last executing test programs: 1m34.165231661s ago: executing program 0 (id=41): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) (fail_nth: 3) 1m33.660682498s ago: executing program 0 (id=46): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)={0x4, &(0x7f0000000000)=[{0x8b53, 0x53, 0x7, 0x80000001}, {0x0, 0x40, 0x3, 0xff}, {0x5, 0xf, 0x4, 0x9}, {0x5, 0x0, 0xe2, 0x8000000}]}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) readlinkat(0xffffffffffffffff, &(0x7f0000000140)='./mnt\x00', &(0x7f0000000180)=""/10, 0xa) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000)={0xa}) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0) 1m33.617845089s ago: executing program 0 (id=47): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000001680)=ANY=[@ANYBLOB="05000000010000008e000000c9"], 0x48) (fail_nth: 3) 1m33.485878991s ago: executing program 0 (id=51): bpf$MAP_CREATE(0x0, 0x0, 0x50) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x6, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, @perf_config_ext={0x2, 0xc}, 0x0, 0x10000, 0x1, 0x1, 0x8, 0x40020005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000400)='./file1\x00', 0x3000000, &(0x7f00000003c0), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000080)='./file1\x00', 0x808080, &(0x7f0000000000), 0x2c, 0x516, &(0x7f0000000740)="$eJzs3c9vG1kdAPCvnV9umm6ysIcFAVuWhYKq2om7G632wnJBQqvVIi2cEGqjxI2i2HEUO6UJkUjPXJGoxAn+BA5IHJB64s4NblzKAalABWqQEPJq7HGbOHFiNXHcxp+PNPJ7MxN/v8/SvBc/2/MCGFpXI2I3IsYj4nZETKf7M+kWH7a25LynT3YW957sLGai0fj0n6PpmTuL7fPbLqfPmYv4JKlPHBG3trW9ulAulzbSeqFeWS/UtrZvrFQWlkvLpbVicX5ufvb9m+8Vz6ytb1V++/i7Kx/98A+///KjP+1+66dJzt9OjyVtO7NA+7Rel7GY2rcveeU+6kewARhJ2zM+6ER4IdmI+FxEvJ2Wn8kNLicAoL8ajeloTO+vd5fp4RwA4OWXvOefikw2n77/n4psNp9vzuHl3ojJbLlaq1+/U91cW4rmHNZMjGXvrJRLs+lc4UyMZZL6XLP8vF7sqN+MiNcj4hcTl5r1/GK1vDSof3oAYMhd7hj//zPRGv974BMCAHiVGckBYPgcHv/HBpIHAHB+vP8HgOGzb/w/6re6AMAFlOv47T8AcPGdOP//Zvzsx+eTCgBwTnz+DwBD5fsff5xsjb30/tdLd7c2V6t3byyVaqv5yuZifrG6sZ5frlaXm/fsqZz0fOVqdX3u3di8V6iXavVCbWv7VqW6uVa/1byv962SHxYAwOC9/tbDv2QiYveDS80t2ms5+EIAXHgucxheI4NOABiY0UEnAAyM+Xggc8Lxrl8RetD9by6dIh+g/659ocv8//H/G/y/cT7pAX1k/h+G1+nm/80ewKvM/D8Mr0YjYz1/ABgyPbyD9xVBuOBe+PN/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGGJTzS2TzadrgU9FNpvPR1yJiJkYy9xZKZdmI+K1iPjzxNhEUp8bdNIAwCll/55J1/+6Nv3OVOfR8cx/J5qPEfGTX336y3sL9frGXLL/X8/21x+k+4tHBpjofxsAgH1GO3e0x+n2ON5e3/fpk53F9naeCT7+Tmtx0STuXrq1U28ln4uxiJj8d+ZAYzJntDDx7v2IeLOz/dlnx2fSlU874yexr/QtfjRbOHUgfvZA/GzzWOsxeS0+fwa5wLB5mPQ/Hx51/WXjavMxvf4yBzvTXPz8cOf6Atr9316js/9rXe+fXMk1+5qj+r+rvcZ494/f63rs/kjji6MRe4f63/aK0Llm6aj47/QY/69f+srb3Y41fh1xLY6L3yoV6pX1Qm1r+8ZKZWG5tFxaKxbn5+Zn37/5XrHQnKMutGeqD/vHB9df697+iMku8XMntP/rPbb/N/+7/aOvHhP/m187Kn423jgmfjImfqPH+AuTv+u6fHcSf6lL+0cPxB8/8HfJvus9xn/0t+2lHk8FAM5BbWt7daFcLm0onLaQ69czX35JGqhwTGEkyu35qJcin1MXBtwxAX33/KIfdCYAAAAAAAAAAAAAAEA3tR+kt/zr44/hBt1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALq7PAgAA//+iDcmp") syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') open(&(0x7f0000000180)='./bus\x00', 0x169a7c, 0x41) capset(&(0x7f0000000a40)={0x20071026}, &(0x7f0000000280)={0x7, 0x3, 0xfffffffc, 0xa8, 0x2, 0x1}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x15, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="dbaa00fea000000071100200000000000000000000c994ba82f53c74a4e413cb173280bf06000000000000008eb54a0f77d803074b2ca40fba0be720aad24ae38f019df674fcb505a4d87ee1f4cb96afa9f1fcef07506d5453348e2c0bbf3e1ec134bfa209dd67cb74f46f26b2630905caaeeb7290e10fdcd0cb7f03928008e12a8d2ff8ba9d8ff867aa8bff030000a9f728fa9afea5f2505bceb27ac15c8eee84ed65a552ec0944fb4c3d287bef707dd5b02655318f49ae951dd33ce48e86b7c4edf3b06b22acc22b7b32f5b911c09797d7c27f69a7e05c61898f046a9b7fcc3ecc0dc1d6666c8168c0a002000a5e23b6423bc30317fd3eac5217c4a26e2c83e2193d2a0ae56412a1a5720c9ac6b611ff3d0aafb1ddcdf30f11581d8b7305abd76fd8abaa3a53e78a0100ce2af9ba7f2765fb01ca357f1983d5e47860f161cc3ba8d4f6d42929ba8cffabec57ae2b23dc489a112f415737c3fe47d50ea5308f7253e3f5441e31e3cfecec98ec3a9a0b4f3bc602f55faf179d1911eac50671bdd0524616edc65adae5e517869af358870384dda7dad3888146442108265c3d859fc3d2c77cd5f46e168cd6fa5f02533dfd2b74a451b8cd176098027c7af3e7c6d8c45a42f0d70785cf5794915d7b8e11077ef89b05d9a51c23b58bd8cc8d910f3305e8350f647c9bbece9ba891433065800360bdc1dcbc956c52949de39a380fd51ff87c38a5d702e7145a95b8970dfb2a07b23ee989cf4fee23f434ff65ea27e8f68e9e2356f2bb036c9896f04f0ef1cde81fdf37fb73ab5e5bf511ecffe7670ac2d7a976334a1e155897b159ccf7d69c2501e4406bda4dee1a05575cb8ca372d871d1c08a6799e109954d83ccbf097bee3cfc99ca946afc3b8fa0388967f6bd20fffaa8475b062babf5a9784411a8f681231d6c4b8b58d34a68eba0ea5477df06cf784112b27ec711254b4d659a6c0ed191f5602412ce16df5e61234491f77abfdae3aa01e67bbc072c3ff344133d5374a19c6bc75fdc57d0ced1d8b969d9af6640f1d318f443784c3453eac28b42aa63e082fd6cca5feaf4e5b0a8289eb744011db370e0789b0c68e1b19fc4fd0b3e579d203005554abb82ecb1b367b5357d887cff9f70850ab876d7e57f3e9314fa40c0bfbfffffffff84aacbd218b03d0cc81c31b5749827ba71ebda5ca9aa6597e19da486b7c07f88de7b7923c60e9ba4e0f80de7a95d9af1950e65b6f79c5e54e7b48a4c4c1487da80622ded32871157d048d084ce7073d11ca639edf531dfc5a39719ea7f3998b9c7cdb3aa733224e2d276598db78cea45d808d6a0c50582914545b387d18036a4c0d682a2437d5439f1ab7c9894ed968fe2690d67e127de115baa36de7ff304a6000ba2c42e11a5a8a2ce8fb7ec08d5a42e1c2cc5a7e48441ba4a9b3a64170031fb685688004227cf250d3eceecbe7d0d02d942fb92d1a81336feaf17495f7689f0df2e01d842b2d25946b9a0607a98e0f625000abbc882eff65830073400c4cbc27042d2ef9152128defe252b1ab3079d371aecf96f18068322990eda7e188d9ada9ab2ee1292846d28438d632f3f0e458e052301da2aab1123f973841ce49e2c3e8234f2438620b73eec69fc3a3d533c25b942a4f78b"], &(0x7f0000000480)='syzkaller\x00', 0x40000005, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYRESHEX=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000080)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="200000002000ff07090f9becdb4cb96b0a000000ff000001000000007bffd290", 0x20}], 0x1, 0x0, 0x0, 0x81000000}, 0x4000002) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/kexec_crash_loaded', 0xc0642, 0x1f6) sendfile(r2, r2, 0x0, 0x6) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4000, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x3a}}}, 0x0, 0x0, 0x38, 0x0, "0f424a2bc651a9f11381328af8daf6f4bd2827984afeb6b627cea1ba22d1af57aa193c5024c9e8b22a8796a538ed893952a1aa555418ba1b4d0bc0712c028ec32a9bc2fb29b52d39e8626bc90abcc02a"}, 0xd8) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000240)='tunl0\x00', 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000040)) socket(0x1e, 0x5, 0x0) mbind(&(0x7f0000978000/0x2000)=nil, 0x2000, 0x4, 0x0, 0x4000000000000000, 0x2) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000040000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x18) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) 1m32.990263929s ago: executing program 0 (id=54): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='mm_page_free\x00', r0, 0x0, 0xfffffffff7fffffe}, 0x18) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000380)={0x80, 0x6, 0xf00, 0xe0, 0x0, 0x0, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='kfree\x00'}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 1m32.063800993s ago: executing program 0 (id=62): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x4, 0x7, 0xff, 0x8, 0x0, 0x1bff, 0x1680, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, @perf_bp={&(0x7f0000000040), 0x3}, 0x18091, 0x4, 0x1, 0x2, 0x200, 0x6, 0x21, 0x0, 0xd, 0x0, 0xad16}, 0xffffffffffffffff, 0xe, r0, 0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r1 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x20) symlinkat(&(0x7f0000000000)='.\x00', r2, &(0x7f0000000140)='./file0\x00') 1m32.025209123s ago: executing program 32 (id=62): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x4, 0x7, 0xff, 0x8, 0x0, 0x1bff, 0x1680, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, @perf_bp={&(0x7f0000000040), 0x3}, 0x18091, 0x4, 0x1, 0x2, 0x200, 0x6, 0x21, 0x0, 0xd, 0x0, 0xad16}, 0xffffffffffffffff, 0xe, r0, 0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r1 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x20) symlinkat(&(0x7f0000000000)='.\x00', r2, &(0x7f0000000140)='./file0\x00') 1.871944551s ago: executing program 1 (id=1774): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]}) bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3) 1.797741872s ago: executing program 5 (id=1776): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x4f, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20) r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000100)='asymmetric\x00', 0x0, &(0x7f0000000140)="10", 0x1, r2) 1.770028422s ago: executing program 5 (id=1777): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000340), &(0x7f0000000040)}, 0x20) socket$packet(0x11, 0xa, 0x300) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r5}, 0x10) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = socket(0x10, 0x803, 0x0) add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x1}, 0x0, 0x0, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) creat(&(0x7f0000000d80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x22) getsockname$packet(r6, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000880)=ANY=[@ANYBLOB="80000000100039042abd7000eafefffff7ff02e4", @ANYRES32=r8, @ANYBLOB="03000000c31006006000128008000100736974005400028008000100", @ANYRES32=r7], 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="c4000000", @ANYRES16=r0, @ANYBLOB="01000000000000000000011500002c000280060002004e2000000800090010000000060002004e210000080007000101000006000f000700000008000400ff7fffff14000280080006000200000008000900080000000800040002000000600001"], 0xc4}}, 0x4008800) 1.649733004s ago: executing program 2 (id=1778): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0xa, 0x300) socket$packet(0x11, 0xa, 0x300) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2608064c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)='.\x00\x00', 0x3}], 0x1}, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) keyctl$clear(0x7, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f00000004c0)={[{@dax_always}, {@max_batch_time={'max_batch_time', 0x3d, 0x14a2ecd8}}]}, 0xfc, 0x59c, &(0x7f0000001500)="$eJzs3e9rJGcdAPDvbHbz4y6aKH1RhdbDFu6KXnLp2TaI9k4Q3xWU6usz5PZCuE32SDZtEw7N4R8giNiCb/SVbwT/AEHuTyiCYN+LFeXQq4JFtCMzO5vspTu3SS67q8nnA5N5duaZ+X6f2d3Z2ZlnMwGcWRci4npEjEXECxExU0yvFEPstoes3gcP7y5nQxJp+vpfk0iKaVm1JGIsKZY9Xyw22R49aqo92tzeub3UaNQ3isnzrbU785vbO5dX15ZW6iv19atXF15efGXxpcUrJ9LOrF2vfv1PP/nhL77x6m+++OYfbvzl0veyfKeL+Z12nLT2Nqll22JPNSI2BhFsBMaK9vwrbetdqzrstAAAKJEd4386Ij6fH//PxFifY7XxrnIy8OwAAACAk5Bem45/JxHpEdWOvAQAAAAwKpW8D2xSmSv6AkxHpTI31+7D+1ScqzSam60v3Gpurd9s95WdjVrl1mqjfiXvUzsREbUke7ywd0ah/fjFvG42JI/0Af7xzFQ+f2652bg5ihMeAAAAcAadP/D9/x8z7e//AAAAwCkzW4zPjTgPAAAAYHBmR50AAAAAMHDH+P4/Pog8AAAAgIH45muvZUPauf/1zTe2t24337h8s755e25ta3luublxZ26l2VxppBMRa/3W12g273wp1rfemm/VN1vzm9s7N9aaW+utG6uP3AIbAAAAGKJPfe7+e0lE7H55Kh+ic21/rGQBvxWAU6NyyHpp9uf9weYCDFfZxzxw+lUfP7usm+/EIHIBhqvWHiWjzgMYnX47gMmyGu8eK5yfDwEAwAhc/Mz999Lk49f/q/vnBoBT6rDX/4HTp+T6fzoz7ESAoSu9/t+nYwDw/6+mByCcef2v/5d4N591vX+ENO27LgAAYKCm8yGpzBXXAqej8mHaFrNRS26tNupXIuKTEfH7mdpE9nghXzLxowEAAAAAAAAAAAAAAAAAAAAAAAAAOKQ0TSI9huqxlgIAAABGIaLy56S4D/DFmeenD54fGE8+zG8F/FGapm/+9PW331pqtTYWsul/y6ePR0TrnWz6+ChOXwAAAABdOnf5z7+/v1gbcTYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnFYfPLy73BmGGffB1yJitlf8akzm48moRcS5vydR7VouiYixE4i/ey8inu4VP8nSitkii4PxKxExlWfxxPErRbEs/jNpmvaMf/6Jo8PZdj/b/1zv9f6vxIV83Pv9X20P1540fmf/d75rH9yJ39n/je3F/+pe8GzP84lDxvjs73413/XwO/vFifb8au/9Xyd+UrL/fa5XsOrHJ3332zs7ZbmlP4+42Gl7GhFd8btjzbfW7sxvbu9cXl1bWqmv1NevXl14efGVxZcWr8zfWm3Ui7/7K3473Sv+6Jlff1QW/8GFiHMR6czDu8vjnZyKD5bZ9ugryV4q44/k9HxWqJWted9/9hfrrp2v9cG9iEvP7W3/9Ptdz//T+bjn9v/ZP9Nc/jmQzb9YfCYku+1yRPHyjYhnf/nbZ0vbf2+yKB39+b/Uv+m5F771gz8esioAMASb2zu3lxqN+sbAC++kaXq4ytlRaXmdtDga60xJInYP1skO4E64FVMRUTIrYicm96ZMFVs1Drvmp0pTfX8qYkjPzlEL145SOZ040ost2f0faOAZLoznL8iR7pYAAIAB2D/6H3UmAAAAAAAAAAAAAAAAAAAAcHYN4/+KHYy5O5qmAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81n8DAAD//x3CzJ0=") setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40), 0x24, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x533201, 0x80) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="796104000000000000007e000000a46a589a21f9714f4125aec6662c8d27a3c0192f1384239b2f"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x300000000000000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f0000000080)='kmem_cache_free\x00', r8, 0x0, 0x800000001}, 0x18) socket$kcm(0x2, 0x2, 0x73) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, 0x0) sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x15000022}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="94020000", @ANYRES16=r9, @ANYBLOB="000326bd7000ffdbdf253a000000080003", @ANYRES8, @ANYBLOB="0c00990000f0ff0054000000cd005b00a009927e4ade9fb1505ae1ad7ff3e114b079cf22d2afe2adf220a93be60c2d8fd149c5f7c83455fdbcf2952645eab371e2019143b0e9b6706db70ebd9482b9c7c0b58cc37c42b6712905b92da79e99fa97ae61bf02bc6b6552d882e57dec5aeb8eccc1eb13499f08166e6ca5859ad4a32ecd5509d36b0a9acf6b7f989f7229b087826bfde59b597bac9f62cac2cf7e2d9af2f1f8b31146346d962d8ab67d7e12e2326556e37bab26f448e4e9fbb5347084192ac4ba29727262fab24688c47be0589e8ccc719cd5cf3100000003015b00ee4e258bee3ac8dc17f5f1ad193558a99316f1e25e24300f1e90f7e71cca34fc53321091ceffb9281d4ba5b810872fa2c04f153e763fe18b27f3cc68fd1c744601f72dd03c9e8fc001951426343badefeaf4b64224652dab88c6e5c29afe78d3d5b6c7baf344e762b7540dfcac2adb4f0295b37c2726daab39692ef54d0ddda510cb9493b646b5560a8e3af44b87267661caba29a68a7ba5015ee53063ac11f7e40a3e75d75fa91cb7ea0ebc0f3a703f67b8e3aebea57e3bb701eae337901cf6cca4f25112c596795f9912cb3c3a5c27db53162088d78167817133dbe668598e21473600f3eacfe71882539eb15cb277d4ee1dac9af1c882be03737adf0378000600650001f000008f005b00373cf75a3e5701905ac3950ae31fab746dda5e8ab8e49164c75ccc796ae761a1b9d6d2d16fe20a56491ce93c2a2b3c42a47c68cf4c301819a7ab22cd836883c0f5a3dd6ef06f4e71723bc15c9570bb7783ef511ae9ac2949a04e78f69763f7cf6beafc4691db8a27eb0ddb6b4b6d96c6a615017402898f9b77e2542c2b5b7da7451a5e12dd94e666a6657000216949265fa85ceea86e10a777b94ae4"], 0x294}, 0x1, 0x0, 0x0, 0x20040080}, 0x80) 1.608761855s ago: executing program 1 (id=1779): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) read(r0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x84, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}]}}}]}, @NFT_MSG_NEWSETELEM={0x30, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe0}}, 0x0) 1.575513185s ago: executing program 5 (id=1781): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket(0x1d, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt(r1, 0x6, 0x4, 0x0, 0x0) sendmsg$nl_generic(r0, 0x0, 0xc004804) r2 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080), 0x4) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x7}, 0x1c) setsockopt$inet6_buf(r2, 0x29, 0x32, &(0x7f0000000200)="95de66096bcc111518d3640f969ee0f145ae77ab", 0x14) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x8008, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xd}, 0x113a0, 0x0, 0x3, 0x5, 0x0, 0x800001, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000080)="5c00000012006bab9e3fe3d86e17aa31070000007ea60864160af365da8fb21a38001d00f07251ca60bc24eab556a71a251e6182949a3651f60a84c910d5938037e786a6d0bdd7fcf50e4509985300782c37ba90adcd1500000080bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f000008}, 0x4800) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./bus\x00', 0x0, &(0x7f0000002480)=ANY=[], 0x1, 0x11f4, &(0x7f0000001280)="$eJzs3M+LG2UYB/DHbWvr1v2h1moL0he96GXo7sGLgiyyBWlAaRuhFYSpO9GQMQmZsBARV09e/TvEozdBvOllL/4N3vbisQdxxMTapsRDqXTa8Plc8pD3/cLzkjDwDvPO0ZvffNrrVFknH8fKE2/FyjAi3UqRYiVu+zJee+PnX166ev3G5Z1Wa/dKSpd2rm29nlJav/DjB59/9/JP49Pvf7/+w8k43Pzw6Pft3w7PHp47+vPaJ90qdavUH4xTnm4OBuP8ZlmkvW7Vy1J6ryzyqkjdflWM5sY75WA4nKS8v7e2OhwVVZXy/iT1ikkaD9J4NEn5x3m3n7IsS2urwYNof3urruuIuj4RT0Zd1/VTsRqn4+lYi/XYiM14Jp6N5+JMPB9n44V4Mc5NZzXdNwAAAAAAAAAAAAAAAAAAACyXBzr/f6Hh5gEAAAAAAAAAAAAAAAAAAGBJXL1+4/JOq7V7JaVTEeXX++399uxzNr7TiW6UUcTF2Ig/Ynr6f2ZWX3qntXsxTW3GV+XBP/mD/fax+fzW9HUCC/Nbs3yaz5+M1bvz27ERZxbntxfmT8Wrr9yVz2Ijfv0oBlHGXvydvZP/Yiult99t3ZM/P50HAAAAyyBL/1q4f8+y/xqf5e/j/sA9++vjcf54s2snopp81svLshg1XtzuaPbNQUQ8Io0tcXHi0Wjj/y2Ozf2Rmu/nMS2auybx8Nz50ZvuBAAAAAAAAAAAgPvxMB4nbHqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MUOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//86R81g") sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xfffffd9b, 0x0, 0x1, 0x0, 0x0, 0x4042800}, 0x4000) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x18, &(0x7f0000000180)=0x4, 0x4) rt_sigqueueinfo(0x0, 0x6, &(0x7f0000000080)={0x13, 0x5, 0x28}) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r5 = mq_open(&(0x7f000084dff0)='\xa1sxt\x1a\x00\x00\x00\x00\x00\x00\x00\x01\x88\xbdd', 0x6e93ebbbcc0884f2, 0x9a, &(0x7f0000000300)={0x800000, 0x1, 0x84}) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r5, &(0x7f00000003c0)=""/214, 0xd6, 0x2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x2, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0x400000400000000}, 0x0, 0x0, 0x0, 0x9, 0x63e4b27f, 0x8001, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r4, 0x8918, &(0x7f0000000100)={'team_slave_0\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) mkdirat(r4, &(0x7f0000000180)='./bus\x00', 0x0) 1.537282746s ago: executing program 1 (id=1783): syz_read_part_table(0x593, &(0x7f00000005c0)="$eJzs0r1LK2kUB+A3A5c0e4lcLli4hWCwigqx0CIpRGJIY0RcsbAWLLQQLCwkEq39+AcUv0BsxD6lGEEUYiUpxXpBsUmVZdfZxmplUdnleZrhPefMHF5+E/hPi8Lv7XY7EUJoJ9//9m+nhbFS98TI5FQIiTAbQij8+stfnUQ88fdXz+NzOT6XktnG/vXo82nHTc9dPX0Yxf1aFMJaCGHh4Sj1b+/G/99Z/jK1vrFU3FzJz98XVx8H5/oKXVuFxZ2hg1xlujM3E/9Ytehz9qcbw8e37fLT7vf+b/VGK3sVz2USH7Ofr/U2/72f1Wa1Nd57sjyQ+dG8qGzHub/IHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GBn+cvU+sZScXMlP39fXH0cnOsrdG0VFneGDnKV6c7cTPQ6V4s+Z3+6MXx82y4/7X7v/1ZvtLJX8Vwm8TH7+Vpv89/7WW1WW+O9J8sDmR/Ni8p2nPuL/AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf6gwVuqeGJmcCiERZkMIo1HH0Z/1dvK1n4jnzuNnOa6XktnG/vXo82nHTc9dPX04EddrUQhrIYSFh6PUp1+Gd/sjAAD///tch0s=") r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000017"], 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) timer_create(0x2, &(0x7f0000000180)={0x0, 0x21}, &(0x7f00000000c0)) r3 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r3}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001d40)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001d00)={&(0x7f0000001bc0)=@gettaction={0x11c, 0x32, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x7}, @action_gd=@TCA_ACT_TAB={0x4c, 0x1, [{0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x10, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}]}, @action_gd=@TCA_ACT_TAB={0x5c, 0x1, [{0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfffffff9}}, {0x14, 0x11, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0x10, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x12, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x3c, 0x1, [{0x10, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}]}]}, 0x11c}, 0x1, 0x0, 0x0, 0x1}, 0x44894) timer_settime(0x0, 0xe54aef35e9c2845d, &(0x7f000006b000)={{}, {0x0, 0x9}}, 0x0) r4 = getuid() r5 = socket$inet6_sctp(0xa, 0x5, 0x84) r6 = socket$isdn_base(0x22, 0x3, 0x0) setsockopt$inet6_IPV6_RTHDR(r5, 0x29, 0x39, &(0x7f00000000c0)=ANY=[], 0x8) r7 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) shmat(r7, &(0x7f0000ff7000/0x3000)=nil, 0x400c) recvmmsg(r5, &(0x7f0000001b80)=[{{&(0x7f0000000940)=@un=@abs, 0x80, &(0x7f0000001a40)=[{&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f0000000480)}, {&(0x7f00000019c0)=""/68, 0x44}], 0x3, &(0x7f0000001a80)=""/240, 0xf0}, 0x8}], 0x1, 0x10000, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000240)={{{@in=@initdev, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@remote}}, &(0x7f0000000040)=0xe8) getgroups(0x6, &(0x7f0000000340)=[0xee00, 0xffffffffffffffff, 0x0, 0xee01, 0xee01, 0xffffffffffffffff]) getsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, &(0x7f0000000380)={{{@in6=@private0, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@loopback}}, &(0x7f0000000900)=0xa7) newfstatat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x100) r12 = syz_clone3(&(0x7f0000000780)={0x4000200, &(0x7f0000000500), 0x0, &(0x7f0000000640), {0x20}, &(0x7f0000000680)=""/35, 0x23, &(0x7f00000006c0)=""/93, &(0x7f0000000740)=[0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0], 0x5, {r6}}, 0x58) shmctl$IPC_SET(r7, 0x1, &(0x7f0000000880)={{0x0, r8, r9, r10, r11, 0x1c3, 0x384d}, 0x9, 0x8000, 0x4, 0xfff, r12, 0x0, 0x6}) setresuid(0x0, 0x0, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x100800, &(0x7f0000000380)={[{@mode}, {@uid={'uid', 0x3d, r2}}, {@uid={'uid', 0x3d, r4}}, {@gid={'gid', 0x3d, r11}}, {}, {}, {@gid={'gid', 0x3d, 0xffffffffffffffff}}, {@gid}, {@mode}], [{@hash}, {@appraise_type}, {@dont_measure}]}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) 1.312546409s ago: executing program 3 (id=1787): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18) open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/locks\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r0 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt(r0, 0x28, 0x40006, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000001040)={{0x1, 0x1, 0x1018}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r3}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'hsr0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffe0}, {0xfff3}}}, 0x24}}, 0x44010) 1.30529926s ago: executing program 5 (id=1788): setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x4000) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00'}, 0x10) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10) statfs(&(0x7f0000001380)='./bus\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x403, 0x2, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0xe}, @IFLA_BR_GROUP_FWD_MASK={0x6, 0x9, 