last executing test programs: 3.116018499s ago: executing program 4 (id=1762): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) timer_create(0x3, 0x0, &(0x7f0000000200)=0x0) timer_delete(r4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10) r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r5, 0x402, 0x8000001f) fcntl$notify(r5, 0x402, 0x3) r6 = socket(0x10, 0x80002, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r8}, 0x10) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r10}, 0x10) r11 = socket(0x40000000015, 0x5, 0x0) connect$inet(r11, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r11, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r11, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r11, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000400)="67d8901bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c14498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d3abc8a75ac1f30e53a0eff506f6e6b369ba6c5306e91acaa94e89d3bff4e52cd151235f3defff171c60b91c0c5aeb29736830a09b262dbe4c7ed149885a054de1d7ff5bcecd7a50061814ceefb", 0x9d}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df895d9907e4afb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b907e0974f1073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf4dee8512f3bac440f5d5e4bed6b897608b01eae26a54433e5f5c74a2ee3c2fc50067be05a677ff52a7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fedb679328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e27252804059094a318c4cdeeddd5793a427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9", 0x3e4}], 0x2}, 0x0) r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r12, @ANYBLOB="010000000000000000000c"], 0x8c}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00", @ANYRES16=r6, @ANYRES32=r6], 0x44}}, 0x0) 3.031318786s ago: executing program 4 (id=1768): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0xb}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) 2.761151977s ago: executing program 4 (id=1775): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x40, 0x7ffc1ffb}]}) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, 0x0, 0x37) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$packet(0x11, 0x2, 0x300) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x100ef, 0x7fa962bfffff, 0x13012, r3, 0x0) close(0xffffffffffffffff) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1018e58, &(0x7f00000001c0), 0x6, 0x5fc, &(0x7f0000000600)="$eJzs3c9rHGUfAPDvzCZ5kzavaUXEFsWAhxakaVKLVS+29WAPBQv2IOKhoUlq6PYHTQq2FkzBg4KCiFeRXvwHvEvv3kRQb56FKlJRUOnK7M62m2Q3XdPsTpr5fGCzz/PM7D7PdydP5pmZPDsBlNZ49iON2BVx51QSMdaybDQaC8fz9W7/du109kiiVnv91ySSvKy5fpI/b88zwxHx7dGIRyur6124cvXsdLXW8F7E/sVzF/cvXLm6b/7c9JnZM7Pnpw68cPDQ5ItTB6c2JM7t+fOx4689+fH7bz8/9111XxKH4+TguzOxIo6NMh7jcScPsbV8ICIOZYk2n8vDZguEUGqV/PdxMCIej7Go1HMNYzH/UaGNA3qqVomoASWV6P9QUs1xQPPYvrvj4JM9HpX0z60jjQOg1fEPNM6NxHD92Gjb7aTlyKhxbmPHBtSf1fHPtd2fZ49Ydh7iz7tbZ2AD6ulk6XpEPNEu/qTeth31SLP402XtSCJiMiKG8va98gBtSFrSvTgPs5b1xp9GxOH8OSs/us76x1fk+x0/AOV080i+I1/Kcvf2f9nYozn+iTbjn9E2+671KHr/13n819zfD9fPkacrxmHZmOVE+7ccXFnw04fHPu1Uf+v4L3tk9TfHgv1w63rE7hXxf5AFm49/sviTNts/W+XU4e7qePX7X451WlZ0/LUbEXvaHv/cG5VmqTWuT+6fm6/OTjZ+tq3j62/e+rJT/UXHn23/bR3ib9n+6crXZZ/JxS7r+OrEjXOdlo3eN/7056Gkcbw5lJe8M724eGkqYig5nq/SUn5g7bY012m+Rxb/3mfa9/9lv//Xl7/PSPNPZhcuvnH2dqdl69n+LReT79S6bEMnWfwz99/+q/p/VvZJl3X88eblpzotWyv+kQcJDAAAAAAAAEoorV+DTdKJu+k0nZhozJd9LLal1QsLi8/OXbh8fiZib/3/IQfT5pXusUY+yfJT+f/DNvMHVuSfi4idEfFZZaSenzh9oTpTdPAAAAAAAAAAAAAAAAAAAACwSWzP5/8371P9e6Ux/x8oiV7eYA7Y3PR/KK96/191iyegDOz/obz0fygv/R/KS/+H8tL/obz0fygv/R/KS/8HAAAAgC1p59M3f0wiYumlkfojM5QvMyMItrbBohsAFKZSdAOAwty99G+wD6XT1fj/r/zLAXvfHKAASbvC+uCgtnbnv9n2lQAAAAAAAAAAAABAD+zZ1Xn+v7nBsLWZ9gfl9QDz/311ADzkfPU/lJdjfOB+s/iHOy0w/x8AAAAAAAAAAAAA+ma0/kjSiXwu8Gik6cRExP8jYkcMJnPz1dnJiHgkIn6oDP4vy08V3WgAAAAAAAAAAAAAAAAAAADYYhauXD07Xa3OXmpN/L2qZGsnmndB7UNdL8d/fFUk/f9YRiKi8I3Ss8RAS0kSsZRt+U3RsEsLsTmaUU8U/IcJAAAAAAAAAAAAAAAAAABKqGXucXu7v+hziwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg/+7d/793iaJjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTv8GAAD//7V5QCw=") execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x40, 0x7ffc1ffb}]}) (async) socket$rds(0x15, 0x5, 0x0) (async) bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) (async) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, 0x0, 0x37) (async) bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) (async) bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) (async) socket$packet(0x11, 0x2, 0x300) (async) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x100ef, 0x7fa962bfffff, 0x13012, r3, 0x0) (async) close(0xffffffffffffffff) (async) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1018e58, &(0x7f00000001c0), 0x6, 0x5fc, &(0x7f0000000600)="$eJzs3c9rHGUfAPDvzCZ5kzavaUXEFsWAhxakaVKLVS+29WAPBQv2IOKhoUlq6PYHTQq2FkzBg4KCiFeRXvwHvEvv3kRQb56FKlJRUOnK7M62m2Q3XdPsTpr5fGCzz/PM7D7PdydP5pmZPDsBlNZ49iON2BVx51QSMdaybDQaC8fz9W7/du109kiiVnv91ySSvKy5fpI/b88zwxHx7dGIRyur6124cvXsdLXW8F7E/sVzF/cvXLm6b/7c9JnZM7Pnpw68cPDQ5ItTB6c2JM7t+fOx4689+fH7bz8/9111XxKH4+TguzOxIo6NMh7jcScPsbV8ICIOZYk2n8vDZguEUGqV/PdxMCIej7Go1HMNYzH/UaGNA3qqVomoASWV6P9QUs1xQPPYvrvj4JM9HpX0z60jjQOg1fEPNM6NxHD92Gjb7aTlyKhxbmPHBtSf1fHPtd2fZ49Ydh7iz7tbZ2AD6ulk6XpEPNEu/qTeth31SLP402XtSCJiMiKG8va98gBtSFrSvTgPs5b1xp9GxOH8OSs/us76x1fk+x0/AOV080i+I1/Kcvf2f9nYozn+iTbjn9E2+671KHr/13n819zfD9fPkacrxmHZmOVE+7ccXFnw04fHPu1Uf+v4L3tk9TfHgv1w63rE7hXxf5AFm49/sviTNts/W+XU4e7qePX7X451WlZ0/LUbEXvaHv/cG5VmqTWuT+6fm6/OTjZ+tq3j62/e+rJT/UXHn23/bR3ib9n+6crXZZ/JxS7r+OrEjXOdlo3eN/7056Gkcbw5lJe8M724eGkqYig5nq/SUn5g7bY012m+Rxb/3mfa9/9lv//Xl7/PSPNPZhcuvnH2dqdl69n+LReT79S6bEMnWfwz99/+q/p/VvZJl3X88eblpzotWyv+kQcJDAAAAAAAAEoorV+DTdKJu+k0nZhozJd9LLal1QsLi8/OXbh8fiZib/3/IQfT5pXusUY+yfJT+f/DNvMHVuSfi4idEfFZZaSenzh9oTpTdPAAAAAAAAAAAAAAAAAAAACwSWzP5/8371P9e6Ux/x8oiV7eYA7Y3PR/KK96/191iyegDOz/obz0fygv/R/KS/+H8tL/obz0fygv/R/KS/8HAAAAgC1p59M3f0wiYumlkfojM5QvMyMItrbBohsAFKZSdAOAwty99G+wD6XT1fj/r/zLAXvfHKAASbvC+uCgtnbnv9n2lQAAAAAAAAAAAABAD+zZ1Xn+v7nBsLWZ9gfl9QDz/311ADzkfPU/lJdjfOB+s/iHOy0w/x8AAAAAAAAAAAAA+ma0/kjSiXwu8Gik6cRExP8jYkcMJnPz1dnJiHgkIn6oDP4vy08V3WgAAAAAAAAAAAAAAAAAAADYYhauXD07Xa3OXmpN/L2qZGsnmndB7UNdL8d/fFUk/f9YRiKi8I3Ss8RAS0kSsZRt+U3RsEsLsTmaUU8U/IcJAAAAAAAAAAAAAAAAAABKqGXucXu7v+hziwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg/+7d/793iaJjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTv8GAAD//7V5QCw=") (async) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) 2.331154192s ago: executing program 4 (id=1785): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000001a00000000000018112000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000200007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffbfff, 0x1, 0x1}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0xf}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0xfffffffffffffff4, 0x2, [@TCA_TAPRIO_ATTR_SCHED_BASE_TIME={0x0, 0x3, 0xfffffffffffffff8}]}}]}, 0x34}}, 0x0) 2.214359361s ago: executing program 0 (id=1788): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$unix(0x1, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x5}, @TCA_NETEM_RATE64={0xc, 0x8, 0x54e8d23026971a16}]}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000340)='kfree\x00', r4}, 0x18) setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000100)=@req3={0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x861}, 0x1c) 2.171680805s ago: executing program 2 (id=1789): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) unshare(0x22020400) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) pidfd_getfd(r1, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000400000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sys_enter\x00', r2, 0x0, 0x800000000}, 0x18) rt_sigpending(0x0, 0xfffffffffffffec3) prctl$PR_SET_NAME(0xf, &(0x7f00000002c0)='+}[@\x00G5\v\x89n\xb2\x0e\xb7\xb4\x9a\xb3\xb9\xe1\xff@`\x87\xefy\xb7\xe0\xe6c\x91\x81ND\t3\xc4\xca\xf0\xd0Zp\xadbdY\xdcz\xc6lo\xd0\xc7\'CT') r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r3, 0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) ioperm(0x3c, 0x1, 0x8) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6ae}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x18) r10 = syz_io_uring_setup(0x2a48, &(0x7f00000004c0)={0x0, 0x855c, 0x3180, 0x4, 0x35b, 0x0, r1}, &(0x7f0000000240)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r11, r12, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r10, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r10, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0) sendmsg$NL80211_CMD_SET_TID_CONFIG(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)={0x38, r6, 0x10ada85e65c25359, 0xfffffff9, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x4, 0x72}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}]}]}]}]}, 0x38}}, 0x0) 1.975082941s ago: executing program 0 (id=1791): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x28c681, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937e, &(0x7f00000019c0)={{0x1, 0x1, 0x1018, r0}, './file1\x00'}) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r2, 0x84, 0x1b, &(0x7f0000000400)={r3, 0xa0, "20d933c3454021c4c670ccc5c6774e54cfe000000000000000d8a1e10d53141d45e80fdfc33a063d13b598765838a6ba570b3e4acdd45b54487ad636bc7e992cd746962020ea68e4164c02dea38fbfea973d34b4d3773ac1c90e01fa6675a013685a1a0c08ba9eaaa5d60cccda31985fdbccd68fcbafb6ce7dff710e1a20f482eb5d1a9865159fdd01dfdbb9342dae700bef02b6eb508275d5d00023bca0c636"}, &(0x7f0000000200)=0xa8) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @private=0xa010101}], 0x10) syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x36e, &(0x7f00000007c0)="$eJzs3U1oM0UYwPEnaZImeXmbHERRkA6+CHpZ2uhZDNKCELC0jdgKwrbdaMialGyoRsS2J4+Kd0+Ch9KbBQ8F7VnoxZteRPDWi6BgBXVlv5LNV9PGpMH2/4OSycw8uzPZSXk27WYv3vj03UrJ0kp6Q6JJJRERkUuRrEQlEPEfo245IfLJd622A3n+wW8/PL22UUx6FWo5v/5CTik1N//Nex+m/G6ns3Kefevi19wv54+fP3nxz/o7ZUuVLVWtNZSutmo/NfQt01A7ZauiKbViGrplqHLVMupe+1f+dsza7m5T6dWdh+ndumFZSq82VcVoqkZNNepNpb+tl6tK0zT1MC0Ypni0uqrnRwzeHvNgMCH1el6fEZFUT0vxaCoDAgAAU9Wd/0edlH5Y/h/Syv83Za5QWFpVTud2/n/8zFnjwesnc37+f5rol/+/+KO3rY783zmdaOf/Ne/8oDQ8//9cbpD/92ZE98vI+X92AoPBaOYTPVWRjmdO/p/237+uwzePF9wC+T8AAAAAAAAAAAAAAAAAAAAAAP8Hl7adsW07EzwGP+1LCPznuJMGHf9ZEUk6R9/m+N9laxubknQv3HOOsfnxXnGv6D36Hc5ExBTjb7ubszaCK4+UIyvfmvt+/P5eccZtyZek7MTLomQk666nULxtL79aWFpUHj++dZlSOhyfk4w8Fo7/2l2dTnyuM97ff0KeexSK1yQj329LTUzZcSPb+/9oUalXXit0xafcfiLy860fFAAAAAAAxkxTLX3P3zVtULv3LSP5kvsxkSELkpG/+p/fL/Q9P49lnopNe/YAAAAAANwPVvODii5Ro+4WTLNfISUDm8ZQiHXUxEWkb+dEV038qi3PhGZ43fEkxLuDyX+d1xfBq3qTqOAfKZyBt5r8O6rIaOMJ5u/WRGLP/u43/XnTeUUOxF0AB+GmqFwjPNY9+HmnQvXt/Gjgdg79ibRqgo+NEgNeZ1np3U70ipUQ76mxI6MtgCc++/KP8b1BXjrxV8D7wzsfmoa9L9c5KF0FZxe9TfGJ/+IBAAAAcOvaSX9Q83K4OXwjkfDNcvjLPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYzSRr/TrKgze++xtThUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYun8DAAD//7ct9c4=") r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x62) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000040)={r3, 0x4c, &(0x7f00000000c0)=[@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e21, @remote}, @in6={0xa, 0x4e21, 0xffff, @private0={0xfc, 0x0, '\x00', 0x1}, 0x40}, @in={0x2, 0x4e21, @rand_addr=0x64010101}]}, &(0x7f0000000140)=0x10) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x100000b, 0x2013, r4, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x4}, @NFTA_MATCH_REV={0x8}, @NFTA_MATCH_NAME={0x8, 0x1, 'u32\x00'}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="7f00000000000000dd0a00000020008573013de64995ecd39500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7, 0x0, 0xffffffffffffffff, 0x68000000}, 0x48) r7 = socket(0x840000000002, 0x3, 0xff) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r7, 0x81f8943c, &(0x7f00000d5440)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f00000d5640)={0x0, 0x0, "22b7ddc964f42cdeca681ba9aca849715d3be6192724b020bd2808d9f769840eade03a9213098e6ff966c152daeacf97eb0be2d4ff7e39f38d45388df3d9897b0543d00482b90979b85cc3c4e008eda17064aea9d06715ed5681fc27d900b614cf6aa4cc255e5cd5a95810ac34a844da7ecb4536703a6c64d92e1267c848db5cbc24644efee393b2a28cdfae4ff284176ff79927427ea1d1d6293930903d10321841b1fc3aea2b59ad7d044e8f367c99ca414ae6cafb8cd887f138340622ca2b4d9aad0ba4991a4d391a30990c086712fcf17d5454ad313aa26aa76e1555d7318a615b5ee1454232f3acb64b055d78fc2171d759ac00b4e5f2c3fac863b11a57", "c12548c2884609ab0789a58b72b72f8e93f823d34c496d5f1d76c6f866328677959e41ff227db6ca603b79a0c74d2cdd4a6d387ee0fda76b6a4256ea23ab05cdc17a99ce9f1bb26729b3d74a608ab09b8a41b9b21ce5ee0427ea04e4f0c6e9478eed392db3744fca052121c2fdecfcaccc44358eef2e42291c859b8c409b32bee2abf94093a1f139e041562f489bb65d3fdb63f9523405b607b1a6150bec51959b8943b6b1f75de88280e92baa78d099a72ea74c4e10fb3b56179574478b7636d3122b6bcf3685594652ed285955603a2b15f55a3d35d3549f5fd5708145a7b0c1e0b34612ebee41eff0787ba24d51cd5c40aeeddb30c6590333029f16e9b5818b0b5f80f75cf0a8f131412bba92b85ee5dbf6e06069c928dfa9fd0e0cfeed766d7200336089ff7ddbe72645f8dc385cbd3285d5f2bd79d89f4cf7b3ad2b5f3e146888103be76c573f9a7174decc5ac96d6e40ef88d2bf2ef41c9b2e6d18687aff7e6d977c850198b0cf3475412cac026fb29e59eadb7d29c26fa62f70de278fbfd6d2a48756f09404065432784c7d07bd60e4edcdd9da7e2dbacbd2358c6bbbdff8e4ddb2aef7ca970f9f4785709bfa65039e310d33f385c18337fdfb141d9cbe068a7cf6a721a76ffe5c70f313d1ada70d7e8f44fe49ed218f2e4ae47eb9af380ea9a7fdca1581a392e3ece078decff23f81851c3c251ed12c00aa94e3ff4d07466b079a583415e939af9c6958339c4b87973807e89525af13fc6c785440c4037ef543197a996234e8100f0afe7c41ca1ba43bd6ca316d9331bf57cf5937973d0275b7c99f74c4defcc5f3d41f02b9eb141c6e03ffe134bbf1b4c9c15de41ceeb630c936927ec6b79aa70ee59ca6fb732352bae0e9e51e0f77c89aa8c8a442a1b0b1c0d7a0a6de643b106d7c9cbb71fcf754b3a12ec25ad65bf178dd7d193f81572f84087f40033205052c5ce527f6fc98ab01c2a1b21fb59bf48f0e6fb72ae89f3052a65dfdf9a6e34634e9f7c0e9e0f3947aab38d13e2d0b8b9c0b26d2b358a14e12313638292e77bf77e69bdbf98a9c08fbdb02811c3349a7efd9310d7a5836f6337c7a24a79fba58ab23647da67cae93ba1896948a2c7eaef627e08e07af76f2676f8d41dc789d3b55c2d98f6bdaf8d83379edce39c20a599254b2af3d227e61b626c50c215e0cad61a5212793d7ecf051e78ff877f7e19cdcdd8aa18ec44b9414cbf4a8d266fc1c6e5c79bcc9f7e4969032ffba5e6fb4a8b40dd313146e7357b344e067c00635bcc076e02561752686a47e5079452a5cefbd99dcdbd0da85088f9a0e8602f448cfcf44384787adc246b757c7ad351fcd337244c45f27756a2f2787c33963eee91036bcba7227dc86f91a2d2386bf684d13b613118680c0b2981bd09bcdd645813d04e8892d8f133d8e1beb0bb466e4fa49f4045257baf26f79baaad3cd182bd2912d5f752c737df768036670ffe62bd6b853c040003bad062b89613a3e038988eea20af98d36142e063666b87a636ba7e720d37c88c87a839fd5fe8e6e72cca5f73a0a3382a27ca4047ef24be4dd4d5fb64145a46f2eda42f48baa1ca4e1b1a67d06341127ec155c839cfc611a57e6626995c39d3ebf48ed28b00bcc62ef4680c3b3b38915de2f12ae2d7d754efbf2c58d8c1aae786364eade5043f2145742ef4fc3dd9b95c7e4f7f40c8f7c4341f3a812912d2954353ddd8b7c49d58d64cfc7dc190febbfd24bc72510116ce249dab683b9fe60fd14d88e47d0bbd402ebfb78ba9053cf8383781465394a93f5a43136fa1b8202c8afe643c1979b2c0ee66be926a6d92c4854539e713b5c5df282b32062a09d179f1412ae490e606369a6c9710ba14b812ae12f4180d6c233786b0e1525fac9dcace5d76241376c9ee2a8da2b1fcdbbaf761364827e7bd87faaa1bc7495d16b17aedad972d780f817f38398a60adaa5c24bebdd6dfc0c213ea6d160609da5e6c218d66307c4f3293e3e93f421b82c6f520918b82020a29dda0624fa9f12186562c7375c91c9d4f38a96ac079f2732ad41414f4f543bc5df3c6a0c38decb2c4e7e2a5a12780bbf00374fa93e0f166f0aeaf24b1ad36ebd7c0433fd19777ce9ec22ff2d46a27a69f0792de97f9777fa9a24c2723b5f32c52135192c47ea36536c2e9f5d0880a4ff47d195e9ed01063f53c98975722dfb185f49622db49f5b6a6a3953bdbe83c5f8ff95c0e16bc4561e5a0f3e7c9b0cc97732e623d2f3dc281fb2d101ea93c75d51719009bded4c190e83f76cc022667e2c422105c7a3241f231f136a6983dd3d294ea698d6744ea1f447988b2cd141763ef1f7fe1e5a50faca1ba5fef8f108f75e466041305a4f03a79e73f92d05693e2aaca3a2a93adb418ba8f81a839b57f61e300c4dd2caf1d91c4ce70544dc6010bc20d768e40bbee06cd71c6f1c9143dfe6e2841e1cb3b6e4ff3d756b3fb6961508211b8e350ba7a5d90c48a93a3843837a8adff47a7ddd2b2f7301002f40f4d0f8de3e7420af0c2391a81287265d19af76b8358c5b1c96ae14ef01f58354fd8d337c8a128892ff923468a7ffc653fda945ededad31f591b86a552a0c9f84e393d765e2df9b98ef7d557f5823160be2dd854b34d11f4bad6c7bee365479fff901a8e467343bf4e7679c104ca75303e4fd1959510870b0c9caf94f6767bd07f419998641284cf6d7ee3e0be7ad9dda1b50d6a25a9ec79066f2454b46872d3a72dfb991bfcc50457f49cc834a59d09046a1abc98f4c7cd55aa9fd3b1f0c7e061ad3cf9edbad09465fc34534fac2deb7b4e108d3135b008b1699852e22074c898e50012488567e7c505bcac2564cce477b893e465fae8256c3d3152c1560625b59e521549004ee1990f690923a395dc009c9c38375eb7cbfd63fd0d2ea61d77a98df8fb22242c539e7c3fd93195b08fc5fbc8d6acb345198a86f9d1e5bf31a99c2bb264921eac7a9717aa48d55585241ff4c845093cb5e320fe9187941ca5e753da7feba646118098201d8aa8e935dfaa3f949797951213cfa27bb6699c21980fffc5c62bb7ebc0f0c343532a3252641cded182f462294114df5494e496348aaa49282bdc52d91a4b885a5174d311af598c4504a9b7cba9c5f8ecdc4ef0a7c360e73e3ccce56efa1f47ec910a5888f5c4343217637b22258e8540adebf26941f2df2d200d232b55185e0b42b2c1bf95580ec976266b9b0ce7ff7f93ebb83523885a535e2e809e95d974f7c0d4799fcba5277162da162cee0f3ad4278977e15bdd0c6e99beb59f63aa04216ed4206f31b5a7fc113d03ef57b1ee70173ff59129e1167dea9f8003ff83d827be6c8962b5d1d3c45053e9b68a4d4a1eea68e85984612f82bc3c5b37a6b55a1922a0167277825b3603347c07dafb896f0da9f11e75b87d775d48c02e321cf2e8f63656015162a44ea4910ed744dc8778a5f3f42aa09d4a453fa0ee2bb838fa275a271606e2a8729deb78fe4783f113373db6cc63014f640a8b87ed670a204fb9e196b420e603328cd34d43f06b96bedce317763908475ddca629e83a9f947275ff18c5d01af6f04942d9e99c21c44cb2cfbb25a556c343a7e562eb7fe30184c7b44978c1398d9316ec52e65de4307958a9c19c59f178d2216f1dbaba92ea339e13d3a7635ca9fd99afdf7ebe50cd4267139f48e8f826c5ba34a694fbb45d6e9a957bfcda08e2850ae3d577b5603cc53af91472af185433f90d5092cb5f89a653328dfeb45a20fd67ba0ae417350aa26737c8bd8e2c057b46682760cf96472b52a0a36a80e471815414008dd9a8c906d4cea5680fad7d2508e0b34d796e5c86c04e0b89184a95659f5e7c66d14ca6da71bb76cd0d6acd285e44218a7eefa40eadd016fcac1d40d40b92209a0136bc9c06138dc84c30d5c908b88b3914f13eda12071569da45d728d0d10853394f6ef9175a954d407a542f2c15a5a303e7ba1e9e3792ccd50ed30858419d3e8535dbee5106b4f14c2220cbdfe3d1b1e07d2c1d0a53025a922e35bae984da4fd049182ae18a163ce9563bc71da6c2fad3d6aed89519e54eee3106e03be0a031a1e3a3dd02765da120626335e32974640d9ee524960f62a43e444fd596c3238d80da9a6ddddcba7f5a91668f97166faa57c1393c113b5827ff43c3f18c837c16b87184b74282963484620aff6be3a4047d5d80e0c53158182dd17131756cca69c7c6b86b613936551d896a1821cba9b40d86a6bffd11d1f9448fb6032b92b029557a69131c47d13562548ab83144524ecc2e3995823c798f19bed5147d99c7627df178a78005fb400a77902c5881cf240b723986533e60ac3ff8fcf20a9503ed36f4fae15c54f3f5de1472ed93d03ef448a58595dff7bad5d74f64ad9f1d37c22d773c08f011d93b52d97c1251137d14df74bb8e29fa4ff647e0567519f7905f1c98136198404f8aa5a174bed5aecc1014a3686b814bff1eeaadf57a22360fd2484e084dde57abcc95b7167134b47dee107b0e3881a1841ddbf48f002f66952dfb1503904fb084412016098e36331877cb15d01f5cbe8f604d66e705e3316b5974aa22bbd9d9a3f72072157a4ed60f95c9516d0badff27eabf3e86c1d23cbfc0e918390df7b5df601549fb0c6b52f37fcfaca5cbb3bfb26229e3d5eedc31c22bf785350e6437a4792c96d3edf520e740c0da7838f58b8f139a9fed2f8ac4f89070b24cbb41c9fb7e06fd214b363c2f82dceb03a8c1734190032ef87e7fb46a403af5318bb95db00706bd187d662a564cb35c514e10157bb37139f25ce36966b6543e7dd2d8bf479070ac0f729abf9aa446d6a6b1993b1d248988b9cd0062dd5155f091b972364d3b310b79c55e03e7e04f745b1290d0a23deacb7200061f045e3738a5efb297de7d7417cbacb6e25168f4a9fd98ba24ff62822706356ee664ca5b7ee2e285aa6fafc2a0acda2f679568e869dec8cb4c7de23b7057bc3d7263906053bf3ad8587e828c15ce2de831e7079212444a495fedcea3e94b878fd769bbe15463e84e49f446c424d331c280464f897875fa3fbc4fd25aadd8595acf9aaf077945e9723be09cacf4b81efb2488f627176249cd13b33ffdcd005cedf665850d45fe1ff0a2a8b3f49de729b2d203366e649ac3b832ecd9b5ebc196172d8cd44e2c03d1441b65763b01565aeeb29d62289db4c101495b87996d9e0a17aeacd19941c803068d30fb490c664dad3f6715f6db9671a12d1c148aa5b908e295c605678b7d5b247a0c051756ddc3138323d3d2f2c6cfea028e265dca8cd59457417df1181b85e8f9bfa51406e5ebe43af6897db3ea743e84b94a5dc82adf003f39edb6f0a7ad106709039951f18c60bb60841b7e8c30ec6c765a870b25fd847d6fe21c95b283facda10de4a"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r6, 