}, 0x0) 0s ago: executing program 2 (id=241): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) syz_io_uring_setup(0x1d1f, &(0x7f0000000200)={0x0, 0xcd1d, 0x10100, 0x0, 0xaa}, 0x0, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.244' (ED25519) to the list of known hosts. [ 34.912695][ T29] audit: type=1400 audit(1762456393.234:62): avc: denied { mounton } for pid=3303 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 34.936051][ T29] audit: type=1400 audit(1762456393.264:63): avc: denied { mount } for pid=3303 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 34.937042][ T3303] cgroup: Unknown subsys name 'net' [ 34.963930][ T29] audit: type=1400 audit(1762456393.294:64): avc: denied { unmount } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 35.103469][ T3303] cgroup: Unknown subsys name 'cpuset' [ 35.109887][ T3303] cgroup: Unknown subsys name 'rlimit' [ 35.250767][ T29] audit: type=1400 audit(1762456393.574:65): avc: denied { setattr } for pid=3303 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 35.274288][ T29] audit: type=1400 audit(1762456393.574:66): avc: denied { create } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.294760][ T29] audit: type=1400 audit(1762456393.574:67): avc: denied { write } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.315135][ T29] audit: type=1400 audit(1762456393.574:68): avc: denied { read } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.335557][ T29] audit: type=1400 audit(1762456393.604:69): avc: denied { mounton } for pid=3303 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 35.345067][ T3307] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 35.360385][ T29] audit: type=1400 audit(1762456393.604:70): avc: denied { mount } for pid=3303 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 35.392157][ T29] audit: type=1400 audit(1762456393.704:71): avc: denied { relabelto } for pid=3307 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 35.440567][ T3303] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 37.222316][ T3315] chnl_net:caif_netlink_parms(): no params data found [ 37.273070][ T3321] chnl_net:caif_netlink_parms(): no params data found [ 37.326206][ T3313] chnl_net:caif_netlink_parms(): no params data found [ 37.352547][ T3315] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.359705][ T3315] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.366979][ T3315] bridge_slave_0: entered allmulticast mode [ 37.373355][ T3315] bridge_slave_0: entered promiscuous mode [ 37.395212][ T3315] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.402283][ T3315] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.409520][ T3315] bridge_slave_1: entered allmulticast mode [ 37.415936][ T3315] bridge_slave_1: entered promiscuous mode [ 37.429829][ T3322] chnl_net:caif_netlink_parms(): no params data found [ 37.472288][ T3321] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.479406][ T3321] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.486544][ T3321] bridge_slave_0: entered allmulticast mode [ 37.493046][ T3321] bridge_slave_0: entered promiscuous mode [ 37.501829][ T3321] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.508961][ T3321] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.516299][ T3321] bridge_slave_1: entered allmulticast mode [ 37.522870][ T3321] bridge_slave_1: entered promiscuous mode [ 37.530342][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.547792][ T3314] chnl_net:caif_netlink_parms(): no params data found [ 37.567819][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.584781][ T3313] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.591929][ T3313] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.599192][ T3313] bridge_slave_0: entered allmulticast mode [ 37.605680][ T3313] bridge_slave_0: entered promiscuous mode [ 37.612329][ T3313] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.619475][ T3313] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.626625][ T3313] bridge_slave_1: entered allmulticast mode [ 37.633042][ T3313] bridge_slave_1: entered promiscuous mode [ 37.661456][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.689197][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.699633][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.709488][ T3315] team0: Port device team_slave_0 added [ 37.725794][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.735633][ T3315] team0: Port device team_slave_1 added [ 37.776848][ T3321] team0: Port device team_slave_0 added [ 37.783200][ T3313] team0: Port device team_slave_0 added [ 37.794800][ T3322] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.801888][ T3322] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.809249][ T3322] bridge_slave_0: entered allmulticast mode [ 37.815716][ T3322] bridge_slave_0: entered promiscuous mode [ 37.828357][ T3313] team0: Port device team_slave_1 added [ 37.834764][ T3321] team0: Port device team_slave_1 added [ 37.845985][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.853278][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.879254][ T3315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.890323][ T3322] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.897430][ T3322] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.904777][ T3322] bridge_slave_1: entered allmulticast mode [ 37.911316][ T3322] bridge_slave_1: entered promiscuous mode [ 37.933012][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.940023][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.965957][ T3315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.981760][ T3314] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.988930][ T3314] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.996299][ T3314] bridge_slave_0: entered allmulticast mode [ 38.002781][ T3314] bridge_slave_0: entered promiscuous mode [ 38.014165][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.021130][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.047095][ T3313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.065542][ T3314] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.072752][ T3314] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.079937][ T3314] bridge_slave_1: entered allmulticast mode [ 38.086564][ T3314] bridge_slave_1: entered promiscuous mode [ 38.093172][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.100231][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.126479][ T3321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.138095][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.145178][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.171107][ T3321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.182219][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.189234][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.215195][ T3313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.227392][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.250951][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.269412][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.291759][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.314045][ T3315] hsr_slave_0: entered promiscuous mode [ 38.319988][ T3315] hsr_slave_1: entered promiscuous mode [ 38.349362][ T3322] team0: Port device team_slave_0 added [ 38.371293][ T3314] team0: Port device team_slave_0 added [ 38.383249][ T3322] team0: Port device team_slave_1 added [ 38.390572][ T3321] hsr_slave_0: entered promiscuous mode [ 38.396720][ T3321] hsr_slave_1: entered promiscuous mode [ 38.402695][ T3321] debugfs: 'hsr0' already exists in 'hsr' [ 38.408440][ T3321] Cannot create hsr debugfs directory [ 38.417044][ T3314] team0: Port device team_slave_1 added [ 38.424992][ T3313] hsr_slave_0: entered promiscuous mode [ 38.431141][ T3313] hsr_slave_1: entered promiscuous mode [ 38.437104][ T3313] debugfs: 'hsr0' already exists in 'hsr' [ 38.442867][ T3313] Cannot create hsr debugfs directory [ 38.472210][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.479248][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.505183][ T3322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.528183][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.535292][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.561415][ T3322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.574776][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.581743][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.607822][ T3314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.639145][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.646143][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.672076][ T3314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.736736][ T3322] hsr_slave_0: entered promiscuous mode [ 38.742923][ T3322] hsr_slave_1: entered promiscuous mode [ 38.748739][ T3322] debugfs: 'hsr0' already exists in 'hsr' [ 38.754522][ T3322] Cannot create hsr debugfs directory [ 38.785326][ T3314] hsr_slave_0: entered promiscuous mode [ 38.791330][ T3314] hsr_slave_1: entered promiscuous mode [ 38.797287][ T3314] debugfs: 'hsr0' already exists in 'hsr' [ 38.803046][ T3314] Cannot create hsr debugfs directory [ 38.904432][ T3315] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 38.925892][ T3315] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 38.937487][ T3315] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 38.948127][ T3315] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 38.969808][ T3313] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 38.978826][ T3313] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 38.993956][ T3313] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 39.006753][ T3313] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 39.030663][ T3321] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 39.039888][ T3321] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 39.059072][ T3321] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 39.067957][ T3321] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 39.111784][ T3314] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 39.125472][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.135041][ T3314] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 39.144880][ T3314] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 39.161743][ T3315] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.169068][ T3314] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 39.191829][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.211559][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.218687][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.237696][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.244841][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.258315][ T3322] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 39.268202][ T3313] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.279300][ T3322] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 39.288447][ T3322] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 39.301816][ T3322] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 39.312668][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.319855][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.336874][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.343973][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.376504][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.386706][ T3315] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.415573][ T3321] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.427398][ T3313] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 39.437821][ T3313] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.476672][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.483896][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.493201][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.500347][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.537764][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.548958][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.579155][ T3322] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.591908][ T3313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.607998][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.615197][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.634093][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.654020][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.661120][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.681714][ T3322] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 39.692168][ T3322] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.713602][ T3321] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.721818][ T3314] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.744768][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.751941][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.773566][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.780666][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.806893][ T3315] veth0_vlan: entered promiscuous mode [ 39.828525][ T3314] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 39.839013][ T3314] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.867998][ T3315] veth1_vlan: entered promiscuous mode [ 39.882700][ T3322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.914300][ T3315] veth0_macvtap: entered promiscuous mode [ 39.937452][ T3315] veth1_macvtap: entered promiscuous mode [ 39.968509][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.987056][ T3321] veth0_vlan: entered promiscuous mode [ 39.995333][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.017763][ T3321] veth1_vlan: entered promiscuous mode [ 40.031292][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.049965][ T3313] veth0_vlan: entered promiscuous mode [ 40.055760][ T52] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.064844][ T52] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.079883][ T52] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.089684][ T3313] veth1_vlan: entered promiscuous mode [ 40.104486][ T52] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.116828][ T3322] veth0_vlan: entered promiscuous mode [ 40.131775][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 40.131793][ T29] audit: type=1400 audit(1762456398.454:81): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/root/syzkaller.hpzekf/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 40.164815][ T3322] veth1_vlan: entered promiscuous mode [ 40.182399][ T3322] veth0_macvtap: entered promiscuous mode [ 40.189180][ T29] audit: type=1400 