0x8b}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x8044) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/rcu_stall_count', 0x0, 0x122) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x121a02, 0x0) sendfile(r7, r6, 0x0, 0x8) renameat2(r6, &(0x7f0000000040)='./file0\x00', r2, &(0x7f0000000240)='./file0\x00', 0x5) unshare(0x20040600) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={0xffffffffffffffff, 0x0, 0x0}, 0x20) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8e600000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r9}, 0x10) socket$kcm(0x10, 0x2, 0x0) 1.221311141s ago: executing program 3 (id=1790): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3) 1.190976961s ago: executing program 2 (id=1791): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000100000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) bpf$ENABLE_STATS(0x20, &(0x7f0000000000), 0x4) r1 = fsopen(&(0x7f00000000c0)='selinuxfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000000)='dirsync\x00', &(0x7f0000000040)='./file0\x00', r2) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) flock(r3, 0x2) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000040000000000000000000300000a20000000000a05000000000000000000070000000900010073797a300000000044000000090a010400000000000000000700ffff08000a40000000030900020073797a31000000000900010073797a3000000000080005400000002105000d40930000005c0000000c0a01020000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c0000800400018024000b80100001800c000100636f756e7465720010000180090001006c617374"], 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.169220782s ago: executing program 2 (id=1793): syz_read_part_table(0x593, &(0x7f00000005c0)="$eJzs0r1LK2kUB+A3A5c0e4lcLli4hWCwigqx0CIpRGJIY0RcsbAWLLQQLCwkEq39+AcUv0BsxD6lGEEUYiUpxXpBsUmVZdfZxmplUdnleZrhPefMHF5+E/hPi8Lv7XY7EUJoJ9//9m+nhbFS98TI5FQIiTAbQij8+stfnUQ88fdXz+NzOT6XktnG/vXo82nHTc9dPX0Yxf1aFMJaCGHh4Sj1b+/G/99Z/jK1vrFU3FzJz98XVx8H5/oKXVuFxZ2hg1xlujM3E/9Ytehz9qcbw8e37fLT7vf+b/VGK3sVz2USH7Ofr/U2/72f1Wa1Nd57sjyQ+dG8qGzHub/IHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GBn+cvU+sZScXMlP39fXH0cnOsrdG0VFneGDnKV6c7cTPQ6V4s+Z3+6MXx82y4/7X7v/1ZvtLJX8Vwm8TH7+Vpv89/7WW1WW+O9J8sDmR/Ni8p2nPuL/AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf6gwVuqeGJmcCiERZkMIo1HH0Z/1dvK1n4jnzuNnOa6XktnG/vXo82nHTc9dPX04EddrUQhrIYSFh6PUp1+Gd/sjAAD///tch0s=") r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000"], 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) timer_create(0x2, &(0x7f0000000180)={0x0, 0x21}, &(0x7f00000000c0)) r3 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r3}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001d40)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001d00)={&(0x7f0000001bc0)=@gettaction={0x114, 0x32, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x7}, @action_gd=@TCA_ACT_TAB={0x4c, 0x1, [{0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x10, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}]}, @action_gd=@TCA_ACT_TAB={0x5c, 0x1, [{0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfffffff9}}, {0x14, 0x11, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0x10, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x592}, @action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x12, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x2c, 0x1, [{0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x1}, 0x44894) timer_settime(0x0, 0xe54aef35e9c2845d, &(0x7f000006b000)={{}, {0x0, 0x9}}, 0x0) r4 = getuid() r5 = socket$inet6_sctp(0xa, 0x5, 0x84) r6 = socket$isdn_base(0x22, 0x3, 0x0) setsockopt$inet6_IPV6_RTHDR(r5, 0x29, 0x39, &(0x7f00000000c0)=ANY=[], 0x8) r7 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) shmat(r7, &(0x7f0000ff7000/0x3000)=nil, 0x400c) recvmmsg(r5, &(0x7f0000001b80)=[{{&(0x7f0000000940)=@un=@abs, 0x80, &(0x7f0000001a40)=[{&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f0000000480)}, {&(0x7f00000019c0)=""/68, 0x44}], 0x3, &(0x7f0000001a80)=""/240, 0xf0}, 0x8}], 0x1, 0x10000, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000240)={{{@in=@initdev, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@remote}}, &(0x7f0000000040)=0xe8) getgroups(0x6, &(0x7f0000000340)=[0xee00, 0xffffffffffffffff, 0x0, 0xee01, 0xee01, 0xffffffffffffffff]) getsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, &(0x7f0000000380)={{{@in6=@private0, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@loopback}}, &(0x7f0000000900)=0xa7) newfstatat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x100) r12 = syz_clone3(&(0x7f0000000780)={0x4000200, &(0x7f0000000500), &(0x7f0000000600), &(0x7f0000000640), {0x20}, 0x0, 0x0, &(0x7f00000006c0)=""/93, &(0x7f0000000740)=[0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0], 0x5, {r6}}, 0x58) shmctl$IPC_SET(r7, 0x1, &(0x7f0000000880)={{0x0, r8, r9, r10, r11, 0x1c3, 0x384d}, 0x9, 0x8000, 0x4, 0xfff, r12, 0x0, 0x6}) r13 = socket(0x1, 0x2, 0x0) getsockopt$sock_cred(r13, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(r14, r14, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000) getresgid(&(0x7f00000002c0)=0x0, &(0x7f0000000300), &(0x7f0000000340)) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x100800, &(0x7f0000000380)={[{@mode}, {@uid={'uid', 0x3d, r2}}, {@uid={'uid', 0x3d, r4}}, {@gid={'gid', 0x3d, r11}}, {@uid={'uid', 0x3d, r14}}, {@uid={'uid', 0x3d, r15}}, {@gid={'gid', 0x3d, 0xffffffffffffffff}}, {@gid={'gid', 0x3d, r16}}, {@mode}], [{@hash}, {@appraise_type}, {@dont_measure}]}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) 1.076129303s ago: executing program 5 (id=1794): sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={0x0}}, 0x40004) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x144, 0x65, 0x2, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x108, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_CLASSID={0x8, 0x3, {0x0, 0xfff1}}, @TCA_BPF_ACT={0xe8, 0x1, [@m_simple={0x5c, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x2f, 0x6, "1418bd2c32a073d723e0b8c72b0559383dcb289d087137ef800c671e42c961faca95344c687f10f4010ecb"}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_ctinfo={0x88, 0x1b, 0x0, 0x0, {{0xb}, {0x5c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6, 0x4, 0x81}, @TCA_CTINFO_ACT={0x18, 0x3, {0xd, 0x6, 0x3, 0x101, 0x4}}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x8}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x400}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0xffffffb4}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x3}, @TCA_CTINFO_ACT={0x18, 0x3, {0x0, 0x0, 0xe, 0x8, 0x512ce089}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}]}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}]}}]}, 0x144}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) socket(0x10, 0x803, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@filter={'filter\x00', 0xe, 0x3, 0xc52, [0x0, 0x2000000026c0, 0x2000000026f0, 0x2000000030fe], 0x0, &(0x7f0000000040), &(0x7f00000026c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0100000005000000060000008d057767300000000000000000000000000076657468305f766972745f7769666900626f6e643000000000000000000000006e657464657673696d300000000000000180c20000010000ff0080ffaaaaaaaaaa44ff00fff3ffff2e090000ae090000de090000737461746500000000000000000000000000000000000000000000000000000008000000000000000600000000000000616d6f6e6700000000000000000000000000000000000000000000000000000068080000000000000c00000050040000020000000900000001000000000000800900000002000000080000000900000007000000040000000180ffffffffff7f03000000f7ffffff030000000700000001800000cd00000003000000ff000000ffffffff26210000420200000d000000e100000003000000fcffffff1000000000000000a00a000001800000070000000300000002000000060000001a1b000001000000faffffff0400000000000000070000008001000003000000ff0000000400000004000000010100000800000000000000c97a000008000000050000000000008007460000ce0f0000090000000c390000090000000b000000000400000500000001000000740700000400000001000000feffffff0100000004740000ff0000000300000000000100070000001e8800000100010005000000000200000700000009000000008000000100000080650000090000006447a002872d00000100000001000000c4000000ffffff7f08000000810000000100000006000000070000000008000001000000960500007500000005000000090000000800000004000000ce2c00001000000001000080090000000d000000050000006883000007000000f21f0000d90000000500000000040000070000000037040002000000ffffff7f04000000650d0000ad040000100007000000000000000000ee41000080ffffff7fffffff11a60000090000000600000000020000080000000080000004000000ff7f0000e2000000ff01000000be0000060000004bbb000004000000ffffffff070000000000000007000000766000000900000007000000030000000200000000000000080000000200000016100000ab03000005000000070000000600000002000000050000000080000004000000090000004f070000050000002605000001000000ee690000080000000000000009000000010400009300000008000000020000000400000058f800003100000004000000010400000080000009000000bbfd00000700000000010000020000001000000005000000060000000000400005000000d0f9ffff0200000001000000ea54000003000000010000000600000009000000f7ffffff01010000030000000100000009000000020000000900000003000000d24d000007000000ffff000006000000010100000500000000000000ffffffff0400000004000000f7ffffff050200000100000000000080070000000700000002000000020000000700000000100000070000000100000007000000fbffffff0001000000010000110e00001000000008000000010000800b00000001000100040000003501000003000000030000000600000004000000f9ffffff000400001cf0ffff330700000100000002000000080000000700000000000000080000000300000007000000040000000900000005000000f702000059ec0000ac14141ff9ffffffff070000ac1414bb01000000030000007f00000103000000050000007f0000010500000005000000ac1e010140000000ffffffff060000000500000003000000930b000003000000800000007f00000002000000f7ffffffff030000050000006900000002000000443f000006000000fbffffff0300000005000000090000005e1fffff05000000cf9a00000e00000003000000070000004e0000000300000067000000ffffff7f04000000010100000300000001000000020000005dec00000700000007000000506900004000000000010000db620000004000000800000009000000010001000600000002000000060000000700000005000000070000000900000000000000070000000e0000000002000002000000060000000c0000009f560000070000000b0000000800000002000000582d00000400000005000000f9ffffff020000000100000007000000d15e0000e5010000000000000800000000040000080000000900000006000000040000000002000003000000010000008000000002000000030000000300000001050000070000000700000001000000aa0000000600000004000000141d00009e3a0000feffffff0900000005000000ffffffff80000000030000000200000003000000050000000900000002000000001000000500000002000000010000000100000006000000010400000600000001040000ff010000080000008700000001000000b9000000060000000100000000000000f7ffffff06000000810000000900000007000000010100000b0000000000000002000000130000000d000000010400000000000000000000ea060000bd0000000000a00000f8ffff060000008b0b00000600000000100000030000000c000000004cd5000200000007000000650c0000ef4400000500000004000000ffffffff0600000006000000ffffffff070000002e030000070000009d440000ff030000000000000100000000800000060000000100000064060000fdffffff0e0000000800000007000000060000000f00000069e4ffff030000000500000002000000ff010000040000005e010000e60200000600000081000000da0000000200000005000000ff07000001fcfffffeffffff0300000004000000040000000000000006000000060000003a000000090000002ef10143fcffffff3ae6c7ef0800000002000000000100000400000007000000010100000000000002000000060000000600000000000000018000000000008005000000ffffff7f0100000007000000db000000010400000c0000000700000000040000910b000009000000090000007f00000004000000ffffff7f0300000008000000020000004b000000ff07000006000000ffffffff070000000000000006000000020000000000e01f060000000300000000010000ff000000f7ce0000008000003cf50000f8ffffff0000000004000000000200003fb5b8360100000006000000040000000a01010100000000434f4e4e5345434d41524b000000000000000000000000000000000000000000080000000000000001000000000000006c6f67000000000000000000000000000000000000000000000000000000000028000000000000000937b36d1620709909508908c0c49da17ecb3d4a086e06014fd7dabc7c5341000a00000000000000434f4e4e5345434d41524b0000000000000000000000000000000000000000000800000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff02000000030000003000000086dd6d6163736563300000000000000000006261746164765f736c6176655f3100006970766c616e3100000000000000000069705f76746930000000000000000000aaaaaaaaaaaa0000ff0000ffbbbbbbbbbbbb00ff8000ff006e000000b6000000060100005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a30000000000000000000000000050700000000000002000000000000006c6f67000000000000000000000000000000000000000000000000000000000028000000000000000fd0162729f6280b7e88a976cdaae002919af87dc6567f06bab96218cb6d170002000000000000000300000012000000fbf876657468305f746f5f627269646765006c6f000000000000000000000000000069705f76746930000000000000000000766c616e3000000000000000000000000180c200000effffff000000aaaaaaaaaaaaffff00ffffffae000000ae000000de0000006d61726b5f6d000000000000000000000000000000000000000000000000000018000000000000000000000000000000060000000000000000010000000000"]}, 0xc99) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ipv6_route\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r2, 0x0, 0x0}, 0x20) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1) fcntl$setlease(r3, 0x400, 0x1) close_range(r1, 0xffffffffffffffff, 0x0) 1.075624373s ago: executing program 4 (id=1795): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0xa, 0x300) socket$packet(0x11, 0xa, 0x300) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2608064c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)='.\x00\x00', 0x3}], 0x1}, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) keyctl$clear(0x7, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f00000004c0)={[{@dax_always}, {@max_batch_time={'max_batch_time', 0x3d, 0x14a2ecd8}}]}, 0xfc, 0x59c, &(0x7f0000001500)="$eJzs3e9rJGcdAPDvbHbz4y6aKH1RhdbDFu6KXnLp2TaI9k4Q3xWU6usz5PZCuE32SDZtEw7N4R8giNiCb/SVbwT/AEHuTyiCYN+LFeXQq4JFtCMzO5vspTu3SS67q8nnA5N5duaZ+X6f2d3Z2ZlnMwGcWRci4npEjEXECxExU0yvFEPstoes3gcP7y5nQxJp+vpfk0iKaVm1JGIsKZY9Xyw22R49aqo92tzeub3UaNQ3isnzrbU785vbO5dX15ZW6iv19atXF15efGXxpcUrJ9LOrF2vfv1PP/nhL77x6m+++OYfbvzl0veyfKeL+Z12nLT2Nqll22JPNSI2BhFsBMaK9vwrbetdqzrstAAAKJEd4386Ij6fH//PxFifY7XxrnIy8OwAAACAk5Bem45/JxHpEdWOvAQAAAAwKpW8D2xSmSv6AkxHpTI31+7D+1ScqzSam60v3Gpurd9s95WdjVrl1mqjfiXvUzsREbUke7ywd0ah/fjFvG42JI/0Af7xzFQ+f2652bg5ihMeAAAAcAadP/D9/x8z7e//AAAAwCkzW4zPjTgPAAAAYHBmR50AAAAAMHDH+P4/Pog8AAAAgIH45muvZUPauf/1zTe2t24337h8s755e25ta3luublxZ26l2VxppBMRa/3W12g273wp1rfemm/VN1vzm9s7N9aaW+utG6uP3AIbAAAAGKJPfe7+e0lE7H55Kh+ic21/rGQBvxWAU6NyyHpp9uf9weYCDFfZxzxw+lUfP7usm+/EIHIBhqvWHiWjzgMYnX47gMmyGu8eK5yfDwEAwAhc/Mz999Lk49f/q/vnBoBT6rDX/4HTp+T6fzoz7ESAoSu9/t+nYwDw/6+mByCcef2v/5d4N591vX+ENO27LgAAYKCm8yGpzBXXAqej8mHaFrNRS26tNupXIuKTEfH7mdpE9nghXzLxowEAAAAAAAAAAAAAAAAAAAAAAAAAOKQ0TSI9huqxlgIAAABGIaLy56S4D/DFmeenD54fGE8+zG8F/FGapm/+9PW331pqtTYWsul/y6ePR0TrnWz6+ChOXwAAAABdOnf5z7+/v1gbcTYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnFYfPLy73BmGGffB1yJitlf8akzm48moRcS5vydR7VouiYixE4i/ey8inu4VP8nSitkii4PxKxExlWfxxPErRbEs/jNpmvaMf/6Jo8PZdj/b/1zv9f6vxIV83Pv9X20P1540fmf/d75rH9yJ39n/je3F/+pe8GzP84lDxvjs73413/XwO/vFifb8au/9Xyd+UrL/fa5XsOrHJ3332zs7ZbmlP4+42Gl7GhFd8btjzbfW7sxvbu9cXl1bWqmv1NevXl14efGVxZcWr8zfWm3Ui7/7K3473Sv+6Jlff1QW/8GFiHMR6czDu8vjnZyKD5bZ9ugryV4q44/k9HxWqJWted9/9hfrrp2v9cG9iEvP7W3/9Ptdz//T+bjn9v/ZP9Nc/jmQzb9YfCYku+1yRPHyjYhnf/nbZ0vbf2+yKB39+b/Uv+m5F771gz8esioAMASb2zu3lxqN+sbAC++kaXq4ytlRaXmdtDga60xJInYP1skO4E64FVMRUTIrYicm96ZMFVs1Drvmp0pTfX8qYkjPzlEL145SOZ040ost2f0faOAZLoznL8iR7pYAAIAB2D/6H3UmAAAAAAAAAAAAAAAAAAAAcHYN4/+KHYy5O5qmAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA81n8DAAD//x3CzJ0=") setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40), 0x24, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x533201, 0x80) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="796104000000000000007e000000a46a589a21f9714f4125aec6662c8d27a3c0192f1384239b2f"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x300000000000000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f0000000080)='kmem_cache_free\x00', r8, 0x0, 0x800000001}, 0x18) socket$kcm(0x2, 0x2, 0x73) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000240)={'wlan0\x00'}) sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, 0x0, 0x80) 1.048286803s ago: executing program 3 (id=1796): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) syz_emit_ethernet(0x3e, &(0x7f0000000640)=ANY=[@ANYBLOB="aaaaaab8aaaaaaaaaaaaaaaaaa0800450000cdc12d391cf1667cbb2d89c730000000b6f88601a9df1924c2bf019078ac1e0001e00000011d01907803000000450000fd909c3598228f00d6a80db99812277ab9f70cf08685aba2c1cc960341078aef3bfd7d7e636a4b5d55216c7389819c5391c892c4443020be2acf07e49bc6d3ed1a4763dabea11f00b0b5974311e103243dc7ac955cb6faeb10227113c248c26e9440aee4dcfaf3bd481c50c21b5398e5f3bfab67edc12d3767a799fa4445378c6cce8edd4d42c2584dfba6cf4640311604e5e7e9"], 0x0) 1.006183834s ago: executing program 3 (id=1797): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000004cc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9, 0x400, 0x6, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xaf1d, 0x1, @perf_bp={0x0, 0x1}, 0x100410, 0x200, 0x2, 0x1, 0x9, 0x9, 0xfffd, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x20c006, &(0x7f0000000080)={[{@i_version}, {@mblk_io_submit}, {@init_itable_val={'init_itable', 0x3d, 0xba}}, {@nombcache}, {@discard}, {@data_err_abort}], [{@seclabel}]}, 0x1, 0x43d, &(0x7f0000000900)="$eJzs281vG0UbAPBn7SR9+/FSU5WPpgUCBRHxkTRpKT1wAYHEASQkOJRjSNIq1G1QEyRaRRAQKkdUiTviiMRfwAkuCDghcYU7qlShXFrgYrTZ3cR27LQOTlzw7ydtMrM7zszj3bFnZ7IB9K2R9EcSsS8ifomI/Vm2scBI9uvmytL0HytL00nUaq//nqyWu7GyNF0ULV63t8gMRJQ+TuJwi3oXLl0+N1Wtzl7M8+OL598ZX7h0+em581NnZ8/OXpg8derE8YlnT04+05U407huDL8/f+TQy29efXX69NW3fvgqKeJviqNLRjY7+Fit1uXqeuv/delkoIcNoSPlrJvG4Gr/3x/lWD95++Olj3raOGBb1Wq12r3tDy/XgP+wJHrdAqA3ii/69P632HZo6HFHuP58dgOUxn0z37IjA1HKyww23d9200hEnF7+8/N0i+2ZhwAAaPBNOv55Kh//NSz8lKJ+XuiufA2lEhF3R8SBiDgZEQcj4p6I1bL3RcT9HdbfvEiycfxTutbhn+xIOv57Ll/bahz/FaO/qJQj/iqGy5UYTM7MVWeP5e/JaAzuSvMTm9Tx7Ys/f9ruWP34L93S+ouxYN6OawO7Gl8zM7U49U9irnf9w4jhgVbxJ2srAellcSgihrdYx9wTXx5pd+zW8Tcaqs90YZ2p9kXE49n5X46m+AvJ5uuT4/+L6uyx8eKq2OjHn6681q7+TuPvtvT872l5/a/FX0nq12sXOq/jyq+ftL2n2er1P5S80bDvvanFxYsTEUPJK1mj6/dPNpWbXC+fxj96tHX/PxDr78ThiEgv4gci4sGIeChv+8MR8UhEHN0k/u9fePTtxj1JB/FvrzT+mY7O/3piKJr3tE6Uz333dUOllegg/vT8n1hNjeZ7bufz73batbWrGQAAAP59ShGxL5LS2Fq6VBoby/6H/2DsKVXnFxafPDP/7oWZ7BmBSgyWipmubD44mw+dyG/ri/xkU/54Pm/8WXn3an5ser460+vgoc/tbdP/U7+Ve906YNt5Xgv6l/4P/Uv/h/6l/0P/atH/d/eiHcDOa/X9/0EP2gHsvKb+b9kP+oj7f+hf+j/0L/0f+tLC7rj1Q/ISEhsSUbojmiGxTYlefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0x98BAAD///1B6is=") r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x68, 0x30, 0xb, 0x300, 0x25dfdbfc, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xff, 0x4, 0x6, 0x6}, 0x4, r3}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x2000a804) 818.254397ms ago: executing program 3 (id=1798): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket(0x1d, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt(r1, 0x6, 0x4, 0x0, 0x0) sendmsg$nl_generic(r0, 0x0, 0xc004804) r2 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080), 0x4) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x7}, 0x1c) setsockopt$inet6_buf(r2, 0x29, 0x32, &(0x7f0000000200)="95de66096bcc111518d3640f969ee0f145ae77ab", 0x14) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x8008, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xd}, 0x113a0, 0x0, 0x3, 0x5, 0x0, 0x800001, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000080)="5c00000012006bab9e3fe3d86e17aa31070000007ea60864160af365da8fb21a38001d00f07251ca60bc24eab556a71a251e6182949a3651f60a84c910d5938037e786a6d0bdd7fcf50e4509985300782c37ba90adcd1500000080bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f000008}, 0x4800) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./bus\x00', 0x0, &(0x7f0000002480)=ANY=[], 0x1, 0x11f4, &(0x7f0000001280)="$eJzs3M+LG2UYB/DHbWvr1v2h1moL0he96GXo7sGLgiyyBWlAaRuhFYSpO9GQMQmZsBARV09e/TvEozdBvOllL/4N3vbisQdxxMTapsRDqXTa8Plc8pD3/cLzkjDwDvPO0ZvffNrrVFknH8fKE2/FyjAi3UqRYiVu+zJee+PnX166ev3G5Z1Wa/dKSpd2rm29nlJav/DjB59/9/JP49Pvf7/+w8k43Pzw6Pft3w7PHp47+vPaJ90qdavUH4xTnm4OBuP8ZlmkvW7Vy1J6ryzyqkjdflWM5sY75WA4nKS8v7e2OhwVVZXy/iT1ikkaD9J4NEn5x3m3n7IsS2urwYNof3urruuIuj4RT0Zd1/VTsRqn4+lYi/XYiM14Jp6N5+JMPB9n44V4Mc5NZzXdNwAAAAAAAAAAAAAAAAAAACyXBzr/f6Hh5gEAAAAAAAAAAAAAAAAAAGBJXL1+4/JOq7V7JaVTEeXX++399uxzNr7TiW6UUcTF2Ig/Ynr6f2ZWX3qntXsxTW3GV+XBP/mD/fax+fzW9HUCC/Nbs3yaz5+M1bvz27ERZxbntxfmT8Wrr9yVz2Ijfv0oBlHGXvydvZP/Yiult99t3ZM/P50HAAAAyyBL/1q4f8+y/xqf5e/j/sA9++vjcf54s2snopp81svLshg1XtzuaPbNQUQ8Io0tcXHi0Wjj/y2Ozf2Rmu/nMS2auybx8Nz50ZvuBAAAAAAAAAAAgPvxMB4nbHqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MUOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//86R81g") sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xfffffd9b, 0x0, 0x1, 0x0, 0x0, 0x4042800}, 0x4000) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x18, &(0x7f0000000180)=0x4, 0x4) rt_sigqueueinfo(0x0, 0x6, &(0x7f0000000080)={0x13, 0x5, 0x28}) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r5 = mq_open(&(0x7f000084dff0)='\xa1sxt\x1a\x00\x00\x00\x00\x00\x00\x00\x01\x88\xbdd', 0x6e93ebbbcc0884f2, 0x9a, &(0x7f0000000300)={0x800000, 0x1, 0x84}) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r5, &(0x7f00000003c0)=""/214, 0xd6, 0x2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x2, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0x400000400000000}, 0x0, 0x0, 0x0, 0x9, 0x63e4b27f, 0x8001, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r4, 0x8918, &(0x7f0000000100)={'team_slave_0\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) mkdirat(r4, &(0x7f0000000180)='./bus\x00', 0x0) 783.784418ms ago: executing program 4 (id=1799): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) read(r0, &(0x7f0000000040)=""/148, 0xffffff96) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x84, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x0) 746.390158ms ago: executing program 