0xd000943d, &(0x7f00000d6640)={0xaa, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8, r10}], 0x3, "0a6ddba31adbb2"}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0xd000943e, &(0x7f0000001a00)={r9, 0x0, "3e45b719c8aa83eace7555dcade7531c64a93ba9edee688b4659dd53bf64924b54d7c70cc234dc65b42c2b58c7de9d639b7a05c44d56c94af605dfb4710502ea1ca2fe5d25b056826cf645ab0ee407aa05ed9551a6489d255964c8e1f254f2e774cd8caaa05a3b5b065012fdb4c45c7a9ef1e86186cc67c3a5f5f43340df7cce2d6edc90a8fa16b797fd341e92677f6d7a590384a687b9d2cd8a5b700831e20b397124f6515767278005b1e284b85772fc3f10bd9195b88a5ec58e8de0c4f90fda65f4e7b85f2dafb81f6963467352d15fd48be133b00a90a50d65d4f58e982988d76f3fcbc7188fb4d3c52e7cf9ecc52c00cef442583821df5a07d0f7f3d9a9", "2bad43a582b682ab99a6d6a81386cb3690d39cb6b17f7d5ce8a8078d413ab77b478c2e9ee52faf34c706132978dc55afdb96bae1d1101d313b1ac885fa11e5c0705c4c2404ce560de44de908077f252c0de8e4802e0e87dbff21825a93724bcfa4268e23ba66d0d283e8d8270c1bfab641e64d0f3a2fa4fae398b805359eb436ab644302ba0524ad07a9387f1b24057fe6d09817b442fd6b73436c584902f4bb7d3b25098c7c511d0f6649ddd6c14b3f7b174c0c024b09ee930fbb91d6e0d89ce82b0da502ebfb50227e729e6003caf46b20388c53eac50921d076189f94313f65f40223c5a56260f5d04cd2ca2fed2719439951b79243f574343880bc92006ec1efb677a0d76accc6dac6441b8fdd3987a34ebecc75731f9f1e13a41aeea0575802d23a05d4e3d86ae372d83a83c9e998c9da0f906192b2aa4edb8998199a81b830147ddfedf3c3810117d4947410cd2b682d05a698b2abcadf0ff4464d373ef5b76bce4fa3636388e6759fbf3caef5bc938f196913442392e87a237be4e3077876c2b2c3665bfcc2c1361ba0afa37984012e8ef9bfe4d81e0cac239cbd2263a597271b83ab88a979574b175e37974661c5d84a63f145321064593052a34ef5dfd653a712535d07a2576b352fc7c93a22b492d14af8df2f9102fa41cccee05a9d6536ef24511ee39b884fe492f997b6e5ecadd4f14f00d26926b3570b3c53e47971abc0d2bc4326792d8bab7dfba2be0056a740d56566f8ac8bd4d51f8183c5f2e7d0fe77ecded7661370e504ef7a818a080d63df133ab8cdf97b9c6011f209b45fe169c46426c02fa43ba1b698e88fc41069365d3af5c3bb75dbc1976c123b7a6e0dafbb28434b52a187237b1183c711916e1d4ecdff4c0c8f74b6da76b7f581ea31744918480b2aa611f2ffd193be9e325894c3e19897178b46302d857014d5d126325d4fccc8250714b3a3c1ea304b891755290a8788cafcb1de8aaa063c6df0e893b133c3c91ae88b654c4d5990db2de58dd7b64e419f5a5ca0d4e4fe749e65b64cd66fa5e7d8ca811666d24ec62b357cea3221bc922608e099e687b515f10af53a51426d1039b2038919577ccffbc57dae0bdcabd73534be628c56978be90dfca92cd1b689761f2a34d8ea75eee52a7324e83cf5ffa7dd2b1079352ee0768d2cd30842732f881acb46cb4e390c4c4db199fb08599af56725f733b607a97e7a88090dc706bc9d81baf65074a699dfc92dda252f47e3696646a2121c68dccae3cc74f232a5692f7f67ae39a45f4fbf5bfac2d5dbcbf35a062faa0c9a524cefb2b03881b6a41a992e5fdaa43d539b7c03d6ccca0ffb97a835fc5a01daffdfe7b75867f98d6e0f6e3f9b701b389fc2cffc0a52a6f55755b1940b06492f54d2069ee0a8f432b31103d576fc50785e8376ccf3af0cbb48c3f384ed1ed48935f45d52500096bbca35e9721f3fd07ecd17daca55592b96747d7492e2562d684c5ca54e6d900269e34d2ea06aee2a5591ba3f7cdf46a10c01478b7161f603b84413541b1a9776071f9088f6c1bd0a10ec13cc24611e230914dd553b72d6821e32b37ef80e83553f2ed2c78013a2f3d674070026bb5e6f73bfb3477256d977d43a9981b0c7a4c60306aef6da4b4a918d9df3e5d846ac872cea7362ab1bc8c02cad14afa1c5bf27fc9cfa9796a7e642f42a175d59e80d7277795f8f74eff747b779ce0a89b392f40e5a4d393059786c85a2117155d5a634f8d97a9ee3f676e7d32e20ad0171536aef0182fcc3870bd8ddeef2055e32a3898ccaca9d4a06a382c18c34549cfe51ffd8846ecb083890dfbeb9807e74a87a0b1d4395319b50aae9d6ba3a07c35d068cef5f8e65fff82ea386f828898bdb444751ab82a88b413ed328c92f20f6c8b5b547f3d9110d88c7c8517e7049d1064db9329946986890a844bf26dd1dc25fb26091194e8f59c58c2effee2e79fca61a5f0016630786e39ff98b615e15fdd0e82f25fc36d271a62fc4edc31fc3f4d5b0e0bb03ad8b21ebc480c06d148011ab4feefb5b728d2ef2e616fa38fa61603ac0c780969162bd8ddb9d499ea892e563f6d4783317e04a6b406cee5158973863d8c13cf1c4b37fd26b94d4616cf43ec9c7d8da6209fa0692301a4723ee7ba8c4472e36e35b882c6d93a52b2adda5b596b4592ea663f9fd25abe1d55c08372b69c960fa702ca3c763396bdf9ea038d6dca107792db1d5cd0c6ce388998a36111503fce44511237106425ef758fec76934cf77fb62ae581f8892b631ac40fc14a5d470fd0ae75eff2b5c50fe46dbc39ad19c08846783b8b8a7602611d600a7731b8b49d50e8ee172aff2f47b5b947ce68ca883434e450471740df48a45a1daf44371f4306c88a83467a9e70901173ade8b4bb7004b8ca44ddff5d56cd33938e22fcf5903d8b1aeff05740549aeb7f26fe49000f6535e11755f81b212519fcf4e43d269942c7a893724e314a687d2095fdc29dcc7ebe79ffec964f832c746453bea50f4c34dc5b515ce525cc75bd28f4167eb43ca317af13012af88cf4287378ec2082cd38e36d7e9f46c635aa36792ebbd5dd7bb47a95cfd40cfbe0df010f60d7d109ae1f4cc94cb43f43f11a8468ba76480f3fd6641d4aa7cde1f4cea5e5dfa0cbe5c41c6fff85ec30b53426500ddfb65a5adf56cd5f096900b1b0a7fc4506b14dcba4b19991f09629037e04cdec40479a87aa864748ed9a05379eca3e41f582bd3f92fc5f7d146af4735beba6697a3aaf9b9e70a7e9530fb30fb66794ae8402b447d5146e4f434f523b5fb4af1fb979490607351670a748b3373f47727b39989439117595be4f415590c1470669c9f3673f766cafeeb3066e8d1d8c54bc7de10bde5e07576098ac2492465464858f08bd84b5036dbf3a7fce54d95c2bd32ca012f6bd95c94387f0caff92778d46d9a8497815fea6f80432a615bb4b33b9ff6c37e9ac87ffb282f68d4a41f7ae54ec0d555ebfcebeed227fb5d3c62ff24ef4fee93b7d658ee6d413d21094a2a9013f4ae66ec02a4c0fc1d0aa4e0b04b9d2c46c4c59f1d21109d53d0fbeab9aab79a2d0d1c55e7fdef662b754619d06a82f0da08768cc0b987e5941bfe4bd2eb6a4e5328a2cf5cdd1e165ad96579e1feb77a3d781af7c3cf687dc18c4c2e41423ce4badd33c9e5d4fe9c9c951c358cfcf2641722de666e0132d9ba6780aecf88f40d3f420d86df5c5ecc580209e352b54a5ae0112aa464ee723253d94ef1d2efff29532ac7bd306c19c3e88098b6f89f7e2a88bfe4db2401e4dbf81c022efb4cb52c165a0225bf386d0a9701bec24ac74723b06cee2badda74a6a4273e07e387bd9a7c209f4685b01ff9f19361066c66bf203811c91838c2a004a17a582598348f65563a315ee8514a1f80f1c6f14cd1611fd5fddb397b397ca9f18a6dff8418de88e9a49c80e7c67e0dde238e09dac9a1c4173da7fe4ab392baaa20b457c117f62a555afc73f2018d3261733b4b363049645b1185e4955cd67dd9652da8dee2dbb2dfe225106399bfff0dcca756ae0593a8f996977fe27ef408ff2dccfc816bc0f6debf9d86cbe38f0c7a0de06d51b3a84d38133c3c4cd72ea57ca037c79db84ded04d9ca12aee284a22e84d5b46a1dd8405598a8190415614eb90c369300e99b16bf181f572d8b0b59672c90f6a522ff4eb55aeb197f1a1c621ff00dd232b063e659236455f5acc6a40d8cf917cd2e4e9caa3a0580bcfcb9a9bc3bb8c74db4beb0ab115d194e14b6480086c7ede75567596786a60bba7d89ca2b2feaed69213efba36c7e3a24eab9c0d352e522b3bfb8d44b683e6400e2efad76b3c8ae83bf1861996d29a4e93986b9b6085c1657e6064619e812d2cce16fcf6f837c8575c6433d13c1fe87885559f3877e45ddf47c0f2177a4814331733712cf08b66101659fc0b515ec7f7cd2e51f7d45469c67045b9aff544c5d4053c824277958b259bc02fb75dae2981a6bed887ee11919c654328a651fd18ee11760452f7bb316f7a702921d89618dee02b2fde4d541c38ff24eb2389d7f8e586064c5c0e7da5f7e99303e90c3e1cb76dde7756428d460887d0b44f784c8c94468df197e5c7ecb06cd58a1c672f836ecd6c0a12a55f2b067cbde467090ed811a33efae6402b4c3399d817eb469ab6643288721cbeaf135b4b144ef6892972c1499915ee7125ac9a9705a34f5ebafc4151fdce141d7b9341443e05172638662678a3d27330e2df44be74c5d814b47fb241601efc03674c857d6e6193aeffb79c105ff4a7ef47ec9f6d204f8c61325690aaf8016365d11912ba22ab7fe5d1436320f8c9040329d08b45e2fb0f5fbc73f5fce852a9763c48ee3a2215d0dfabe78f5f0e8c7eeab8af8fca207126c8b2f3428a1166d11d7d1611c8a4ffb28b508440ce20bb12bb0d2c32e50e92c72d5244b72e86cdfd3a0542c1326e76852cdff2ea3a48363169cf07119d56b0f1ec29676abc80a0e9e5411e8e9df0dae396e8cfc4b4d2479ae60e8f39a02e19d5f90e71a0c268d57daf5f95ae639eb37d8a0832b81608ba612d9bd24e518979d13cce78dd9da3e9febe02927f7f80c056ffb6b6cc0cec9991df99f07e8d3f38c62d07dd5761dd33eadfbfc1549b240b3e328570178ade12d1fab24dee996d28a86b92920647ac5d39d63163189aea750610478264bf95cf6c9fe0c95514304c4242702fe70b8c843989c48f5eebaa4499808ce9421ce9df5ae14e9395527e0351f0c8247cd4ee46f4634897e740bc47fb7eece61a85fb4e676c838d3c7bc4a051115348516f20288f7714d3ac889eae980be33649e3b0c94582b53ade815225d4335661a99902d024430b6b7c64c5fd12fef50788e0b0d3a89526a0890eb722b379bfc7afffd4b094fef2377e5e8b51a3adf1f407a71ec4d3eb55477f416787cfbba6cf90968d6f0cfe63945a1f05d8f21db952bf5b8f4bcfb69ac30f4509ad378673158428070f3ee0faa06d2c719631c4f51980866cc374162be36b2cb30f51d8f8e9b2affceac1711e0d98f2e863a1c1ee63db9f6d8ade5f72dc0a2e3e39c3c11c88d4628da9ece823221d832947627aa896988aee0fc52c69194dc3a172594e003f2ab22be5e2b23dc410f3b401a241a86434ccd996264c4fe7f5079048a92dc57d8102975ea4487596375f1734863254b6794a38242bb957a0198f73ae0e548fe92332365a3f71cba36500a73305802ad5b0a81581cadcf28b259ce5ecc5c5e247819a5791f115bb38792dfe69ae040df095d0aaf77b921b352c8cf1528f05e2a9128e650bfee93e1689edb7fca49fae80f9e8ccbec8dc058531b0d007b51b85241f400c793110c52951002fed44204637da667fa1e54d6024408b46479f4046a5ebe95bda72d3abca56f9e03"}) r11 = syz_io_uring_setup(0x363c, &(0x7f0000001380)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100)=0x0, &(0x7f00000007c0)=0x0) r14 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) syz_io_uring_submit(r12, r13, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x2000, @fd=r14, 0x0, 0x0, 0x0, 0xa}) io_uring_enter(r11, 0x4d10, 0x2, 0x2, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 1.805912154s ago: executing program 1 (id=1793): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x1, 0x80, 0x8000000, 0x8000021e}, &(0x7f0000000940)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) sysinfo(&(0x7f0000000540)=""/145) syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1}) io_uring_enter(r1, 0x47fa, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x0, r0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) 1.805523315s ago: executing program 2 (id=1794): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000a00)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000340)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x28, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @multicast1}, {0x0, 0x0, 0x14, 0x0, @gue={{0x1, 0x1, 0x1, 0x2, 0x100, @void}, "9935704b5f4cd745"}}}}}}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = mq_open(&(0x7f0000000200)='syztnl1\x00', 0x40, 0xcc, &(0x7f0000000240)={0x3, 0x6, 0x7fffffffffffffff, 0x5}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRESOCT=r2, @ANYRESHEX=r2], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800) ioctl$SG_GET_VERSION_NUM(r3, 0x2284, &(0x7f0000000080)) 1.627272989s ago: executing program 2 (id=1796): mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, 0x0, &(0x7f0000000500)) 1.480323331s ago: executing program 2 (id=1797): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), 0xffffffffffffffff) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_FW_DOWNLOAD(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x44, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r2}, @NFC_ATTR_FIRMWARE_NAME={0x8, 0x14, '**()'}, @NFC_ATTR_FIRMWARE_NAME={0x6, 0x14, '\xfc*'}, @NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, '@'}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}, @NFC_ATTR_FIRMWARE_NAME={0x6, 0x14, '@.'}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) r4 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg$inet(r4, &(0x7f00000005c0)={&(0x7f0000000200)={0x2, 0x4e24, @private=0xa010102}, 0x10, &(0x7f0000000500)=[{&(0x7f0000000240)="569f11847f3f9d9141c6aad669d930f509fcd62143fba0b1c6efe40200789f244736e5b04d65deb62bd4e2ff4f9fb0fa028fabf25a37a29ccb7d098143dcc8cead41b69712f8b58986c254e194a616b94906c71401a9469fabfbc9bff502d9ecb7ff2982ccd0b3f94158d715b196729b87cc27c809b201559378481b7ab6f6a94ec43d3d97274e6b8c485fbf1bc189739d269ada745c985b617eef8ad32a2beb4775c3b15fe758c7b6377985215659e59e7feb82f085d9b12f154db0fbc8a2852c3cd671b500daa96c651514715e5c56162e641ba95774a2cab3d5ae3534c413a2f80a1d75973b5e337b384ec8750f1c212cf4122dbdfc28da7e0c", 0xfb}, {&(0x7f0000000340)="81f667dec58c67e42c78dd73ce2f3b564cb620619d5ac9a815ed", 0x1a}, {&(0x7f0000000380)="6c760fd866d543c3f48f11e96adf8edf08725baedfa9d3d15b923839b584d126e40315c7c4532c674868ead0090ac20cb45091d4713168578aaf55f55f78b62aa3f53fd953e5680fc94598a7439cb6018a2d04a58a76a527f19541cba8590acc392e2eb41b745f732d63dc9aa3ace74c90c396f07b55af0d56616de11caf988a11b8f3ab7b7ff004ab85ecdb2fe87d19b00605cb1e401b820fa6297cde964712e195b09d6b51f41de58aea148d11ae5e95c15e592dfd6928c547fbdeee77e61b085a71f1162a6b2f", 0xc8}, {&(0x7f0000000480)="53e23d1dea660c0ff90a94b34eb6f42e3ab3a546085ad0af720e3b820f201d0dc2595dac0e", 0x25}, {&(0x7f00000004c0)="e6297c430d83366feacc37a23595d3bc1111e42794c96dad4f1348a877", 0x1d}], 0x5, &(0x7f0000000580)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x8}}], 0x18}, 0x80) sendmsg$NFC_CMD_DISABLE_SE(r0, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x4c, r1, 0xc04, 0x70bd28, 0x25dfdbfd, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc0}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}, @NFC_ATTR_SE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x4000001) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_GET_TARGET(r5, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x14, r1, 0x0, 0x70bd25, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x20, 0x140c, 0x10, 0x70bd28, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000c800}, 0x24000) r6 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$TIOCL_SETSEL(r6, 0x541c, &(0x7f0000000940)={0x2, {0x2, 0x8, 0xfffe, 0xe5, 0x5, 0xf}}) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000980)={{0x1, 0x1, 0x18, r6}, './file0\x00'}) r8 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000a00)=@generic={&(0x7f00000009c0)='./file0\x00', 0x0, 0x8}, 0x18) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r7, 0xc018937c, &(0x7f0000000a40)={{0x1, 0x1, 0x18, r8, {0x2}}, './file0\x00'}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r7, 0x89f8, &(0x7f0000000b00)={'erspan0\x00', &(0x7f0000000a80)={'syztnl1\x00', 0x0, 0x80, 0x20, 0x165c2000, 0x10, {{0xf, 0x4, 0x3, 0x0, 0x3c, 0x68, 0x0, 0xf9, 0x2f, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x19}, {[@noop, @cipso={0x86, 0x1a, 0x2, [{0x5, 0xc, "b8ba6c29066658bfdc2b"}, {0x0, 0x8, "a27e6d45dc59"}]}, @noop, @rr={0x7, 0x7, 0x76, [@rand_addr=0x64010102]}, @ra={0x94, 0x4, 0x1}]}}}}}) bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=@bloom_filter={0x1e, 0xe, 0xd2b, 0xd, 0x1, r8, 0x64, '\x00', r10, r9, 0x0, 0x0, 0x3, 0xd}, 0x50) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_DYING(r11, &(0x7f0000000c80)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x14, 0x6, 0x1, 0x801, 0x0, 0x0, {0x3, 0x0, 0x3}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x8000) close(r4) syz_open_dev$sg(&(0x7f0000000cc0), 0x5, 0x101) socket$pppoe(0x18, 0x1, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000d00)={r7}, 0x4) r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000d80), r5) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000dc0)={'wpan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000e00)={'wpan3\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000e40)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_SET_LBT_MODE(r0, &(0x7f0000000f40)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000f00)={&(0x7f0000000e80)={0x64, r12, 0x10, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r14}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r15}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x64}, 0x1, 0x0, 0x0, 0x48800}, 0x4000000) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) 1.339630442s ago: executing program 3 (id=1799): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r2}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) 1.280449127s ago: executing program 3 (id=1800): bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$key(0xf, 0x3, 0x2) r0 = socket$inet_smc(0x2b, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e0000000000000004000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f00000002c0)={0x1, 'ipvlan1\x00', 0x100}, 0x18) r1 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00'}, 0x10) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="25390000290003"], 0x33fe0) 1.195636584s ago: executing program 2 (id=1801): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x18, 0x30, 0x300, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x800}, 0x0) getpid() futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) process_vm_writev(0x0, 0x0, 0x0, &(0x7f0000121000), 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000009180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'}) write$UHID_SET_REPORT_REPLY(r2, &(0x7f0000000000)={0xe, {0x8, 0x9, 0x3}}, 0xc) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0xfffffffc) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$MAP_CREATE(0x0, 0x0, 0x50) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) mlock2(&(0x7f0000495000/0x2000)=nil, 0x2000, 0x0) 1.189764684s ago: executing program 3 (id=1802): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 1.130304629s ago: executing program 3 (id=1803): r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$SG_GET_VERSION_NUM(r0, 0x2284, &(0x7f0000000080)) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f00000002c0)=0x48) 1.070340444s ago: executing program 3 (id=1804): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000000)='.\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000080009efff000000100000000000000041e5ebcc54f30dbcf9c9e1d8258e54d96aceba50007d210ff9e5d5788bd927"], 0x24, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) r6 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_IPV6_RTHDR(r6, 0x29, 0x39, &(0x7f0000000f00)={0x0, 0x2, 0x2, 0x1, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x4, 0x0}]}, 0x18) connect$inet6(r6, &(0x7f0000000080)={0xa, 0x0, 0x0, @private2}, 0x1c) sendmsg$nl_route(r5, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000002000010329bd7000100000000200000403000007020000001400110069616376746170300000000000000000080006002503"], 0x38}, 0x1, 0x0, 0x0, 0x240480c4}, 0x0) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x8, 0xa2, 0x3, 0x0, 0x0, 0x7, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x7fffffff, 0x7}, 0x0, 0x100000010000, 0x4, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xb, 0xffffffffffffffff, 0x2) mmap(&(0x7f0000000000/0x12000)=nil, 0x12000, 0xd3283d0368e269b3, 0x20010, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='map_files\x00') openat$sndseq(0xffffffffffffff9c, &(0x7f0000000300), 0x82000) 991.80546ms ago: executing program 1 (id=1805): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x121202, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x1) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001b00)=@newqdisc={0x210, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1e0, 0x2, {{0x10000, 0x0, 0x57b2}, [@TCA_NETEM_REORDER={0xc, 0x3, {0xdc, 0x3}}, @TCA_NETEM_LOSS={0xc0, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x4, 0x2, 0x3e}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0x7, 0x2}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0xffffdb68, 0xf, 0x4}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x1, 0x8, 0x85bc, 0x1ff}}, @NETEM_LOSS_GE={0x14, 0x2, {0x5, 0x8000000, 0x5}}, @NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x5, 0x7, 0x7}}, @NETEM_LOSS_GE={0x14, 0x2, {0x6, 0xf, 0xa9c8}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x0, 0x8, 0x50195274, 0x1}}, @NETEM_LOSS_GE={0x14, 0x2, {0x4, 0x0, 0x59, 0x2}}]}, @TCA_NETEM_LOSS={0xcc}, @TCA_NETEM_SLOT={0x2c, 0xc, {0x7, 0x100, 0x40, 0x9, 0x2, 0x94}}]}}}]}, 0x210}}, 0x0) 357.487941ms ago: executing program 4 (id=1806): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c0002800800014000000002080002400000000b05000300000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x80}}, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0xfe, 0x0, 0x14}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0x9, 0x0, 0x0, 0x0, 0x18, {[@window={0x9, 0x3}, @timestamp={0x5, 0xa}, @generic={0x0, 0x2}]}}}}}}, 0x46) 287.630707ms ago: executing program 0 (id=1807): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x1010051, &(0x7f0000000800)={[{@errors_remount}, {@noload}, {@noblock_validity}, {@dioread_lock}, {@nouid32}, {@nomblk_io_submit}]}, 