audit(1762456398.454:82): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 40.210480][ T3322] veth1_macvtap: entered promiscuous mode [ 40.211332][ T29] audit: type=1400 audit(1762456398.454:83): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/root/syzkaller.hpzekf/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 40.224830][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.242302][ T29] audit: type=1400 audit(1762456398.454:84): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 40.253631][ T3313] veth0_macvtap: entered promiscuous mode [ 40.271524][ T29] audit: type=1400 audit(1762456398.454:85): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/root/syzkaller.hpzekf/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 40.279840][ T3313] veth1_macvtap: entered promiscuous mode [ 40.303720][ T29] audit: type=1400 audit(1762456398.454:86): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/root/syzkaller.hpzekf/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3779 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 40.317850][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.336747][ T29] audit: type=1400 audit(1762456398.474:87): avc: denied { unmount } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 40.336795][ T29] audit: type=1400 audit(1762456398.504:88): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 40.357261][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.363663][ T29] audit: type=1400 audit(1762456398.504:89): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="gadgetfs" ino=3782 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 40.418256][ T3315] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 40.420314][ T3321] veth0_macvtap: entered promiscuous mode [ 40.441049][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.451608][ T3473] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.473298][ T3321] veth1_macvtap: entered promiscuous mode [ 40.480350][ T29] audit: type=1400 audit(1762456398.804:90): avc: denied { read write } for pid=3315 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 40.522326][ T3473] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.536473][ T3473] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.589903][ T3473] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.600715][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.620149][ T3314] veth0_vlan: entered promiscuous mode [ 40.638845][ T3493] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3493 comm=syz.4.5 [ 40.651430][ T3473] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.661953][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.684110][ T3314] veth1_vlan: entered promiscuous mode [ 40.691914][ T3314] veth0_macvtap: entered promiscuous mode [ 40.721227][ T3449] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.721503][ T3449] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.721550][ T3449] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.750372][ T3473] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.750466][ T3473] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.750505][ T3473] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.750559][ T3473] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.751502][ T3314] veth1_macvtap: entered promiscuous mode [ 40.766407][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.767716][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.773892][ T61] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.773936][ T61] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.773977][ T61] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.774077][ T61] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.780643][ T3503] loop4: detected capacity change from 0 to 512 [ 40.834266][ T3503] EXT4-fs (loop4): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.948364][ T3511] netlink: 'syz.1.9': attribute type 5 has an invalid length. [ 41.029617][ T3503] EXT4-fs error (device loop4): htree_dirblock_to_tree:1051: inode #2: comm syz.4.8: Directory hole found for htree leaf block 0 [ 41.029795][ T3503] EXT4-fs (loop4): Remounting filesystem read-only [ 41.081424][ T3313] EXT4-fs (loop4): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 41.145044][ T3521] process 'syz.0.10' launched '/dev/fd/4' with NULL argv: empty string added [ 41.217297][ T3523] tipc: Started in network mode [ 41.217368][ T3523] tipc: Node identity ac14140f, cluster identity 4711 [ 41.217481][ T3523] tipc: New replicast peer: 255.255.255.32 [ 41.217541][ T3523] tipc: Enabled bearer , priority 10 [ 41.267570][ T3528] netlink: 24 bytes leftover after parsing attributes in process `syz.2.14'. [ 41.451216][ T3539] loop4: detected capacity change from 0 to 512 [ 41.473318][ T3539] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 41.473335][ T3539] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 41.533001][ T3539] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.19: Invalid block bitmap block 0 in block_group 0 [ 41.550168][ T3548] syzkaller1: entered promiscuous mode [ 41.550185][ T3548] syzkaller1: entered allmulticast mode [ 41.552719][ T3539] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 41.556185][ T3539] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #11: comm syz.4.19: attempt to clear invalid blocks 983261 len 1 [ 41.659261][ T3539] EXT4-fs error (device loop4): __ext4_get_inode_loc:4832: comm syz.4.19: Invalid inode table block 0 in block_group 0 [ 41.683641][ T3539] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 41.693624][ T3539] EXT4-fs error (device loop4) in ext4_orphan_del:301: Corrupt filesystem [ 41.702368][ T3539] EXT4-fs error (device loop4): __ext4_get_inode_loc:4832: comm syz.4.19: Invalid inode table block 0 in block_group 0 [ 41.715487][ T3539] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 41.739622][ T3550] Driver unsupported XDP return value 0 on prog (id 25) dev N/A, expect packet loss! [ 41.758138][ T3539] EXT4-fs error (device loop4): ext4_truncate:4637: inode #11: comm syz.4.19: mark_inode_dirty error [ 41.774478][ T3539] EXT4-fs error (device loop4) in ext4_process_orphan:343: Corrupt filesystem [ 41.809448][ T3539] EXT4-fs error (device loop4): __ext4_get_inode_loc:4832: comm syz.4.19: Invalid inode table block 0 in block_group 0 [ 41.823518][ T3562] loop3: detected capacity change from 0 to 512 [ 41.830083][ T3562] ======================================================= [ 41.830083][ T3562] WARNING: The mand mount option has been deprecated and [ 41.830083][ T3562] and is ignored by this kernel. Remove the mand [ 41.830083][ T3562] option from the mount to silence this warning. [ 41.830083][ T3562] ======================================================= [ 41.872971][ T3539] EXT4-fs (loop4): 1 truncate cleaned up [ 41.882032][ T3539] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.904062][ T3562] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.923120][ T3562] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.950114][ T3396] Process accounting resumed [ 41.976655][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.033788][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.084034][ T3576] netlink: 12 bytes leftover after parsing attributes in process `syz.4.33'. [ 42.102989][ T3577] netlink: 24 bytes leftover after parsing attributes in process `syz.2.31'. [ 42.332931][ T3396] tipc: Node number set to 2886997007 [ 42.359806][ T3601] netem: incorrect ge model size [ 42.364957][ T3601] netem: change failed [ 42.500009][ T3616] netlink: 24 bytes leftover after parsing attributes in process `syz.4.48'. [ 42.521130][ T3616] netlink: 4 bytes leftover after parsing attributes in process `syz.4.48'. [ 42.964302][ T3657] netlink: 64 bytes leftover after parsing attributes in process `syz.4.57'. [ 43.026486][ T3667] loop3: detected capacity change from 0 to 164 [ 43.033340][ T3666] capability: warning: `syz.0.61' uses deprecated v2 capabilities in a way that may be insecure [ 43.194269][ T3688] netlink: 8 bytes leftover after parsing attributes in process `syz.3.72'. [ 43.219017][ T3690] syz.0.73 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 43.300542][ T3700] netlink: 12 bytes leftover after parsing attributes in process `syz.0.78'. [ 43.352328][ T3706] sd 0:0:1:0: device reset [ 43.383489][ T3710] netlink: 'syz.0.80': attribute type 4 has an invalid length. [ 43.413482][ T3710] netlink: 'syz.0.80': attribute type 4 has an invalid length. [ 43.489585][ T3715] netlink: 28 bytes leftover after parsing attributes in process `syz.2.84'. [ 43.500047][ T3715] netem: change failed [ 43.695293][ T3731] netlink: 4 bytes leftover after parsing attributes in process `syz.1.92'. [ 44.238658][ T3763] syz.3.106 (3763) used greatest stack depth: 10160 bytes left [ 44.303309][ T3785] netlink: 'syz.3.116': attribute type 13 has an invalid length. [ 44.348134][ T3790] loop2: detected capacity change from 0 to 512 [ 44.409375][ T3794] loop4: detected capacity change from 0 to 512 [ 44.420261][ T3790] ext2: Unknown parameter 'noacl' [ 44.430422][ T3794] journal_path: Non-blockdev passed as './bus' [ 44.436671][ T3794] EXT4-fs: error: could not find journal device path [ 44.570273][ T3785] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.577579][ T3785] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.679246][ T3785] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 44.690850][ T3785] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 44.809856][ T3473] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.843066][ T3473] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.870113][ T3473] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.900616][ T3473] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.150318][ T29] kauditd_printk_skb: 186 callbacks