5 (id=1800): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x2c, r3, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004800}, 0x20000000) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r1) r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f0000000200)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="030026bd70003c0200000200000008000100", @ANYRES32=r6, @ANYBLOB], 0x1c}}, 0x0) write$nci(r0, &(0x7f00000001c0)=@NCI_OP_RF_INTF_ACTIVATED_NTF={0x1, 0x1, 0x3, 0x5, 0x9, @v={0x1, 0x0, 0x2, 0x6, 0x7, 0x3, 0x82, {0xfc, 0x9, "30ea56c4f61cab1d"}, 0xf, 0xf3, 0xff, 0x4, 0x1, "eb"}}, 0x1a) 716.771879ms ago: executing program 3 (id=1801): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x6, 0x10, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) socket$inet(0x2, 0x4000000000000001, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0x0, 0x18}, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x8, 0xdd, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x3, 0x8000}, {0x6}]}, 0x10) 635.35797ms ago: executing program 4 (id=1802): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000040), 0x81, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 614.98483ms ago: executing program 1 (id=1803): r0 = syz_mount_image$iso9660(&(0x7f0000000180), &(0x7f0000000280)='./file0\x00', 0xc14002, &(0x7f0000000300)=ANY=[], 0x0, 0x729, &(0x7f0000001340)="$eJzs3V1v3FgZB/D/mZnMTLLQjQBVq6rbnKaslIoy9Uy2qUYBCeM5MzHMjEe2A4mEtCo0WUWddKEtEp2bNje8SMsHgLu94YILPsJKXHC13wKuQFqBkBArEDLysT2v9qRD0u6W/n/V7njsx+ccH7t+6sQ+BhEREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREUFYDcOoCrTt7u6ezGY1XKeTfMljZnlU2hKuRxPX59W5FNYLiPA/lMt4I5r9xpdGIRfD/63jcvTtMsrhRxmD1y6ubn+xkEvWn9Pg/wUWLfDh48G9O/3+wYNniM1DFy+wcC2fCuSeIailurbn2B2zpaTtObK+tWXc3Gl6smm3lbfv+aojLVflfMeVG9Z1Wa3XN6Wq7Du73VbDbKtk5u2v1gxjS36rFO1oABXP2rHbbbvb0jHh4jDmtnz/e1GAMjtSHh71DzbH2vMkrXPDoGpK43PjwWFQ7bTNrRm1WrVaq1W3btVv3TaMwswMIySMIcxEnPtBSy+Z8z2BE51Bzmr82/ijANooo4td7EGm/rHQgAsHnYzlsST/v3VTza13PP8nWX5ptPgSdP6/En27EqaFQkr+z2iLhNR5JG2JyJi/2J8lnagkHuIxBriHO+ijjwM8OIeyJeTamUsoGnFPnr01mFNSCwpd2PDgwEYHJlr4PGQ8R6KOLWzBwDvYQRMeJJqw0YaCh3148KHCI6oYlq9gwocDFxIbsHAdElXUUcfrkFCoYB8OdtFFCw2Y+GcQBIc40v2+GbfnaUpbkQRVMzawhEKyjQeozemJrPz//SfR2nH+N5j/X1XRcVCKPj6aF0P0GRDE1/8LWns+rSEiIiIiIiKi50Hon74L/Vv5NwEEaNptZYwtz/S73ItpIhERERERERGdkUBQwuXwMl/fffcmxOT1PxERERERERG9/IR+xk4AWNE39YvR41LP8kOA/AtoIhERERERERGdkb6//0oRCPSgFWsQC13/ExEREREREdFL4OdjY+wX8vEY+0Hya/0cgLU/lcSHfy3BXRInvb0vi2MzXGIexzEzdwD4zUviQjxQr/4oAtDfLHVZxLVJ4B/jowt8fJg+1v/TICKEcKcaUMxnDE8w3gAR1rxViL/hfVyNVrkajzN/d5CDXhKNKLzStNuqYjnt7SpM80LOV3v+j+8f/QRwh9t5eNQ/qPzgvf5d3ZaTcNbJcVjok4nm5NI7Y9SWR3q8Bf3MRdrbDZbRTKr8RbezInS9RrL9eZjHufGKMnfAr1a3t5aBaCt/ivVon60HUezKYDjivgDW9OAP1YreZRNb7y6JUSuq01uetiMytrysW3Etirm2cS36SPokLCcnyl/JA7XK7D6YaEVtvBWn94X421T/z28FRDnsi82wFb8PC5pqxXc/jFbe7O3Fo73Ob0XwejQ5fRQQEX1aDkdZSA9iPjPGfpIekpPas+adi6soAPFZLiO7j2oJ4vyRZPdHvw6iDJUHCvHvJtJrSfIKwjP6htDlFKMB3QuXUs7oRuWTIAjMC2WMn9H/EwTJBhkLZLeTIAimz+i/Hb0DKW72TCv+FQTBdlVnkl9OZdUPwhU+yKzXa9fyKKOER8c/1APgh949ePfgfq22uWW8bRi3aljS/1SIP/LI/BcIERG9uibfsZP2jj0dkZsTId7G1aiMq3f/8lY0NZHxvhDfUqDdBPp6qIH4FQJr6aWu4BBf/3t0G8KN6KoVWF+JPlcG8uLqdnhVO4w9EgX9hpcbmVd1OpdGsfr2htowNnnv0PQV4Ch28/nuBCIiohdsPSMPAxP5H5P5vzyR/29gI4rYuJR63b0ydkvhjeTqeHhJP3jtJDW2enrjv3HOnUFERPSKUO7HYsX/mXBdu/dOtV6vmv6Okq5jfVu6dqOlpN31lWvtmN2Wkj3X8R3Lacuei5K9rDzp7fZ6juvLpuPKnuPZe/rN7zJ+9bunOmbXty2v11amp6TldH3T8mXD9izZ2/1m2/Z2lKtX9nrKspu2Zfq205Wes+taqiKlp9RYoN1QXd9u2uFkV/Zcu2O6+/I7Tnu3o2RDeZZr93wnKjCpy+42Hbeji60gWPhFh0RERP+PHj4e3LvT7x88mJ5YDi/NozknyIiZnSimFJgHAo4TRERE9BkyStcLrFR+jg0iIiIiIiIiIiIiIiIiIiIiIiIiIiIiIqIZpz/St+DEUtrDgsBwzo8uxHPwFKNHDGfKEThrez5x/6AH9kuLKQKYt3pu0UqTRyIG9z6aE7w8nJN0/3jMySKVYhWYH/Ne9qI/fw54Tc9BNKdwjgfA7POj536MpU187TDq0awYvTB1UWm4Lwrn/9chnLj/m9lFIuz5IAiC+auXJvuwOGcDpyYKAB4U5+yC5VOOn9POHDPjfxPRS+a/AQAA//+63zmW") bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f00000004c0)={0x0, @in6={{0xa, 0x4e24, 0x2970, @empty, 0xfffffff8}}}, 0x84) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=@base={0x1e, 0x0, 0x1b, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r4}, 0x0, 0x0}, 0x20) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$PPPIOCGL2TPSTATS(r2, 0x8004745a, &(0x7f0000005280)) futimesat(r0, &(0x7f0000000000)='./file1\x00', 0x0) 584.177331ms ago: executing program 4 (id=1804): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') sendfile(r1, r1, &(0x7f0000000040)=0x2eb4, 0x2) (fail_nth: 1) 397.998063ms ago: executing program 4 (id=1805): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xb, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095", @ANYRES32, @ANYRES32, @ANYRES16, @ANYRESOCT=0x0, @ANYRES32=0x0, @ANYBLOB="5c33914d284274d5275d0ef256f49b859031a055fd0d66a3facfa22b7140a37a61053601fa946b1e2c6f587827c0749f55f520bcc45e4676c6a964497dc883f620c2a01331020e802c1c79956d5d5d6ef9e1dfb500d52372dc874179ca291cd4fd915e728abe2a071856102b7d91e4"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x2}, 0xe) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r3, &(0x7f0000000080)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000502b3e6e28d967964d9ead3133d167ab6b"], &(0x7f0000000380)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, @void, @value}, 0x94) r6 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r6, &(0x7f0000000240)=@nameseq={0x1e, 0x1, 0x3, {0x43, 0x1, 0x2}}, 0x10) r7 = socket$tipc(0x1e, 0x5, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r9, 0x0, 0xfffffffffffff001}, 0x18) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000100)={0x7, 0x4, 0x2, 0x3}, 0x10) sendmsg$tipc(r6, &(0x7f0000000400)={&(0x7f00000008c0)=@nameseq={0x1e, 0x1, 0x0, {0x18}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40000080}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kvm_dirty_ring_reset\x00', r5, 0x0, 0x2}, 0x17) syslog(0x2, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca04, &(0x7f0000000500)=ANY=[], 0x0, 0x2dc, &(0x7f0000000b00)="$eJzs3U9rY1UUAPDz0tck1UUGcaO4eKALV2Xq1k2rjCB2pURQF1qcDEhSBlooTAXTWfkJXPo9/Ahu3PgNBLeCu7qoXnn/0qSmnU5rRtTfb9PTe++59+RdSLvJyWev7I/vP8zi8elPEZFFZzu2448s7kQnWieRz+JIvSaYGwMA/lV+Syl+TU+V0vwDkHdWUxEAsGr13//aU6SdrLAkAGDFPvjo4/d2dnfvvV8U/XhpENkwi4j9r4+G9fzOg/giJjGKuzGIs4g0U8fvvLt7L/KidCde258eDcvM/U9/aPbf+SWiyt+KwTSW528Vtbn86dFwPZ6LInYerLelDuLF5flvLMmPYTdef3Wu/s0YxI+fx8OYxP2qjvP8r7aK4u30zemXn5THlPlZJ4a9al2priCtVT82nu39AAAAAAAAAAAAAAAAAAAAAADw37RZFFndvqfq31MONf131s6q+c2muU6Rx0J/niY/azeq+wOltsXPNMW3bX+du0VRpGbheX+fPF7OfYkAAAAAAAAAAAAAAAAAAAAAlA4fHY/3JpPRwd8StN0A2o/133Sf7fOR3kK5Fxf3Yq9a0L3WWfPdBspar1wceR5XbrhxmmpPfl2d9tDlazYun7pF0Du/3A+jCmYXc6ud04W7eOGt+vfj8V5RPpZHx+P2IY/3sied1W/3+W5+qhu3fQipqvAsLd5pf1bqZDKKk7LCaqo7l14+o5ue3n1+6dTvKaXr7fPmz/UdNSNZ1WLjeqevN8Fc+uKa/l/v4vvLN7z0LWPt5u82AAAAAAAAAAAAAAAAAADAVerP+p6MDg6XTD6+MrWzsqIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bmrv/9/MjqYBf2IaEaivzjVBtMmecnUxaAbB4f/8EsEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgf+DPAAAA//+58Ed9") ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) lsm_set_self_attr(0x66, 0x0, 0x23, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f0000000400)=ANY=[@ANYRES32=0x0, @ANYBLOB="0100dc00857163e95cd1e074e3c3ca02e2023d8f56aa90a06839e5cb550c74ebc28280f3855764701eec7359c5936e7ce415e3a23fac380cbb55c15c5d36b525d2f6024f83137befff862bedeafe8ac64f7f5f2c677e25edc1151de94cf0861ac819921e6d9d9c1364a4e5922fce9edc6bc8328e68acc38e89ea21ddd48726cbaf6eecd53e342a76bc267fe419c6851a1fe239bfe928032e1e12a25752085f6e943cc2f23470fc7f5c4e473ee51c6b60110362adfaa8ab516279f1af82fcd633ed4d1fbecb6a92a11dd75ba2d2eba4c551406f2e3bbcf6ab6372a9fdbdbbe002ad73ee"], 0xe4) r10 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x800c2, 0x0) pwrite64(r10, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) lseek(r10, 0x5, 0x4) getsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, 0x0, &(0x7f0000000100)) sendfile(r1, r1, &(0x7f0000000040)=0x2eb4, 0x2) 390.217514ms ago: executing program 4 (id=1806): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000340), &(0x7f0000000040)}, 0x20) socket$packet(0x11, 0xa, 0x300) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r5}, 0x10) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = socket(0x10, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) creat(&(0x7f0000000d80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x22) getsockname$packet(r6, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000880)=ANY=[@ANYBLOB="80000000100039042abd7000eafefffff7ff02e4", @ANYRES32=r8, @ANYBLOB="03000000c31006006000128008000100736974005400028008000100", @ANYRES32=r7], 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="c4000000", @ANYRES16=r0, @ANYBLOB="01000000000000000000011500002c000280060002004e2000000800090010000000060002004e210000080007000101000006000f000700000008000400ff7fffff14000280080006000200000008000900080000000800040002000000600001"], 0xc4}}, 0x4008800) 348.147194ms ago: executing program 1 (id=1807): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3) 313.229545ms ago: executing program 2 (id=1808): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) read(r0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x84, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}]}}}]}, @NFT_MSG_NEWSETELEM={0x30, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe0}}, 0x0) 268.167915ms ago: executing program 2 (id=1809): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0x72, 0x101301) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/freeze_filesystems', 0x4ae82, 0x12c) write$binfmt_aout(r4, &(0x7f0000001240)={{0x107, 0x55, 0x6, 0x20e, 0x33a, 0x8000, 0x3f}}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x2) 58.033029ms ago: executing program 2 (id=1810): sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={0x0}}, 0x40004) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x144, 0x65, 0x2, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x108, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_CLASSID={0x8, 0x3, {0x0, 0xfff1}}, @TCA_BPF_ACT={0xe8, 0x1, [@m_simple={0x5c, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x2f, 0x6, "1418bd2c32a073d723e0b8c72b0559383dcb289d087137ef800c671e42c961faca95344c687f10f4010ecb"}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_ctinfo={0x88, 0x1b, 0x0, 0x0, {{0xb}, {0x5c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6, 0x4, 0x81}, @TCA_CTINFO_ACT={0x18, 0x3, {0xd, 0x6, 0x3, 0x101, 0x4}}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x8}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x400}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0xffffffb4}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x3}, @TCA_CTINFO_ACT={0x18, 0x3, {0x0, 0x0, 0xe, 0x8, 0x512ce089}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}]}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}]}}]}, 0x144}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) socket(0x10, 0x803, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@filter={'filter\x00', 0xe, 0x3, 0xc52, [0x0, 0x2000000026c0, 0x2000000026f0, 0x2000000030fe], 0x0, &(0x7f0000000040), &(0x7f00000026c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0100000005000000060000008d057767300000000000000000000000000076657468305f766972745f7769666900626f6e643000000000000000000000006e657464657673696d300000000000000180c20000010000ff0080ffaaaaaaaaaa44ff00fff3ffff2e090000ae090000de090000737461746500000000000000000000000000000000000000000000000000000008000000000000000600000000000000616d6f6e6700000000000000000000000000000000000000000000000000000068080000000000000c00000050040000020000000900000001000000000000800900000002000000080000000900000007000000040000000180ffffffffff7f03000000f7ffffff030000000700000001800000cd00000003000000ff000000ffffffff26210000420200000d000000e100000003000000fcffffff1000000000000000a00a000001800000070000000300000002000000060000001a1b000001000000faffffff0400000000000000070000008001000003000000ff0000000400000004000000010100000800000000000000c97a000008000000050000000000008007460000ce0f0000090000000c390000090000000b000000000400000500000001000000740700000400000001000000feffffff0100000004740000ff0000000300000000000100070000001e8800000100010005000000000200000700000009000000008000000100000080650000090000006447a002872d00000100000001000000c4000000ffffff7f08000000810000000100000006000000070000000008000001000000960500007500000005000000090000000800000004000000ce2c00001000000001000080090000000d000000050000006883000007000000f21f0000d90000000500000000040000070000000037040002000000ffffff7f04000000650d0000ad040000100007000000000000000000ee41000080ffffff7fffffff11a60000090000000600000000020000080000000080000004000000ff7f0000e2000000ff01000000be0000060000004bbb000004000000ffffffff070000000000000007000000766000000900000007000000030000000200000000000000080000000200000016100000ab03000005000000070000000600000002000000050000000080000004000000090000004f070000050000002605000001000000ee690000080000000000000009000000010400009300000008000000020000000400000058f800003100000004000000010400000080000009000000bbfd00000700000000010000020000001000000005000000060000000000400005000000d0f9ffff0200000001000000ea54000003000000010000000600000009000000f7ffffff01010000030000000100000009000000020000000900000003000000d24d000007000000ffff000006000000010100000500000000000000ffffffff0400000004000000f7ffffff050200000100000000000080070000000700000002000000020000000700000000100000070000000100000007000000fbffffff0001000000010000110e00001000000008000000010000800b00000001000100040000003501000003000000030000000600000004000000f9ffffff000400001cf0ffff330700000100000002000000080000000700000000000000080000000300000007000000040000000900000005000000f702000059ec0000ac14141ff9ffffffff070000ac1414bb01000000030000007f00000103000000050000007f0000010500000005000000ac1e010140000000ffffffff060000000500000003000000930b000003000000800000007f00000002000000f7ffffffff030000050000006900000002000000443f000006000000fbffffff0300000005000000090000005e1fffff05000000cf9a00000e00000003000000070000004e0000000300000067000000ffffff7f04000000010100000300000001000000020000005dec00000700000007000000506900004000000000010000db620000004000000800000009000000010001000600000002000000060000000700000005000000070000000900000000000000070000000e0000000002000002000000060000000c0000009f560000070000000b0000000800000002000000582d00000400000005000000f9ffffff020000000100000007000000d15e0000e5010000000000000800000000040000080000000900000006000000040000000002000003000000010000008000000002000000030000000300000001050000070000000700000001000000aa0000000600000004000000141d00009e3a0000feffffff0900000005000000ffffffff80000000030000000200000003000000050000000900000002000000001000000500000002000000010000000100000006000000010400000600000001040000ff010000080000008700000001000000b9000000060000000100000000000000f7ffffff06000000810000000900000007000000010100000b0000000000000002000000130000000d000000010400000000000000000000ea060000bd0000000000a00000f8ffff060000008b0b00000600000000100000030000000c000000004cd5000200000007000000650c0000ef4400000500000004000000ffffffff0600000006000000ffffffff070000002e030000070000009d440000ff030000000000000100000000800000060000000100000064060000fdffffff0e0000000800000007000000060000000f00000069e4ffff030000000500000002000000ff010000040000005e010000e60200000600000081000000da0000000200000005000000ff07000001fcfffffeffffff0300000004000000040000000000000006000000060000003a000000090000002ef10143fcffffff3ae6c7ef0800000002000000000100000400000007000000010100000000000002000000060000000600000000000000018000000000008005000000ffffff7f0100000007000000db000000010400000c0000000700000000040000910b000009000000090000007f00000004000000ffffff7f0300000008000000020000004b000000ff07000006000000ffffffff070000000000000006000000020000000000e01f060000000300000000010000ff000000f7ce0000008000003cf50000f8ffffff0000000004000000000200003fb5b8360100000006000000040000000a01010100000000434f4e4e5345434d41524b000000000000000000000000000000000000000000080000000000000001000000000000006c6f67000000000000000000000000000000000000000000000000000000000028000000000000000937b36d1620709909508908c0c49da17ecb3d4a086e06014fd7dabc7c5341000a00000000000000434f4e4e5345434d41524b0000000000000000000000000000000000000000000800000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff02000000030000003000000086dd6d6163736563300000000000000000006261746164765f736c6176655f3100006970766c616e3100000000000000000069705f76746930000000000000000000aaaaaaaaaaaa0000ff0000ffbbbbbbbbbbbb00ff8000ff006e000000b6000000060100005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a30000000000000000000000000050700000000000002000000000000006c6f67000000000000000000000000000000000000000000000000000000000028000000000000000fd0162729f6280b7e88a976cdaae002919af87dc6567f06bab96218cb6d170002000000000000000300000012000000fbf876657468305f746f5f627269646765006c6f000000000000000000000000000069705f76746930000000000000000000766c616e3000000000000000000000000180c200000effffff000000aaaaaaaaaaaaffff00ffffffae000000ae000000de0000006d61726b5f6d000000000000000000000000000000000000000000000000000018000000000000000000000000000000060000000000000000010000000000"]}, 0xc99) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ipv6_route\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r2, 0x0, 0x0}, 0x20) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1) fcntl$setlease(r3, 0x400, 0x1) close_range(r1, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=1811): r0 = socket$nl_route(0x10, 0x3, 0x0) (async) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x11, 0x4000}]}}]}, 0x38}}, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) r6 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000028c0), 0x0, 0x0) sendfile(0xffffffffffffffff, r6, &(0x7f00000040c0)=0xfffffffffffffff9, 0x7) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10) (async) socket$kcm(0x11, 0xa, 0x300) (async) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2686dd4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) kernel console output (not intermixed with test programs): syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb58ef7e929 code=0x7ffc0000 [ 91.844608][ T5816] truncated [ 91.858835][ T5816] loop5: p3 size 589824 extends beyond EOD, truncated [ 91.891129][ T3387] vhci_hcd: vhci_device speed not set [ 91.961747][ T5857] loop2: detected capacity change from 0 to 256 [ 92.013918][ T5859] FAULT_INJECTION: forcing a failure. [ 92.013918][ T5859] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 92.027892][ T5859] CPU: 1 UID: 0 PID: 5859 Comm: syz.3.702 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 92.027928][ T5859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 92.027942][ T5859] Call Trace: [ 92.027950][ T5859] [ 92.027959][ T5859] __dump_stack+0x1d/0x30 [ 92.028030][ T5859] dump_stack_lvl+0xe8/0x140 [ 92.028104][ T5859] dump_stack+0x15/0x1b [ 92.028129][ T5859] should_fail_ex+0x265/0x280 [ 92.028173][ T5859] should_fail+0xb/0x20 [ 92.028205][ T5859] should_fail_usercopy+0x1a/0x20 [ 92.028329][ T5859] _copy_from_user+0x1c/0xb0 [ 92.028361][ T5859] ___sys_sendmsg+0xc1/0x1d0 [ 92.028434][ T5859] __x64_sys_sendmsg+0xd4/0x160 [ 92.028541][ T5859] x64_sys_call+0x2999/0x2fb0 [ 92.028573][ T5859] do_syscall_64+0xd2/0x200 [ 92.028598][ T5859] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 92.028671][ T5859] ? clear_bhb_loop+0x40/0x90 [ 92.028703][ T5859] ? clear_bhb_loop+0x40/0x90 [ 92.028736][ T5859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.028767][ T5859] RIP: 0033:0x7f3dc06ce929 [ 92.028796][ T5859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.028818][ T5859] RSP: 002b:00007f3dbed37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 92.028838][ T5859] RAX: ffffffffffffffda RBX: 00007f3dc08f5fa0 RCX: 00007f3dc06ce929 [ 92.028852][ T5859] RDX: 0000000000000000 RSI: 00002000000037c0 RDI: 0000000000000006 [ 92.028936][ T5859] RBP: 00007f3dbed37090 R08: 0000000000000000 R09: 0000000000000000 [ 92.028950][ T5859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 92.028968][ T5859] R13: 0000000000000000 R14: 00007f3dc08f5fa0 R15: 00007ffcd4e8fa18 [ 92.028997][ T5859] [ 92.135542][ T3296] udevd[3296]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 92.322347][ T5864] netlink: 'syz.2.703': attribute type 21 has an invalid length. [ 92.330255][ T5864] __nla_validate_parse: 8 callbacks suppressed [ 92.330300][ T5864] netlink: 156 bytes leftover after parsing attributes in process `syz.2.703'. [ 92.458475][ T5870] can: request_module (can-proto-0) failed. [ 92.573282][ T5870] netlink: 'syz.2.708': attribute type 29 has an invalid length. [ 92.581535][ T5870] netlink: 4 bytes leftover after parsing attributes in process `syz.2.708'. [ 92.628678][ T5870] loop2: detected capacity change from 0 to 8192 [ 92.765790][ T5885] netlink: 12 bytes leftover after parsing attributes in process `syz.1.713'. [ 92.791462][ T5887] FAULT_INJECTION: forcing a failure. [ 92.791462][ T5887] name failslab, interval 1, probability 0, space 0, times 0 [ 92.805223][ T5887] CPU: 0 UID: 0 PID: 5887 Comm: syz.2.714 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 92.805300][ T5887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 92.805315][ T5887] Call Trace: [ 92.805323][ T5887] [ 92.805331][ T5887] __dump_stack+0x1d/0x30 [ 92.805358][ T5887] dump_stack_lvl+0xe8/0x140 [ 92.805382][ T5887] dump_stack+0x15/0x1b [ 92.805444][ T5887] should_fail_ex+0x265/0x280 [ 92.805486][ T5887] ? bpf_raw_tp_link_attach+0x1a1/0x3f0 [ 92.805511][ T5887] should_failslab+0x8c/0xb0 [ 92.805542][ T5887] __kmalloc_cache_noprof+0x4c/0x320 [ 92.805603][ T5887] bpf_raw_tp_link_attach+0x1a1/0x3f0 [ 92.805626][ T5887] ? kstrtouint+0x76/0xc0 [ 92.805739][ T5887] bpf_raw_tracepoint_open+0x154/0x2b0 [ 92.805767][ T5887] ? security_bpf+0x2b/0x90 [ 92.805792][ T5887] __sys_bpf+0x321/0x790 [ 92.805913][ T5887] __x64_sys_bpf+0x41/0x50 [ 92.805945][ T5887] x64_sys_call+0x2478/0x2fb0 [ 92.805990][ T5887] do_syscall_64+0xd2/0x200 [ 92.806025][ T5887] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 92.806054][ T5887] ? clear_bhb_loop+0x40/0x90 [ 92.806079][ T5887] ? clear_bhb_loop+0x40/0x90 [ 92.806110][ T5887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.806183][ T5887] RIP: 0033:0x7fb58ef7e929 [ 92.806204][ T5887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.806233][ T5887] RSP: 002b:00007fb58d5e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 92.806253][ T5887] RAX: ffffffffffffffda RBX: 00007fb58f1a5fa0 RCX: 00007fb58ef7e929 [ 92.806275][ T5887] RDX: 0000000000000010 RSI: 00002000000002c0 RDI: 0000000000000011 [ 92.806291][ T5887] RBP: 00007fb58d5e7090 R08: 0000000000000000 R09: 0000000000000000 [ 92.806308][ T5887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 92.806325][ T5887] R13: 0000000000000000 R14: 00007fb58f1a5fa0 R15: 00007ffdd0baa2b8 [ 92.806352][ T5887] [ 93.026314][ T5880] process 'syz.4.707' launched '/dev/fd/9' with NULL argv: empty string added [ 93.043630][ T5880] netlink: 16 bytes leftover after parsing attributes in process `syz.4.707'. [ 93.049549][ T5878] netlink: 8 bytes leftover after parsing attributes in process `syz.3.710'. [ 93.052970][ T5880] netlink: 16 bytes leftover after parsing attributes in process `syz.4.707'. [ 93.071066][ T5880] netlink: 16 bytes leftover after parsing attributes in process `syz.4.707'. [ 93.101106][ T5880] netlink: 16 bytes leftover after parsing attributes in process `syz.4.707'. [ 93.110338][ T5880] netlink: 16 bytes leftover after parsing attributes in process `syz.4.707'. [ 93.119322][ T5880] netlink: 16 bytes leftover after parsing attributes in process `syz.4.707'. [ 93.149970][ T5894] loop2: detected capacity change from 0 to 164 [ 93.193729][ T5894] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 93.235291][ T5894] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 93.248248][ T5894] Symlink component flag not implemented [ 93.255232][ T5894] Symlink component flag not implemented [ 93.261654][ T5894] Symlink component flag not implemented (7) [ 93.267798][ T5894] Symlink component flag not implemented (116) [ 93.504192][ T5922] veth0_to_bond: entered allmulticast mode [ 93.591413][ T5929] loop5: detected capacity change from 0 to 2048 [ 93.696901][ T5929] loop5: p2 p3 p7 [ 93.724498][ T2996] loop5: p2 p3 p7 [ 93.845141][ T3296] udevd[3296]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 93.845527][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory [ 93.856979][ T3533] udevd[3533]: inotify_add_watch(7, /dev/loop5p7, 10) failed: No such file or directory [ 94.080739][ T5956] loop5: detected capacity change from 0 to 1024 [ 94.095807][ T5956] EXT4-fs: Ignoring removed i_version option [ 94.107045][ T5956] EXT4-fs: Ignoring removed mblk_io_submit option [ 94.114662][ T5956] EXT4-fs: Ignoring removed nobh option [ 94.120667][ T5956] EXT4-fs: Ignoring removed bh option [ 94.138604][ T5956] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.284379][ T5969] loop4: detected capacity change from 0 to 256 [ 94.375342][ T5977] can: request_module (can-proto-0) failed. [ 94.424549][ T5977] loop4: detected capacity change from 0 to 8192 [ 94.676998][ T6000] loop4: detected capacity change from 0 to 128 [ 94.691778][ T6000] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 94.710695][ T6000] ext4 filesystem being mounted at /140/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.737926][ T6011] FAULT_INJECTION: forcing a failure. [ 94.737926][ T6011] name failslab, interval 1, probability 0, space 0, times 0 [ 94.751063][ T6011] CPU: 1 UID: 0 PID: 6011 Comm: syz.1.760 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 94.751123][ T6011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 94.751141][ T6011] Call Trace: [ 94.751149][ T6011] [ 94.751160][ T6011] __dump_stack+0x1d/0x30 [ 94.751190][ T6011] dump_stack_lvl+0xe8/0x140 [ 94.751258][ T6011] dump_stack+0x15/0x1b [ 94.751281][ T6011] should_fail_ex+0x265/0x280 [ 94.751344][ T6011] should_failslab+0x8c/0xb0 [ 94.751472][ T6011] kmem_cache_alloc_noprof+0x50/0x310 [ 94.751503][ T6011] ? audit_log_start+0x365/0x6c0 [ 94.751545][ T6011] audit_log_start+0x365/0x6c0 [ 94.751658][ T6011] audit_seccomp+0x48/0x100 [ 94.751689][ T6011] ? __seccomp_filter+0x68c/0x10d0 [ 94.751719][ T6011] __seccomp_filter+0x69d/0x10d0 [ 94.751754][ T6011] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 94.751853][ T6011] ? vfs_write+0x75e/0x8e0 [ 94.751902][ T6011] __secure_computing+0x82/0x150 [ 94.751993][ T6011] syscall_trace_enter+0xcf/0x1e0 [ 94.752027][ T6011] do_syscall_64+0xac/0x200 [ 94.752060][ T6011] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 94.752097][ T6011] ? clear_bhb_loop+0x40/0x90 [ 94.752195][ T6011] ? clear_bhb_loop+0x40/0x90 [ 94.752228][ T6011] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.752314][ T6011] RIP: 0033:0x7fb4c62fe929 [ 94.752335][ T6011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.752356][ T6011] RSP: 002b:00007fb4c4967038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e5 [ 94.752376][ T6011] RAX: ffffffffffffffda RBX: 00007fb4c6525fa0 RCX: 00007fb4c62fe929 [ 94.752389][ T6011] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 94.752406][ T6011] RBP: 00007fb4c4967090 R08: 0000000000000000 R09: 0000000000000000 [ 94.752452][ T6011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.752470][ T6011] R13: 0000000000000000 R14: 00007fb4c6525fa0 R15: 00007ffd60dbb0a8 [ 94.752498][ T6011] [ 95.020778][ T3686] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.032752][ T3307] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 95.169883][ T6029] loop4: detected capacity change from 0 to 164 [ 95.183519][ T6029] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 95.244846][ T6031] loop5: detected capacity change from 0 to 2048 [ 95.315926][ T3296] loop5: p2 p3 p7 [ 95.344397][ T6031] loop5: p2 p3 p7 [ 95.417291][ T6047] loop4: detected capacity change from 0 to 2048 [ 95.466995][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory [ 95.485295][ T3296] udevd[3296]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 95.487043][ T6047] loop4: p2 p3 p7 [ 95.498242][ T3533] udevd[3533]: inotify_add_watch(7, /dev/loop5p7, 10) failed: No such file or directory [ 95.548238][ T6054] can: request_module (can-proto-0) failed. [ 95.650879][ T6054] loop2: detected capacity change from 0 to 8192 [ 95.796918][ T6075] loop5: detected capacity change from 0 to 8192 [ 95.806850][ T6078] loop2: detected capacity change from 0 to 512 [ 95.815818][ T6078] EXT4-fs: dax option not supported [ 95.836651][ T3522] loop5: p1 p3 p4 [ 95.845490][ T3522] loop5: p1 size 8390912 extends beyond EOD, truncated [ 95.849558][ T6080] can: request_module (can-proto-0) failed. [ 95.862358][ T3522] loop5: p3 size 589824 extends beyond EOD, truncated [ 95.876930][ T6075] loop5: p1 p3 p4 [ 95.884050][ T6075] loop5: p1 size 8390912 extends beyond EOD, truncated [ 95.900656][ T6075] loop5: p3 size 589824 extends beyond EOD, truncated [ 95.913506][ T6080] netlink: 'syz.1.790': attribute type 29 has an invalid length. [ 95.965788][ T30] kauditd_printk_skb: 392 callbacks suppressed [ 95.965804][ T30] audit: type=1326 audit(1750596682.281:4034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6079 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb4c62fd3df code=0x7ffc0000 [ 96.007473][ T30] audit: type=1326 audit(1750596682.321:4035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6079 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fb4c62fe9b7 code=0x7ffc0000 [ 96.033783][ T30] audit: type=1326 audit(1750596682.321:4036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6079 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb4c62fd290 code=0x7ffc0000 [ 96.060461][ T30] audit: type=1326 audit(1750596682.321:4037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6079 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fb4c62fd58a code=0x7ffc0000 [ 96.115801][ T30] audit: type=1326 audit(1750596682.381:4038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6079 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 96.141413][ T30] audit: type=1326 audit(1750596682.381:4039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6079 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 96.167502][ T30] audit: type=1326 audit(1750596682.411:4040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6079 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 96.192221][ T30] audit: type=1326 audit(1750596682.411:4041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6079 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 96.218052][ T30] audit: type=1326 audit(1750596682.411:4042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6079 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 96.242551][ T30] audit: type=1326 audit(1750596682.421:4043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6079 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 96.300462][ T6091] hsr_slave_0: left promiscuous mode [ 96.317551][ T6091] hsr_slave_1: left promiscuous mode [ 96.340165][ T3296] udevd[3296]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 96.353299][ T3533] udevd[3533]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory [ 96.394838][ T6097] can: request_module (can-proto-0) failed. [ 96.418883][ T3296] udevd[3296]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 96.419067][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 96.450279][ T6093] can0: slcan on ttyS3. [ 96.495928][ T6098] can0 (unregistered): slcan off ttyS3. [ 96.512900][ T6095] can0: slcan on ttyS3. [ 96.592668][ T6098] can0 (unregistered): slcan off ttyS3. [ 96.619215][ T6116] loop2: detected capacity change from 0 to 1024 [ 96.633376][ T6116] EXT4-fs: Ignoring removed nobh option [ 96.639397][ T6116] EXT4-fs: Ignoring removed bh option [ 96.727240][ T6124] loop5: detected capacity change from 0 to 2048 [ 96.738288][ T6116] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.766885][ T3522] loop5: p2 p3 p7 [ 96.779912][ T6124] loop5: p2 p3 p7 [ 96.815104][ T6131] loop4: detected capacity change from 0 to 2048 [ 96.891706][ T6136] wg1 speed is unknown, defaulting to 1000 [ 96.900748][ T6131] loop4: p1 < > p4 [ 96.906190][ T6131] loop4: p4 size 8388608 extends beyond EOD, truncated [ 96.926419][ T6116] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.801: Allocating blocks 497-513 which overlap fs metadata [ 96.951891][ T6116] EXT4-fs (loop2): pa ffff888106e701c0: logic 256, phys. 369, len 9 [ 96.960274][ T6116] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 97.046327][ T6116] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 97.079618][ T6131] loop4: detected capacity change from 0 to 2048 [ 97.172160][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.188165][ T6131] loop4: unable to read partition table [ 97.194863][ T6131] loop4: partition table beyond EOD, truncated [ 97.201256][ T6131] loop_reread_partitions: partition scan of loop4 () failed (rc=-5) [ 97.283183][ T2996] loop4: unable to read partition table [ 97.289964][ T2996] loop4: partition table beyond EOD, truncated [ 97.429191][ T6177] __nla_validate_parse: 18 callbacks suppressed [ 97.429212][ T6177] netlink: 12 bytes leftover after parsing attributes in process `syz.4.825'. [ 97.501824][ T6177] loop4: detected capacity change from 0 to 8192 [ 97.541541][ T3522] loop4: p1 p3 p4 [ 97.549068][ T3522] loop4: p1 size 8390912 extends beyond EOD, truncated [ 97.559330][ T3522] loop4: p3 size 589824 extends beyond EOD, truncated [ 97.592862][ T6177] loop4: p1 p3 p4 [ 97.596805][ T6177] loop4: p1 size 8390912 extends beyond EOD, truncated [ 97.609385][ T6177] loop4: p3 size 589824 extends beyond EOD, truncated [ 97.638051][ T6191] netlink: 8 bytes leftover after parsing attributes in process `syz.3.829'. [ 97.742634][ T6199] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 97.742634][ T6199] The task syz.5.831 (6199) triggered the difference, watch for misbehavior. [ 97.901489][ T6208] loop4: detected capacity change from 0 to 2048 [ 97.955059][ T6209] can: request_module (can-proto-0) failed. [ 97.964529][ T6209] netlink: 'syz.2.837': attribute type 29 has an invalid length. [ 97.972412][ T6209] netlink: 4 bytes leftover after parsing attributes in process `syz.2.837'. [ 98.001233][ T6208] loop4: p2 p3 p7 [ 98.036471][ T6209] loop2: detected capacity change from 0 to 8192 [ 98.101707][ T6219] netlink: 'syz.3.842': attribute type 21 has an invalid length. [ 98.111297][ T6219] netlink: 156 bytes leftover after parsing attributes in process `syz.3.842'. [ 98.182267][ T6228] FAULT_INJECTION: forcing a failure. [ 98.182267][ T6228] name failslab, interval 1, probability 0, space 0, times 0 [ 98.195670][ T6228] CPU: 1 UID: 0 PID: 6228 Comm: syz.1.846 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 98.195705][ T6228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 98.195722][ T6228] Call Trace: [ 98.195780][ T6228] [ 98.195791][ T6228] __dump_stack+0x1d/0x30 [ 98.195815][ T6228] dump_stack_lvl+0xe8/0x140 [ 98.195834][ T6228] dump_stack+0x15/0x1b [ 98.195853][ T6228] should_fail_ex+0x265/0x280 [ 98.195893][ T6228] should_failslab+0x8c/0xb0 [ 98.195989][ T6228] __kmalloc_node_track_caller_noprof+0xa4/0x410 [ 98.196140][ T6228] ? sidtab_sid2str_get+0xa0/0x130 [ 98.196174][ T6228] kmemdup_noprof+0x2b/0x70 [ 98.196247][ T6228] sidtab_sid2str_get+0xa0/0x130 [ 98.196272][ T6228] security_sid_to_context_core+0x1eb/0x2e0 [ 98.196302][ T6228] security_sid_to_context+0x27/0x40 [ 98.196332][ T6228] selinux_lsmprop_to_secctx+0x67/0xf0 [ 98.196423][ T6228] security_lsmprop_to_secctx+0x43/0x80 [ 98.196456][ T6228] audit_log_task_context+0x77/0x190 [ 98.196499][ T6228] audit_log_task+0xf4/0x250 [ 98.196571][ T6228] audit_seccomp+0x61/0x100 [ 98.196617][ T6228] ? __seccomp_filter+0x68c/0x10d0 [ 98.196648][ T6228] __seccomp_filter+0x69d/0x10d0 [ 98.196681][ T6228] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 98.196707][ T6228] ? vfs_write+0x75e/0x8e0 [ 98.196742][ T6228] ? __rcu_read_unlock+0x4f/0x70 [ 98.196769][ T6228] ? __fget_files+0x184/0x1c0 [ 98.196799][ T6228] __secure_computing+0x82/0x150 [ 98.196853][ T6228] syscall_trace_enter+0xcf/0x1e0 [ 98.196886][ T6228] do_syscall_64+0xac/0x200 [ 98.196910][ T6228] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 98.197042][ T6228] ? clear_bhb_loop+0x40/0x90 [ 98.197071][ T6228] ? clear_bhb_loop+0x40/0x90 [ 98.197094][ T6228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.197121][ T6228] RIP: 0033:0x7fb4c62fe929 [ 98.197142][ T6228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.197191][ T6228] RSP: 002b:00007fb4c4967038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 98.197216][ T6228] RAX: ffffffffffffffda RBX: 00007fb4c6525fa0 RCX: 00007fb4c62fe929 [ 98.197232][ T6228] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000009 [ 98.197311][ T6228] RBP: 00007fb4c4967090 R08: 0000000000000000 R09: 0000000000000000 [ 98.197324][ T6228] R10: 0000000000005412 R11: 0000000000000246 R12: 0000000000000001 [ 98.197340][ T6228] R13: 0000000000000000 R14: 00007fb4c6525fa0 R15: 00007ffd60dbb0a8 [ 98.197363][ T6228] [ 98.454754][ T6228] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 98.461529][ T6228] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 98.469563][ T6228] vhci_hcd vhci_hcd.0: Device attached [ 98.581026][ T6230] can: request_module (can-proto-0) failed. [ 98.643521][ T6233] vhci_hcd: connection closed [ 98.671608][ T10] vhci_hcd: vhci_device speed not set [ 98.698811][ T12] vhci_hcd: stop threads [ 98.703689][ T12] vhci_hcd: release socket [ 98.708426][ T12] vhci_hcd: disconnect device [ 98.751055][ T10] usb 3-1: new full-speed USB device number 2 using vhci_hcd [ 98.776053][ T10] usb 3-1: enqueue for inactive port 0 [ 98.800660][ T10] usb 3-1: enqueue for inactive port 0 [ 98.803893][ T6253] can: request_module (can-proto-0) failed. [ 98.826279][ T10] usb 3-1: enqueue for inactive port 0 [ 98.856897][ T6253] netlink: 'syz.3.855': attribute type 29 has an invalid length. [ 98.864962][ T6253] netlink: 4 bytes leftover after parsing attributes in process `syz.3.855'. [ 98.912121][ T10] vhci_hcd: vhci_device speed not set [ 99.017722][ T6280] loop2: detected capacity change from 0 to 1024 [ 99.033403][ T6280] EXT4-fs: Ignoring removed nobh option [ 99.039168][ T6280] EXT4-fs: Ignoring removed bh option [ 99.076160][ T6280] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.355531][ T6294] netlink: 76 bytes leftover after parsing attributes in process `syz.2.866'. [ 99.538506][ T6280] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.866: Allocating blocks 497-513 which overlap fs metadata [ 99.582575][ T6289] wg1 speed is unknown, defaulting to 1000 [ 99.587048][ T6280] EXT4-fs (loop2): pa ffff888106e702a0: logic 256, phys. 369, len 9 [ 99.597104][ T6280] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 99.618179][ T6305] loop5: detected capacity change from 0 to 256 [ 99.624716][ T6280] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 99.630426][ T6307] netlink: 12 bytes leftover after parsing attributes in process `syz.3.876'. [ 99.754714][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.764663][ T6313] can: request_module (can-proto-0) failed. [ 99.799644][ T6313] netlink: 'syz.5.878': attribute type 29 has an invalid length. [ 99.807738][ T6313] netlink: 4 bytes leftover after parsing attributes in process `syz.5.878'. [ 99.944511][ T6313] loop5: detected capacity change from 0 to 8192 [ 100.035714][ T6338] loop2: detected capacity change from 0 to 256 [ 100.111962][ T6344] loop5: detected capacity change from 0 to 164 [ 100.159218][ T6344] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 100.344746][ T6355] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 100.420065][ T6355] Symlink component flag not implemented [ 100.425995][ T6355] Symlink component flag not implemented [ 100.452877][ T6361] netlink: 'syz.3.896': attribute type 29 has an invalid length. [ 100.461262][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.896'. [ 100.530501][ T6355] Symlink component flag not implemented (7) [ 100.536996][ T6355] Symlink component flag not implemented (116) [ 100.590563][ T6359] can: request_module (can-proto-0) failed. [ 100.769701][ T6367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.898'. [ 100.943575][ T6386] loop5: detected capacity change from 0 to 1024 [ 100.953696][ T6386] EXT4-fs: Ignoring removed nobh option [ 100.959698][ T6386] EXT4-fs: Ignoring removed bh option [ 101.008946][ T6386] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.055769][ T30] kauditd_printk_skb: 520 callbacks suppressed [ 101.055803][ T30] audit: type=1326 audit(1750596687.371:4563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6385 comm="syz.5.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 101.115174][ T6392] loop2: detected capacity change from 0 to 8192 [ 101.122879][ T30] audit: type=1326 audit(1750596687.371:4564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6385 comm="syz.5.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 101.149383][ T30] audit: type=1326 audit(1750596687.371:4565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6385 comm="syz.5.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 101.175220][ T30] audit: type=1326 audit(1750596687.371:4566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6385 comm="syz.5.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 101.201605][ T30] audit: type=1326 audit(1750596687.371:4567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6385 comm="syz.5.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 101.206929][ T6402] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 101.227264][ T30] audit: type=1326 audit(1750596687.371:4568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6385 comm="syz.5.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 101.235188][ T6402] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 101.259825][ T30] audit: type=1326 audit(1750596687.371:4569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6385 comm="syz.5.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 101.292675][ T30] audit: type=1326 audit(1750596687.371:4570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6385 comm="syz.5.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 101.317814][ T30] audit: type=1326 audit(1750596687.371:4571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6385 comm="syz.5.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 101.343928][ T30] audit: type=1326 audit(1750596687.411:4572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6385 comm="syz.5.