0x1, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94Oz9557Zu73nQlz5tyZu/cGcGE9GRE3ImIsIp6JiKlie1qU2OuU/HH39+8t5iWJLHvp7SSSYlt3X5eL5bXiaRMR8Y2vRnw3ORp3a2d3baHRqG8W9enWevJOlu3eXF1fWKmv1Dfm5mafm39+/tb8zFD6WY2IF77815/88JdfeeG3n33lT7f/fuN7eVr/zbJXo6cfw9TpeqX9WnSNR8TmKIKVZLzdw45bJecCAMDx8vn+hyPik+35/1SMtWdzAAAAwHmSfWEy3kkiMgAAAODcSiNiMpK0VpzvO1mcsXotIj4aV9NGc6v1meXm9sZS3hZRjUq6vNqoz8RE+9yBalSSvD5bnGPbrT/bU5+LiEcj4sdTV9r12mKzsVT2lx8AAABwQVzrOf7/91Sa1mpF417JyQEAAADDUy07AQAAAGDkHP8DAADA+VfN+tyh66h09JkAAAAAI/C1F1/MS9a9//XSyzvba82Xby7Vt9Zq69uLtcXm5p3aSrO50r5m3/pJ+2s0m3c+Fxvbd6db9a3W9NbO7u315vZG6/bqoVtgAwAAAGfo0U+88cckIvY+f6VdcpeKtkpENnbwweNlZAiMygc6p+cvo8sDOHsHP9+vlJgHcPZM6eHiqpSdAFC6k/4D0MCTd34//FwAAIDRuP6xwb//v71camrAiBW//yenugAIcK6MlZ0AUJrO73/vZR1lZwOcpcpxMwAHBXDupcP5/f+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSZZXG/WZiPhQRLw1Vbmc12fbz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3u8HLiX/mWovI+KVn73007sLrdbmbL79n+9vb71ebH+2jG8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNP9/XuL97Msy/bvLZ5l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjB56XRMTYEOLvvRYRj/WLn+RpRbXI4lD8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK4+/uavpwfGfy3i8fH+4083fpLvr0/8p07Zx+98c3d3UFv2i4jr/ca/5HCs6db6nemtnd2bq+sLK/WV+sbc3Oxz88/P35qfmV5ebdSLf/vG+NHHf/Peg9q7R/p/9Zjxt93/Aa//06fs/7tv3t3/SGe15y8Tlfh5lt14qv/f/7F88emj8buffZ8qPgfyev4apq9/q2/8J371hycG5Zb3f2lA/yd6+n+5p/83Ttn/Z77+/T+f8qEAwBnY2tldW2g06ptWDq5E9aFI4+FdyeedpaeRRBL5yluHmhbKT6yz8mrxHltodN9tQ9rz74qDo1EmX9J4BAAAjM6DSX9vS1JOQgAAAAAAAAAAAAAAAAAAAHABnXgZsEFNaUQ82PLtHxxzNbLemHvldBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Fj/CwAA//8GI9aV") r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) readlinkat(r0, &(0x7f00000000c0)='./file2\x00', &(0x7f0000000880)=""/225, 0xe1) 261.006209ms ago: executing program 0 (id=1808): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="b1d4c6bc228218c6f60000000000000021a5609064f2ca16c9170a5e8e663ca37220f786c591ccd56f09718fcdce7d4061deea430501187ae2f35f59ee26a84f75e7497c3100bc25821f1b52266ed0f21617468b3f4617d98e806492d12338d5a2dbf52f2bf4b5c2fcf1051dc5296f830de8c19582e40500000000000000789c8fec4149ca0b0300b74acda946ce944946a65c02b72294533c89354d9613bd3e7ae7ce02dc8106d0065b2683c5004f06031e2ed82aaebde83e97595df0c5b3f30f132949416a41dced6a7f9ca9a956e5f2b7261058325562c6349f910eadbc6015cc4b025f13a5ef2cacc9f13e3618c7b2e074d8c907ea5bbcac86cbba13cbb193a749403a90f93297009db34863694acafc653eaf773131dd43ff2f13ac6b5098578aac398ae91b7d041e86e1dfc82a0ff023eaf6db11718d"], &(0x7f0000000480)='syzkaller\x00', 0x5}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000e3051ff4120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000002c0), 0x13f}}, 0x20) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b'], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001180)=@newtaction={0x898, 0x30, 0x12f, 0x0, 0x0, {}, [{0x884, 0x1, [@m_police={0x880, 0x1, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x2, 0x0, 0x0, 0x7}}}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x247ecded, 0x0, 0x80000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x952, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x8, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xb, 0x37, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0xffffff35, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffd, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0xb, 0x0, 0x0, 0x9, 0xfffffffd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5, 0x0, 0x0, 0x0, 0x9, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x10000004a56}, @TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x0, 0x5, 0x0, 0x2, 0xb, 0xfffffffb, 0x0, 0x7, 0xfea7, 0x1, 0xffff8000, 0x90, 0x9fd, 0x2, 0xb8, 0xca2, 0x6, 0x3c, 0x7, 0x1, 0xa89c, 0x400, 0xc, 0x492217a0, 0xff, 0x5, 0x3, 0x1ff, 0xe5, 0x2d, 0xd, 0x3, 0xa, 0x3, 0x1, 0x9, 0x11, 0x188, 0x6, 0x3ff, 0x7, 0xd, 0x3, 0xc0000, 0x8, 0x8, 0xffffff40, 0x100, 0x3, 0x5, 0x7, 0xe0b2, 0x1, 0x8fc, 0xbf0, 0x9, 0x3, 0x9, 0x7ffffffd, 0x6, 0x0, 0x8, 0x800, 0x9, 0x4, 0x100, 0x401, 0x8, 0x3, 0xb5, 0x10001, 0x401, 0x1, 0x7f, 0x0, 0x8, 0x2, 0x7f, 0x0, 0x2, 0x4, 0x0, 0x1000004, 0x8000, 0x0, 0x9, 0x80, 0x7, 0x5, 0x1, 0x0, 0x7, 0xeb22, 0xd, 0x8000, 0xfffffff7, 0x0, 0x4, 0x3ff, 0x400000, 0x10, 0x5, 0x3, 0x10000, 0x5, 0x1, 0x0, 0x2, 0x6, 0x5, 0x6, 0xe5a, 0x4, 0x2, 0x81, 0xd44, 0x10, 0x6, 0x7fff, 0x800, 0xfffffff4, 0x10000, 0x5, 0x8, 0xba, 0x2, 0x89, 0x2, 0x6, 0x6, 0x9, 0xffffa3e0, 0x86b9, 0xff, 0x1, 0x2, 0xf, 0x24b9, 0x3a, 0xe01, 0x1, 0x6430, 0xd, 0x8, 0x0, 0x3, 0x7eb6, 0x3, 0x0, 0x200, 0xfffffeff, 0x9, 0xff, 0xa, 0x6, 0x7, 0x3, 0x1, 0x8001, 0x100, 0xffff9c71, 0x20000008, 0x101, 0x6, 0x2, 0xfffffc00, 0x81, 0x81, 0x200, 0x80000001, 0x1, 0xfffffffd, 0x9, 0x7, 0x4, 0xb, 0x80, 0x0, 0x0, 0x0, 0x5, 0x2, 0x7, 0x4, 0xfffffa0c, 0x3, 0x0, 0x2, 0x4, 0x35bc0, 0x9, 0xfffffffa, 0x7, 0x5, 0x3, 0x0, 0x6, 0x8, 0x28, 0x4000002, 0x5, 0x10001, 0x2, 0xf, 0xffffffff, 0x1, 0x723, 0x0, 0x9, 0x9, 0x4, 0x6, 0x7, 0x200, 0xfffffbff, 0x7, 0x3, 0x8, 0x5, 0xfffffffb, 0x2, 0x7f, 0x2, 0x80000002, 0x0, 0x9, 0x1ff, 0xfffffffe, 0x928, 0x4, 0xffffffff, 0x5, 0x6042, 0xb85, 0x6, 0x8d8d, 0x55, 0x101, 0x3, 0x64e8, 0x8, 0xf, 0x772, 0x80a, 0xffe, 0x3, 0x3f7, 0x4, 0x8, 0x8, 0x1, 0x5d, 0x9, 0xd, 0x82]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x3}}}}]}]}, 0x898}, 0x1, 0x0, 0x0, 0x50}, 0x0) recvfrom$inet_nvme(0xffffffffffffffff, &(0x7f0000000180)=""/37, 0x25, 0x10063, &(0x7f0000000580)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x4e23, @multicast2}, 0x0, 0x2, 0x2, 0x2}}, 0x80) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e0000000000000005000000"], 0x48) socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000002c0)={'netpci0\x00', &(0x7f0000000240)=@ethtool_sset_info={0x37, 0x8, 0xa3a1, [0x9, 0x22b, 0x10001, 0x3, 0x2, 0x2, 0x8, 0x9, 0x81]}}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) arch_prctl$ARCH_GET_CPUID(0x1011) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x140, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc018937e, &(0x7f0000001040)={{0x1, 0x1, 0x1018}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00'}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) setpriority(0x2, 0x0, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='kmem_cache_free\x00', r0}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a0000000100007cf7c0e5e180a54d8c3e9e7625", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000001a40), 0x1003, r4}, 0x38) bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) execve(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x0, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x20008000}, 0x8840) 215.462653ms ago: executing program 4 (id=1809): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x41, &(0x7f0000000200)={0xa, 0x4e23, 0x10001, @loopback, 0xe}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'ip6gretap0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) timer_create(0x0, 0x0, &(0x7f0000000380)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x7) r7 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="4100d0f200001000200012800b00010000100002980c00070013080000000000000800050000000000000000", @ANYRES32=r4, @ANYBLOB], 0x48}, 0x1, 0x0, 0x0, 0x8001}, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a32000000002c0003800800014000000000180003801400010076657468315f00005f626f6e64000000080002400000000064000000160a0101000b000000000000010000000900020073797a32000000000900010073797a3000000000300003802c0003801400010067656e657665300000000000000000001400010076657468315f"], 0x104}}, 0x0) 196.584964ms ago: executing program 1 (id=1819): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@minixdf}, {}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@commit={'commit', 0x3d, 0x5}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@noblock_validity}, {@nomblk_io_submit}]}, 0x1, 0x566, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9GajdN4o8KgvUiiBYLeq9LMg0lm27JbkoTC20P9uJFiiBiQfwDvHss/gP+FQUtFClBD14is5lNt81ukqYbN3U+H5j2vZnZvPnum+/bNzu7bACFNZL9U4p4OSK+SSIOt20bjHzjyOp+yw+vTWVLEisrn/2ZRJKva+2f5P8fzCsvRcSvX0WcKK1vt764NFupVtP5vD7WmLs8Vl9cOnlxrjKTzqSXJiYnT781OfHuO2/3LNbXz/39/ad3Pzr99fHl736+f+R2EmfiUL6tPY5ncKO9MhIj+XMyFGee2HG8B43tJkm/D4BtGcjzfCiyMeBwDORZD/z/XY+IFaCgEvkPBdWaB7Su7Xt0HfzcePDB6gXQ+vgHV98biX3Na6MDy8ljV0bZ9e5wD9rP2vjljzu3syU2eR/ieg/aA2i5cTMiTg0Orh//knz8275TzTePN/ZkG0V7/YF+upvNf97oNP8prc1/osP852CH3N2OzfO/dL8HzXSVzf/e6zj/XRu6hgfy2gvNOd9QcuFiNT0VES9GxGgM7c3qG93POb18b6Xbtvb5X7Zk7bfmgvlx3B/c+/hjpiuNyrPE3O7BzYhXOs5/k7X+Tzr0f/Z8nNtiG8fSO69227Z5/Dtr5aeI1zr2/6M7WsnG9yfHmufDWOusWO+vW8d+69b+6If9jT/r/wMbxz+ctN+vrT99Gz/u+yfttm275/+e5PNmeU++7mql0Zgfj9iTfLJ+/cSjx7bqrf2z+EePbzz+dTr/90fEF1uM/9bRW1137ff5n8U//VT9//SFex9/+UO39rfW/282S6P5mq2Mf1s9wGd57gAAAAAAAGC3KUXEoUhK5bVyqVQur36+42gcKFVr9caJC7WFS9PR/K7scAyVWne6D7d9HmI8/zxsqz7xRH0yIo5ExLcD+5v18lStOt3v4AEAAAAAAAAAAAAAAAAAAGCXONjl+/+Z3wf6fXTAjvOT31Bcm+Z/L37pCdiVvP5Dccl/KC75D8Ul/6G45D8Ul/yH4pL/UFzyHwAAAAAAAAAAAAAAAAAAAAAAAAAAAHrq3Nmz2bKy/PDaVFafvrK4MFu7cnI6rc+W5xamylO1+cvlmVptppqWp2pzm/29aq12eXwiFq6ONdJ6Y6y+uHR+rrZwqXH+4lxlJj2fDv0nUQEAAAAAAAAAAAAAAAAAAMDzpb64NFupVtN5ha6F92NXHMZOBrhqWw8f3C1RKHQt7NtG5/Z5YAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACANv8GAAD//04mM/E=") setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=ANY=[], 0x835, 0x0) truncate(&(0x7f0000000100)='./file0/file0\x00', 0x7) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000080), &(0x7f0000001400)=ANY=[], 0x835, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) fallocate(r0, 0x8, 0x2000000fdff, 0x1fff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000003080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="796100000000000000007e00000008000300", @ANYRES32=0x0, @ANYBLOB="4fb6eab5066e5d064013ab5eeae18d4543aa60b862b7bec5f58c85f07a7f0ced595bda3c7631c65d99988be897f13890dd6744a3835a3d7ad1fc0cb62ad557ff95715c7f8bd95a69b79370bc92bed9abcc689a8f07f4bcea63aab833cb9a79afc8261148dd6ff63b7ef9043dd328331e7b330a40b98ad97b0f5b6c2be5e21c9ad357"], 0x1c}}, 0x0) 174.554036ms ago: executing program 3 (id=1810): r0 = socket(0x1e, 0x805, 0x0) connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{}, 0x2}}, 0x10) connect$tipc(r0, &(0x7f0000000600)=@id={0x1e, 0x3, 0x3}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) close(r0) 101.823302ms ago: executing program 1 (id=1811): perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0xffffffff, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick=0x2a, {}, {}, @raw32}], 0x1001a) 101.273452ms ago: executing program 1 (id=1812): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) msgget$private(0x0, 0xfffffffffffffffd) r1 = syz_open_dev$evdev(0x0, 0x6, 0x2) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000080)={0x9, 0x7, 0x2, 0x8, "440d70407a0b90755deffc62491fa89efa9bfff3b9b43f26f3ff628e3e1eab3e"}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="00010000020105000000000000000000020000094400188008000340000000010800014000000b37080002400000000808000140000000000800014000000002080002400000023e080001400000000008000140000003ff04000f80060012400401000054000e801400018008000100ac14142108000200ac1414bb06000340000400000c00028005000100060000000c00028005000100880000000c00028005000100880000000600034000010000060003400000000008000c4000000000140005800f000100746674702d3230303030000024001880080001400000028e08000140000100000800024000000002080003400000200808001a4000000008"], 0x100}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000) getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, &(0x7f0000000380), 0x4) msgctl$IPC_INFO(0x0, 0x3, &(0x7f00000003c0)=""/4096) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, &(0x7f00000013c0)=0x4, 0x4) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001540)={&(0x7f0000001400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x7, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x7, 0x9}}, @type_tag={0x6, 0x0, 0x0, 0x12, 0x3}, @float={0x3, 0x0, 0x0, 0x10, 0x4}]}, {0x0, [0x61, 0x0, 0x0, 0x30, 0x30]}}, &(0x7f0000001480)=""/191, 0x4f, 0xbf, 0x1, 0x7}, 0x28) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001980)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\t\x00'/20, @ANYRES32, @ANYRES32=r3, @ANYBLOB="0000000005000000000000000000000000000000000000000000000034c5847afed998842055b0f159e7b4a06f888e4ea73e34371f0d1d28939b136923d525b506751e826ea675a53570d6485d1d106f5d3f62e5c066f379c606128962cc1dfdbec58efbdb9144753367b3f90f384815992767ce765c6281e578891393abb89b7558df4d2757094bf7531c4d342f489726dbaa8c35e2ac59ef0bd7b8cba9289460ef76efa859bfd0de5cfc"], 0x50) msgctl$IPC_RMID(0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000001680)={0x2, 0x4e24, @private=0xa010100}, 0x10) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000016c0)={0x73622a85, 0x1, 0x1}) r4 = semget(0x3, 0x1, 0x22) semtimedop(r4, &(0x7f0000001700)=[{0x0, 0xca2, 0x1000}], 0x1, &(0x7f0000001780)) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000017c0)=0x0) sched_rr_get_interval(r5, &(0x7f0000001800)) msgctl$MSG_INFO(0x0, 0xc, 0x0) getgroups(0x3, &(0x7f00000018c0)=[0xee00, 0xee01, 0x0]) semctl$IPC_SET(r4, 0x0, 0x1, &(0x7f0000001900)={{0x3, 0x0, r6, 0x0, 0xffffffffffffffff, 0x18, 0x6}, 0x8, 0x9, 0x0, 0x0, 0x0, 0x0, 0x9}) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r7, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'ip_vti0\x00', 0x0}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) sendto$packet(r7, &(0x7f0000000180)="10030600e0ff020004004788aa96a13bb100001100007fca1a00", 0x10608, 0x0, &(0x7f0000000140)={0x11, 0x0, r8}, 0x14) 100.816712ms ago: executing program 0 (id=1822): r0 = socket$rds(0x15, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00'}, 0x10) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000680)=[@fadd={0x58, 0x114, 0x6, {{0x1, 0x3}, &(0x7f0000000340)=0x5, 0x0, 0xa, 0xff, 0x0, 0x1, 0x5c, 0x8001}}], 0x58}, 0x0) 34.061067ms ago: executing program 2 (id=1813): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x18) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) 1.0241ms ago: executing program 0 (id=1814): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0xa00, 0xb) syz_open_procfs(0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000280), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, 0x0, 0x2000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0x7}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_DEL(r5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x40030000000000}, 0x4000) unshare(0x62040200) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032"], 0x15) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x200, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0x7, 0x9, 0x7, 0x2, 0x4000}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x48283, 0x0) ioctl$TUNSETOFFLOAD(r7, 0x400454c9, 0xb) ioctl$TUNSETTXFILTER(r7, 0x400454d1, 0x0) 0s ago: executing program 1 (id=1815): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) msgget$private(0x0, 0xfffffffffffffffd) r1 = syz_open_dev$evdev(0x0, 0x6, 0x2) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000080)={0x9, 0x7, 0x2, 0x8, "440d70407a0b90755deffc62491fa89efa9bfff3b9b43f26f3ff628e3e1eab3e"}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="00010000020105000000000000000000020000094400188008000340000000010800014000000b37080002400000000808000140000000000800014000000002080002400000023e080001400000000008000140000003ff04000f80060012400401000054000e801400018008000100ac14142108000200ac1414bb06000340000400000c00028005000100060000000c00028005000100880000000c00028005000100880000000600034000010000060003400000000008000c4000000000140005800f000100746674702d3230303030000024001880080001400000028e08000140000100000800024000000002080003400000200808001a4000000008"], 0x100}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000) getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, &(0x7f0000000380), 0x4) msgctl$IPC_INFO(0x0, 0x3, &(0x7f00000003c0)=""/4096) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, &(0x7f00000013c0)=0x4, 0x4) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001540)={&(0x7f0000001400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x7, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x7, 0x9}}, @type_tag={0x6, 0x0, 0x0, 0x12, 0x3}, @float={0x3, 0x0, 0x0, 0x10, 0x4}]}, {0x0, [0x61, 0x0, 0x0, 0x30, 0x30]}}, &(0x7f0000001480)=""/191, 0x4f, 0xbf, 0x1, 0x7}, 0x28) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001980)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\t\x00'/20, @ANYRES32, @ANYRES32=r3, @ANYBLOB="0000000005000000000000000000000000000000000000000000000034c5847afed998842055b0f159e7b4a06f888e4ea73e34371f0d1d28939b136923d525b506751e826ea675a53570d6485d1d106f5d3f62e5c066f379c606128962cc1dfdbec58efbdb9144753367b3f90f384815992767ce765c6281e578891393abb89b7558df4d2757094bf7531c4d342f489726dbaa8c35e2ac59ef0bd7b8cba9289460ef76efa859bfd0de5cfc"], 0x50) msgctl$IPC_RMID(0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000001680)={0x2, 0x4e24, @private=0xa010100}, 0x10) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000016c0)={0x73622a85, 0x1, 0x1}) semtimedop(0x0, &(0x7f0000001700)=[{0x0, 0xca2, 0x1000}], 0x1, &(0x7f0000001780)) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000017c0)=0x0) sched_rr_get_interval(r4, &(0x7f0000001800)) msgctl$MSG_INFO(0x0, 0xc, 0x0) getgroups(0x3, &(0x7f00000018c0)=[0xee00, 0xee01, 0x0]) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000001900)={{0x3, 0x0, r5, 0x0, 0xffffffffffffffff, 0x18, 0x6}, 0x8, 0x9, 0x0, 0x0, 0x0, 0x0, 0x9}) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'ip_vti0\x00', 0x0}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) sendto$packet(r6, &(0x7f0000000180)="10030600e0ff020004004788aa96a13bb100001100007fca1a00", 0x10608, 0x0, &(0x7f0000000140)={0x11, 0x0, r7}, 0x14) kernel console output (not intermixed with test programs): 5959] should_fail+0xb/0x20 [ 88.924642][ T5959] should_fail_usercopy+0x1a/0x20 [ 88.924666][ T5959] _copy_from_iter+0xd2/0xe80 [ 88.924693][ T5959] ? __build_skb_around+0x1a0/0x200 [ 88.924798][ T5959] ? __alloc_skb+0x223/0x320 [ 88.924833][ T5959] netlink_sendmsg+0x471/0x6b0 [ 88.924861][ T5959] ? __pfx_netlink_sendmsg+0x10/0x10 [ 88.925003][ T5959] __sock_sendmsg+0x142/0x180 [ 88.925096][ T5959] ____sys_sendmsg+0x31e/0x4e0 [ 88.925134][ T5959] ___sys_sendmsg+0x17b/0x1d0 [ 88.925284][ T5959] __x64_sys_sendmsg+0xd4/0x160 [ 88.925352][ T5959] x64_sys_call+0x191e/0x2ff0 [ 88.925376][ T5959] do_syscall_64+0xd2/0x200 [ 88.925466][ T5959] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 88.925491][ T5959] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 88.925574][ T5959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.925598][ T5959] RIP: 0033:0x7f338e33ebe9 [ 88.925617][ T5959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.925635][ T5959] RSP: 002b:00007f338cda7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 88.925656][ T5959] RAX: ffffffffffffffda RBX: 00007f338e565fa0 RCX: 00007f338e33ebe9 [ 88.925697][ T5959] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000000000000003 [ 88.925711][ T5959] RBP: 00007f338cda7090 R08: 0000000000000000 R09: 0000000000000000 [ 88.925792][ T5959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 88.925806][ T5959] R13: 00007f338e566038 R14: 00007f338e565fa0 R15: 00007ffe1b0374d8 [ 88.925827][ T5959] [ 88.944095][ T5963] can0: slcan on ttyS3. [ 89.135373][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.155499][ T5970] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 89.163315][ T5970] FAULT_INJECTION: forcing a failure. [ 89.163315][ T5970] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 89.176461][ T5970] CPU: 0 UID: 0 PID: 5970 Comm: syz.3.878 Not tainted syzkaller #0 PREEMPT(voluntary) [ 89.176484][ T5970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 89.176494][ T5970] Call Trace: [ 89.176500][ T5970] [ 89.176507][ T5970] __dump_stack+0x1d/0x30 [ 89.176526][ T5970] dump_stack_lvl+0xe8/0x140 [ 89.176537][ T5970] dump_stack+0x15/0x1b [ 89.176593][ T5970] should_fail_ex+0x265/0x280 [ 89.176604][ T5970] should_fail+0xb/0x20 [ 89.176613][ T5970] should_fail_usercopy+0x1a/0x20 [ 89.176624][ T5970] _copy_to_user+0x20/0xa0 [ 89.176707][ T5970] simple_read_from_buffer+0xb5/0x130 [ 89.176779][ T5970] proc_fail_nth_read+0x10e/0x150 [ 89.176858][ T5970] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 89.176893][ T5970] vfs_read+0x1a5/0x770 [ 89.176904][ T5970] ? __rcu_read_unlock+0x4f/0x70 [ 89.176915][ T5970] ? __fget_files+0x184/0x1c0 [ 89.177041][ T5970] ksys_read+0xda/0x1a0 [ 89.177052][ T5970] __x64_sys_read+0x40/0x50 [ 89.177065][ T5970] x64_sys_call+0x27bc/0x2ff0 [ 89.177157][ T5970] do_syscall_64+0xd2/0x200 [ 89.177171][ T5970] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 89.177198][ T5970] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 89.177216][ T5970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.177226][ T5970] RIP: 0033:0x7f4dece5d5fc [ 89.177236][ T5970] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 89.177245][ T5970] RSP: 002b:00007f4deb8bf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 89.177257][ T5970] RAX: ffffffffffffffda RBX: 00007f4ded085fa0 RCX: 00007f4dece5d5fc [ 89.177263][ T5970] RDX: 000000000000000f RSI: 00007f4deb8bf0a0 RDI: 0000000000000004 [ 89.177270][ T5970] RBP: 00007f4deb8bf090 R08: 0000000000000000 R09: 0000000000000000 [ 89.177303][ T5970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 89.177309][ T5970] R13: 00007f4ded086038 R14: 00007f4ded085fa0 R15: 00007fff652c44c8 [ 89.177318][ T5970] [ 89.180979][ T5968] can0 (unregistered): slcan off ttyS3. [ 89.270589][ T5975] netlink: 'syz.0.882': attribute type 2 has an invalid length. [ 89.382914][ T5977] netlink: zone id is out of range [ 89.400099][ T5977] netlink: zone id is out of range [ 89.408045][ T5977] netlink: zone id is out of range [ 89.409682][ T5975] netlink: 4856 bytes leftover after parsing attributes in process `syz.0.882'. [ 89.413300][ T5977] netlink: zone id is out of range [ 89.556881][ T5985] loop3: detected capacity change from 0 to 512 [ 89.571106][ T5985] EXT4-fs (loop3): The Hurd can't support 64-bit file systems [ 89.715958][ T5991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.784431][ T5991] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.889878][ T6012] netlink: 8 bytes leftover after parsing attributes in process `syz.2.889'. [ 90.598036][ T6051] loop3: detected capacity change from 0 to 1024 [ 90.622348][ T6051] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 90.729695][ T6060] team0: Port device dummy0 removed [ 90.739759][ T6060] bridge_slave_0: left allmulticast mode [ 90.745498][ T6060] bridge_slave_0: left promiscuous mode [ 90.751376][ T6060] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.762709][ T6060] bridge_slave_1: left allmulticast mode [ 90.765031][ T6064] netlink: 'syz.0.917': attribute type 10 has an invalid length. [ 90.768376][ T6060] bridge_slave_1: left promiscuous mode [ 90.781986][ T6060] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.793896][ T6060] bond0: (slave bond_slave_0): Releasing backup interface [ 90.804126][ T6060] bond0: (slave bond_slave_1): Releasing backup interface [ 90.820974][ T6060] team0: Failed to send options change via netlink (err -105) [ 90.831044][ T6060] team0: Failed to send port change of device team_slave_0 via netlink (err -105) [ 90.840568][ T6060] team0: Port device team_slave_0 removed [ 90.849040][ T6067] netlink: 'syz.2.915': attribute type 7 has an invalid length. [ 90.856780][ T6067] netlink: 'syz.2.915': attribute type 8 has an invalid length. [ 90.860499][ T6060] team0: Failed to send options change via netlink (err -105) [ 90.872272][ T6060] team0: Failed to send port change of device team_slave_1 via netlink (err -105) [ 90.882329][ T6060] team0: Port device team_slave_1 removed [ 90.888936][ T6060] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 90.896513][ T6060] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 90.904726][ T6060] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 90.912244][ T6060] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 90.935291][ T6065] team0: Failed to send options change via netlink (err -105) [ 90.942933][ T6065] team0: Mode changed to "activebackup" [ 91.005231][ T6073] FAULT_INJECTION: forcing a failure. [ 91.005231][ T6073] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 91.018689][ T6073] CPU: 0 UID: 0 PID: 6073 Comm: syz.4.920 Not tainted syzkaller #0 PREEMPT(voluntary) [ 91.018722][ T6073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 91.018770][ T6073] Call Trace: [ 91.018777][ T6073] [ 91.018786][ T6073] __dump_stack+0x1d/0x30 [ 91.018811][ T6073] dump_stack_lvl+0xe8/0x140 [ 91.018834][ T6073] dump_stack+0x15/0x1b [ 91.018853][ T6073] should_fail_ex+0x265/0x280 [ 91.018877][ T6073] should_fail+0xb/0x20 [ 91.018921][ T6073] should_fail_usercopy+0x1a/0x20 [ 91.018945][ T6073] copy_fpstate_to_sigframe+0x628/0x7d0 [ 91.018977][ T6073] ? copy_fpstate_to_sigframe+0xe6/0x7d0 [ 91.019088][ T6073] ? x86_task_fpu+0x36/0x60 [ 91.019143][ T6073] get_sigframe+0x34d/0x490 [ 91.019160][ T6073] ? get_signal+0xdc8/0xf70 [ 91.019191][ T6073] x64_setup_rt_frame+0xa8/0x580 [ 91.019211][ T6073] arch_do_signal_or_restart+0x27c/0x480 [ 91.019255][ T6073] exit_to_user_mode_loop+0x7a/0x100 [ 91.019343][ T6073] do_syscall_64+0x1d6/0x200 [ 91.019458][ T6073] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 91.019485][ T6073] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 91.019536][ T6073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.019560][ T6073] RIP: 0033:0x7f338e33ebe9 [ 91.019579][ T6073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.019598][ T6073] RSP: 002b:00007f338cda7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 91.019650][ T6073] RAX: ffffffffffffffea RBX: 00007f338e565fa0 RCX: 00007f338e33ebe9 [ 91.019665][ T6073] RDX: 0000000000000048 RSI: 00002000000191c0 RDI: 0000000000000000 [ 91.019680][ T6073] RBP: 00007f338cda7090 R08: 0000000000000000 R09: 0000000000000000 [ 91.019747][ T6073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.019760][ T6073] R13: 00007f338e566038 R14: 00007f338e565fa0 R15: 00007ffe1b0374d8 [ 91.019778][ T6073] [ 91.227737][ T6079] loop2: detected capacity change from 0 to 512 [ 91.268424][ T6079] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #3: comm syz.2.922: corrupted inode contents [ 91.281948][ T6079] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #3: comm syz.2.922: mark_inode_dirty error [ 91.294236][ T6079] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #3: comm syz.2.922: corrupted inode contents [ 91.307887][ T6079] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #3: comm syz.2.922: mark_inode_dirty error [ 91.319661][ T6079] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.922: Failed to acquire dquot type 0 [ 91.334608][ T6079] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.922: corrupted inode contents [ 91.346811][ T6079] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #16: comm syz.2.922: mark_inode_dirty error [ 91.369539][ T6079] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.922: corrupted inode contents [ 91.392499][ T6079] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #16: comm syz.2.922: mark_inode_dirty error [ 91.405165][ T6079] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.922: corrupted inode contents [ 91.417272][ T6086] __nla_validate_parse: 4 callbacks suppressed [ 91.417288][ T6086] netlink: 8 bytes leftover after parsing attributes in process `syz.4.924'. [ 91.432340][ T6086] netlink: 16 bytes leftover after parsing attributes in process `syz.4.924'. [ 91.468354][ T6091] netlink: 8 bytes leftover after parsing attributes in process `syz.4.924'. [ 91.524749][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.539605][ T6079] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 91.572945][ T6079] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.922: corrupted inode contents [ 91.653214][ T6079] EXT4-fs error (device loop2): ext4_truncate:4666: inode #16: comm syz.2.922: mark_inode_dirty error [ 91.691969][ T6079] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 91.719211][ T6079] EXT4-fs (loop2): 1 truncate cleaned up [ 91.737494][ T6097] netlink: 16 bytes leftover after parsing attributes in process `syz.1.928'. [ 91.748225][ T6079] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.783879][ T6097] IPVS: set_ctl: invalid protocol: 50 172.20.20.170:20003 [ 91.795497][ T6079] ext4 filesystem being mounted at /197/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.862716][ T6099] netlink: 14593 bytes leftover after parsing attributes in process `syz.3.930'. [ 91.937960][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.040667][ T6107] netlink: 'syz.0.933': attribute type 10 has an invalid length. [ 92.051380][ T6109] loop4: detected capacity change from 0 to 128 [ 92.067547][ T6109] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 92.082104][ T6109] ext4 filesystem being mounted at /181/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.125891][ T6115] loop3: detected capacity change from 0 to 164 [ 92.235961][ T3306] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 92.527350][ T6130] netlink: 16 bytes leftover after parsing attributes in process `syz.3.941'. [ 92.536673][ T6128] loop4: detected capacity change from 0 to 1024 [ 92.551441][ T6130] IPVS: set_ctl: invalid protocol: 50 172.20.20.170:20003 [ 92.622274][ T6128] EXT4-fs: inline encryption not supported [ 92.675698][ T6128] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 92.686746][ T6128] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 92.721965][ T6128] JBD2: no valid journal superblock found [ 92.727963][ T6128] EXT4-fs (loop4): Could not load journal inode [ 92.845806][ T6143] netlink: 'syz.2.946': attribute type 10 has an invalid length. [ 92.855772][ T6143] team0: Port device dummy0 added [ 93.066989][ T6149] netlink: 'syz.2.948': attribute type 2 has an invalid length. [ 93.080303][ T6149] netlink: 4856 bytes leftover after parsing attributes in process `syz.2.948'. [ 93.112474][ T6152] netlink: 14593 bytes leftover after parsing attributes in process `syz.1.949'. [ 93.149367][ T6153] netlink: 8 bytes leftover after parsing attributes in process `syz.3.947'. [ 93.158398][ T6153] netlink: 16 bytes leftover after parsing attributes in process `syz.3.947'. [ 93.373843][ T6158] netlink: 'syz.1.950': attribute type 2 has an invalid length. [ 93.527287][ T6158] net_ratelimit: 8 callbacks suppressed [ 93.527346][ T6158] netlink: zone id is out of range [ 93.538179][ T6158] netlink: zone id is out of range [ 93.691955][ T6158] netlink: zone id is out of range [ 93.697244][ T6158] netlink: zone id is out of range [ 93.702529][ T6158] netlink: zone id is out of range [ 93.707649][ T6158] netlink: zone id is out of range [ 93.941802][ T6169] netlink: 'syz.0.953': attribute type 2 has an invalid length. [ 94.004364][ T6169] netlink: zone id is out of range [ 94.009721][ T6169] netlink: zone id is out of range [ 94.049913][ T6169] netlink: zone id is out of range [ 94.055214][ T6169] netlink: zone id is out of range [ 94.156426][ T6183] netlink: 'syz.3.959': attribute type 10 has an invalid length. [ 94.202252][ T29] kauditd_printk_skb: 131 callbacks suppressed [ 94.202270][ T29] audit: type=1400 audit(1755973683.864:2342): avc: denied { create } for pid=6190 comm="syz.1.962" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 94.228232][ T29] audit: type=1400 audit(1755973683.864:2343): avc: denied { connect } for pid=6190 comm="syz.1.962" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 94.248105][ T29] audit: type=1400 audit(1755973683.864:2344): avc: denied { write } for pid=6190 comm="syz.1.962" path="socket:[15514]" dev="sockfs" ino=15514 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 94.272996][ T29] audit: type=1400 audit(1755973683.874:2345): avc: denied { execute_no_trans } for pid=6190 comm="syz.1.962" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1162 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 94.361338][ T29] audit: type=1400 audit(1755973684.034:2346): avc: denied { kexec_image_load } for pid=6197 comm="syz.3.965" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 94.590150][ T6208] netlink: 'syz.4.969': attribute type 2 has an invalid length. [ 95.211486][ T6225] netlink: 'syz.1.973': attribute type 10 has an invalid length. [ 95.270819][ T29] audit: type=1326 audit(1755973684.934:2347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6231 comm="syz.4.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f338e33ebe9 code=0x7ffc0000 [ 95.317672][ T29] audit: type=1326 audit(1755973684.944:2348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6231 comm="syz.4.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f338e33ebe9 code=0x7ffc0000 [ 95.341070][ T29] audit: type=1326 audit(1755973684.944:2349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6231 comm="syz.4.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f338e33ebe9 code=0x7ffc0000 [ 95.364537][ T29] audit: type=1326 audit(1755973684.944:2350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6231 comm="syz.4.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f338e33ebe9 code=0x7ffc0000 [ 95.387884][ T29] audit: type=1326 audit(1755973684.944:2351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6231 comm="syz.4.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f338e33ebe9 code=0x7ffc0000 [ 95.858305][ T6253] loop2: detected capacity change from 0 to 2048 [ 95.923875][ T6253] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.041497][ T6260] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 96.133069][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.640572][ T6274] netlink: 'syz.2.990': attribute type 10 has an invalid length. [ 96.779710][ T6281] netlink: 'syz.1.992': attribute type 2 has an invalid length. [ 96.790239][ T6282] loop2: detected capacity change from 0 to 128 [ 96.806348][ T6281] __nla_validate_parse: 12 callbacks suppressed [ 96.806369][ T6281] netlink: 4856 bytes leftover after parsing attributes in process `syz.1.992'. [ 96.837727][ T6282] loop2: detected capacity change from 0 to 1024 [ 96.853637][ T6282] ext4: Unknown parameter 'fsname' [ 96.898008][ T6282] loop2: detected capacity change from 0 to 1024 [ 96.932604][ T6282] EXT4-fs: Ignoring removed bh option [ 96.953238][ T6282] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 96.986392][ T6282] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.043253][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.120157][ T6293] netlink: 'syz.1.996': attribute type 2 has an invalid length. [ 97.148862][ T6293] netlink: 4856 bytes leftover after parsing attributes in process `syz.1.996'. [ 97.271064][ T6304] usb usb1: check_ctrlrecip: process 6304 (syz.1.1000) requesting ep 01 but needs 81 [ 97.280603][ T6304] usb usb1: usbfs: process 6304 (syz.1.1000) did not claim interface 0 before use [ 97.350324][ T6311] netlink: 'syz.4.1004': attribute type 10 has an invalid length. [ 97.473514][ T6314] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1006'. [ 97.482530][ T6314] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1006'. [ 97.509492][ T6314] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1006'. [ 97.695763][ T6324] loop3: detected capacity change from 0 to 2048 [ 97.712283][ T6329] netlink: 'syz.4.1011': attribute type 2 has an invalid length. [ 97.736919][ T6329] netlink: 4856 bytes leftover after parsing attributes in process `syz.4.1011'. [ 97.824182][ T6324] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.016791][ T6350] netlink: 14593 bytes leftover after parsing attributes in process `syz.4.1018'. [ 98.112325][ T6324] bond0: entered promiscuous mode [ 98.117427][ T6324] bond0: entered allmulticast mode [ 98.123330][ T6324] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.138923][ T6352] netlink: 'syz.4.1019': attribute type 10 has an invalid length. [ 98.156853][ T6324] bond0 (unregistering): Released all slaves [ 98.208844][ T6363] netlink: 14593 bytes leftover after parsing attributes in process `syz.2.1023'. [ 98.263153][ T6358] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1021'. [ 98.272327][ T6358] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1021'. [ 98.481265][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.619534][ T6391] netlink: 'syz.3.1035': attribute type 10 has an invalid length. [ 98.879604][ T6420] FAULT_INJECTION: forcing a failure. [ 98.879604][ T6420] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 98.892800][ T6420] CPU: 1 UID: 0 PID: 6420 Comm: syz.1.1050 Not tainted syzkaller #0 PREEMPT(voluntary) [ 98.892853][ T6420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 98.892867][ T6420] Call Trace: [ 98.892875][ T6420] [ 98.892884][ T6420] __dump_stack+0x1d/0x30 [ 98.892908][ T6420] dump_stack_lvl+0xe8/0x140 [ 98.892928][ T6420] dump_stack+0x15/0x1b [ 98.893005][ T6420] should_fail_ex+0x265/0x280 [ 98.893027][ T6420] should_fail+0xb/0x20 [ 98.893045][ T6420] should_fail_usercopy+0x1a/0x20 [ 98.893069][ T6420] _copy_to_user+0x20/0xa0 [ 98.893149][ T6420] simple_read_from_buffer+0xb5/0x130 [ 98.893245][ T6420] proc_fail_nth_read+0x10e/0x150 [ 98.893288][ T6420] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 98.893344][ T6420] vfs_read+0x1a5/0x770 [ 98.893366][ T6420] ? __rcu_read_unlock+0x4f/0x70 [ 98.893388][ T6420] ? __fget_files+0x184/0x1c0 [ 98.893417][ T6420] ksys_read+0xda/0x1a0 [ 98.893441][ T6420] __x64_sys_read+0x40/0x50 [ 98.893512][ T6420] x64_sys_call+0x27bc/0x2ff0 [ 98.893588][ T6420] do_syscall_64+0xd2/0x200 [ 98.893618][ T6420] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 98.893644][ T6420] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 98.893748][ T6420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.893771][ T6420] RIP: 0033:0x7f919f8dd5fc [ 98.893788][ T6420] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 98.893842][ T6420] RSP: 002b:00007f919e33f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 98.893865][ T6420] RAX: ffffffffffffffda RBX: 00007f919fb05fa0 RCX: 00007f919f8dd5fc [ 98.893879][ T6420] RDX: 000000000000000f RSI: 00007f919e33f0a0 RDI: 0000000000000005 [ 98.893892][ T6420] RBP: 00007f919e33f090 R08: 0000000000000000 R09: 0000000000000000 [ 98.893905][ T6420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 98.893919][ T6420] R13: 00007f919fb06038 R14: 00007f919fb05fa0 R15: 00007fffc59e1bb8 [ 98.893948][ T6420] [ 99.129346][ T6426] netlink: 'syz.2.1053': attribute type 10 has an invalid length. [ 99.268507][ T29] kauditd_printk_skb: 145 callbacks suppressed [ 99.268525][ T29] audit: type=1326 audit(1755973688.934:2497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6446 comm="syz.4.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f338e33ebe9 code=0x7ffc0000 [ 99.312637][ T29] audit: type=1326 audit(1755973688.964:2498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6446 comm="syz.4.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f338e33ebe9 code=0x7ffc0000 [ 99.336329][ T29] audit: type=1326 audit(1755973688.964:2499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6446 comm="syz.4.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f338e33ebe9 code=0x7ffc0000 [ 99.359773][ T29] audit: type=1326 audit(1755973688.974:2500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6446 comm="syz.4.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f338e33ebe9 code=0x7ffc0000 [ 99.383444][ T29] audit: type=1326 audit(1755973688.974:2501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6446 comm="syz.4.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f338e33ebe9 code=0x7ffc0000 [ 99.407534][ T29] audit: type=1326 audit(1755973688.974:2502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6446 comm="syz.4.