suppressed [ 45.150336][ T29] audit: type=1326 audit(1762456403.474:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3824 comm="syz.3.133" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7cde2cf6c9 code=0x0 [ 45.467045][ T29] audit: type=1400 audit(1762456403.784:278): avc: denied { write } for pid=3832 comm="syz.4.136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 45.610681][ T29] audit: type=1400 audit(1762456403.934:279): avc: denied { setopt } for pid=3838 comm="syz.2.140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 45.696571][ T29] audit: type=1400 audit(1762456404.024:280): avc: denied { bind } for pid=3841 comm="syz.1.141" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 45.767790][ T3846] loop2: detected capacity change from 0 to 512 [ 45.826039][ T3846] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.142: bad orphan inode 11862016 [ 45.871776][ T29] audit: type=1400 audit(1762456404.194:281): avc: denied { create } for pid=3850 comm="syz.4.143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 45.940224][ T3846] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 45.992050][ T29] audit: type=1400 audit(1762456404.314:282): avc: denied { write } for pid=3852 comm="syz.4.144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 46.067585][ T29] audit: type=1400 audit(1762456404.394:283): avc: denied { mount } for pid=3845 comm="syz.2.142" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 46.067585][ T3846] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.115294][ T29] audit: type=1326 audit(1762456404.444:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3856 comm="syz.3.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cde2cf6c9 code=0x7ffc0000 [ 46.332667][ T29] audit: type=1326 audit(1762456404.474:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3856 comm="syz.3.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cde2cf6c9 code=0x7ffc0000 [ 46.356083][ T29] audit: type=1326 audit(1762456404.474:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3856 comm="syz.3.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cde2cf6c9 code=0x7ffc0000 [ 46.503670][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 46.529319][ T3859] syzkaller0: entered promiscuous mode [ 46.534941][ T3859] syzkaller0: entered allmulticast mode [ 47.096205][ T3884] loop2: detected capacity change from 0 to 128 [ 47.187221][ T3884] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 47.288375][ T3884] ext4 filesystem being mounted at /32/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 47.410765][ T3321] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 47.437592][ T3908] __nla_validate_parse: 5 callbacks suppressed [ 47.437611][ T3908] netlink: 12 bytes leftover after parsing attributes in process `syz.1.168'. [ 47.452907][ T3908] netlink: 12 bytes leftover after parsing attributes in process `syz.1.168'. [ 47.481486][ T3911] netlink: 8 bytes leftover after parsing attributes in process `syz.0.169'. [ 47.490366][ T3911] netlink: 8 bytes leftover after parsing attributes in process `syz.0.169'. [ 47.512078][ T3910] syz.2.167 uses obsolete (PF_INET,SOCK_PACKET) [ 47.702464][ T3933] loop3: detected capacity change from 0 to 512 [ 47.714520][ T3933] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 47.725465][ T3933] EXT4-fs (loop3): orphan cleanup on readonly fs [ 47.732226][ T3933] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #13: comm syz.3.180: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 47.750633][ T3933] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.180: couldn't read orphan inode 13 (err -117) [ 47.764164][ T3933] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 47.779534][ T3933] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 47.789134][ T3933] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 47.817279][ T3933] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 47.826040][ T3933] ext4 filesystem being remounted at /44/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.910268][ T3933] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.180: bg 0: block 248: padding at end of block bitmap is not set [ 47.926791][ T3933] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.180: Failed to acquire dquot type 1 [ 47.972636][ C0] hrtimer: interrupt took 46624 ns [ 47.979278][ T3933] syz.3.180 (3933) used greatest stack depth: 9472 bytes left [ 48.008055][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.274990][ T3953] hub 9-0:1.0: USB hub found [ 48.302700][ T3953] hub 9-0:1.0: 8 ports detected [ 48.386853][ T3389] kernel write not supported for file bpf-prog (pid: 3389 comm: kworker/0:3) [ 48.883782][ T3970] netlink: 8 bytes leftover after parsing attributes in process `syz.0.194'. [ 48.928421][ T3973] netlink: 14 bytes leftover after parsing attributes in process `syz.2.196'. [ 48.978795][ T3973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 49.015850][ T3973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 49.044318][ T3973] bond0 (unregistering): Released all slaves [ 49.293079][ T4002] netlink: 24 bytes leftover after parsing attributes in process `syz.2.210'. [ 49.399725][ T4012] loop2: detected capacity change from 0 to 2048 [ 49.408820][ T4016] netlink: 28 bytes leftover after parsing attributes in process `syz.4.217'. [ 49.467892][ T4016] netlink: 28 bytes leftover after parsing attributes in process `syz.4.217'. [ 49.514493][ T4021] loop0: detected capacity change from 0 to 1024 [ 49.522572][ T3496] loop2: p1 < > p4 [ 49.535619][ T3496] loop2: p4 size 8388608 extends beyond EOD, truncated [ 49.543931][ T4026] netlink: 'syz.1.222': attribute type 1 has an invalid length. [ 49.551624][ T4026] netlink: 224 bytes leftover after parsing attributes in process `syz.1.222'. [ 49.565614][ T4012] loop2: p1 < > p4 [ 49.572371][ T4012] loop2: p4 size 8388608 extends beyond EOD, truncated [ 49.587859][ T4021] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.664266][ T3496] udevd[3496]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 49.669671][ T3497] udevd[3497]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 49.704264][ T4021] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4193: comm syz.0.219: Allocating blocks 449-513 which overlap fs metadata [ 49.718797][ T4040] loop1: detected capacity change from 0 to 1024 [ 49.726012][ T4040] EXT4-fs: Ignoring removed oldalloc option [ 49.732085][ T4040] EXT4-fs: Ignoring removed bh option [ 49.753775][ T4040] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.767229][ T4017] EXT4-fs (loop0): pa ffff8881071da5b0: logic 48, phys. 177, len 21 [ 49.775319][ T4017] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4 [ 49.811549][ T4046] loop2: detected capacity change from 0 to 164 [ 49.840228][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.414674][ T4055] Set syz1 is full, maxelem 65536 reached [ 50.466103][ T4040] ================================================================== [ 50.474242][ T4040] BUG: KCSAN: data-race in file_write_and_wait_range / xas_set_mark [ 50.482261][ T4040] [ 50.484645][ T4040] write to 0xffff8881072a7254 of 4 bytes by task 4053 on cpu 1: [ 50.492740][ T4040] xas_set_mark+0x12b/0x140 [ 50.497273][ T4040] __folio_start_writeback+0x155/0x390 [ 50.502808][ T4040] ext4_bio_write_folio+0x5ad/0x9f0 [ 50.508082][ T4040] mpage_process_page_bufs+0x4a1/0x620 [ 50.513568][ T4040] mpage_prepare_extent_to_map+0x786/0xc00 [ 50.519402][ T4040] ext4_do_writepages+0xa05/0x2750 [ 50.524612][ T4040] ext4_writepages+0x176/0x300 [ 50.529405][ T4040] do_writepages+0x1c6/0x310 [ 50.534014][ T4040] file_write_and_wait_range+0x156/0x2c0 [ 50.539672][ T4040] generic_buffers_fsync_noflush+0x45/0x120 [ 50.545702][ T4040] ext4_sync_file+0x1ab/0x690 [ 50.550419][ T4040] vfs_fsync_range+0x10d/0x130 [ 50.555230][ T4040] ext4_buffered_write_iter+0x34f/0x3c0 [ 50.560804][ T4040] ext4_file_write_iter+0x387/0xf60 [ 50.566019][ T4040] iter_file_splice_write+0x666/0xa60 [ 50.571406][ T4040] direct_splice_actor+0x156/0x2a0 [ 50.576708][ T4040] splice_direct_to_actor+0x312/0x680 [ 50.582177][ T4040] do_splice_direct+0xda/0x150 [ 50.586976][ T4040] do_sendfile+0x380/0x650 [ 50.591421][ T4040] __x64_sys_sendfile64+0x105/0x150 [ 50.596640][ T4040] x64_sys_call+0x2bb4/0x3000 [ 50.601333][ T4040] do_syscall_64+0xd2/0x200 [ 50.605864][ T4040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.611767][ T4040] [ 50.614111][ T4040] read to 0xffff8881072a7254 of 4 bytes by task 4040 on cpu 0: [ 50.621677][ T4040] file_write_and_wait_range+0x10e/0x2c0 [ 50.627336][ T4040] generic_buffers_fsync_noflush+0x45/0x120 [ 50.633283][ T4040] ext4_sync_file+0x1ab/0x690 [ 50.637975][ T4040] vfs_fsync_range+0x10d/0x130 [ 50.642757][ T4040] ext4_buffered_write_iter+0x34f/0x3c0 [ 50.648321][ T4040] ext4_file_write_iter+0x387/0xf60 [ 50.653541][ T4040] iter_file_splice_write+0x666/0xa60 [ 50.658929][ T4040] direct_splice_actor+0x156/0x2a0 [ 50.664051][ T4040] splice_direct_to_actor+0x312/0x680 [ 50.669436][ T4040] do_splice_direct+0xda/0x150 [ 50.674210][ T4040] do_sendfile+0x380/0x650 [ 50.678669][ T4040] __x64_sys_sendfile64+0x105/0x150 [ 50.683906][ T4040] x64_sys_call+0x2bb4/0x3000 [ 50.688599][ T4040] do_syscall_64+0xd2/0x200 [ 50.693125][ T4040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.699038][ T4040] [ 50.701364][ T4040] value changed: 0x0a000021 -> 0x04000021 [ 50.707090][ T4040] [ 50.709424][ T4040] Reported by Kernel Concurrency Sanitizer on: [ 50.715600][ T4040] CPU: 0 UID: 0 PID: 4040 Comm: syz.1.226 Not tainted syzkaller #0 PREEMPT(voluntary) [ 50.725261][ T4040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 50.735325][ T4040] ================================================================== [ 50.871354][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.