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 101.388827][ T6386] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4113: comm syz.5.907: Allocating blocks 273-513 which overlap fs metadata [ 101.407002][ T6386] EXT4-fs (loop5): pa ffff888106e27770: logic 0, phys. 257, len 16 [ 101.415822][ T6386] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5364: group 0, free 1, pa_free 16 [ 101.424949][ T6403] wg1 speed is unknown, defaulting to 1000 [ 101.430379][ T3522] loop2: p1 p3 p4 [ 101.439762][ T3522] loop2: p1 size 8390912 extends beyond EOD, truncated [ 101.516642][ T3522] loop2: p3 size 589824 extends beyond EOD, truncated [ 101.566624][ T6392] loop2: p1 p3 p4 [ 101.571328][ T6392] loop2: p1 size 8390912 extends beyond EOD, truncated [ 101.580262][ T3686] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.598704][ T6392] loop2: p3 size 589824 extends beyond EOD, truncated [ 101.617393][ T6415] can: request_module (can-proto-0) failed. [ 101.813463][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 101.838330][ T3296] udevd[3296]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 101.853420][ T3533] udevd[3533]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 101.899812][ T6432] loop4: detected capacity change from 0 to 164 [ 101.935689][ T6432] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 101.972656][ T6432] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 101.977093][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 101.983749][ T3296] udevd[3296]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 102.011212][ T6432] Symlink component flag not implemented [ 102.017766][ T6432] Symlink component flag not implemented [ 102.041074][ T6432] Symlink component flag not implemented (7) [ 102.047902][ T6432] Symlink component flag not implemented (116) [ 102.058178][ T6441] loop2: detected capacity change from 0 to 8192 [ 102.084526][ T3533] udevd[3533]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 102.153321][ T6441] loop2: p1 p3 p4 [ 102.157734][ T6441] loop2: p1 size 8390912 extends beyond EOD, truncated [ 102.178064][ T6441] loop2: p3 size 589824 extends beyond EOD, truncated [ 102.398047][ T6466] can: request_module (can-proto-0) failed. [ 102.405655][ T3532] udevd[3532]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 102.407675][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 102.417967][ T3533] udevd[3533]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 102.498904][ T6473] loop2: detected capacity change from 0 to 164 [ 102.526614][ T6466] loop4: detected capacity change from 0 to 8192 [ 102.534932][ T6473] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 102.559368][ T6476] loop5: detected capacity change from 0 to 512 [ 102.583249][ T6473] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 102.594161][ T6476] EXT4-fs: dax option not supported [ 102.614183][ T6473] Symlink component flag not implemented [ 102.620105][ T6473] Symlink component flag not implemented [ 102.636035][ T6476] __nla_validate_parse: 4 callbacks suppressed [ 102.636051][ T6476] netlink: 8 bytes leftover after parsing attributes in process `syz.5.939'. [ 102.637426][ T6478] Cannot find add_set index 0 as target [ 102.674320][ T6473] Symlink component flag not implemented (7) [ 102.680845][ T6473] Symlink component flag not implemented (116) [ 102.697201][ T6480] loop4: detected capacity change from 0 to 256 [ 102.892444][ T6500] netlink: 'syz.5.950': attribute type 21 has an invalid length. [ 102.900257][ T6500] netlink: 156 bytes leftover after parsing attributes in process `syz.5.950'. [ 102.947542][ T6505] can: request_module (can-proto-0) failed. [ 102.988525][ T6510] netlink: 12 bytes leftover after parsing attributes in process `syz.5.954'. [ 103.001365][ T6505] loop2: detected capacity change from 0 to 8192 [ 103.113860][ T6516] netlink: 'syz.2.956': attribute type 7 has an invalid length. [ 103.126018][ T6510] loop5: detected capacity change from 0 to 8192 [ 103.150585][ T6508] wg1 speed is unknown, defaulting to 1000 [ 103.181336][ T3296] loop5: p1 p3 p4 [ 103.186156][ T3296] loop5: p1 size 8390912 extends beyond EOD, truncated [ 103.200259][ T3296] loop5: p3 size 589824 extends beyond EOD, truncated [ 103.216794][ T6510] loop5: p1 p3 p4 [ 103.220937][ T6510] loop5: p1 size 8390912 extends beyond EOD, truncated [ 103.238998][ T6510] loop5: p3 size 589824 extends beyond EOD, truncated [ 103.304103][ T6519] wg1 speed is unknown, defaulting to 1000 [ 103.332666][ T6524] can: request_module (can-proto-0) failed. [ 103.390266][ T6524] netlink: 'syz.1.958': attribute type 29 has an invalid length. [ 103.398142][ T6524] netlink: 4 bytes leftover after parsing attributes in process `syz.1.958'. [ 103.537343][ T3533] udevd[3533]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 103.602877][ T6526] wg1 speed is unknown, defaulting to 1000 [ 103.648352][ T6541] can: request_module (can-proto-0) failed. [ 103.719910][ T6541] loop5: detected capacity change from 0 to 8192 [ 103.837401][ T6561] can: request_module (can-proto-0) failed. [ 103.882731][ T6561] netlink: 'syz.3.973': attribute type 29 has an invalid length. [ 103.890541][ T6561] netlink: 4 bytes leftover after parsing attributes in process `syz.3.973'. [ 104.067468][ T6584] netlink: 12 bytes leftover after parsing attributes in process `syz.2.984'. [ 104.079590][ T6580] can: request_module (can-proto-0) failed. [ 104.183447][ T6596] loop5: detected capacity change from 0 to 256 [ 104.226513][ T6584] loop2: detected capacity change from 0 to 8192 [ 104.293228][ T6584] loop2: p1 p3 p4 [ 104.297133][ T6584] loop2: p1 size 8390912 extends beyond EOD, truncated [ 104.305730][ T6604] loop5: detected capacity change from 0 to 164 [ 104.324586][ T6604] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 104.353150][ T6604] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 104.361322][ T6584] loop2: p3 size 589824 extends beyond EOD, truncated [ 104.363762][ T6604] Symlink component flag not implemented [ 104.373907][ T6604] Symlink component flag not implemented [ 104.376417][ T6598] wg1 speed is unknown, defaulting to 1000 [ 104.383438][ T6604] Symlink component flag not implemented (7) [ 104.391621][ T6604] Symlink component flag not implemented (116) [ 104.429405][ T2996] loop2: p1 p3 p4 [ 104.433698][ T2996] loop2: p1 size 8390912 extends beyond EOD, truncated [ 104.458976][ T6612] can: request_module (can-proto-0) failed. [ 104.469690][ T2996] loop2: p3 size 589824 extends beyond EOD, truncated [ 104.492151][ T6612] netlink: 'syz.4.996': attribute type 29 has an invalid length. [ 104.500149][ T6612] netlink: 4 bytes leftover after parsing attributes in process `syz.4.996'. [ 104.589497][ T6624] FAULT_INJECTION: forcing a failure. [ 104.589497][ T6624] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 104.603718][ T6624] CPU: 1 UID: 0 PID: 6624 Comm: syz.2.1001 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 104.603761][ T6624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 104.603779][ T6624] Call Trace: [ 104.603789][ T6624] [ 104.603802][ T6624] __dump_stack+0x1d/0x30 [ 104.603831][ T6624] dump_stack_lvl+0xe8/0x140 [ 104.603897][ T6624] dump_stack+0x15/0x1b [ 104.603922][ T6624] should_fail_ex+0x265/0x280 [ 104.604003][ T6624] should_fail+0xb/0x20 [ 104.604041][ T6624] should_fail_usercopy+0x1a/0x20 [ 104.604153][ T6624] _copy_from_user+0x1c/0xb0 [ 104.604236][ T6624] ___sys_sendmsg+0xc1/0x1d0 [ 104.604304][ T6624] __sys_sendmmsg+0x178/0x300 [ 104.604368][ T6624] __x64_sys_sendmmsg+0x57/0x70 [ 104.604408][ T6624] x64_sys_call+0x2f2f/0x2fb0 [ 104.604545][ T6624] do_syscall_64+0xd2/0x200 [ 104.604576][ T6624] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 104.604615][ T6624] ? clear_bhb_loop+0x40/0x90 [ 104.604670][ T6624] ? clear_bhb_loop+0x40/0x90 [ 104.604713][ T6624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.604789][ T6624] RIP: 0033:0x7fb58ef7e929 [ 104.604813][ T6624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.604840][ T6624] RSP: 002b:00007fb58d5e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 104.604875][ T6624] RAX: ffffffffffffffda RBX: 00007fb58f1a5fa0 RCX: 00007fb58ef7e929 [ 104.604893][ T6624] RDX: 0000000000000002 RSI: 0000200000008d00 RDI: 0000000000000003 [ 104.604910][ T6624] RBP: 00007fb58d5e7090 R08: 0000000000000000 R09: 0000000000000000 [ 104.604924][ T6624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.604938][ T6624] R13: 0000000000000000 R14: 00007fb58f1a5fa0 R15: 00007ffdd0baa2b8 [ 104.604959][ T6624] [ 104.954954][ T6641] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1009'. [ 105.078005][ T6655] loop5: detected capacity change from 0 to 1024 [ 105.091874][ T6655] EXT4-fs: Ignoring removed nobh option [ 105.097548][ T6655] EXT4-fs: Ignoring removed bh option [ 105.131438][ T6655] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.208853][ T6667] netdevsim netdevsim4: Direct firmware load for ..€ failed with error -2 [ 105.211386][ T6664] can: request_module (can-proto-0) failed. [ 105.226858][ T6664] netlink: 'syz.1.1017': attribute type 29 has an invalid length. [ 105.235039][ T6664] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1017'. [ 105.289523][ T6655] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4113: comm syz.5.1015: Allocating blocks 273-513 which overlap fs metadata [ 105.310196][ T6655] EXT4-fs (loop5): pa ffff888106e27770: logic 0, phys. 257, len 16 [ 105.312090][ T6670] loop9: detected capacity change from 0 to 7 [ 105.318262][ T6655] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5364: group 0, free 1, pa_free 16 [ 105.337002][ T3522] Buffer I/O error on dev loop9, logical block 0, async page read [ 105.345364][ T3522] Buffer I/O error on dev loop9, logical block 0, async page read [ 105.352488][ T6668] wg1 speed is unknown, defaulting to 1000 [ 105.353426][ T3522] loop9: unable to read partition table [ 105.367767][ T6670] Buffer I/O error on dev loop9, logical block 0, async page read [ 105.389804][ T6670] Buffer I/O error on dev loop9, logical block 0, async page read [ 105.397863][ T6670] loop9: unable to read partition table [ 105.406790][ T6670] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ â·û [ 105.406790][ T6670] ) failed (rc=-5) [ 105.420921][ T3522] Buffer I/O error on dev loop9, logical block 0, async page read [ 105.429388][ T3522] Buffer I/O error on dev loop9, logical block 0, async page read [ 105.453884][ T3522] Buffer I/O error on dev loop9, logical block 0, async page read [ 105.464034][ T3522] Buffer I/O error on dev loop9, logical block 0, async page read [ 105.479445][ T3686] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.480825][ T3522] Buffer I/O error on dev loop9, logical block 0, async page read [ 105.593219][ T6689] loop5: detected capacity change from 0 to 164 [ 105.623135][ T6689] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 105.648252][ T6690] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1026'. [ 105.729776][ T6689] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 105.744811][ T6689] Symlink component flag not implemented [ 105.750734][ T6689] Symlink component flag not implemented [ 105.763438][ T6689] Symlink component flag not implemented (7) [ 105.769959][ T6689] Symlink component flag not implemented (116) [ 105.781693][ T6699] netlink: 'syz.3.1030': attribute type 21 has an invalid length. [ 106.090224][ T6717] wg1 speed is unknown, defaulting to 1000 [ 106.137029][ T6726] netlink: 'syz.5.1041': attribute type 21 has an invalid length. [ 106.193234][ T6730] loop5: detected capacity change from 0 to 164 [ 106.204206][ T6730] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 106.221057][ T6730] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 106.230448][ T6730] Symlink component flag not implemented [ 106.236323][ T6730] Symlink component flag not implemented [ 106.256396][ T6730] Symlink component flag not implemented (7) [ 106.262666][ T6730] Symlink component flag not implemented (116) [ 106.324444][ T30] kauditd_printk_skb: 663 callbacks suppressed [ 106.324462][ T30] audit: type=1326 audit(1750596692.641:5236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6733 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 106.364486][ T30] audit: type=1326 audit(1750596692.641:5237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6733 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 106.388399][ T30] audit: type=1326 audit(1750596692.681:5238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6733 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 106.412318][ T30] audit: type=1326 audit(1750596692.681:5239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6733 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 106.436451][ T30] audit: type=1326 audit(1750596692.681:5240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6733 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 106.460712][ T30] audit: type=1326 audit(1750596692.681:5241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6733 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 106.484485][ T30] audit: type=1326 audit(1750596692.681:5242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6733 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 106.507945][ T30] audit: type=1326 audit(1750596692.681:5243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6733 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 106.568303][ T30] audit: type=1326 audit(1750596692.881:5244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6746 comm="syz.1.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 106.592227][ T30] audit: type=1326 audit(1750596692.881:5245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6746 comm="syz.1.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=243 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 106.770661][ T6757] loop5: detected capacity change from 0 to 1024 [ 106.790216][ T6757] EXT4-fs: Ignoring removed nobh option [ 106.796000][ T6757] EXT4-fs: Ignoring removed bh option [ 106.840751][ T6768] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket pid=6768 comm=syz.1.1054 [ 106.907399][ T6757] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.059623][ T6757] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4113: comm syz.5.1053: Allocating blocks 497-513 which overlap fs metadata [ 107.095055][ T6793] netlink: 'syz.2.1066': attribute type 21 has an invalid length. [ 107.108599][ T6757] EXT4-fs (loop5): pa ffff888106e702a0: logic 256, phys. 369, len 9 [ 107.116831][ T6757] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 107.130914][ T6785] wg1 speed is unknown, defaulting to 1000 [ 107.156886][ T6757] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 107.157315][ T6801] FAULT_INJECTION: forcing a failure. [ 107.157315][ T6801] name failslab, interval 1, probability 0, space 0, times 0 [ 107.184404][ T6801] CPU: 1 UID: 0 PID: 6801 Comm: syz.4.1069 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 107.184474][ T6801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 107.184491][ T6801] Call Trace: [ 107.184499][ T6801] [ 107.184508][ T6801] __dump_stack+0x1d/0x30 [ 107.184537][ T6801] dump_stack_lvl+0xe8/0x140 [ 107.184563][ T6801] dump_stack+0x15/0x1b [ 107.184586][ T6801] should_fail_ex+0x265/0x280 [ 107.184691][ T6801] ? audit_log_d_path+0x8d/0x150 [ 107.184734][ T6801] should_failslab+0x8c/0xb0 [ 107.184765][ T6801] __kmalloc_cache_noprof+0x4c/0x320 [ 107.184805][ T6801] audit_log_d_path+0x8d/0x150 [ 107.184927][ T6801] audit_log_d_path_exe+0x42/0x70 [ 107.185048][ T6801] audit_log_task+0x1e9/0x250 [ 107.185081][ T6801] audit_seccomp+0x61/0x100 [ 107.185143][ T6801] ? __seccomp_filter+0x68c/0x10d0 [ 107.185172][ T6801] __seccomp_filter+0x69d/0x10d0 [ 107.185274][ T6801] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 107.185308][ T6801] ? vfs_write+0x75e/0x8e0 [ 107.185363][ T6801] __secure_computing+0x82/0x150 [ 107.185393][ T6801] syscall_trace_enter+0xcf/0x1e0 [ 107.185426][ T6801] do_syscall_64+0xac/0x200 [ 107.185465][ T6801] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 107.185490][ T6801] ? clear_bhb_loop+0x40/0x90 [ 107.185515][ T6801] ? clear_bhb_loop+0x40/0x90 [ 107.185544][ T6801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.185571][ T6801] RIP: 0033:0x7f772b16e929 [ 107.185655][ T6801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.185678][ T6801] RSP: 002b:00007f77297d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e [ 107.185702][ T6801] RAX: ffffffffffffffda RBX: 00007f772b395fa0 RCX: 00007f772b16e929 [ 107.185718][ T6801] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 107.185748][ T6801] RBP: 00007f77297d7090 R08: 0000000000000000 R09: 0000000000000000 [ 107.185763][ T6801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.185778][ T6801] R13: 0000000000000000 R14: 00007f772b395fa0 R15: 00007fff079759a8 [ 107.185802][ T6801] [ 107.425758][ T3686] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.609724][ T6825] loop2: detected capacity change from 0 to 2048 [ 107.647213][ T3522] loop2: p2 p3 p7 [ 107.679775][ T6825] loop2: p2 p3 p7 [ 107.740092][ T6834] loop5: detected capacity change from 0 to 1024 [ 107.754158][ T6834] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.803967][ T6834] ipvlan2: entered promiscuous mode [ 107.811553][ T6834] bridge0: port 3(ipvlan2) entered blocking state [ 107.818152][ T6834] bridge0: port 3(ipvlan2) entered disabled state [ 107.825275][ T6834] ipvlan2: entered allmulticast mode [ 107.830616][ T6834] bridge0: entered allmulticast mode [ 107.837071][ T6834] ipvlan2: left allmulticast mode [ 107.842221][ T6834] bridge0: left allmulticast mode [ 107.905545][ T6841] loop4: detected capacity change from 0 to 512 [ 107.914898][ T6841] EXT4-fs: dax option not supported [ 107.942826][ T6841] __nla_validate_parse: 18 callbacks suppressed [ 107.942848][ T6841] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1085'. [ 107.966367][ T3686] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.029786][ T6849] netlink: 'syz.1.1089': attribute type 21 has an invalid length. [ 108.037859][ T6849] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1089'. [ 108.133748][ T6859] loop4: detected capacity change from 0 to 256 [ 108.149358][ T6861] netdevsim netdevsim1: Direct firmware load for ..€ failed with error -2 [ 108.178366][ T6854] wg1 speed is unknown, defaulting to 1000 [ 108.468692][ T6884] netlink: 'syz.4.1102': attribute type 21 has an invalid length. [ 108.476754][ T6884] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1102'. [ 108.552692][ T6889] FAULT_INJECTION: forcing a failure. [ 108.552692][ T6889] name failslab, interval 1, probability 0, space 0, times 0 [ 108.565771][ T6889] CPU: 0 UID: 0 PID: 6889 Comm: syz.5.1105 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 108.565850][ T6889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.565865][ T6889] Call Trace: [ 108.565872][ T6889] [ 108.565882][ T6889] __dump_stack+0x1d/0x30 [ 108.565909][ T6889] dump_stack_lvl+0xe8/0x140 [ 108.565930][ T6889] dump_stack+0x15/0x1b [ 108.565957][ T6889] should_fail_ex+0x265/0x280 [ 108.565988][ T6889] should_failslab+0x8c/0xb0 [ 108.566024][ T6889] __kmalloc_noprof+0xa5/0x3e0 [ 108.566058][ T6889] ? devlink_nl_notify_filter_set_doit+0xab/0x290 [ 108.566084][ T6889] devlink_nl_notify_filter_set_doit+0xab/0x290 [ 108.566114][ T6889] genl_family_rcv_msg_doit+0x140/0x1b0 [ 108.566180][ T6889] genl_rcv_msg+0x422/0x460 [ 108.566208][ T6889] ? __pfx_devlink_nl_notify_filter_set_doit+0x10/0x10 [ 108.566237][ T6889] netlink_rcv_skb+0x120/0x220 [ 108.566278][ T6889] ? __pfx_genl_rcv_msg+0x10/0x10 [ 108.566345][ T6889] genl_rcv+0x28/0x40 [ 108.566367][ T6889] netlink_unicast+0x59e/0x670 [ 108.566402][ T6889] netlink_sendmsg+0x58b/0x6b0 [ 108.566465][ T6889] ? __pfx_netlink_sendmsg+0x10/0x10 [ 108.566537][ T6889] __sock_sendmsg+0x142/0x180 [ 108.566780][ T6889] ____sys_sendmsg+0x31e/0x4e0 [ 108.566828][ T6889] ___sys_sendmsg+0x17b/0x1d0 [ 108.566895][ T6889] __x64_sys_sendmsg+0xd4/0x160 [ 108.566998][ T6889] x64_sys_call+0x2999/0x2fb0 [ 108.567026][ T6889] do_syscall_64+0xd2/0x200 [ 108.567056][ T6889] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 108.567089][ T6889] ? clear_bhb_loop+0x40/0x90 [ 108.567171][ T6889] ? clear_bhb_loop+0x40/0x90 [ 108.567200][ T6889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.567227][ T6889] RIP: 0033:0x7f3dc2dbe929 [ 108.567242][ T6889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.567313][ T6889] RSP: 002b:00007f3dc1427038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 108.567331][ T6889] RAX: ffffffffffffffda RBX: 00007f3dc2fe5fa0 RCX: 00007f3dc2dbe929 [ 108.567346][ T6889] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005 [ 108.567361][ T6889] RBP: 00007f3dc1427090 R08: 0000000000000000 R09: 0000000000000000 [ 108.567376][ T6889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.567392][ T6889] R13: 0000000000000000 R14: 00007f3dc2fe5fa0 R15: 00007ffe302cf0c8 [ 108.567411][ T6889] [ 108.892684][ T3522] printk: udevd: 57 output lines suppressed due to ratelimiting [ 108.917760][ T6895] loop2: detected capacity change from 0 to 1024 [ 108.948125][ T6895] EXT4-fs: Ignoring removed nobh option [ 108.953853][ T6895] EXT4-fs: Ignoring removed bh option [ 108.961369][ T6898] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 109.141177][ T6916] can: request_module (can-proto-0) failed. [ 109.152933][ T6916] netlink: 'syz.4.1117': attribute type 29 has an invalid length. [ 109.160852][ T6916] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1117'. [ 109.177370][ T6919] can: request_module (can-proto-0) failed. [ 109.253006][ T6895] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.304270][ T6916] loop4: detected capacity change from 0 to 8192 [ 109.420253][ T6928] wg1 speed is unknown, defaulting to 1000 [ 109.441624][ T6895] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.1108: Allocating blocks 497-513 which overlap fs metadata [ 109.474020][ T6931] loop4: detected capacity change from 0 to 2048 [ 109.481830][ T6895] EXT4-fs (loop2): pa ffff888106e277e0: logic 256, phys. 369, len 9 [ 109.489929][ T6895] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 109.501377][ T6895] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 109.575733][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.611436][ T6940] loop2: detected capacity change from 0 to 164 [ 109.619214][ T6936] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1123'. [ 109.630516][ T6940] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 109.650129][ T6940] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 109.656297][ T6941] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1119'. [ 109.658938][ T6940] Symlink component flag not implemented [ 109.673182][ T6940] Symlink component flag not implemented [ 109.695651][ T6940] Symlink component flag not implemented (7) [ 109.701765][ T6940] Symlink component flag not implemented (116) [ 109.772235][ T6952] loop2: detected capacity change from 0 to 256 [ 110.100576][ T6987] can: request_module (can-proto-0) failed. [ 110.288486][ T7003] netlink: 'syz.4.1151': attribute type 21 has an invalid length. [ 110.296639][ T7003] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1151'. [ 110.488194][ T7032] loop2: detected capacity change from 0 to 256 [ 110.522920][ T7033] loop4: detected capacity change from 0 to 512 [ 110.526857][ T7037] loop5: detected capacity change from 0 to 164 [ 110.537743][ T7033] EXT4-fs: dax option not supported [ 110.552412][ T7033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1163'. [ 110.561223][ T7037] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 110.596770][ T7030] wg1 speed is unknown, defaulting to 1000 [ 110.605938][ T7037] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 110.665148][ T7037] Symlink component flag not implemented [ 110.670912][ T7037] Symlink component flag not implemented [ 110.692002][ T7037] Symlink component flag not implemented (7) [ 110.698314][ T7037] Symlink component flag not implemented (116) [ 110.807025][ T7063] netlink: 'syz.4.1177': attribute type 21 has an invalid length. [ 110.815112][ T7063] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1177'. [ 110.856227][ T7069] loop5: detected capacity change from 0 to 1024 [ 110.863309][ T7069] EXT4-fs: Ignoring removed nobh option [ 110.869023][ T7069] EXT4-fs: Ignoring removed bh option [ 110.895234][ T7069] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.956651][ T7074] SELinux: Context system_u:object_r:ldconfig_cache_t:s0 is not valid (left unmapped). [ 110.984583][ T7090] loop4: detected capacity change from 0 to 164 [ 110.997585][ T7090] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 111.037400][ T7090] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 111.046918][ T7090] Symlink component flag not implemented [ 111.052639][ T7090] Symlink component flag not implemented [ 111.066677][ T7069] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4113: comm syz.5.1180: Allocating blocks 497-513 which overlap fs metadata [ 111.083569][ T7090] Symlink component flag not implemented (7) [ 111.089639][ T7090] Symlink component flag not implemented (116) [ 111.129456][ T7069] EXT4-fs (loop5): pa ffff888106e277e0: logic 256, phys. 369, len 9 [ 111.138042][ T7069] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 111.169965][ T7093] wg1 speed is unknown, defaulting to 1000 [ 111.176479][ T7069] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 111.263970][ T3686] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.377889][ T30] kauditd_printk_skb: 622 callbacks suppressed [ 111.377909][ T30] audit: type=1400 audit(1750596697.691:5868): avc: denied { create } for pid=7122 comm="syz.4.1202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 111.453254][ T30] audit: type=1400 audit(1750596697.731:5869): avc: denied { write } for pid=7122 comm="syz.4.1202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 111.473638][ T30] audit: type=1400 audit(1750596697.731:5870): avc: denied { nlmsg_write } for pid=7122 comm="syz.4.1202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 111.475066][ T7127] can: request_module (can-proto-0) failed. [ 111.563829][ T30] audit: type=1326 audit(1750596697.871:5871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7133 comm="syz.5.1207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 111.587574][ T30] audit: type=1326 audit(1750596697.871:5872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7133 comm="syz.5.1207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 111.587918][ T7140] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1209'. [ 111.611218][ T30] audit: type=1400 audit(1750596697.871:5873): avc: denied { watch } for pid=7139 comm="syz.1.1209" path="/246/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 111.646846][ T30] audit: type=1400 audit(1750596697.871:5874): avc: denied { read } for pid=7139 comm="syz.1.1209" name="qrtr-tun" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 111.650042][ T7143] xt_l2tp: v2 doesn't support IP mode [ 111.669923][ T30] audit: type=1400 audit(1750596697.871:5875): avc: denied { open } for pid=7139 comm="syz.1.1209" path="/dev/qrtr-tun" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 111.669962][ T30] audit: type=1400 audit(1750596697.871:5876): avc: denied { bind } for pid=7137 comm="syz.3.1208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 111.718088][ T30] audit: type=1400 audit(1750596697.871:5877): avc: denied { name_bind } for pid=7137 comm="syz.3.1208" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 111.934213][ T7169] loop5: detected capacity change from 0 to 256 [ 111.952526][ T7127] loop4: detected capacity change from 0 to 8192 [ 112.010155][ T7174] loop5: detected capacity change from 0 to 128 [ 112.064314][ T7174] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 112.090450][ T7174] ext4 filesystem being mounted at /223/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 112.105914][ T7183] FAULT_INJECTION: forcing a failure. [ 112.105914][ T7183] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 112.136252][ T7183] CPU: 0 UID: 0 PID: 7183 Comm: syz.1.1225 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 112.136291][ T7183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.136385][ T7183] Call Trace: [ 112.136394][ T7183] [ 112.136405][ T7183] __dump_stack+0x1d/0x30 [ 112.136433][ T7183] dump_stack_lvl+0xe8/0x140 [ 112.136458][ T7183] dump_stack+0x15/0x1b [ 112.136479][ T7183] should_fail_ex+0x265/0x280 [ 112.136518][ T7183] should_fail_alloc_page+0xf2/0x100 [ 112.136580][ T7183] alloc_pages_bulk_noprof+0xef/0x540 [ 112.136628][ T7183] copy_splice_read+0xf3/0x5f0 [ 112.136756][ T7183] ? __pfx_shmem_file_splice_read+0x10/0x10 [ 112.136785][ T7183] splice_direct_to_actor+0x290/0x680 [ 112.136842][ T7183] ? __pfx_direct_splice_actor+0x10/0x10 [ 112.136879][ T7183] do_splice_direct+0xda/0x150 [ 112.136909][ T7183] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 112.136967][ T7183] do_sendfile+0x380/0x650 [ 112.137002][ T7183] __x64_sys_sendfile64+0x105/0x150 [ 112.137052][ T7183] x64_sys_call+0xb39/0x2fb0 [ 112.137078][ T7183] do_syscall_64+0xd2/0x200 [ 112.137158][ T7183] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 112.137193][ T7183] ? clear_bhb_loop+0x40/0x90 [ 112.137222][ T7183] ? clear_bhb_loop+0x40/0x90 [ 112.137252][ T7183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.137342][ T7183] RIP: 0033:0x7fb4c62fe929 [ 112.137359][ T7183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.137390][ T7183] RSP: 002b:00007fb4c4967038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 112.137418][ T7183] RAX: ffffffffffffffda RBX: 00007fb4c6525fa0 RCX: 00007fb4c62fe929 [ 112.137434][ T7183] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 112.137448][ T7183] RBP: 00007fb4c4967090 R08: 0000000000000000 R09: 0000000000000000 [ 112.137460][ T7183] R10: 0001000000201005 R11: 0000000000000246 R12: 0000000000000001 [ 112.137476][ T7183] R13: 0000000000000000 R14: 00007fb4c6525fa0 R15: 00007ffd60dbb0a8 [ 112.137499][ T7183] [ 112.400217][ T3686] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 112.456475][ T7195] loop5: detected capacity change from 0 to 1024 [ 112.478960][ T7195] EXT4-fs: Ignoring removed nobh option [ 112.484760][ T7195] EXT4-fs: Ignoring removed bh option [ 112.559128][ T7195] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.605072][ T7207] can: request_module (can-proto-0) failed. [ 112.613895][ T7207] netlink: 'syz.4.1232': attribute type 29 has an invalid length. [ 112.718868][ T7207] loop4: detected capacity change from 0 to 8192 [ 112.824064][ T7195] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4113: comm syz.5.1228: Allocating blocks 497-513 which overlap fs metadata [ 112.852870][ T7220] loop2: detected capacity change from 0 to 164 [ 112.860135][ T7214] wg1 speed is unknown, defaulting to 1000 [ 112.869566][ T7220] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 112.881740][ T7195] EXT4-fs (loop5): pa ffff888106e277e0: logic 256, phys. 369, len 9 [ 112.889816][ T7195] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 112.912828][ T7220] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 112.923034][ T7220] Symlink component flag not implemented [ 112.928938][ T7220] Symlink component flag not implemented [ 112.934787][ T7220] Symlink component flag not implemented (7) [ 112.940809][ T7220] Symlink component flag not implemented (116) [ 112.953894][ T7195] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 113.088546][ T3686] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.116387][ T7246] can: request_module (can-proto-0) failed. [ 113.130021][ T7249] __nla_validate_parse: 2 callbacks suppressed [ 113.130038][ T7249] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1248'. [ 113.149125][ T7246] netlink: 'syz.3.1247': attribute type 29 has an invalid length. [ 113.157164][ T7246] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1247'. [ 113.229692][ T7250] wg1 speed is unknown, defaulting to 1000 [ 113.484160][ T7274] loop4: detected capacity change from 0 to 256 [ 113.613965][ T7282] loop4: detected capacity change from 0 to 2048 [ 113.659874][ T7295] loop5: detected capacity change from 0 to 164 [ 113.666534][ T7282] loop4: p2 p3 p7 [ 113.670645][ T7295] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 113.686658][ T7295] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 113.695389][ T7295] Symlink component flag not implemented [ 113.701142][ T7295] Symlink component flag not implemented [ 113.707275][ T7295] Symlink component flag not implemented (7) [ 113.713341][ T7295] Symlink component flag not implemented (116) [ 113.894671][ T7305] can: request_module (can-proto-0) failed. [ 113.901997][ T7305] netlink: 'syz.2.1269': attribute type 29 has an invalid length. [ 113.909930][ T7305] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1269'. [ 113.948958][ T7308] loop5: detected capacity change from 0 to 256 [ 113.961702][ T7305] loop2: detected capacity change from 0 to 8192 [ 114.165403][ T7332] loop5: detected capacity change from 0 to 1024 [ 114.172361][ T7332] EXT4-fs: Ignoring removed nobh option [ 114.177974][ T7332] EXT4-fs: Ignoring removed bh option [ 114.193476][ T7332] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.273071][ T7339] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4113: comm syz.5.1282: Allocating blocks 497-513 which overlap fs metadata [ 114.287981][ T7339] EXT4-fs (loop5): pa ffff888106e277e0: logic 256, phys. 369, len 9 [ 114.296166][ T7339] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 114.311398][ T7339] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 114.340612][ T3686] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.357673][ T7347] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1288'. [ 114.396309][ T7347] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 114.547386][ T7367] FAULT_INJECTION: forcing a failure. [ 114.547386][ T7367] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 114.560710][ T7367] CPU: 1 UID: 0 PID: 7367 Comm: syz.3.1289 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 114.560855][ T7367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.560879][ T7367] Call Trace: [ 114.560888][ T7367] [ 114.560899][ T7367] __dump_stack+0x1d/0x30 [ 114.560945][ T7367] dump_stack_lvl+0xe8/0x140 [ 114.561053][ T7367] dump_stack+0x15/0x1b [ 114.561079][ T7367] should_fail_ex+0x265/0x280 [ 114.561123][ T7367] should_fail+0xb/0x20 [ 114.561209][ T7367] should_fail_usercopy+0x1a/0x20 [ 114.561253][ T7367] _copy_to_user+0x20/0xa0 [ 114.561285][ T7367] simple_read_from_buffer+0xb5/0x130 [ 114.561361][ T7367] proc_fail_nth_read+0x100/0x140 [ 114.561389][ T7367] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 114.561439][ T7367] vfs_read+0x1a0/0x6f0 [ 114.561480][ T7367] ? __rcu_read_unlock+0x4f/0x70 [ 114.561591][ T7367] ? __rcu_read_unlock+0x4f/0x70 [ 114.561623][ T7367] ? __fget_files+0x184/0x1c0 [ 114.561656][ T7367] ksys_read+0xda/0x1a0 [ 114.561704][ T7367] __x64_sys_read+0x40/0x50 [ 114.561802][ T7367] x64_sys_call+0x2d77/0x2fb0 [ 114.561838][ T7367] do_syscall_64+0xd2/0x200 [ 114.561864][ T7367] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 114.561928][ T7367] ? clear_bhb_loop+0x40/0x90 [ 114.562007][ T7367] ? clear_bhb_loop+0x40/0x90 [ 114.562039][ T7367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.562141][ T7367] RIP: 0033:0x7f3dc06cd33c [ 114.562160][ T7367] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 114.562183][ T7367] RSP: 002b:00007f3dbecf5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 114.562209][ T7367] RAX: ffffffffffffffda RBX: 00007f3dc08f6160 RCX: 00007f3dc06cd33c [ 114.562227][ T7367] RDX: 000000000000000f RSI: 00007f3dbecf50a0 RDI: 000000000000000b [ 114.562292][ T7367] RBP: 00007f3dbecf5090 R08: 0000000000000000 R09: 0000000000000000 [ 114.562310][ T7367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.562327][ T7367] R13: 0000000000000000 R14: 00007f3dc08f6160 R15: 00007ffcd4e8fa18 [ 114.562357][ T7367] [ 114.805664][ T7373] can: request_module (can-proto-0) failed. [ 114.831830][ T7373] netlink: 'syz.2.1297': attribute type 29 has an invalid length. [ 114.839718][ T7373] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1297'. [ 114.957219][ T7373] loop2: detected capacity change from 0 to 8192 [ 115.055531][ T7395] loop4: detected capacity change from 0 to 512 [ 115.070493][ T7395] EXT4-fs: dax option not supported [ 115.078788][ T7395] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1303'. [ 115.085656][ T7397] loop2: detected capacity change from 0 to 164 [ 115.122275][ T7397] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 115.179108][ T7397] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 115.188141][ T7397] Symlink component flag not implemented [ 115.193976][ T7397] Symlink component flag not implemented [ 115.200728][ T7397] Symlink component flag not implemented (7) [ 115.206960][ T7397] Symlink component flag not implemented (116) [ 115.302823][ T7420] loop5: detected capacity change from 0 to 164 [ 115.303332][ T7417] can: request_module (can-proto-0) failed. [ 115.316211][ T7420] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 115.320575][ T7417] netlink: 'syz.4.1314': attribute type 29 has an invalid length. [ 115.332524][ T7417] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1314'. [ 115.341438][ T7420] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 115.341722][ T7420] Symlink component flag not implemented [ 115.355548][ T7420] Symlink component flag not implemented [ 115.362659][ T7420] Symlink component flag not implemented (7) [ 115.368716][ T7420] Symlink component flag not implemented (116) [ 115.421658][ T7417] loop4: detected capacity change from 0 to 8192 [ 115.440872][ T7426] can: request_module (can-proto-0) failed. [ 115.451337][ T7428] netlink: 'syz.5.1316': attribute type 29 has an invalid length. [ 115.459285][ T7428] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1316'. [ 115.510310][ T7426] loop5: detected capacity change from 0 to 8192 [ 115.655606][ T7438] loop5: detected capacity change from 0 to 512 [ 115.674136][ T7438] EXT4-fs: dax option not supported [ 115.694404][ T7438] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1320'. [ 115.885521][ T7454] loop4: detected capacity change from 0 to 256 [ 116.078660][ T7477] loop4: detected capacity change from 0 to 1024 [ 116.088849][ T7477] EXT4-fs: Ignoring removed nobh option [ 116.094624][ T7477] EXT4-fs: Ignoring removed bh option [ 116.125981][ T7477] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.237676][ T7486] loop5: detected capacity change from 0 to 2048 [ 116.243964][ T7477] wg1 speed is unknown, defaulting to 1000 [ 116.272923][ T7492] can: request_module (can-proto-0) failed. [ 116.281058][ T7490] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.1336: Allocating blocks 497-513 which overlap fs metadata [ 116.315400][ T7492] netlink: 'syz.2.1343': attribute type 29 has an invalid length. [ 116.323502][ T7492] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1343'. [ 116.336132][ T7490] EXT4-fs (loop4): pa ffff888106e27850: logic 256, phys. 369, len 9 [ 116.344895][ T7490] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 116.356552][ T7486] loop5: p2 p3 p7 [ 116.363560][ T7490] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 116.394593][ T30] kauditd_printk_skb: 446 callbacks suppressed [ 116.394612][ T30] audit: type=1326 audit(1750596702.711:6324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7499 comm="syz.1.1346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 116.427760][ T7501] Cannot find add_set index 0 as target [ 116.434717][ T30] audit: type=1326 audit(1750596702.721:6325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7489 comm="syz.2.1343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb58ef7d3df code=0x7ffc0000 [ 116.458710][ T30] audit: type=1326 audit(1750596702.751:6326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7499 comm="syz.1.1346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 116.482346][ T30] audit: type=1326 audit(1750596702.751:6327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7499 comm="syz.1.1346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 116.482594][ T7492] loop2: detected capacity change from 0 to 8192 [ 116.505872][ T30] audit: type=1326 audit(1750596702.751:6328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7499 comm="syz.1.1346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 116.505913][ T30] audit: type=1326 audit(1750596702.751:6329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7499 comm="syz.1.1346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 116.506003][ T30] audit: type=1326 audit(1750596702.761:6330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7499 comm="syz.1.1346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 116.583002][ T30] audit: type=1326 audit(1750596702.761:6331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7499 comm="syz.1.1346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 116.606459][ T30] audit: type=1326 audit(1750596702.761:6332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7499 comm="syz.1.1346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 116.629925][ T30] audit: type=1326 audit(1750596702.761:6333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7499 comm="syz.1.1346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fb4c62fe929 code=0x7ffc0000 [ 116.657050][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.994714][ T7547] FAULT_INJECTION: forcing a failure. [ 116.994714][ T7547] name failslab, interval 1, probability 0, space 0, times 0 [ 117.007662][ T7547] CPU: 1 UID: 0 PID: 7547 Comm: syz.4.1367 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 117.007777][ T7547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 117.007806][ T7547] Call Trace: [ 117.007814][ T7547] [ 117.007824][ T7547] __dump_stack+0x1d/0x30 [ 117.007850][ T7547] dump_stack_lvl+0xe8/0x140 [ 117.007875][ T7547] dump_stack+0x15/0x1b [ 117.007971][ T7547] should_fail_ex+0x265/0x280 [ 117.008009][ T7547] should_failslab+0x8c/0xb0 [ 117.008059][ T7547] kmem_cache_alloc_noprof+0x50/0x310 [ 117.008093][ T7547] ? __anon_vma_prepare+0x70/0x2f0 [ 117.008136][ T7547] ? pte_alloc_one+0xf8/0x120 [ 117.008202][ T7547] __anon_vma_prepare+0x70/0x2f0 [ 117.008281][ T7547] handle_mm_fault+0x1d19/0x2be0 [ 117.008358][ T7547] ? __rcu_read_unlock+0x4f/0x70 [ 117.008393][ T7547] do_user_addr_fault+0x3fe/0x1090 [ 117.008441][ T7547] exc_page_fault+0x62/0xa0 [ 117.008495][ T7547] asm_exc_page_fault+0x26/0x30 [ 117.008515][ T7547] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 117.008543][ T7547] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 117.008566][ T7547] RSP: 0018:ffffc90001537e00 EFLAGS: 00050206 [ 117.008602][ T7547] RAX: ffff88812dcf8a98 RBX: 0000000000000068 RCX: 0000000000000068 [ 117.008618][ T7547] RDX: 0000000000000000 RSI: ffffc90001537e38 RDI: 0000200000000980 [ 117.008634][ T7547] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 117.008648][ T7547] R10: 0001c90001537e38 R11: 0001c90001537e9f R12: 00002000000009e8 [ 117.008660][ T7547] R13: 00007ffffffff000 R14: 0000200000000980 R15: ffffc90001537e38 [ 117.008684][ T7547] _copy_to_user+0x7c/0xa0 [ 117.008713][ T7547] __se_sys_semctl+0x1c1/0x2d0 [ 117.008765][ T7547] __x64_sys_semctl+0x55/0x70 [ 117.008792][ T7547] x64_sys_call+0x2ec1/0x2fb0 [ 117.008813][ T7547] do_syscall_64+0xd2/0x200 [ 117.008877][ T7547] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 117.008950][ T7547] ? clear_bhb_loop+0x40/0x90 [ 117.008977][ T7547] ? clear_bhb_loop+0x40/0x90 [ 117.009006][ T7547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.009042][ T7547] RIP: 0033:0x7f772b16e929 [ 117.009060][ T7547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.009083][ T7547] RSP: 002b:00007f77297d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000042 [ 117.009106][ T7547] RAX: ffffffffffffffda RBX: 00007f772b395fa0 RCX: 00007f772b16e929 [ 117.009122][ T7547] RDX: 0000000000000012 RSI: 0000000000000005 RDI: 0000000000000000 [ 117.009158][ T7547] RBP: 00007f77297d7090 R08: 0000000000000000 R09: 0000000000000000 [ 117.009169][ T7547] R10: 0000200000000980 R11: 0000000000000246 R12: 0000000000000001 [ 117.009181][ T7547] R13: 0000000000000000 R14: 00007f772b395fa0 R15: 00007fff079759a8 [ 117.009203][ T7547] [ 117.392825][ T7560] loop5: detected capacity change from 0 to 2048 [ 117.429685][ T7560] loop5: p2 p3 p7 [ 117.467809][ T7557] loop4: detected capacity change from 0 to 8192 [ 117.521237][ T7557] loop4: p1 p3 p4 [ 117.525204][ T7557] loop4: p1 size 8390912 extends beyond EOD, truncated [ 117.535861][ T7557] loop4: p3 size 589824 extends beyond EOD, truncated [ 117.582720][ T7572] can: request_module (can-proto-0) failed. [ 117.592202][ T7572] netlink: 'syz.3.1378': attribute type 29 has an invalid length. [ 117.768584][ T7589] can: request_module (can-proto-0) failed. [ 117.780912][ T7589] netlink: 'syz.1.1385': attribute type 29 has an invalid length. [ 117.885362][ T7601] loop4: detected capacity change from 0 to 8192 [ 117.906506][ T7597] loop2: detected capacity change from 0 to 512 [ 117.922597][ T7597] EXT4-fs: Ignoring removed nobh option [ 117.928693][ T7603] can: request_module (can-proto-0) failed. [ 117.930053][ T7601] loop4: p1 p3 p4 [ 117.937426][ T7603] netlink: 'syz.1.1390': attribute type 29 has an invalid length. [ 117.939049][ T7601] loop4: p1 size 8390912 extends beyond EOD, truncated [ 117.959823][ T7601] loop4: p3 size 589824 extends beyond EOD, truncated [ 118.020976][ T7597] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #16: comm +}[@: corrupted inode contents [ 118.042803][ T7597] EXT4-fs (loop2): Remounting filesystem read-only [ 118.054064][ T7597] EXT4-fs (loop2): 1 truncate cleaned up [ 118.069426][ T7597] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.085351][ T7597] ext4 filesystem being mounted at /259/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 118.089105][ T4682] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 118.106816][ T4682] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 118.118491][ T4682] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 118.134715][ T7597] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.288900][ T7628] __nla_validate_parse: 9 callbacks suppressed [ 118.288980][ T7628] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1400'. [ 118.307041][ T7628] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1400'. [ 118.339163][ T7633] can: request_module (can-proto-0) failed. [ 118.364733][ T7633] netlink: 'syz.2.1401': attribute type 29 has an invalid length. [ 118.372799][ T7633] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1401'. [ 118.612821][ T7633] loop2: detected capacity change from 0 to 8192 [ 118.752532][ T7656] FAULT_INJECTION: forcing a failure. [ 118.752532][ T7656] name failslab, interval 1, probability 0, space 0, times 0 [ 118.765504][ T7656] CPU: 1 UID: 0 PID: 7656 Comm: syz.3.1411 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 118.765555][ T7656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.765581][ T7656] Call Trace: [ 118.765590][ T7656] [ 118.765600][ T7656] __dump_stack+0x1d/0x30 [ 118.765629][ T7656] dump_stack_lvl+0xe8/0x140 [ 118.765732][ T7656] dump_stack+0x15/0x1b [ 118.765803][ T7656] should_fail_ex+0x265/0x280 [ 118.765846][ T7656] should_failslab+0x8c/0xb0 [ 118.765880][ T7656] kmem_cache_alloc_noprof+0x50/0x310 [ 118.765984][ T7656] ? security_inode_alloc+0x37/0x100 [ 118.766088][ T7656] security_inode_alloc+0x37/0x100 [ 118.766129][ T7656] inode_init_always_gfp+0x4b7/0x500 [ 118.766186][ T7656] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 118.766269][ T7656] alloc_inode+0x58/0x170 [ 118.766313][ T7656] new_inode+0x1d/0xe0 [ 118.766365][ T7656] shmem_get_inode+0x244/0x750 [ 118.766392][ T7656] __shmem_file_setup+0x113/0x210 [ 118.766508][ T7656] shmem_file_setup+0x3b/0x50 [ 118.766629][ T7656] __se_sys_memfd_create+0x2c3/0x590 [ 118.766675][ T7656] __x64_sys_memfd_create+0x31/0x40 [ 118.766718][ T7656] x64_sys_call+0x122f/0x2fb0 [ 118.766741][ T7656] do_syscall_64+0xd2/0x200 [ 118.766837][ T7656] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 118.766866][ T7656] ? clear_bhb_loop+0x40/0x90 [ 118.766887][ T7656] ? clear_bhb_loop+0x40/0x90 [ 118.766912][ T7656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.766981][ T7656] RIP: 0033:0x7f3dc06ce929 [ 118.767002][ T7656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.767027][ T7656] RSP: 002b:00007f3dbed36e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 118.767053][ T7656] RAX: ffffffffffffffda RBX: 00000000000004d8 RCX: 00007f3dc06ce929 [ 118.767069][ T7656] RDX: 00007f3dbed36ef0 RSI: 0000000000000000 RDI: 00007f3dc07514cc [ 118.767086][ T7656] RBP: 0000200000000b00 R08: 00007f3dbed36bb7 R09: 00007f3dbed36e40 [ 118.767184][ T7656] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000080 [ 118.767200][ T7656] R13: 00007f3dbed36ef0 R14: 00007f3dbed36eb0 R15: 0000200000000440 [ 118.767227][ T7656] [ 119.147787][ T7670] can: request_module (can-proto-0) failed. [ 119.155934][ T7670] netlink: 'syz.1.1416': attribute type 29 has an invalid length. [ 119.163946][ T7670] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1416'. [ 119.189707][ T7674] loop2: detected capacity change from 0 to 512 [ 119.220333][ T7674] EXT4-fs: dax option not supported [ 119.263933][ T7674] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1414'. [ 119.417796][ T7682] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1419'. [ 119.479253][ T7694] bridge0: entered allmulticast mode [ 119.501225][ T7694] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1425'. [ 119.510271][ T7694] bridge_slave_1: left allmulticast mode [ 119.515989][ T7694] bridge_slave_1: left promiscuous mode [ 119.521795][ T7694] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.534643][ T7694] bridge_slave_0: left allmulticast mode [ 119.540377][ T7694] bridge_slave_0: left promiscuous mode [ 119.546298][ T7694] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.571955][ T7694] bridge0 (unregistering): left allmulticast mode [ 119.580035][ T7699] loop2: detected capacity change from 0 to 512 [ 119.640153][ T7699] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.665097][ T7708] can: request_module (can-proto-0) failed. [ 119.665247][ T7699] ext4 filesystem being mounted at /269/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 119.680090][ T7708] netlink: 'syz.5.1430': attribute type 29 has an invalid length. [ 119.689336][ T7708] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1430'. [ 119.761623][ T7708] loop5: detected capacity change from 0 to 8192 [ 119.838239][ T7699] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #19: comm syz.2.1425: corrupted inode contents [ 119.859370][ T7699] EXT4-fs error (device loop2): ext4_dirty_inode:6459: inode #19: comm syz.2.1425: mark_inode_dirty error [ 119.874085][ T7699] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #19: comm syz.2.1425: corrupted inode contents [ 119.886722][ T7699] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2991: inode #19: comm syz.2.1425: mark_inode_dirty error [ 119.900605][ T7699] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2994: inode #19: comm syz.2.1425: mark inode dirty (error -117) [ 119.914626][ T7699] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -117) [ 119.924871][ T7720] FAULT_INJECTION: forcing a failure. [ 119.924871][ T7720] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 119.938044][ T7720] CPU: 1 UID: 0 PID: 7720 Comm: syz.4.1435 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 119.938073][ T7720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 119.938086][ T7720] Call Trace: [ 119.938142][ T7720] [ 119.938151][ T7720] __dump_stack+0x1d/0x30 [ 119.938177][ T7720] dump_stack_lvl+0xe8/0x140 [ 119.938201][ T7720] dump_stack+0x15/0x1b [ 119.938222][ T7720] should_fail_ex+0x265/0x280 [ 119.938324][ T7720] should_fail+0xb/0x20 [ 119.938382][ T7720] should_fail_usercopy+0x1a/0x20 [ 119.938460][ T7720] _copy_to_user+0x20/0xa0 [ 119.938543][ T7720] simple_read_from_buffer+0xb5/0x130 [ 119.938580][ T7720] proc_fail_nth_read+0x100/0x140 [ 119.938602][ T7720] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 119.938639][ T7720] vfs_read+0x1a0/0x6f0 [ 119.938741][ T7720] ? __rcu_read_unlock+0x4f/0x70 [ 119.938763][ T7720] ? __rcu_read_unlock+0x4f/0x70 [ 119.938785][ T7720] ? __fget_files+0x184/0x1c0 [ 119.938819][ T7720] ksys_read+0xda/0x1a0 [ 119.938912][ T7720] __x64_sys_read+0x40/0x50 [ 119.938948][ T7720] x64_sys_call+0x2d77/0x2fb0 [ 119.938975][ T7720] do_syscall_64+0xd2/0x200 [ 119.939046][ T7720] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 119.939075][ T7720] ? clear_bhb_loop+0x40/0x90 [ 119.939098][ T7720] ? clear_bhb_loop+0x40/0x90 [ 119.939121][ T7720] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.939222][ T7720] RIP: 0033:0x7f772b16d33c [ 119.939237][ T7720] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 119.939269][ T7720] RSP: 002b:00007f77297d7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 119.939288][ T7720] RAX: ffffffffffffffda RBX: 00007f772b395fa0 RCX: 00007f772b16d33c [ 119.939301][ T7720] RDX: 000000000000000f RSI: 00007f77297d70a0 RDI: 0000000000000005 [ 119.939313][ T7720] RBP: 00007f77297d7090 R08: 0000000000000000 R09: 0000000000000000 [ 119.939326][ T7720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 119.939338][ T7720] R13: 0000000000000000 R14: 00007f772b395fa0 R15: 00007fff079759a8 [ 119.939385][ T7720] [ 120.180809][ T7724] loop4: detected capacity change from 0 to 164 [ 120.188606][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.200447][ T7724] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 120.228245][ T7724] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 120.237691][ T7724] Symlink component flag not implemented [ 120.243404][ T7724] Symlink component flag not implemented [ 120.249225][ T7724] Symlink component flag not implemented (7) [ 120.255313][ T7724] Symlink component flag not implemented (116) [ 120.320462][ T7734] can: request_module (can-proto-0) failed. [ 120.372607][ T7734] netlink: 'syz.5.1443': attribute type 29 has an invalid length. [ 120.380493][ T7734] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1443'. [ 120.487085][ T7754] loop4: detected capacity change from 0 to 512 [ 120.516333][ T7734] loop5: detected capacity change from 0 to 8192 [ 120.536195][ T7754] EXT4-fs: dax option not supported [ 120.563225][ T7756] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1451'. [ 120.642068][ T7760] can: request_module (can-proto-0) failed. [ 120.660603][ T7760] netlink: 'syz.2.1453': attribute type 29 has an invalid length. [ 120.782946][ T7760] loop2: detected capacity change from 0 to 8192 [ 120.876830][ T7789] can: request_module (can-proto-0) failed. [ 120.884913][ T7789] netlink: 'syz.2.1462': attribute type 29 has an invalid length. [ 120.959929][ T7789] loop2: detected capacity change from 0 to 8192 [ 121.360856][ T7809] loop4: detected capacity change from 0 to 512 [ 121.394166][ T7809] EXT4-fs: dax option not supported [ 121.548016][ T7825] can: request_module (can-proto-0) failed. [ 121.563390][ T30] kauditd_printk_skb: 682 callbacks suppressed [ 121.563408][ T30] audit: type=1326 audit(1750596707.881:7010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7824 comm="syz.2.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb58ef7e929 code=0x7ffc0000 [ 121.564232][ T7825] netlink: 'syz.2.1473': attribute type 29 has an invalid length. [ 121.569639][ T30] audit: type=1326 audit(1750596707.881:7011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7824 comm="syz.2.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb58ef7e929 code=0x7ffc0000 [ 121.607053][ T7829] can: request_module (can-proto-0) failed. [ 121.624466][ T30] audit: type=1326 audit(1750596707.881:7012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7824 comm="syz.2.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fb58ef7e929 code=0x7ffc0000 [ 121.624501][ T30] audit: type=1326 audit(1750596707.881:7013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7824 comm="syz.2.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb58ef7e929 code=0x7ffc0000 [ 121.624564][ T30] audit: type=1326 audit(1750596707.881:7014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7824 comm="syz.2.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb58ef7e929 code=0x7ffc0000 [ 121.624596][ T30] audit: type=1326 audit(1750596707.881:7015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7824 comm="syz.2.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb58ef7e929 code=0x7ffc0000 [ 121.624628][ T30] audit: type=1326 audit(1750596707.881:7016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7824 comm="syz.2.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb58ef7e929 code=0x7ffc0000 [ 121.741033][ T30] audit: type=1326 audit(1750596708.001:7017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7824 comm="syz.2.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb58ef7e929 code=0x7ffc0000 [ 121.771536][ T30] audit: type=1326 audit(1750596708.001:7018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7824 comm="syz.2.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb58ef7e929 code=0x7ffc0000 [ 121.794991][ T30] audit: type=1326 audit(1750596708.021:7019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7799 comm="syz.3.1466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3dc06cd290 code=0x7ffc0000 [ 121.863160][ T7833] netlink: 'syz.4.1474': attribute type 29 has an invalid length. [ 121.906172][ T7833] loop4: detected capacity change from 0 to 8192 [ 121.906960][ T7778] syz.5.1458 (7778) used greatest stack depth: 7000 bytes left [ 121.922837][ T7825] loop2: detected capacity change from 0 to 8192 [ 122.060328][ T7846] loop2: detected capacity change from 0 to 2048 [ 122.101507][ T7800] netlink: 'syz.3.1466': attribute type 13 has an invalid length. [ 122.123785][ T7846] loop2: p2 p3 p7 [ 122.194152][ T7800] erspan0: refused to change device tx_queue_len [ 122.200561][ T7800] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 122.336494][ T7864] netlink: 'syz.1.1485': attribute type 9 has an invalid length. [ 122.782657][ T7907] loop4: detected capacity change from 0 to 2048 [ 122.851865][ T7907] loop4: p2 p3 p7 [ 122.996910][ T7932] loop5: detected capacity change from 0 to 164 [ 123.009838][ T7932] Unable to read rock-ridge attributes [ 123.017151][ T7936] netlink: 'syz.1.1519': attribute type 9 has an invalid length. [ 123.083269][ T7932] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 123.142598][ T7955] loop5: detected capacity change from 0 to 256 [ 123.195540][ T7958] loop5: detected capacity change from 0 to 2048 [ 123.237580][ T7958] loop5: p2 p3 p7 [ 123.975772][ T7993] __nla_validate_parse: 29 callbacks suppressed [ 123.975793][ T7993] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1538'. [ 124.049621][ T8000] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1538'. [ 124.145913][ T8008] 8021q: adding VLAN 0 to HW filter on device bond1 [ 124.156143][ T8008] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1546'. [ 124.178742][ T8008] bond1 (unregistering): Released all slaves [ 124.259899][ T8028] loop5: detected capacity change from 0 to 1024 [ 124.260544][ T8028] EXT4-fs: Ignoring removed nobh option [ 124.260570][ T8028] EXT4-fs: Ignoring removed bh option [ 124.284177][ T8028] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 124.301645][ T8033] can: request_module (can-proto-0) failed. [ 124.325307][ T8033] validate_nla: 1 callbacks suppressed [ 124.325338][ T8033] netlink: 'syz.4.1553': attribute type 29 has an invalid length. [ 124.338798][ T8033] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1553'. [ 124.474246][ T8033] loop4: detected capacity change from 0 to 8192 [ 124.891116][ T8059] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4113: comm syz.5.1551: Allocating blocks 273-513 which overlap fs metadata [ 124.894319][ T8028] wg1 speed is unknown, defaulting to 1000 [ 124.924730][ T8059] EXT4-fs (loop5): pa ffff888106e277e0: logic 0, phys. 257, len 16 [ 124.932844][ T8059] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5364: group 0, free 1, pa_free 16 [ 125.016956][ T3686] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.088299][ T8065] loop5: detected capacity change from 0 to 512 [ 125.098012][ T8065] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 125.109575][ T8065] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e02c, mo2=0002] [ 125.125059][ T8065] EXT4-fs (loop5): orphan cleanup on readonly fs [ 125.137367][ T8065] EXT4-fs error (device loop5): ext4_clear_blocks:876: inode #11: comm syz.5.1564: attempt to clear invalid blocks 1024 len 1 [ 125.158417][ T8070] loop4: detected capacity change from 0 to 764 [ 125.165131][ T8065] EXT4-fs (loop5): Remounting filesystem read-only [ 125.188975][ T8065] EXT4-fs (loop5): 1 truncate cleaned up [ 125.277187][ T8065] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 125.328123][ T8075] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1568'. [ 125.347658][ T3686] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 125.550580][ T8094] loop4: detected capacity change from 0 to 2048 [ 125.607528][ T8094] loop4: p2 p3 p7 [ 125.625319][ T8098] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1578'. [ 125.721958][ T8107] 9pnet: p9_errstr2errno: server reported unknown error [ 125.770376][ T8112] FAULT_INJECTION: forcing a failure. [ 125.770376][ T8112] name failslab, interval 1, probability 0, space 0, times 0 [ 125.783231][ T8112] CPU: 0 UID: 0 PID: 8112 Comm: syz.5.1581 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 125.783287][ T8112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 125.783302][ T8112] Call Trace: [ 125.783310][ T8112] [ 125.783319][ T8112] __dump_stack+0x1d/0x30 [ 125.783346][ T8112] dump_stack_lvl+0xe8/0x140 [ 125.783396][ T8112] dump_stack+0x15/0x1b [ 125.783417][ T8112] should_fail_ex+0x265/0x280 [ 125.783457][ T8112] ? alloc_fs_context+0x44/0x4e0 [ 125.783494][ T8112] should_failslab+0x8c/0xb0 [ 125.783574][ T8112] __kmalloc_cache_noprof+0x4c/0x320 [ 125.783605][ T8112] alloc_fs_context+0x44/0x4e0 [ 125.783653][ T8112] fs_context_for_mount+0x22/0x30 [ 125.783747][ T8112] do_new_mount+0xe9/0x680 [ 125.783786][ T8112] path_mount+0x4a4/0xb20 [ 125.783860][ T8112] ? user_path_at+0x109/0x130 [ 125.783889][ T8112] __se_sys_mount+0x28f/0x2e0 [ 125.783907][ T8112] ? fput+0x8f/0xc0 [ 125.783935][ T8112] __x64_sys_mount+0x67/0x80 [ 125.783954][ T8112] x64_sys_call+0xd36/0x2fb0 [ 125.784021][ T8112] do_syscall_64+0xd2/0x200 [ 125.784039][ T8112] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 125.784069][ T8112] ? clear_bhb_loop+0x40/0x90 [ 125.784109][ T8112] ? clear_bhb_loop+0x40/0x90 [ 125.784132][ T8112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.784155][ T8112] RIP: 0033:0x7f3dc2dbe929 [ 125.784170][ T8112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.784199][ T8112] RSP: 002b:00007f3dc1406038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 125.784218][ T8112] RAX: ffffffffffffffda RBX: 00007f3dc2fe6080 RCX: 00007f3dc2dbe929 [ 125.784262][ T8112] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 0000000000000000 [ 125.784275][ T8112] RBP: 00007f3dc1406090 R08: 0000200000000080 R09: 0000000000000000 [ 125.784288][ T8112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 125.784300][ T8112] R13: 0000000000000001 R14: 00007f3dc2fe6080 R15: 00007ffe302cf0c8 [ 125.784320][ T8112] [ 126.046896][ T8120] can: request_module (can-proto-0) failed. [ 126.066932][ T8120] netlink: 'syz.5.1588': attribute type 29 has an invalid length. [ 126.074913][ T8120] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1588'. [ 126.138813][ T8133] random: crng reseeded on system resumption [ 126.166945][ T8120] loop5: detected capacity change from 0 to 8192 [ 126.255823][ T8145] tc_dump_action: action bad kind [ 126.322388][ T8150] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1601'. [ 126.380326][ T8160] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1601'. [ 126.422862][ T8164] can: request_module (can-proto-0) failed. [ 126.518834][ T8170] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1610'. [ 126.564359][ T8164] netlink: 'syz.5.1608': attribute type 29 has an invalid length. [ 126.572657][ T30] kauditd_printk_skb: 436 callbacks suppressed [ 126.572672][ T30] audit: type=1400 audit(1750596712.881:7456): avc: denied { create } for pid=8174 comm="syz.3.1611" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 126.602822][ T8173] loop4: detected capacity change from 0 to 512 [ 126.609402][ T8173] EXT4-fs: Ignoring removed bh option [ 126.614881][ T8173] ext3: Unknown parameter 'appraise' [ 126.615535][ T8165] wg1 speed is unknown, defaulting to 1000 [ 126.646940][ T8170] FAULT_INJECTION: forcing a failure. [ 126.646940][ T8170] name failslab, interval 1, probability 0, space 0, times 0 [ 126.659628][ T8170] CPU: 0 UID: 0 PID: 8170 Comm: syz.1.1610 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 126.659711][ T8170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 126.659728][ T8170] Call Trace: [ 126.659767][ T8170] [ 126.659774][ T8170] __dump_stack+0x1d/0x30 [ 126.659797][ T8170] dump_stack_lvl+0xe8/0x140 [ 126.659822][ T8170] dump_stack+0x15/0x1b [ 126.659874][ T8170] should_fail_ex+0x265/0x280 [ 126.659913][ T8170] should_failslab+0x8c/0xb0 [ 126.660003][ T8170] kmem_cache_alloc_node_noprof+0x57/0x320 [ 126.660055][ T8170] ? __alloc_skb+0x101/0x320 [ 126.660094][ T8170] __alloc_skb+0x101/0x320 [ 126.660174][ T8170] netlink_alloc_large_skb+0xba/0xf0 [ 126.660255][ T8170] netlink_sendmsg+0x3cf/0x6b0 [ 126.660281][ T8170] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.660382][ T8170] __sock_sendmsg+0x142/0x180 [ 126.660413][ T8170] ____sys_sendmsg+0x31e/0x4e0 [ 126.660479][ T8170] ___sys_sendmsg+0x17b/0x1d0 [ 126.660537][ T8170] __x64_sys_sendmsg+0xd4/0x160 [ 126.660641][ T8170] x64_sys_call+0x2999/0x2fb0 [ 126.660749][ T8170] do_syscall_64+0xd2/0x200 [ 126.660773][ T8170] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 126.660806][ T8170] ? clear_bhb_loop+0x40/0x90 [ 126.660833][ T8170] ? clear_bhb_loop+0x40/0x90 [ 126.660860][ T8170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.660899][ T8170] RIP: 0033:0x7fb4c62fe929 [ 126.660918][ T8170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.660940][ T8170] RSP: 002b:00007fb4c4967038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 126.661041][ T8170] RAX: ffffffffffffffda RBX: 00007fb4c6525fa0 RCX: 00007fb4c62fe929 [ 126.661056][ T8170] RDX: 0000000000000000 RSI: 0000200000000780 RDI: 000000000000000d [ 126.661071][ T8170] RBP: 00007fb4c4967090 R08: 0000000000000000 R09: 0000000000000000 [ 126.661086][ T8170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.661111][ T8170] R13: 0000000000000000 R14: 00007fb4c6525fa0 R15: 00007ffd60dbb0a8 [ 126.661135][ T8170] [ 126.698564][ T30] audit: type=1400 audit(1750596712.941:7457): avc: denied { write } for pid=8162 comm="syz.4.1607" name="001" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 126.817006][ T8164] loop5: detected capacity change from 0 to 8192 [ 126.825050][ T30] audit: type=1326 audit(1750596712.951:7458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8161 comm="syz.5.