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f338e33ebe9 code=0x7ffc0000 [ 99.431041][ T29] audit: type=1326 audit(1755973688.974:2503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6446 comm="syz.4.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f338e33ebe9 code=0x7ffc0000 [ 99.482179][ T6464] netlink: 'syz.4.1068': attribute type 10 has an invalid length. [ 99.529879][ T29] audit: type=1326 audit(1755973689.184:2504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6466 comm="syz.1.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f919f8debe9 code=0x7ffc0000 [ 99.553471][ T29] audit: type=1326 audit(1755973689.184:2505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6466 comm="syz.1.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f919f8debe9 code=0x7ffc0000 [ 99.577220][ T29] audit: type=1326 audit(1755973689.184:2506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6466 comm="syz.1.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f919f8debe9 code=0x7ffc0000 [ 99.686940][ T6485] team0 (unregistering): Port device team_slave_0 removed [ 99.697889][ T6485] team0 (unregistering): Port device team_slave_1 removed [ 99.709233][ T6485] team0 (unregistering): Port device dummy0 removed [ 99.717485][ T6485] team0 (unregistering): Port device bridge1 removed [ 99.836270][ T6502] netlink: 'syz.1.1084': attribute type 10 has an invalid length. [ 99.886920][ T6520] loop2: detected capacity change from 0 to 512 [ 99.893901][ T6520] EXT4-fs: Ignoring removed i_version option [ 99.934456][ T6520] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.947905][ T6520] ext4 filesystem being mounted at /231/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 100.025034][ T6530] FAULT_INJECTION: forcing a failure. [ 100.025034][ T6530] name failslab, interval 1, probability 0, space 0, times 0 [ 100.038003][ T6530] CPU: 0 UID: 0 PID: 6530 Comm: syz.2.1090 Not tainted syzkaller #0 PREEMPT(voluntary) [ 100.038035][ T6530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 100.038077][ T6530] Call Trace: [ 100.038154][ T6530] [ 100.038162][ T6530] __dump_stack+0x1d/0x30 [ 100.038187][ T6530] dump_stack_lvl+0xe8/0x140 [ 100.038208][ T6530] dump_stack+0x15/0x1b [ 100.038226][ T6530] should_fail_ex+0x265/0x280 [ 100.038248][ T6530] should_failslab+0x8c/0xb0 [ 100.038271][ T6530] kmem_cache_alloc_node_noprof+0x57/0x320 [ 100.038339][ T6530] ? __alloc_skb+0x101/0x320 [ 100.038371][ T6530] __alloc_skb+0x101/0x320 [ 100.038402][ T6530] netlink_alloc_large_skb+0xba/0xf0 [ 100.038451][ T6530] netlink_sendmsg+0x3cf/0x6b0 [ 100.038473][ T6530] ? __pfx_netlink_sendmsg+0x10/0x10 [ 100.038554][ T6530] __sock_sendmsg+0x142/0x180 [ 100.038583][ T6530] ____sys_sendmsg+0x31e/0x4e0 [ 100.038609][ T6530] ___sys_sendmsg+0x17b/0x1d0 [ 100.038645][ T6530] __x64_sys_sendmsg+0xd4/0x160 [ 100.038674][ T6530] x64_sys_call+0x191e/0x2ff0 [ 100.038730][ T6530] do_syscall_64+0xd2/0x200 [ 100.038759][ T6530] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 100.038784][ T6530] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 100.038817][ T6530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.038842][ T6530] RIP: 0033:0x7f449dd6ebe9 [ 100.038859][ T6530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.038880][ T6530] RSP: 002b:00007f449c7ae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 100.038902][ T6530] RAX: ffffffffffffffda RBX: 00007f449df96090 RCX: 00007f449dd6ebe9 [ 100.038928][ T6530] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 000000000000000a [ 100.038942][ T6530] RBP: 00007f449c7ae090 R08: 0000000000000000 R09: 0000000000000000 [ 100.038956][ T6530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.038970][ T6530] R13: 00007f449df96128 R14: 00007f449df96090 R15: 00007ffc1057f188 [ 100.038990][ T6530] [ 100.267269][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.291381][ T6538] netlink: 'syz.1.1098': attribute type 1 has an invalid length. [ 100.307778][ T6541] FAULT_INJECTION: forcing a failure. [ 100.307778][ T6541] name failslab, interval 1, probability 0, space 0, times 0 [ 100.320677][ T6541] CPU: 1 UID: 0 PID: 6541 Comm: syz.0.1099 Not tainted syzkaller #0 PREEMPT(voluntary) [ 100.320712][ T6541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 100.320731][ T6541] Call Trace: [ 100.320738][ T6541] [ 100.320747][ T6541] __dump_stack+0x1d/0x30 [ 100.320772][ T6541] dump_stack_lvl+0xe8/0x140 [ 100.320795][ T6541] dump_stack+0x15/0x1b [ 100.320894][ T6541] should_fail_ex+0x265/0x280 [ 100.320919][ T6541] should_failslab+0x8c/0xb0 [ 100.320963][ T6541] kmem_cache_alloc_noprof+0x50/0x310 [ 100.320992][ T6541] ? getname_flags+0x80/0x3b0 [ 100.321049][ T6541] ? __rcu_read_unlock+0x4f/0x70 [ 100.321073][ T6541] getname_flags+0x80/0x3b0 [ 100.321102][ T6541] io_renameat_prep+0x105/0x1b0 [ 100.321209][ T6541] io_submit_sqes+0x5ec/0x1060 [ 100.321264][ T6541] __se_sys_io_uring_enter+0x1c1/0x1b70 [ 100.321287][ T6541] ? 0xffffffff81000000 [ 100.321309][ T6541] ? __rcu_read_unlock+0x4f/0x70 [ 100.321331][ T6541] ? get_pid_task+0x96/0xd0 [ 100.321354][ T6541] ? proc_fail_nth_write+0x13b/0x160 [ 100.321403][ T6541] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 100.321433][ T6541] ? vfs_write+0x7e8/0x960 [ 100.321475][ T6541] ? __rcu_read_unlock+0x4f/0x70 [ 100.321498][ T6541] ? __fget_files+0x184/0x1c0 [ 100.321558][ T6541] ? fput+0x8f/0xc0 [ 100.321663][ T6541] __x64_sys_io_uring_enter+0x78/0x90 [ 100.321687][ T6541] x64_sys_call+0x2de1/0x2ff0 [ 100.321708][ T6541] do_syscall_64+0xd2/0x200 [ 100.321739][ T6541] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 100.321802][ T6541] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 100.321825][ T6541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.321846][ T6541] RIP: 0033:0x7f981cb4ebe9 [ 100.321862][ T6541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.321938][ T6541] RSP: 002b:00007f981b5b7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 100.321968][ T6541] RAX: ffffffffffffffda RBX: 00007f981cd75fa0 RCX: 00007f981cb4ebe9 [ 100.321982][ T6541] RDX: 00000000000096f0 RSI: 0000000010007b0f RDI: 0000000000000004 [ 100.321996][ T6541] RBP: 00007f981b5b7090 R08: 0000000000000000 R09: 0000000000000000 [ 100.322009][ T6541] R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000001 [ 100.322023][ T6541] R13: 00007f981cd76038 R14: 00007f981cd75fa0 R15: 00007ffd28fbe9c8 [ 100.322044][ T6541] [ 100.608335][ T6549] netlink: 'syz.2.1102': attribute type 10 has an invalid length. [ 100.721692][ T6558] loop2: detected capacity change from 0 to 512 [ 100.728493][ T6558] EXT4-fs: Ignoring removed orlov option [ 100.737695][ T6558] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 100.755877][ T6558] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 100.773823][ T6558] EXT4-fs (loop2): 1 orphan inode deleted [ 100.780136][ T6558] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.791089][ T6565] loop4: detected capacity change from 0 to 128 [ 100.805972][ T6565] loop4: detected capacity change from 0 to 1024 [ 100.915429][ T6565] ext4: Unknown parameter 'fsname' [ 100.937805][ T6565] loop4: detected capacity change from 0 to 1024 [ 100.958785][ T6565] EXT4-fs: Ignoring removed bh option [ 100.967266][ T6565] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 100.992760][ T6565] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.006131][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.059385][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.069064][ T6580] loop2: detected capacity change from 0 to 1024 [ 101.080536][ T6580] EXT4-fs: Ignoring removed orlov option [ 101.111990][ T6580] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.140058][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.232424][ T6598] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=8212 sclass=netlink_xfrm_socket pid=6598 comm=syz.2.1120 [ 101.539461][ T6640] FAULT_INJECTION: forcing a failure. [ 101.539461][ T6640] name failslab, interval 1, probability 0, space 0, times 0 [ 101.552475][ T6640] CPU: 1 UID: 0 PID: 6640 Comm: syz.3.1134 Not tainted syzkaller #0 PREEMPT(voluntary) [ 101.552509][ T6640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 101.552523][ T6640] Call Trace: [ 101.552532][ T6640] [ 101.552541][ T6640] __dump_stack+0x1d/0x30 [ 101.552619][ T6640] dump_stack_lvl+0xe8/0x140 [ 101.552639][ T6640] dump_stack+0x15/0x1b [ 101.552659][ T6640] should_fail_ex+0x265/0x280 [ 101.552681][ T6640] should_failslab+0x8c/0xb0 [ 101.552709][ T6640] kmem_cache_alloc_node_noprof+0x57/0x320 [ 101.552757][ T6640] ? __alloc_skb+0x101/0x320 [ 101.552823][ T6640] __alloc_skb+0x101/0x320 [ 101.552929][ T6640] ? audit_log_start+0x365/0x6c0 [ 101.552976][ T6640] audit_log_start+0x380/0x6c0 [ 101.553009][ T6640] audit_seccomp+0x48/0x100 [ 101.553038][ T6640] ? __seccomp_filter+0x68c/0x10d0 [ 101.553134][ T6640] __seccomp_filter+0x69d/0x10d0 [ 101.553156][ T6640] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 101.553184][ T6640] ? vfs_write+0x7e8/0x960 [ 101.553281][ T6640] __secure_computing+0x82/0x150 [ 101.553307][ T6640] syscall_trace_enter+0xcf/0x1e0 [ 101.553391][ T6640] do_syscall_64+0xac/0x200 [ 101.553422][ T6640] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 101.553481][ T6640] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 101.553563][ T6640] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.553586][ T6640] RIP: 0033:0x7f4dece5ebe9 [ 101.553602][ T6640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.553666][ T6640] RSP: 002b:00007f4deb8bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000001b [ 101.553688][ T6640] RAX: ffffffffffffffda RBX: 00007f4ded085fa0 RCX: 00007f4dece5ebe9 [ 101.553702][ T6640] RDX: 0000200000000440 RSI: 0000000000800000 RDI: 0000200000000000 [ 101.553715][ T6640] RBP: 00007f4deb8bf090 R08: 0000000000000000 R09: 0000000000000000 [ 101.553728][ T6640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 101.553742][ T6640] R13: 00007f4ded086038 R14: 00007f4ded085fa0 R15: 00007fff652c44c8 [ 101.553836][ T6640] [ 101.816921][ T6652] loop4: detected capacity change from 0 to 128 [ 101.826331][ T6656] FAULT_INJECTION: forcing a failure. [ 101.826331][ T6656] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 101.839572][ T6656] CPU: 0 UID: 0 PID: 6656 Comm: syz.0.1142 Not tainted syzkaller #0 PREEMPT(voluntary) [ 101.839629][ T6656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 101.839642][ T6656] Call Trace: [ 101.839651][ T6656] [ 101.839692][ T6656] __dump_stack+0x1d/0x30 [ 101.839718][ T6656] dump_stack_lvl+0xe8/0x140 [ 101.839741][ T6656] dump_stack+0x15/0x1b [ 101.839760][ T6656] should_fail_ex+0x265/0x280 [ 101.839805][ T6656] should_fail+0xb/0x20 [ 101.839823][ T6656] should_fail_usercopy+0x1a/0x20 [ 101.839845][ T6656] _copy_to_user+0x20/0xa0 [ 101.839873][ T6656] copy_siginfo_to_user+0x22/0xb0 [ 101.839897][ T6656] x64_setup_rt_frame+0x2b5/0x580 [ 101.839965][ T6656] arch_do_signal_or_restart+0x27c/0x480 [ 101.839991][ T6656] exit_to_user_mode_loop+0x7a/0x100 [ 101.840014][ T6656] do_syscall_64+0x1d6/0x200 [ 101.840043][ T6656] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 101.840069][ T6656] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 101.840169][ T6656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.840193][ T6656] RIP: 0033:0x7f981cb4ebe7 [ 101.840211][ T6656] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 101.840231][ T6656] RSP: 002b:00007f981b5b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 101.840255][ T6656] RAX: 0000000000000013 RBX: 00007f981cd75fa0 RCX: 00007f981cb4ebe9 [ 101.840268][ T6656] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000005 [ 101.840282][ T6656] RBP: 00007f981b5b7090 R08: 0000000000000000 R09: 0000000000000000 [ 101.840295][ T6656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 101.840355][ T6656] R13: 00007f981cd76038 R14: 00007f981cd75fa0 R15: 00007ffd28fbe9c8 [ 101.840377][ T6656] [ 102.052367][ T6652] loop4: detected capacity change from 0 to 1024 [ 102.059644][ T6652] EXT4-fs: Ignoring removed bh option [ 102.062430][ T6663] __nla_validate_parse: 14 callbacks suppressed [ 102.062446][ T6663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1145'. [ 102.066558][ T6665] netlink: 14593 bytes leftover after parsing attributes in process `syz.2.1146'. [ 102.074371][ T6652] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 102.085868][ T6663] vlan2: entered allmulticast mode [ 102.114294][ T6663] dummy0: entered allmulticast mode [ 102.130660][ T6669] validate_nla: 6 callbacks suppressed [ 102.130675][ T6669] netlink: 'syz.2.1148': attribute type 10 has an invalid length. [ 102.153137][ T6652] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.194470][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.418711][ T6696] loop2: detected capacity change from 0 to 1024 [ 102.422948][ T6691] SELinux: ebitmap: truncated map [ 102.432308][ T6691] SELinux: failed to load policy [ 102.434370][ T6696] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 102.448284][ T6696] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 102.459486][ T6696] JBD2: no valid journal superblock found [ 102.465430][ T6696] EXT4-fs (loop2): Could not load journal inode [ 102.520104][ T6700] netlink: 14593 bytes leftover after parsing attributes in process `syz.3.1159'. [ 102.530415][ T6701] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1152'. [ 102.539426][ T6701] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1152'. [ 102.594597][ T6705] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1152'. [ 102.747720][ T6708] netlink: 'syz.3.1162': attribute type 10 has an invalid length. [ 102.788271][ T6711] loop2: detected capacity change from 0 to 512 [ 102.824659][ T6711] EXT4-fs: Ignoring removed i_version option [ 102.869992][ T6711] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.899567][ T6711] ext4 filesystem being mounted at /252/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 102.975485][ T6711] netlink: 'syz.2.1160': attribute type 1 has an invalid length. [ 102.983323][ T6711] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1160'. [ 103.023828][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.081306][ T6724] loop2: detected capacity change from 0 to 512 [ 103.088099][ T6724] EXT4-fs: Ignoring removed orlov option [ 103.095648][ T6724] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 103.107722][ T6724] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 103.123888][ T6724] EXT4-fs (loop2): 1 orphan inode deleted [ 103.131127][ T6724] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.242812][ T6741] netlink: 14593 bytes leftover after parsing attributes in process `syz.3.1173'. [ 103.254182][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.278159][ T6745] netlink: 'syz.4.1176': attribute type 10 has an invalid length. [ 103.300444][ T6749] loop2: detected capacity change from 0 to 128 [ 103.319659][ T6749] loop2: detected capacity change from 0 to 1024 [ 103.327955][ T6751] FAULT_INJECTION: forcing a failure. [ 103.327955][ T6751] name failslab, interval 1, probability 0, space 0, times 0 [ 103.340711][ T6751] CPU: 1 UID: 0 PID: 6751 Comm: syz.1.1178 Not tainted syzkaller #0 PREEMPT(voluntary) [ 103.340747][ T6751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 103.340762][ T6751] Call Trace: [ 103.340769][ T6751] [ 103.340843][ T6751] __dump_stack+0x1d/0x30 [ 103.340868][ T6751] dump_stack_lvl+0xe8/0x140 [ 103.340890][ T6751] dump_stack+0x15/0x1b [ 103.340909][ T6751] should_fail_ex+0x265/0x280 [ 103.340933][ T6751] should_failslab+0x8c/0xb0 [ 103.341031][ T6751] kmem_cache_alloc_node_noprof+0x57/0x320 [ 103.341062][ T6751] ? __alloc_skb+0x101/0x320 [ 103.341095][ T6751] __alloc_skb+0x101/0x320 [ 103.341145][ T6751] netlink_alloc_large_skb+0xba/0xf0 [ 103.341238][ T6751] netlink_sendmsg+0x3cf/0x6b0 [ 103.341262][ T6751] ? __pfx_netlink_sendmsg+0x10/0x10 [ 103.341300][ T6751] __sock_sendmsg+0x142/0x180 [ 103.341325][ T6751] ____sys_sendmsg+0x31e/0x4e0 [ 103.341462][ T6751] ___sys_sendmsg+0x17b/0x1d0 [ 103.341498][ T6751] __x64_sys_sendmsg+0xd4/0x160 [ 103.341565][ T6751] x64_sys_call+0x191e/0x2ff0 [ 103.341585][ T6751] do_syscall_64+0xd2/0x200 [ 103.341721][ T6751] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 103.341746][ T6751] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 103.341774][ T6751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.341854][ T6751] RIP: 0033:0x7f919f8debe9 [ 103.341870][ T6751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.341890][ T6751] RSP: 002b:00007f919e33f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 103.341912][ T6751] RAX: ffffffffffffffda RBX: 00007f919fb05fa0 RCX: 00007f919f8debe9 [ 103.341941][ T6751] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000006 [ 103.341955][ T6751] RBP: 00007f919e33f090 R08: 0000000000000000 R09: 0000000000000000 [ 103.341969][ T6751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.341982][ T6751] R13: 00007f919fb06038 R14: 00007f919fb05fa0 R15: 00007fffc59e1bb8 [ 103.342004][ T6751] [ 103.548173][ T6749] EXT4-fs: Ignoring removed bh option [ 103.577957][ T6749] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 103.680911][ T6749] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.756702][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.283439][ T6786] netlink: 14593 bytes leftover after parsing attributes in process `syz.2.1192'. [ 104.302098][ T29] kauditd_printk_skb: 99 callbacks suppressed [ 104.302117][ T29] audit: type=1326 audit(1755973693.974:2604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6787 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981cb4ebe9 code=0x7ffc0000 [ 104.706534][ T29] audit: type=1326 audit(1755973694.004:2605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6787 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981cb4ebe9 code=0x7ffc0000 [ 104.730105][ T29] audit: type=1326 audit(1755973694.014:2606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6787 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f981cb4ebe9 code=0x7ffc0000 [ 104.754034][ T29] audit: type=1326 audit(1755973694.014:2607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6787 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981cb4ebe9 code=0x7ffc0000 [ 104.777519][ T29] audit: type=1326 audit(1755973694.014:2608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6787 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981cb4ebe9 code=0x7ffc0000 [ 104.801391][ T29] audit: type=1326 audit(1755973694.014:2609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6787 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f981cb4ebe9 code=0x7ffc0000 [ 104.825039][ T29] audit: type=1326 audit(1755973694.014:2610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6787 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981cb4ebe9 code=0x7ffc0000 [ 104.848646][ T29] audit: type=1326 audit(1755973694.014:2611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6787 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981cb4ebe9 code=0x7ffc0000 [ 104.872956][ T29] audit: type=1326 audit(1755973694.014:2612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6787 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f981cb4ebe9 code=0x7ffc0000 [ 104.896368][ T29] audit: type=1326 audit(1755973694.014:2613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6787 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981cb4ebe9 code=0x7ffc0000 [ 105.033192][ T6799] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1197'. [ 105.528107][ T6841] net_ratelimit: 26 callbacks suppressed [ 105.528122][ T6841] IPv4: Oversized IP packet from 127.202.26.0 [ 105.610281][ T6854] loop3: detected capacity change from 0 to 128 [ 105.633361][ T6854] loop3: detected capacity change from 0 to 1024 [ 105.640285][ T6854] EXT4-fs: Ignoring removed bh option [ 105.650685][ T6854] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 105.664096][ T6859] veth0_to_team: entered promiscuous mode [ 105.687562][ T6854] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.689063][ T6866] FAULT_INJECTION: forcing a failure. [ 105.689063][ T6866] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 105.713315][ T6866] CPU: 0 UID: 0 PID: 6866 Comm: syz.0.1226 Not tainted syzkaller #0 PREEMPT(voluntary) [ 105.713410][ T6866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 105.713422][ T6866] Call Trace: [ 105.713428][ T6866] [ 105.713435][ T6866] __dump_stack+0x1d/0x30 [ 105.713456][ T6866] dump_stack_lvl+0xe8/0x140 [ 105.713477][ T6866] dump_stack+0x15/0x1b [ 105.713492][ T6866] should_fail_ex+0x265/0x280 [ 105.713553][ T6866] should_fail+0xb/0x20 [ 105.713568][ T6866] should_fail_usercopy+0x1a/0x20 [ 105.713588][ T6866] _copy_from_user+0x1c/0xb0 [ 105.713613][ T6866] __copy_msghdr+0x244/0x300 [ 105.713681][ T6866] ___sys_sendmsg+0x109/0x1d0 [ 105.713712][ T6866] __x64_sys_sendmsg+0xd4/0x160 [ 105.713736][ T6866] x64_sys_call+0x191e/0x2ff0 [ 105.713755][ T6866] do_syscall_64+0xd2/0x200 [ 105.713833][ T6866] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 105.713855][ T6866] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 105.713879][ T6866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.713975][ T6866] RIP: 0033:0x7f981cb4ebe9 [ 105.713990][ T6866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.714071][ T6866] RSP: 002b:00007f981b5b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 105.714146][ T6866] RAX: ffffffffffffffda RBX: 00007f981cd75fa0 RCX: 00007f981cb4ebe9 [ 105.714158][ T6866] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 105.714169][ T6866] RBP: 00007f981b5b7090 R08: 0000000000000000 R09: 0000000000000000 [ 105.714180][ T6866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.714237][ T6866] R13: 00007f981cd76038 R14: 00007f981cd75fa0 R15: 00007ffd28fbe9c8 [ 105.714322][ T6866] [ 105.943413][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.019195][ T6881] IPv4: Oversized IP packet from 127.202.26.0 [ 106.142050][ T6894] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=6894 comm=syz.1.1236 [ 106.154669][ T6894] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=6894 comm=syz.1.1236 [ 106.186814][ T6896] loop3: detected capacity change from 0 to 128 [ 106.200337][ T6896] loop3: detected capacity change from 0 to 1024 [ 106.207306][ T6896] EXT4-fs: Ignoring removed bh option [ 106.227337][ T6896] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 106.260056][ T6896] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.337449][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.462345][ T6933] loop4: detected capacity change from 0 to 512 [ 106.483081][ T6933] EXT4-fs: Ignoring removed orlov option [ 106.499545][ T6933] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 106.518959][ T6933] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 106.535132][ T6933] EXT4-fs (loop4): 1 orphan inode deleted [ 106.541477][ T6933] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.569479][ T6945] FAULT_INJECTION: forcing a failure. [ 106.569479][ T6945] name failslab, interval 1, probability 0, space 0, times 0 [ 106.570791][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.582259][ T6945] CPU: 0 UID: 0 PID: 6945 Comm: syz.3.1252 Not tainted syzkaller #0 PREEMPT(voluntary) [ 106.582294][ T6945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 106.582306][ T6945] Call Trace: [ 106.582314][ T6945] [ 106.582349][ T6945] __dump_stack+0x1d/0x30 [ 106.582370][ T6945] dump_stack_lvl+0xe8/0x140 [ 106.582387][ T6945] dump_stack+0x15/0x1b [ 106.582405][ T6945] should_fail_ex+0x265/0x280 [ 106.582427][ T6945] should_failslab+0x8c/0xb0 [ 106.582452][ T6945] kmem_cache_alloc_node_noprof+0x57/0x320 [ 106.582527][ T6945] ? __alloc_skb+0x101/0x320 [ 106.582559][ T6945] __alloc_skb+0x101/0x320 [ 106.582745][ T6945] netlink_alloc_large_skb+0xba/0xf0 [ 106.582778][ T6945] netlink_sendmsg+0x3cf/0x6b0 [ 106.582849][ T6945] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.582871][ T6945] __sock_sendmsg+0x142/0x180 [ 106.582898][ T6945] ____sys_sendmsg+0x31e/0x4e0 [ 106.582943][ T6945] ___sys_sendmsg+0x17b/0x1d0 [ 106.583019][ T6945] __x64_sys_sendmsg+0xd4/0x160 [ 106.583045][ T6945] x64_sys_call+0x191e/0x2ff0 [ 106.583067][ T6945] do_syscall_64+0xd2/0x200 [ 106.583102][ T6945] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 106.583129][ T6945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.583168][ T6945] RIP: 0033:0x7f4dece5ebe9 [ 106.583184][ T6945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.583203][ T6945] RSP: 002b:00007f4deb8bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 106.583264][ T6945] RAX: ffffffffffffffda RBX: 00007f4ded085fa0 RCX: 00007f4dece5ebe9 [ 106.583339][ T6945] RDX: 0000000000000000 RSI: 0000200000001540 RDI: 0000000000000003 [ 106.583352][ T6945] RBP: 00007f4deb8bf090 R08: 0000000000000000 R09: 0000000000000000 [ 106.583365][ T6945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.583378][ T6945] R13: 00007f4ded086038 R14: 00007f4ded085fa0 R15: 00007fff652c44c8 [ 106.583397][ T6945] [ 106.705618][ T6949] netlink: 'syz.3.1255': attribute type 1 has an invalid length. [ 107.068738][ T6984] __nla_validate_parse: 12 callbacks suppressed [ 107.068756][ T6984] netlink: 14593 bytes leftover after parsing attributes in process `syz.0.1270'. [ 107.125178][ T6988] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1272'. [ 107.282975][ T7002] loop2: detected capacity change from 0 to 1024 [ 107.314200][ T7002] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.380621][ T7019] netlink: 14593 bytes leftover after parsing attributes in process `syz.4.1283'. [ 107.471419][ T7031] loop4: detected capacity change from 0 to 512 [ 107.478402][ T7031] EXT4-fs: Ignoring removed orlov option [ 107.484664][ T7031] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 107.495967][ T7031] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 107.510847][ T7031] EXT4-fs (loop4): 1 orphan inode deleted [ 107.517052][ T7031] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.689823][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.812719][ T7048] loop4: detected capacity change from 0 to 128 [ 107.945752][ T7052] netlink: 14593 bytes leftover after parsing attributes in process `syz.4.1297'. [ 108.034014][ T7056] loop4: detected capacity change from 0 to 128 [ 108.046377][ T7056] loop4: detected capacity change from 0 to 1024 [ 108.053417][ T7056] EXT4-fs: Ignoring removed bh option [ 108.059360][ T7056] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 108.073219][ T7056] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.094133][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.116850][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.122850][ T7060] IPv4: Oversized IP packet from 127.202.26.0 [ 108.168130][ T7066] loop4: detected capacity change from 0 to 512 [ 108.176537][ T7066] EXT4-fs: Ignoring removed orlov option [ 108.182513][ T7066] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 108.194641][ T7066] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 108.209845][ T7066] EXT4-fs (loop4): 1 orphan inode deleted [ 108.216101][ T7066] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.319254][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.440612][ T7087] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1309'. [ 108.558127][ T7088] loop4: detected capacity change from 0 to 128 [ 108.689244][ T7088] loop4: detected capacity change from 0 to 1024 [ 108.712958][ T7092] IPv4: Oversized IP packet from 127.202.26.0 [ 108.733678][ T7094] FAULT_INJECTION: forcing a failure. [ 108.733678][ T7094] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 108.746867][ T7094] CPU: 0 UID: 0 PID: 7094 Comm: syz.1.1314 Not tainted syzkaller #0 PREEMPT(voluntary) [ 108.746926][ T7094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 108.746937][ T7094] Call Trace: [ 108.746944][ T7094] [ 108.746951][ T7094] __dump_stack+0x1d/0x30 [ 108.746977][ T7094] dump_stack_lvl+0xe8/0x140 [ 108.747073][ T7094] dump_stack+0x15/0x1b [ 108.747172][ T7094] should_fail_ex+0x265/0x280 [ 108.747198][ T7094] should_fail+0xb/0x20 [ 108.747225][ T7094] should_fail_usercopy+0x1a/0x20 [ 108.747246][ T7094] _copy_to_user+0x20/0xa0 [ 108.747273][ T7094] simple_read_from_buffer+0xb5/0x130 [ 108.747296][ T7094] proc_fail_nth_read+0x10e/0x150 [ 108.747327][ T7094] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 108.747383][ T7094] vfs_read+0x1a5/0x770 [ 108.747406][ T7094] ? __rcu_read_unlock+0x4f/0x70 [ 108.747425][ T7094] ? __fget_files+0x184/0x1c0 [ 108.747450][ T7094] ksys_read+0xda/0x1a0 [ 108.747543][ T7094] __x64_sys_read+0x40/0x50 [ 108.747563][ T7094] x64_sys_call+0x27bc/0x2ff0 [ 108.747585][ T7094] do_syscall_64+0xd2/0x200 [ 108.747615][ T7094] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 108.747643][ T7094] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 108.747750][ T7094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.747775][ T7094] RIP: 0033:0x7f919f8dd5fc [ 108.747792][ T7094] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 108.747825][ T7094] RSP: 002b:00007f919e33f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 108.747951][ T7094] RAX: ffffffffffffffda RBX: 00007f919fb05fa0 RCX: 00007f919f8dd5fc [ 108.747962][ T7094] RDX: 000000000000000f RSI: 00007f919e33f0a0 RDI: 0000000000000007 [ 108.747971][ T7094] RBP: 00007f919e33f090 R08: 0000000000000000 R09: 0000000000000000 [ 108.747980][ T7094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.747989][ T7094] R13: 00007f919fb06038 R14: 00007f919fb05fa0 R15: 00007fffc59e1bb8 [ 108.748061][ T7094] [ 108.959554][ T7088] EXT4-fs: Ignoring removed bh option [ 108.993873][ T7088] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 109.046679][ T7098] FAULT_INJECTION: forcing a failure. [ 109.046679][ T7098] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.059889][ T7098] CPU: 0 UID: 0 PID: 7098 Comm: syz.0.1316 Not tainted syzkaller #0 PREEMPT(voluntary) [ 109.059921][ T7098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 109.059936][ T7098] Call Trace: [ 109.059945][ T7098] [ 109.059954][ T7098] __dump_stack+0x1d/0x30 [ 109.059990][ T7098] dump_stack_lvl+0xe8/0x140 [ 109.060072][ T7098] dump_stack+0x15/0x1b [ 109.060092][ T7098] should_fail_ex+0x265/0x280 [ 109.060143][ T7098] should_fail+0xb/0x20 [ 109.060161][ T7098] should_fail_usercopy+0x1a/0x20 [ 109.060181][ T7098] _copy_from_user+0x1c/0xb0 [ 109.060207][ T7098] ____sys_sendmsg+0x1c5/0x4e0 [ 109.060308][ T7098] ___sys_sendmsg+0x17b/0x1d0 [ 109.060387][ T7098] __sys_sendmmsg+0x178/0x300 [ 109.060422][ T7098] __x64_sys_sendmmsg+0x57/0x70 [ 109.060448][ T7098] x64_sys_call+0x1c4a/0x2ff0 [ 109.060473][ T7098] do_syscall_64+0xd2/0x200 [ 109.060554][ T7098] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 109.060577][ T7098] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 109.060606][ T7098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.060631][ T7098] RIP: 0033:0x7f981cb4ebe9 [ 109.060649][ T7098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.060699][ T7098] RSP: 002b:00007f981b5b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 109.060728][ T7098] RAX: ffffffffffffffda RBX: 00007f981cd75fa0 RCX: 00007f981cb4ebe9 [ 109.060743][ T7098] RDX: 0000000000000001 RSI: 0000200000007a00 RDI: 0000000000000003 [ 109.060755][ T7098] RBP: 00007f981b5b7090 R08: 0000000000000000 R09: 0000000000000000 [ 109.060828][ T7098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.060839][ T7098] R13: 00007f981cd76038 R14: 00007f981cd75fa0 R15: 00007ffd28fbe9c8 [ 109.060858][ T7098] [ 109.577973][ T7119] loop3: detected capacity change from 0 to 1024 [ 109.717444][ T7088] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.741006][ T7119] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.769191][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.346510][ T7144] netlink: 'syz.0.1334': attribute type 2 has an invalid length. [ 110.375748][ T7144] netlink: 4856 bytes leftover after parsing attributes in process `syz.0.1334'. [ 110.424032][ T7145] netlink: zone id is out of range [ 110.429274][ T7145] netlink: zone id is out of range [ 110.446366][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.470910][ T7145] netlink: zone id is out of range [ 110.476230][ T7145] netlink: zone id is out of range [ 110.481397][ T7145] netlink: zone id is out of range [ 110.486636][ T7145] netlink: zone id is out of range [ 110.667283][ T7161] loop2: detected capacity change from 0 to 128 [ 110.683694][ T7164] loop3: detected capacity change from 0 to 512 [ 110.690285][ T7164] EXT4-fs: Ignoring removed orlov option [ 110.703470][ T7161] loop2: detected capacity change from 0 to 1024 [ 110.711055][ T7164] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 110.722283][ T7161] EXT4-fs: Ignoring removed bh option [ 110.733575][ T7164] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 110.734657][ T7161] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 110.770926][ T7164] EXT4-fs (loop3): 1 orphan inode deleted [ 110.777027][ T7164] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.824824][ T7161] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.904711][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.914155][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.955331][ T7178] loop4: detected capacity change from 0 to 1024 [ 110.971751][ T29] kauditd_printk_skb: 178 callbacks suppressed [ 110.971768][ T29] audit: type=1400 audit(1755973700.634:2792): avc: denied { read write } for pid=7179 comm="syz.3.1345" name="nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 111.001538][ T29] audit: type=1400 audit(1755973700.634:2793): avc: denied { open } for pid=7179 comm="syz.3.1345" path="/dev/nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 111.028080][ T7182] IPv4: Oversized IP packet from 127.202.26.0 [ 111.052980][ T7178] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.130356][ T7197] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1347'. [ 111.323746][ T7204] FAULT_INJECTION: forcing a failure. [ 111.323746][ T7204] name failslab, interval 1, probability 0, space 0, times 0 [ 111.336897][ T7204] CPU: 0 UID: 0 PID: 7204 Comm: syz.2.1353 Not tainted syzkaller #0 PREEMPT(voluntary) [ 111.336929][ T7204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 111.336940][ T7204] Call Trace: [ 111.336947][ T7204] [ 111.336955][ T7204] __dump_stack+0x1d/0x30 [ 111.336976][ T7204] dump_stack_lvl+0xe8/0x140 [ 111.337001][ T7204] dump_stack+0x15/0x1b [ 111.337019][ T7204] should_fail_ex+0x265/0x280 [ 111.337040][ T7204] should_failslab+0x8c/0xb0 [ 111.337069][ T7204] kmem_cache_alloc_node_noprof+0x57/0x320 [ 111.337151][ T7204] ? __alloc_skb+0x101/0x320 [ 111.337203][ T7204] __alloc_skb+0x101/0x320 [ 111.337284][ T7204] netlink_alloc_large_skb+0xba/0xf0 [ 111.337323][ T7204] netlink_sendmsg+0x3cf/0x6b0 [ 111.337358][ T7204] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.337378][ T7204] __sock_sendmsg+0x142/0x180 [ 111.337405][ T7204] ____sys_sendmsg+0x31e/0x4e0 [ 111.337444][ T7204] ___sys_sendmsg+0x17b/0x1d0 [ 111.337534][ T7204] __x64_sys_sendmsg+0xd4/0x160 [ 111.337563][ T7204] x64_sys_call+0x191e/0x2ff0 [ 111.337589][ T7204] do_syscall_64+0xd2/0x200 [ 111.337643][ T7204] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 111.337666][ T7204] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 111.337786][ T7204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.337809][ T7204] RIP: 0033:0x7f449dd6ebe9 [ 111.337824][ T7204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.337841][ T7204] RSP: 002b:00007f449c7cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.337913][ T7204] RAX: ffffffffffffffda RBX: 00007f449df95fa0 RCX: 00007f449dd6ebe9 [ 111.337929][ T7204] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 0000000000000003 [ 111.337944][ T7204] RBP: 00007f449c7cf090 R08: 0000000000000000 R09: 0000000000000000 [ 111.337957][ T7204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.337968][ T7204] R13: 00007f449df96038 R14: 00007f449df95fa0 R15: 00007ffc1057f188 [ 111.337987][ T7204] [ 111.682910][ T7206] loop2: detected capacity change from 0 to 128 [ 111.712827][ T7206] loop2: detected capacity change from 0 to 1024 [ 111.722187][ T7206] EXT4-fs: Ignoring removed bh option [ 111.868257][ T7206] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 111.932152][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.947379][ T7206] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.013333][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.023377][ T7214] 9pnet_fd: p9_fd_create_tcp (7214): problem connecting socket to 127.0.0.1 [ 112.033487][ T29] audit: type=1400 audit(1755973701.694:2794): avc: denied { mounton } for pid=7213 comm="syz.1.1357" path="/syzcgroup/cpu/syz1/cgroup.procs" dev="cgroup" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1 [ 112.060526][ T7214] A link change request failed with some changes committed already. Interface vcan0 may have been left with an inconsistent configuration, please check. [ 112.079522][ T7214] A link change request failed with some changes committed already. Interface vcan0 may have been left with an inconsistent configuration, please check. [ 112.692284][ T7232] openvswitch: netlink: Message has 6 unknown bytes. [ 113.065877][ T7250] IPv4: Oversized IP packet from 127.202.26.0 [ 113.091046][ T7255] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1372'. [ 113.100085][ T7255] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1372'. [ 113.126654][ T29] audit: type=1400 audit(1755973702.784:2795): avc: granted { setsecparam } for pid=7246 comm="syz.0.1369" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 113.160508][ T29] audit: type=1400 audit(1755973702.824:2796): avc: denied { bind } for pid=7254 comm="syz.3.1372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 113.180241][ T29] audit: type=1326 audit(1755973702.824:2797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7254 comm="syz.3.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dece5ebe9 code=0x7ffc0000 [ 113.204019][ T29] audit: type=1326 audit(1755973702.824:2798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7254 comm="syz.3.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f4dece5ebe9 code=0x7ffc0000 [ 113.227575][ T29] audit: type=1326 audit(1755973702.824:2799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7254 comm="syz.3.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dece5ebe9 code=0x7ffc0000 [ 113.253496][ T29] audit: type=1326 audit(1755973702.874:2800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7254 comm="syz.3.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f4dece5ebe9 code=0x7ffc0000 [ 113.300948][ T7265] loop4: detected capacity change from 0 to 512 [ 113.315206][ T7261] loop3: detected capacity change from 0 to 2048 [ 113.323167][ T29] audit: type=1326 audit(1755973702.974:2801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7254 comm="syz.3.