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 126.825083][ T30] audit: type=1326 audit(1750596712.951:7459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8161 comm="syz.5.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 126.899008][ T8180] tc_dump_action: action bad kind [ 126.921095][ T30] audit: type=1400 audit(1750596712.961:7460): avc: denied { ioctl } for pid=8169 comm="syz.1.1610" path="socket:[19074]" dev="sockfs" ino=19074 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 126.921182][ T30] audit: type=1400 audit(1750596712.961:7461): avc: denied { bind } for pid=8169 comm="syz.1.1610" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 126.921206][ T30] audit: type=1400 audit(1750596712.961:7462): avc: denied { write } for pid=8169 comm="syz.1.1610" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 127.013025][ T30] audit: type=1326 audit(1750596712.971:7463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8161 comm="syz.5.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f3dc2dbe929 code=0x7ffc0000 [ 127.036492][ T30] audit: type=1326 audit(1750596712.971:7464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8161 comm="syz.5.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f3dc2dbe963 code=0x7ffc0000 [ 127.061195][ T30] audit: type=1326 audit(1750596713.071:7465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8161 comm="syz.5.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f3dc2dbd3df code=0x7ffc0000 [ 127.109633][ T8184] loop2: detected capacity change from 0 to 2048 [ 127.186230][ T8184] loop2: p2 p3 p7 [ 127.197098][ T8197] 9pnet_fd: Insufficient options for proto=fd [ 127.237397][ T8205] loop5: detected capacity change from 0 to 256 [ 127.293876][ T8210] can: request_module (can-proto-0) failed. [ 127.303697][ T8210] netlink: 'syz.5.1625': attribute type 29 has an invalid length. [ 127.352763][ T8210] loop5: detected capacity change from 0 to 8192 [ 127.469414][ T8239] loop1: detected capacity change from 0 to 256 [ 127.476603][ T8237] hsr_slave_0: left promiscuous mode [ 127.483007][ T8237] hsr_slave_1: left promiscuous mode [ 128.232699][ T8273] loop2: detected capacity change from 0 to 2048 [ 128.258904][ T8275] loop4: detected capacity change from 0 to 8192 [ 128.355185][ T8275] loop4: p1 p3 p4 [ 128.358998][ T8275] loop4: p1 size 8390912 extends beyond EOD, truncated [ 128.367531][ T8273] loop2: p2 p3 p7 [ 128.378017][ T8275] loop4: p3 size 589824 extends beyond EOD, truncated [ 128.474017][ T8289] loop5: detected capacity change from 0 to 1024 [ 128.483688][ T8289] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 128.493648][ T8289] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 128.507748][ T8289] EXT4-fs (loop5): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 128.518945][ T8289] EXT4-fs error (device loop5): ext4_get_journal_inode:5796: inode #5: comm syz.5.1654: unexpected bad inode w/o EXT4_IGET_BAD [ 128.546615][ T8289] EXT4-fs (loop5): no journal found [ 128.551909][ T8289] EXT4-fs (loop5): can't get journal size [ 128.558539][ T8289] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 128.562163][ T8296] loop4: detected capacity change from 0 to 2048 [ 128.571533][ T8289] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.629268][ T8296] loop4: p2 p3 p7 [ 128.673363][ T8307] can: request_module (can-proto-0) failed. [ 128.682582][ T8307] netlink: 'syz.1.1660': attribute type 29 has an invalid length. [ 128.723320][ T8307] loop1: detected capacity change from 0 to 8192 [ 128.972534][ T8315] loop1: detected capacity change from 0 to 512 [ 128.979727][ T8315] EXT4-fs: Ignoring removed oldalloc option [ 128.991729][ T8315] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.1661: Parent and EA inode have the same ino 15 [ 129.005548][ T8315] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.1661: Parent and EA inode have the same ino 15 [ 129.018825][ T8315] EXT4-fs (loop1): 1 orphan inode deleted [ 129.025023][ T8315] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.253653][ T8326] __nla_validate_parse: 10 callbacks suppressed [ 129.253670][ T8326] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1665'. [ 129.312453][ T8326] loop2: detected capacity change from 0 to 8192 [ 129.351114][ T8326] loop2: p1 p3 p4 [ 129.355053][ T8326] loop2: p1 size 8390912 extends beyond EOD, truncated [ 129.363949][ T8326] loop2: p3 size 589824 extends beyond EOD, truncated [ 129.625855][ T8348] loop5: detected capacity change from 0 to 256 [ 129.704534][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.724362][ T8358] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1680'. [ 129.844501][ T8358] loop2: detected capacity change from 0 to 8192 [ 129.900804][ T8358] loop2: p1 p3 p4 [ 129.910963][ T8358] loop2: p1 size 8390912 extends beyond EOD, truncated [ 129.925105][ T8358] loop2: p3 size 589824 extends beyond EOD, truncated [ 129.982468][ T8380] loop1: detected capacity change from 0 to 256 [ 130.027543][ T8387] loop1: detected capacity change from 0 to 128 [ 130.504254][ T8396] wg1 speed is unknown, defaulting to 1000 [ 130.625606][ T8414] loop2: detected capacity change from 0 to 1024 [ 130.667976][ T8414] EXT4-fs: Ignoring removed nobh option [ 130.673730][ T8414] EXT4-fs: Ignoring removed bh option [ 130.715020][ T8414] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.787080][ T8425] loop4: detected capacity change from 0 to 1024 [ 130.795439][ T8425] EXT4-fs: Ignoring removed nobh option [ 130.799904][ T8414] wg1 speed is unknown, defaulting to 1000 [ 130.801099][ T8425] EXT4-fs: Ignoring removed bh option [ 130.815958][ T8426] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.1701: Allocating blocks 497-513 which overlap fs metadata [ 130.832793][ T8426] EXT4-fs (loop2): pa ffff888106e70310: logic 256, phys. 369, len 9 [ 130.840881][ T8426] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 130.853908][ T8426] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 130.919631][ T8425] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.980987][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.045239][ T8445] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.1704: Allocating blocks 497-513 which overlap fs metadata [ 131.071697][ T8446] loop1: detected capacity change from 0 to 512 [ 131.078226][ T8446] EXT4-fs: dax option not supported [ 131.083785][ T8445] EXT4-fs (loop4): pa ffff888106e278c0: logic 256, phys. 369, len 9 [ 131.091913][ T8445] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 131.111532][ T8445] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 131.193450][ T8425] wg1 speed is unknown, defaulting to 1000 [ 131.210522][ T8454] SELinux: failed to load policy [ 131.213338][ T8438] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1707'. [ 131.357693][ T8449] wg1 speed is unknown, defaulting to 1000 [ 131.389703][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.478538][ T8471] vcan0: entered allmulticast mode [ 131.489501][ T8471] vcan0: left allmulticast mode [ 131.507290][ T8471] loop5: detected capacity change from 0 to 512 [ 131.515501][ T8471] EXT4-fs: Ignoring removed bh option [ 131.523522][ T8471] EXT4-fs: Ignoring removed bh option [ 131.546732][ T8471] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 131.558166][ T8471] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 131.597797][ T8471] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 131.632233][ T8471] EXT4-fs (loop5): orphan cleanup on readonly fs [ 131.640100][ T8486] can: request_module (can-proto-0) failed. [ 131.646911][ T8471] EXT4-fs warning (device loop5): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 131.671686][ T30] kauditd_printk_skb: 251 callbacks suppressed [ 131.671704][ T30] audit: type=1326 audit(1750596717.992:7717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8483 comm="syz.4.1724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f772b16e929 code=0x7ffc0000 [ 131.710019][ T8486] netlink: 'syz.4.1724': attribute type 29 has an invalid length. [ 131.717958][ T8486] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1724'. [ 131.727085][ T30] audit: type=1326 audit(1750596718.022:7718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8483 comm="syz.4.1724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f772b16e929 code=0x7ffc0000 [ 131.750670][ T30] audit: type=1326 audit(1750596718.022:7719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8483 comm="syz.4.1724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f772b16e929 code=0x7ffc0000 [ 131.774277][ T30] audit: type=1326 audit(1750596718.022:7720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8483 comm="syz.4.1724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f772b16e929 code=0x7ffc0000 [ 131.797834][ T30] audit: type=1326 audit(1750596718.022:7721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8483 comm="syz.4.1724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f772b16e929 code=0x7ffc0000 [ 131.821235][ T30] audit: type=1326 audit(1750596718.022:7722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8483 comm="syz.4.1724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f772b16e929 code=0x7ffc0000 [ 131.844799][ T30] audit: type=1326 audit(1750596718.022:7723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8483 comm="syz.4.1724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f772b16e929 code=0x7ffc0000 [ 131.868413][ T30] audit: type=1326 audit(1750596718.022:7724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8483 comm="syz.4.1724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f772b16e929 code=0x7ffc0000 [ 131.872774][ T8486] loop4: detected capacity change from 0 to 8192 [ 131.892016][ T30] audit: type=1326 audit(1750596718.072:7725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8483 comm="syz.4.1724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f772b16e929 code=0x7ffc0000 [ 131.898411][ T8471] EXT4-fs (loop5): Cannot turn on quotas: error -22 [ 131.921663][ T30] audit: type=1326 audit(1750596718.072:7726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8483 comm="syz.4.1724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f772b16e929 code=0x7ffc0000 [ 131.930425][ T8471] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.1715: Invalid block bitmap block 0 in block_group 0 [ 131.966493][ T8471] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 131.976023][ T8471] EXT4-fs (loop5): 1 orphan inode deleted [ 131.983372][ T8471] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 131.996422][ T8471] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.076726][ T8503] netlink: 'syz.1.1729': attribute type 11 has an invalid length. [ 132.084783][ T8503] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1729'. [ 132.135833][ T8508] loop2: detected capacity change from 0 to 512 [ 132.142715][ T8508] EXT4-fs: dax option not supported [ 132.187659][ T8505] wg1 speed is unknown, defaulting to 1000 [ 132.194489][ T8508] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1728'. [ 132.450016][ T8532] loop4: detected capacity change from 0 to 2048 [ 132.481716][ T8535] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1740'. [ 132.505941][ T8532] loop4: p2 p3 p7 [ 132.669909][ T8544] syzkaller0: entered allmulticast mode [ 132.676330][ T8544] syzkaller0 (unregistering): left allmulticast mode [ 132.836687][ T8551] wg1 speed is unknown, defaulting to 1000 [ 132.951604][ T8562] can: request_module (can-proto-0) failed. [ 132.960137][ T8562] netlink: 'syz.1.1749': attribute type 29 has an invalid length. [ 132.968216][ T8562] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1749'. [ 133.023659][ T8562] loop1: detected capacity change from 0 to 8192 [ 133.034723][ T8569] loop5: detected capacity change from 0 to 2048 [ 133.073769][ T8571] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1753'. [ 133.096654][ T8569] loop5: p2 p3 p7 [ 133.121662][ T8569] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1752'. [ 133.136170][ T8571] loop1: detected capacity change from 0 to 8192 [ 133.203869][ T8571] loop1: p1 p3 p4 [ 133.207685][ T8571] loop1: p1 size 8390912 extends beyond EOD, truncated [ 133.215463][ T8571] loop1: p3 size 589824 extends beyond EOD, truncated [ 133.412940][ T8585] wg1 speed is unknown, defaulting to 1000 [ 133.611530][ T8604] loop4: detected capacity change from 0 to 2048 [ 133.658711][ T8604] loop4: p2 p3 p7 [ 133.669182][ T8587] loop1: detected capacity change from 0 to 512 [ 133.680641][ T8587] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 133.708122][ T8587] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.723283][ T8587] ext4 filesystem being mounted at /362/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 133.839050][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.930419][ T8615] loop1: detected capacity change from 0 to 8192 [ 133.981342][ T8615] loop1: p1 p3 p4 [ 133.985741][ T8615] loop1: p1 size 8390912 extends beyond EOD, truncated [ 133.994074][ T8615] loop1: p3 size 589824 extends beyond EOD, truncated [ 134.006860][ T8618] can: request_module (can-proto-0) failed. [ 134.015511][ T8618] netlink: 'syz.5.1770': attribute type 29 has an invalid length. [ 134.053139][ T8618] loop5: detected capacity change from 0 to 8192 [ 134.145483][ T8628] loop1: detected capacity change from 0 to 1024 [ 134.152580][ T8628] EXT4-fs: Ignoring removed nobh option [ 134.158230][ T8628] EXT4-fs: Ignoring removed bh option [ 134.173102][ T8628] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.197450][ T8634] loop2: detected capacity change from 0 to 164 [ 134.214752][ T8634] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 134.240714][ T8628] wg1 speed is unknown, defaulting to 1000 [ 134.247485][ T8634] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 134.262707][ T8639] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.1774: Allocating blocks 497-513 which overlap fs metadata [ 134.281208][ T8634] Symlink component flag not implemented [ 134.286914][ T8634] Symlink component flag not implemented [ 134.293208][ T8634] Symlink component flag not implemented (7) [ 134.299227][ T8634] Symlink component flag not implemented (116) [ 134.305557][ T8639] EXT4-fs (loop1): pa ffff888106e278c0: logic 256, phys. 369, len 9 [ 134.313755][ T8639] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 134.324503][ T8639] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 134.358916][ T8638] __nla_validate_parse: 4 callbacks suppressed [ 134.358933][ T8638] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1777'. [ 134.388993][ T8638] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1777'. [ 134.400140][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.472930][ T8651] loop2: detected capacity change from 0 to 512 [ 134.488422][ T8647] can: request_module (can-proto-0) failed. [ 134.495575][ T8653] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1782'. [ 134.497970][ T8651] EXT4-fs: dax option not supported [ 134.535833][ T8655] loop1: detected capacity change from 0 to 2048 [ 134.555224][ T8647] netlink: 'syz.5.1781': attribute type 29 has an invalid length. [ 134.563241][ T8647] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1781'. [ 134.564784][ T8651] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1778'. [ 134.595077][ T8653] loop4: detected capacity change from 0 to 8192 [ 134.643305][ T8653] loop4: p1 p3 p4 [ 134.647958][ T8655] loop1: p2 p3 p7 [ 134.651777][ T8653] loop4: p1 size 8390912 extends beyond EOD, truncated [ 134.659172][ T8653] loop4: p3 size 589824 extends beyond EOD, truncated [ 134.667049][ T8647] loop5: detected capacity change from 0 to 8192 [ 134.679052][ T8655] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1783'. [ 134.759285][ T8670] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1787'. [ 134.863550][ T8680] loop2: detected capacity change from 0 to 2048 [ 134.879209][ T8682] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1792'. [ 134.889080][ T8682] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1792'. [ 134.897164][ T8672] wg1 speed is unknown, defaulting to 1000 [ 134.942624][ T8680] loop2: p2 p3 p7 [ 135.021771][ T8695] loop4: detected capacity change from 0 to 512 [ 135.028320][ T8695] EXT4-fs: dax option not supported [ 135.062100][ T8695] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1795'. [ 135.179969][ T8702] can: request_module (can-proto-0) failed. [ 135.197366][ T8702] netlink: 'syz.3.1798': attribute type 29 has an invalid length. [ 135.405920][ T8722] loop1: detected capacity change from 0 to 164 [ 135.413584][ T8722] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 135.425314][ T8722] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 135.434640][ T8722] Symlink component flag not implemented [ 135.440429][ T8722] Symlink component flag not implemented [ 135.440858][ T8724] FAULT_INJECTION: forcing a failure. [ 135.440858][ T8724] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 135.446462][ T8722] Symlink component flag not implemented (7) [ 135.459313][ T8724] CPU: 0 UID: 0 PID: 8724 Comm: syz.4.1804 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 135.459349][ T8724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 135.459448][ T8724] Call Trace: [ 135.459458][ T8724] [ 135.459469][ T8724] __dump_stack+0x1d/0x30 [ 135.459501][ T8724] dump_stack_lvl+0xe8/0x140 [ 135.459530][ T8724] dump_stack+0x15/0x1b [ 135.459617][ T8724] should_fail_ex+0x265/0x280 [ 135.459677][ T8724] should_fail+0xb/0x20 [ 135.459716][ T8724] should_fail_usercopy+0x1a/0x20 [ 135.459765][ T8724] _copy_from_user+0x1c/0xb0 [ 135.459811][ T8724] __x64_sys_sendfile64+0x88/0x150 [ 135.459863][ T8724] x64_sys_call+0xb39/0x2fb0 [ 135.459967][ T8724] do_syscall_64+0xd2/0x200 [ 135.459998][ T8724] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 135.460036][ T8724] ? clear_bhb_loop+0x40/0x90 [ 135.460144][ T8724] ? clear_bhb_loop+0x40/0x90 [ 135.460196][ T8724] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.460226][ T8724] RIP: 0033:0x7f772b16e929 [ 135.460296][ T8724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.460323][ T8724] RSP: 002b:00007f77297d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 135.460352][ T8724] RAX: ffffffffffffffda RBX: 00007f772b395fa0 RCX: 00007f772b16e929 [ 135.460401][ T8724] RDX: 0000200000000040 RSI: 0000000000000005 RDI: 0000000000000005 [ 135.460418][ T8724] RBP: 00007f77297d7090 R08: 0000000000000000 R09: 0000000000000000 [ 135.460436][ T8724] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 135.460453][ T8724] R13: 0000000000000000 R14: 00007f772b395fa0 R15: 00007fff079759a8 [ 135.460528][ T8724] [ 135.637447][ T8722] Symlink component flag not implemented (116) [ 135.674007][ T8731] loop1: detected capacity change from 0 to 1024 [ 135.701899][ T8731] EXT4-fs: Ignoring removed nobh option [ 135.707561][ T8731] EXT4-fs: Ignoring removed bh option [ 135.724292][ T8731] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.789767][ T8731] wg1 speed is unknown, defaulting to 1000 [ 135.804551][ T8739] hub 4-0:1.0: USB hub found [ 135.813183][ T8739] hub 4-0:1.0: 8 ports detected [ 135.820062][ T8740] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.1807: Allocating blocks 497-513 which overlap fs metadata [ 135.879586][ T8740] EXT4-fs (loop1): pa ffff888106e279a0: logic 256, phys. 369, len 9 [ 135.887774][ T8740] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 135.901284][ T8740] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 136.011111][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.059496][ T8746] ================================================================== [ 136.067660][ T8746] BUG: KCSAN: data-race in mas_state_walk / mas_wr_store_entry [ 136.075272][ T8746] [ 136.077620][ T8746] write to 0xffff88811df12210 of 8 bytes by task 8745 on cpu 0: [ 136.085308][ T8746] mas_wr_store_entry+0x1581/0x2b50 [ 136.090558][ T8746] mas_store_prealloc+0x74d/0x9e0 [ 136.095630][ T8746] commit_merge+0x6a5/0x730 [ 136.100165][ T8746] vma_expand+0x1d0/0x370 [ 136.104530][ T8746] vma_merge_new_range+0x296/0x310 [ 136.109681][ T8746] mmap_region+0x9fa/0x1580 [ 136.114231][ T8746] do_mmap+0x9b3/0xbe0 [ 136.118350][ T8746] vm_mmap_pgoff+0x17a/0x2e0 [ 136.122983][ T8746] ksys_mmap_pgoff+0xc2/0x310 [ 136.127698][ T8746] x64_sys_call+0x1602/0x2fb0 [ 136.132438][ T8746] do_syscall_64+0xd2/0x200 [ 136.136988][ T8746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.142905][ T8746] [ 136.145251][ T8746] read to 0xffff88811df12210 of 8 bytes by task 8746 on cpu 1: [ 136.152819][ T8746] mas_state_walk+0x2f5/0x650 [ 136.157531][ T8746] mas_walk+0x30/0x120 [ 136.161643][ T8746] lock_vma_under_rcu+0xa2/0x2f0 [ 136.166617][ T8746] do_user_addr_fault+0x233/0x1090 [ 136.171757][ T8746] exc_page_fault+0x62/0xa0 [ 136.176298][ T8746] asm_exc_page_fault+0x26/0x30 [ 136.181179][ T8746] [ 136.183520][ T8746] value changed: 0x00007fb4c4946fff -> 0xffffffff855ec840 [ 136.190659][ T8746] [ 136.193002][ T8746] Reported by Kernel Concurrency Sanitizer on: [ 136.199169][ T8746] CPU: 1 UID: 0 PID: 8746 Comm: syz.1.1811 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) [ 136.211602][ T8746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 136.221668][ T8746] ==================================================================