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dece5ebe9 code=0x7ffc0000 [ 113.354738][ T7261] EXT4-fs: Ignoring removed mblk_io_submit option [ 113.354820][ T7265] EXT4-fs: Ignoring removed orlov option [ 113.361394][ T7261] EXT4-fs: test_dummy_encryption option not supported [ 113.372917][ T7265] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 113.535716][ T7272] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1378'. [ 114.359794][ T7265] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 114.423691][ T7265] EXT4-fs (loop4): 1 orphan inode deleted [ 114.461367][ T7265] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.628573][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.987360][ T7342] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1394'. [ 114.996554][ T7342] netlink: 196 bytes leftover after parsing attributes in process `syz.4.1394'. [ 115.007168][ T7342] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1394'. [ 115.047667][ T7353] loop4: detected capacity change from 0 to 512 [ 115.054658][ T7353] EXT4-fs: Ignoring removed orlov option [ 115.061638][ T7353] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 115.073778][ T7353] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 115.089019][ T7353] EXT4-fs (loop4): 1 orphan inode deleted [ 115.100060][ T7358] loop3: detected capacity change from 0 to 512 [ 115.107105][ T7353] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.108077][ T7358] EXT4-fs: Ignoring removed nobh option [ 115.140547][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.154360][ T7358] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #3: comm syz.3.1407: corrupted inode contents [ 115.184675][ T7367] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1412'. [ 115.193860][ T7358] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #3: comm syz.3.1407: mark_inode_dirty error [ 115.216294][ T7358] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #3: comm syz.3.1407: corrupted inode contents [ 115.266004][ T7358] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #3: comm syz.3.1407: mark_inode_dirty error [ 115.311693][ T7358] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.1407: Failed to acquire dquot type 0 [ 115.350936][ T7358] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1407: corrupted inode contents [ 115.414813][ T7358] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #16: comm syz.3.1407: mark_inode_dirty error [ 115.439482][ T7358] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1407: corrupted inode contents [ 115.457352][ T7358] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #16: comm syz.3.1407: mark_inode_dirty error [ 115.509862][ T7358] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1407: corrupted inode contents [ 115.527022][ T7358] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 115.536287][ T7358] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1407: corrupted inode contents [ 115.552132][ T7358] EXT4-fs error (device loop3): ext4_truncate:4666: inode #16: comm syz.3.1407: mark_inode_dirty error [ 115.558914][ T7412] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1426'. [ 115.565569][ T7358] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 115.582135][ T7358] EXT4-fs (loop3): 1 truncate cleaned up [ 115.603933][ T7358] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.636200][ T7358] ext4 filesystem being mounted at /251/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 115.762405][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.001424][ T7457] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1444'. [ 116.035973][ T29] kauditd_printk_skb: 105 callbacks suppressed [ 116.035991][ T29] audit: type=1400 audit(1755973705.704:2905): avc: denied { read } for pid=7443 comm="syz.3.1441" name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 116.066626][ T29] audit: type=1400 audit(1755973705.704:2906): avc: denied { open } for pid=7443 comm="syz.3.1441" path="/dev/loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 116.107262][ T7444] SELinux: Context system_u:object_r:traceroute_exec_t:s0 is not valid (left unmapped). [ 116.110992][ T29] audit: type=1400 audit(1755973705.774:2907): avc: denied { relabelfrom } for pid=7443 comm="syz.3.1441" name="NETLINK" dev="sockfs" ino=19685 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 116.141673][ T29] audit: type=1400 audit(1755973705.774:2908): avc: denied { mac_admin } for pid=7443 comm="syz.3.1441" capability=33 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 116.165604][ T29] audit: type=1400 audit(1755973705.794:2909): avc: denied { relabelto } for pid=7443 comm="syz.3.1441" name="NETLINK" dev="sockfs" ino=19685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_route_socket permissive=1 trawcon="system_u:object_r:traceroute_exec_t:s0" [ 116.433283][ T7464] loop3: detected capacity change from 0 to 512 [ 116.440295][ T7464] EXT4-fs: Ignoring removed mblk_io_submit option [ 116.505422][ T7464] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 116.611719][ T7464] EXT4-fs (loop3): 1 truncate cleaned up [ 116.678760][ T7464] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.885461][ T7483] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1455'. [ 116.956948][ T7483] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 117.014985][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.037544][ T29] audit: type=1326 audit(1755973706.694:2910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7479 comm="syz.2.1454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f449dd6ebe9 code=0x7ffc0000 [ 117.061291][ T29] audit: type=1326 audit(1755973706.694:2911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7479 comm="syz.2.1454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f449dd6ebe9 code=0x7ffc0000 [ 117.147891][ T7493] atomic_op ffff88811c250528 conn xmit_atomic 0000000000000000 [ 117.200790][ T7500] loop3: detected capacity change from 0 to 128 [ 117.239056][ T7497] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7497 comm=syz.1.1461 [ 117.253800][ T7500] loop3: detected capacity change from 0 to 1024 [ 117.272309][ T7500] ext4: Unknown parameter 'fsname' [ 117.288598][ T7503] loop2: detected capacity change from 0 to 1024 [ 117.298113][ T29] audit: type=1400 audit(1755973706.804:2912): avc: denied { mount } for pid=7492 comm="syz.2.1459" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 117.320370][ T29] audit: type=1400 audit(1755973706.894:2913): avc: denied { unmount } for pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 117.394033][ T7503] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.638671][ T29] audit: type=1400 audit(1755973707.304:2914): avc: denied { bind } for pid=7520 comm="syz.0.1468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 117.693475][ T7534] loop4: detected capacity change from 0 to 1024 [ 117.733611][ T7537] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 117.744693][ T7534] IPVS: stopping master sync thread 7537 ... [ 118.077612][ T7551] loop4: detected capacity change from 0 to 128 [ 118.126611][ T7551] loop4: detected capacity change from 0 to 1024 [ 118.139375][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.150341][ T7551] ext4: Unknown parameter 'fsname' [ 118.242283][ T7561] __nla_validate_parse: 3 callbacks suppressed [ 118.242303][ T7561] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1478'. [ 118.512313][ T7573] loop4: detected capacity change from 0 to 512 [ 118.534042][ T7573] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 118.568682][ T7573] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.662302][ T7573] ext4 filesystem being mounted at /296/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 118.695921][ T7573] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1484: corrupted xattr block 19: overlapping e_value [ 118.788859][ T7573] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 118.798032][ T7573] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1484: corrupted xattr block 19: overlapping e_value [ 118.845922][ T7582] IPv6: Can't replace route, no match found [ 118.852665][ T7573] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 119.005816][ T7587] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.034380][ T7573] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1484: corrupted xattr block 19: overlapping e_value [ 119.058938][ T7587] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.177906][ T7573] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1484: corrupted xattr block 19: overlapping e_value [ 119.382059][ T7573] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1484: corrupted xattr block 19: overlapping e_value [ 119.430978][ T7573] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 119.465261][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.590543][ T7605] loop4: detected capacity change from 0 to 512 [ 119.597865][ T7605] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 119.610626][ T7605] EXT4-fs (loop4): 1 truncate cleaned up [ 119.622343][ T7605] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 119.682893][ T7610] FAULT_INJECTION: forcing a failure. [ 119.682893][ T7610] name failslab, interval 1, probability 0, space 0, times 0 [ 119.695955][ T7610] CPU: 1 UID: 0 PID: 7610 Comm: syz.1.1499 Not tainted syzkaller #0 PREEMPT(voluntary) [ 119.695990][ T7610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 119.696005][ T7610] Call Trace: [ 119.696083][ T7610] [ 119.696136][ T7610] __dump_stack+0x1d/0x30 [ 119.696159][ T7610] dump_stack_lvl+0xe8/0x140 [ 119.696243][ T7610] dump_stack+0x15/0x1b [ 119.696268][ T7610] should_fail_ex+0x265/0x280 [ 119.696293][ T7610] ? alloc_bprm+0x5c/0x350 [ 119.696316][ T7610] should_failslab+0x8c/0xb0 [ 119.696416][ T7610] __kmalloc_cache_noprof+0x4c/0x320 [ 119.696471][ T7610] alloc_bprm+0x5c/0x350 [ 119.696495][ T7610] do_execveat_common+0x12e/0x750 [ 119.696518][ T7610] ? getname_flags+0x154/0x3b0 [ 119.696548][ T7610] __x64_sys_execveat+0x73/0x90 [ 119.696617][ T7610] x64_sys_call+0x1fec/0x2ff0 [ 119.696642][ T7610] do_syscall_64+0xd2/0x200 [ 119.696676][ T7610] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 119.696719][ T7610] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 119.696768][ T7610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.696792][ T7610] RIP: 0033:0x7f919f8debe9 [ 119.696807][ T7610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.696854][ T7610] RSP: 002b:00007f919e33f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 119.696878][ T7610] RAX: ffffffffffffffda RBX: 00007f919fb05fa0 RCX: 00007f919f8debe9 [ 119.696942][ T7610] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 119.696957][ T7610] RBP: 00007f919e33f090 R08: 0000000000001000 R09: 0000000000000000 [ 119.696971][ T7610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 119.696986][ T7610] R13: 00007f919fb06038 R14: 00007f919fb05fa0 R15: 00007fffc59e1bb8 [ 119.697007][ T7610] [ 119.896665][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.915293][ T7612] sock: sock_set_timeout: `syz.4.1500' (pid 7612) tries to set negative timeout [ 119.929260][ T7612] loop4: detected capacity change from 0 to 512 [ 119.952755][ T7612] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 119.961143][ T7612] EXT4-fs (loop4): orphan cleanup on readonly fs [ 119.967911][ T7612] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 119.985634][ T7612] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 119.993508][ T7612] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1500: bg 0: block 40: padding at end of block bitmap is not set [ 120.009238][ T7612] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 120.035129][ T7612] EXT4-fs (loop4): 1 truncate cleaned up [ 120.046639][ T7612] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 120.076675][ T7618] FAULT_INJECTION: forcing a failure. [ 120.076675][ T7618] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 120.089771][ T7618] CPU: 0 UID: 0 PID: 7618 Comm: syz.1.1502 Not tainted syzkaller #0 PREEMPT(voluntary) [ 120.089799][ T7618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 120.089811][ T7618] Call Trace: [ 120.089817][ T7618] [ 120.089825][ T7618] __dump_stack+0x1d/0x30 [ 120.089902][ T7618] dump_stack_lvl+0xe8/0x140 [ 120.089920][ T7618] dump_stack+0x15/0x1b [ 120.089936][ T7618] should_fail_ex+0x265/0x280 [ 120.089957][ T7618] should_fail+0xb/0x20 [ 120.090056][ T7618] should_fail_usercopy+0x1a/0x20 [ 120.090082][ T7618] _copy_to_user+0x20/0xa0 [ 120.090151][ T7618] simple_read_from_buffer+0xb5/0x130 [ 120.090177][ T7618] proc_fail_nth_read+0x10e/0x150 [ 120.090207][ T7618] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 120.090256][ T7618] vfs_read+0x1a5/0x770 [ 120.090330][ T7618] ? __rcu_read_unlock+0x4f/0x70 [ 120.090355][ T7618] ? __fget_files+0x184/0x1c0 [ 120.090386][ T7618] ksys_read+0xda/0x1a0 [ 120.090471][ T7618] __x64_sys_read+0x40/0x50 [ 120.090497][ T7618] x64_sys_call+0x27bc/0x2ff0 [ 120.090523][ T7618] do_syscall_64+0xd2/0x200 [ 120.090549][ T7618] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 120.090638][ T7618] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 120.090709][ T7618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.090735][ T7618] RIP: 0033:0x7f919f8dd5fc [ 120.090749][ T7618] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 120.090768][ T7618] RSP: 002b:00007f919e33f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 120.090791][ T7618] RAX: ffffffffffffffda RBX: 00007f919fb05fa0 RCX: 00007f919f8dd5fc [ 120.090806][ T7618] RDX: 000000000000000f RSI: 00007f919e33f0a0 RDI: 0000000000000004 [ 120.090896][ T7618] RBP: 00007f919e33f090 R08: 0000000000000000 R09: 0000000000000000 [ 120.090907][ T7618] R10: 0000200000000380 R11: 0000000000000246 R12: 0000000000000001 [ 120.090919][ T7618] R13: 00007f919fb06038 R14: 00007f919fb05fa0 R15: 00007fffc59e1bb8 [ 120.090937][ T7618] [ 120.308308][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.333646][ T7622] IPv4: Oversized IP packet from 127.202.26.0 [ 120.456269][ T7639] atomic_op ffff888134530528 conn xmit_atomic 0000000000000000 [ 120.523131][ T7647] FAULT_INJECTION: forcing a failure. [ 120.523131][ T7647] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 120.536616][ T7647] CPU: 1 UID: 0 PID: 7647 Comm: syz.0.1514 Not tainted syzkaller #0 PREEMPT(voluntary) [ 120.536644][ T7647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 120.536703][ T7647] Call Trace: [ 120.536710][ T7647] [ 120.536719][ T7647] __dump_stack+0x1d/0x30 [ 120.536743][ T7647] dump_stack_lvl+0xe8/0x140 [ 120.536766][ T7647] dump_stack+0x15/0x1b [ 120.536793][ T7647] should_fail_ex+0x265/0x280 [ 120.536819][ T7647] should_fail_alloc_page+0xf2/0x100 [ 120.536898][ T7647] __alloc_frozen_pages_noprof+0xff/0x360 [ 120.537006][ T7647] alloc_pages_mpol+0xb3/0x250 [ 120.537039][ T7647] alloc_frozen_pages_noprof+0x90/0x110 [ 120.537218][ T7647] ___kmalloc_large_node+0x52/0x100 [ 120.537253][ T7647] __kmalloc_large_node_noprof+0x16/0xa0 [ 120.537278][ T7647] __kmalloc_noprof+0x2ab/0x3e0 [ 120.537400][ T7647] ? iovec_from_user+0x84/0x210 [ 120.537435][ T7647] iovec_from_user+0x84/0x210 [ 120.537467][ T7647] ? process_vm_rw+0x137/0x960 [ 120.537572][ T7647] process_vm_rw+0x15b/0x960 [ 120.537601][ T7647] ? _parse_integer+0x27/0x40 [ 120.537625][ T7647] ? kstrtoull+0x111/0x140 [ 120.537682][ T7647] ? bpf_trace_run2+0x124/0x1c0 [ 120.537757][ T7647] ? __bpf_trace_sys_enter+0x10/0x30 [ 120.537786][ T7647] __x64_sys_process_vm_writev+0x78/0x90 [ 120.537820][ T7647] x64_sys_call+0x2a7c/0x2ff0 [ 120.537845][ T7647] do_syscall_64+0xd2/0x200 [ 120.537929][ T7647] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 120.537998][ T7647] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 120.538088][ T7647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.538114][ T7647] RIP: 0033:0x7f981cb4ebe9 [ 120.538133][ T7647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.538222][ T7647] RSP: 002b:00007f981b5b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 120.538305][ T7647] RAX: ffffffffffffffda RBX: 00007f981cd75fa0 RCX: 00007f981cb4ebe9 [ 120.538318][ T7647] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000000 [ 120.538330][ T7647] RBP: 00007f981b5b7090 R08: 000000000000023a R09: 0000000000000000 [ 120.538342][ T7647] R10: 0000200000121000 R11: 0000000000000246 R12: 0000000000000001 [ 120.538355][ T7647] R13: 00007f981cd76038 R14: 00007f981cd75fa0 R15: 00007ffd28fbe9c8 [ 120.538376][ T7647] [ 120.868867][ T7655] loop2: detected capacity change from 0 to 512 [ 120.875603][ T7655] EXT4-fs: Ignoring removed orlov option [ 120.881644][ T7655] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 120.892984][ T7655] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 120.907988][ T7655] EXT4-fs (loop2): 1 orphan inode deleted [ 121.250243][ T7676] loop2: detected capacity change from 0 to 512 [ 121.257216][ T7676] journal_path: Lookup failure for './file1' [ 121.263263][ T7676] EXT4-fs: error: could not find journal device path [ 121.276353][ T7676] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1525'. [ 121.308008][ T7676] bond0 (unregistering): Released all slaves [ 121.412731][ T7687] loop2: detected capacity change from 0 to 512 [ 121.420667][ T7687] EXT4-fs: Ignoring removed orlov option [ 121.426798][ T29] kauditd_printk_skb: 37 callbacks suppressed [ 121.426816][ T29] audit: type=1400 audit(1755973711.084:2951): avc: denied { mount } for pid=7683 comm="syz.1.1528" name="/" dev="configfs" ino=1167 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 121.434691][ T7687] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 121.455917][ T29] audit: type=1400 audit(1755973711.084:2952): avc: denied { search } for pid=7683 comm="syz.1.1528" name="/" dev="configfs" ino=1167 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 121.455948][ T29] audit: type=1400 audit(1755973711.084:2953): avc: denied { setattr } for pid=7683 comm="syz.1.1528" name="/" dev="configfs" ino=1167 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 121.510513][ T29] audit: type=1400 audit(1755973711.084:2954): avc: denied { read } for pid=7683 comm="syz.1.1528" lport=36298 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 121.555501][ T7687] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 121.589264][ T7687] EXT4-fs (loop2): 1 orphan inode deleted [ 121.842225][ T7723] loop2: detected capacity change from 0 to 1024 [ 121.930140][ T29] audit: type=1400 audit(1755973711.594:2955): avc: denied { name_connect } for pid=7732 comm="syz.1.1544" dest=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 122.015009][ T29] audit: type=1326 audit(1755973711.684:2956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7720 comm="syz.0.1540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981cb4ebe9 code=0x7ffc0000 [ 122.038770][ T29] audit: type=1326 audit(1755973711.684:2957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7720 comm="syz.0.1540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f981cb4ebe9 code=0x7ffc0000 [ 122.062237][ T29] audit: type=1326 audit(1755973711.684:2958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7720 comm="syz.0.1540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981cb4ebe9 code=0x7ffc0000 [ 122.085882][ T29] audit: type=1326 audit(1755973711.684:2959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7720 comm="syz.0.1540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=232 compat=0 ip=0x7f981cb4ebe9 code=0x7ffc0000 [ 122.207532][ T7755] netlink: 'syz.1.1551': attribute type 10 has an invalid length. [ 122.227190][ T7755] netlink: 'syz.1.1551': attribute type 10 has an invalid length. [ 122.235937][ T7755] team0: Port device dummy0 removed [ 122.242366][ T7755] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 122.285596][ T7761] loop4: detected capacity change from 0 to 512 [ 122.292201][ T7761] EXT4-fs: Ignoring removed orlov option [ 122.298169][ T7761] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 122.312299][ T7761] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 122.327099][ T7761] EXT4-fs (loop4): 1 orphan inode deleted [ 122.354692][ T7765] loop4: detected capacity change from 0 to 128 [ 122.365890][ T7767] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1556'. [ 122.368745][ T7765] loop4: detected capacity change from 0 to 1024 [ 122.382836][ T7765] ext4: Unknown parameter 'fsname' [ 122.383428][ T7767] netlink: zone id is out of range [ 122.393528][ T7767] netlink: zone id is out of range [ 122.485927][ T7782] loop4: detected capacity change from 0 to 128 [ 122.499905][ T7782] loop4: detected capacity change from 0 to 1024 [ 122.508503][ T7782] EXT4-fs: Ignoring removed bh option [ 122.514439][ T7782] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 122.549549][ T29] audit: type=1400 audit(1755973712.214:2960): avc: denied { read } for pid=7787 comm="syz.3.1564" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 122.558929][ T7791] loop4: detected capacity change from 0 to 512 [ 122.579536][ T7791] EXT4-fs: Ignoring removed orlov option [ 122.586690][ T7791] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 122.598099][ T7791] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 122.614659][ T7791] EXT4-fs (loop4): 1 orphan inode deleted [ 122.686127][ T7797] IPv4: Oversized IP packet from 127.202.26.0 [ 122.735703][ T7803] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1570'. [ 122.780363][ T7813] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1575'. [ 122.794679][ T7813] vlan3: entered promiscuous mode [ 122.799827][ T7813] batadv0: entered promiscuous mode [ 122.807935][ T7817] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1577'. [ 122.886379][ T7831] loop3: detected capacity change from 0 to 512 [ 122.893846][ T7831] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 122.906150][ T7831] EXT4-fs (loop3): 1 truncate cleaned up [ 122.931625][ T7831] netlink: 'syz.3.1581': attribute type 83 has an invalid length. [ 123.059623][ T7846] random: crng reseeded on system resumption [ 123.131067][ T7856] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1590'. [ 123.170980][ T7858] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1591'. [ 123.185153][ T7860] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.192487][ T7860] bridge0: port 2(bridge_slave_1) entered listening state [ 123.199741][ T7860] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.206867][ T7860] bridge0: port 1(bridge_slave_0) entered listening state [ 123.216758][ T7860] 8021q: adding VLAN 0 to HW filter on device $Hÿ [ 123.229672][ T7860] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 123.265402][ T7865] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 123.285005][ T7858] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1591'. [ 123.396009][ T7884] loop3: detected capacity change from 0 to 2048 [ 123.451066][ T7884] loop3: p1 < > p4 [ 123.455571][ T7884] loop3: p4 size 8388608 extends beyond EOD, truncated [ 123.532227][ T7888] netlink: 'syz.3.1603': attribute type 21 has an invalid length. [ 123.540132][ T7888] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1603'. [ 123.588177][ T7894] FAULT_INJECTION: forcing a failure. [ 123.588177][ T7894] name failslab, interval 1, probability 0, space 0, times 0 [ 123.601062][ T7894] CPU: 1 UID: 0 PID: 7894 Comm: syz.3.1606 Not tainted syzkaller #0 PREEMPT(voluntary) [ 123.601093][ T7894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 123.601107][ T7894] Call Trace: [ 123.601115][ T7894] [ 123.601123][ T7894] __dump_stack+0x1d/0x30 [ 123.601220][ T7894] dump_stack_lvl+0xe8/0x140 [ 123.601287][ T7894] dump_stack+0x15/0x1b [ 123.601305][ T7894] should_fail_ex+0x265/0x280 [ 123.601396][ T7894] should_failslab+0x8c/0xb0 [ 123.601483][ T7894] kmem_cache_alloc_noprof+0x50/0x310 [ 123.601510][ T7894] ? audit_log_start+0x365/0x6c0 [ 123.601537][ T7894] audit_log_start+0x365/0x6c0 [ 123.601568][ T7894] audit_seccomp+0x48/0x100 [ 123.601604][ T7894] ? __seccomp_filter+0x68c/0x10d0 [ 123.601628][ T7894] __seccomp_filter+0x69d/0x10d0 [ 123.601652][ T7894] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 123.601679][ T7894] ? vfs_write+0x7e8/0x960 [ 123.601702][ T7894] __secure_computing+0x82/0x150 [ 123.601754][ T7894] syscall_trace_enter+0xcf/0x1e0 [ 123.601779][ T7894] do_syscall_64+0xac/0x200 [ 123.601857][ T7894] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 123.601879][ T7894] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 123.601904][ T7894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.601952][ T7894] RIP: 0033:0x7f4dece5ebe9 [ 123.601968][ T7894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.602017][ T7894] RSP: 002b:00007f4deb8bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 123.602058][ T7894] RAX: ffffffffffffffda RBX: 00007f4ded085fa0 RCX: 00007f4dece5ebe9 [ 123.602070][ T7894] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000002d4 [ 123.602083][ T7894] RBP: 00007f4deb8bf090 R08: 0000000000000000 R09: 0000000000000000 [ 123.602096][ T7894] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 123.602110][ T7894] R13: 00007f4ded086038 R14: 00007f4ded085fa0 R15: 00007fff652c44c8 [ 123.602130][ T7894] [ 123.955776][ T7914] loop3: detected capacity change from 0 to 512 [ 123.956244][ T7913] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1793 sclass=netlink_route_socket pid=7913 comm=syz.0.1613 [ 123.979203][ T7913] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1613'. [ 123.993537][ T7914] ext4 filesystem being mounted at /291/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 123.998283][ T7913] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1613'. [ 124.064461][ T7920] netlink: 12 bytes leftover after parsing attributes in process `+}[@'. [ 124.122519][ T7923] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 124.458208][ T7947] loop4: detected capacity change from 0 to 128 [ 124.470604][ T7947] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 124.478709][ T7947] FAT-fs (loop4): Filesystem has been set read-only [ 124.488455][ T7947] bio_check_eod: 52855 callbacks suppressed [ 124.488472][ T7947] syz.4.1625: attempt to access beyond end of device [ 124.488472][ T7947] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 124.508349][ T7947] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 124.516332][ T7947] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 124.527360][ T7947] syz.4.1625: attempt to access beyond end of device [ 124.527360][ T7947] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 124.745266][ T7973] atomic_op ffff88811a23c528 conn xmit_atomic 0000000000000000 [ 124.798223][ T7977] loop3: detected capacity change from 0 to 512 [ 124.804909][ T7977] EXT4-fs: Ignoring removed orlov option [ 124.811901][ T7977] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 124.826305][ T7977] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 124.847001][ T7977] EXT4-fs (loop3): 1 orphan inode deleted [ 124.856636][ T7980] atomic_op ffff888134533128 conn xmit_atomic 0000000000000000 [ 124.889647][ T7986] atomic_op ffff888134533128 conn xmit_atomic 0000000000000000 [ 124.905965][ T7988] FAULT_INJECTION: forcing a failure. [ 124.905965][ T7988] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 124.915258][ T7990] loop2: detected capacity change from 0 to 512 [ 124.919185][ T7988] CPU: 0 UID: 0 PID: 7988 Comm: syz.3.1644 Not tainted syzkaller #0 PREEMPT(voluntary) [ 124.919214][ T7988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 124.919226][ T7988] Call Trace: [ 124.919243][ T7988] [ 124.919252][ T7988] __dump_stack+0x1d/0x30 [ 124.919336][ T7988] dump_stack_lvl+0xe8/0x140 [ 124.919357][ T7988] dump_stack+0x15/0x1b [ 124.919374][ T7988] should_fail_ex+0x265/0x280 [ 124.919409][ T7988] should_fail+0xb/0x20 [ 124.919427][ T7988] should_fail_usercopy+0x1a/0x20 [ 124.919449][ T7988] _copy_from_iter+0xd2/0xe80 [ 124.919476][ T7988] ? alloc_pages_mpol+0x201/0x250 [ 124.919529][ T7988] copy_page_from_iter+0x178/0x2a0 [ 124.919629][ T7988] tun_get_user+0x679/0x2680 [ 124.919728][ T7988] ? ref_tracker_alloc+0x1f2/0x2f0 [ 124.919807][ T7988] tun_chr_write_iter+0x15e/0x210 [ 124.919836][ T7988] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 124.919873][ T7988] vfs_write+0x527/0x960 [ 124.919910][ T7988] ksys_write+0xda/0x1a0 [ 124.919939][ T7988] __x64_sys_write+0x40/0x50 [ 124.919962][ T7988] x64_sys_call+0x27fe/0x2ff0 [ 124.920017][ T7988] do_syscall_64+0xd2/0x200 [ 124.920115][ T7988] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 124.920139][ T7988] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 124.920164][ T7988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.920186][ T7988] RIP: 0033:0x7f4dece5d69f [ 124.920203][ T7988] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 124.920266][ T7988] RSP: 002b:00007f4deb8bf000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 124.920294][ T7988] RAX: ffffffffffffffda RBX: 00007f4ded085fa0 RCX: 00007f4dece5d69f [ 124.920308][ T7988] RDX: 000000000000002e RSI: 0000200000000180 RDI: 00000000000000c8 [ 124.920321][ T7988] RBP: 00007f4deb8bf090 R08: 0000000000000000 R09: 0000000000000000 [ 124.920334][ T7988] R10: 000000000000002e R11: 0000000000000293 R12: 0000000000000001 [ 124.920346][ T7988] R13: 00007f4ded086038 R14: 00007f4ded085fa0 R15: 00007fff652c44c8 [ 124.920365][ T7988] [ 124.967822][ T7994] IPv4: Oversized IP packet from 127.202.26.0 [ 124.971692][ T7990] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 125.151100][ T7990] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e02c, mo2=0002] [ 125.159518][ T7990] EXT4-fs (loop2): orphan cleanup on readonly fs [ 125.166168][ T7990] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.1645: bad orphan inode 267 [ 125.177344][ T7990] EXT4-fs (loop2): Remounting filesystem read-only [ 125.209423][ T8005] atomic_op ffff888134531528 conn xmit_atomic 0000000000000000 [ 125.323585][ T8017] loop3: detected capacity change from 0 to 1024 [ 125.422263][ T8023] veth0: entered promiscuous mode [ 125.444748][ T8028] IPv4: Oversized IP packet from 127.202.26.0 [ 125.447449][ T8029] loop2: detected capacity change from 0 to 128 [ 125.468093][ T8029] msdos: Unknown parameter '•' [ 125.481291][ T8031] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1663'. [ 125.494260][ T8021] veth0: left promiscuous mode [ 125.505251][ T8029] loop2: detected capacity change from 0 to 512 [ 125.586302][ T8043] loop2: detected capacity change from 0 to 512 [ 125.599539][ T8043] EXT4-fs: Ignoring removed orlov option [ 125.602046][ T8048] loop4: detected capacity change from 0 to 512 [ 125.606669][ T8043] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 125.612262][ T8048] EXT4-fs: Ignoring removed nobh option [ 125.627434][ T8049] atomic_op ffff888134531528 conn xmit_atomic 0000000000000000 [ 125.636098][ T8048] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 125.644907][ T8043] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 125.669270][ T8043] EXT4-fs (loop2): 1 orphan inode deleted [ 125.726459][ T8048] EXT4-fs (loop4): orphan cleanup on readonly fs [ 125.780857][ T8048] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.1670: bad orphan inode 15 [ 125.802935][ T8048] ext4_test_bit(bit=14, block=18) = 1 [ 125.808335][ T8048] is_bad_inode(inode)=0 [ 125.812706][ T8048] NEXT_ORPHAN(inode)=1023 [ 125.817049][ T8048] max_ino=32 [ 125.820261][ T8048] i_nlink=0 [ 125.831266][ T8048] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1670: bg 0: block 161: padding at end of block bitmap is not set [ 125.901709][ T8048] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 125.937360][ T8048] EXT4-fs mount: 25 callbacks suppressed [ 125.937381][ T8048] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 125.959491][ T8073] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8073 comm=syz.4.1670 [ 125.972463][ T8048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8048 comm=syz.4.1670 [ 125.997341][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.080319][ T8082] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1679'. [ 126.161841][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.176286][ T8086] loop4: detected capacity change from 0 to 1024 [ 126.186141][ T8086] EXT4-fs: Ignoring removed bh option [ 126.193236][ T8086] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 126.218924][ T8088] IPv4: Oversized IP packet from 127.202.26.0 [ 126.242758][ T8086] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.283457][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.309087][ T8093] loop4: detected capacity change from 0 to 512 [ 126.328844][ T8093] EXT4-fs: Ignoring removed orlov option [ 126.346991][ T8093] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 126.365976][ T8096] loop3: detected capacity change from 0 to 128 [ 126.389954][ T8096] loop3: detected capacity change from 0 to 1024 [ 126.398365][ T8096] ext4: Unknown parameter 'fsname' [ 126.426592][ T8093] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 126.457510][ T8093] EXT4-fs (loop4): 1 orphan inode deleted [ 126.463826][ T8093] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.482598][ T29] kauditd_printk_skb: 293 callbacks suppressed [ 126.482674][ T29] audit: type=1400 audit(1755973716.154:3252): avc: denied { write } for pid=8099 comm="syz.3.1689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 126.487806][ T8103] IPv4: Oversized IP packet from 127.202.26.0 [ 126.488917][ T29] audit: type=1400 audit(1755973716.154:3253): avc: denied { lock } for pid=8099 comm="syz.3.1689" path="socket:[22081]" dev="sockfs" ino=22081 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 126.539203][ T29] audit: type=1326 audit(1755973716.154:3254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8104 comm="syz.1.1690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f919f8debe9 code=0x7ffc0000 [ 126.562682][ T29] audit: type=1326 audit(1755973716.154:3255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8104 comm="syz.1.1690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f919f8debe9 code=0x7ffc0000 [ 126.586435][ T29] audit: type=1326 audit(1755973716.184:3256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8104 comm="syz.1.1690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f919f8debe9 code=0x7ffc0000 [ 126.609872][ T29] audit: type=1326 audit(1755973716.184:3257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8104 comm="syz.1.1690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f919f8debe9 code=0x7ffc0000 [ 126.633427][ T29] audit: type=1326 audit(1755973716.184:3258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8104 comm="syz.1.1690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f919f8debe9 code=0x7ffc0000 [ 126.657041][ T29] audit: type=1326 audit(1755973716.184:3259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8104 comm="syz.1.1690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f919f8debe9 code=0x7ffc0000 [ 126.680451][ T29] audit: type=1326 audit(1755973716.184:3260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8104 comm="syz.1.1690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f919f8debe9 code=0x7ffc0000 [ 126.703977][ T29] audit: type=1326 audit(1755973716.184:3261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8104 comm="syz.1.1690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f919f8debe9 code=0x7ffc0000 [ 126.747777][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.781617][ T8108] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1692'. [ 126.792945][ T8108] netlink: zone id is out of range [ 126.798081][ T8108] netlink: zone id is out of range [ 127.163033][ T8132] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1699'. [ 127.252291][ T8134] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1698'. [ 128.347749][ T8141] __nla_validate_parse: 2 callbacks suppressed [ 128.347770][ T8141] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1701'. [ 128.443502][ T8143] loop2: detected capacity change from 0 to 512 [ 128.482689][ T8143] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 128.504936][ T8145] loop4: detected capacity change from 0 to 512 [ 128.517307][ T8143] EXT4-fs (loop2): orphan cleanup on readonly fs [ 128.524262][ T8145] EXT4-fs: Ignoring removed orlov option [ 128.542209][ T8145] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 128.553774][ T8143] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.1701: corrupted inode contents [ 128.593739][ T8145] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 128.629736][ T8143] EXT4-fs (loop2): Remounting filesystem read-only [ 128.638529][ T8143] EXT4-fs (loop2): 1 truncate cleaned up [ 128.660020][ T8145] EXT4-fs (loop4): 1 orphan inode deleted [ 128.679409][ T8145] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.796152][ T8163] loop3: detected capacity change from 0 to 1024 [ 128.813254][ T8163] EXT4-fs: Ignoring removed bh option [ 128.827121][ T8163] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 128.873371][ T8163] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.356538][ T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 129.367434][ T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 129.372954][ T8179] IPv4: Oversized IP packet from 127.202.26.0 [ 129.384367][ T12] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 129.395567][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.397889][ T8143] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 129.406885][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.427821][ T8143] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.485155][ T8190] loop3: detected capacity change from 0 to 512 [ 129.502393][ T8190] EXT4-fs: Ignoring removed orlov option [ 129.514900][ T8190] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 129.561452][ T8197] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1723'. [ 129.570476][ T8197] netem: unknown loss type 12 [ 129.575608][ T8197] netem: change failed [ 129.592099][ T8190] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 129.619275][ T8190] EXT4-fs (loop3): 1 orphan inode deleted [ 129.645959][ T8201] loop2: detected capacity change from 0 to 1024 [ 129.651346][ T8190] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.652819][ T8201] EXT4-fs: Ignoring removed bh option [ 129.686991][ T8201] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 129.698002][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.713948][ T8201] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.755749][ T8208] loop3: detected capacity change from 0 to 1024 [ 129.767369][ T8208] EXT4-fs: inline encryption not supported [ 129.783498][ T8209] loop4: detected capacity change from 0 to 1024 [ 129.790694][ T8209] EXT4-fs: inline encryption not supported [ 129.806196][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.822119][ T8209] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 129.833104][ T8209] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 129.845386][ T8208] EXT4-fs: Ignoring removed bh option [ 129.855935][ T8212] SELinux: Context system_u:object_r:getty_exec_t:s0 is not valid (left unmapped). [ 129.876771][ T8211] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 129.877495][ T8209] JBD2: no valid journal superblock found [ 129.897058][ T8215] loop2: detected capacity change from 0 to 1024 [ 129.898040][ T8209] EXT4-fs (loop4): Could not load journal inode [ 129.927155][ T8208] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.946705][ T8215] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.962985][ T8221] netlink: 'syz.0.1729': attribute type 2 has an invalid length. [ 129.973296][ T8215] ext4 filesystem being mounted at /355/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 129.985309][ T8221] netlink: 4868 bytes leftover after parsing attributes in process `syz.0.1729'. [ 130.126988][ T8221] netlink: zone id is out of range [ 130.126999][ T8221] netlink: zone id is out of range [ 130.127008][ T8221] netlink: zone id is out of range [ 130.127014][ T8221] netlink: zone id is out of range [ 130.127063][ T8221] netlink: zone id is out of range [ 130.127070][ T8221] netlink: zone id is out of range [ 130.318671][ T8230] netlink: 120 bytes leftover after parsing attributes in process `syz.1.1730'. [ 130.488497][ T8238] netlink: 'syz.0.1733': attribute type 2 has an invalid length. [ 130.491611][ T8238] netlink: zone id is out of range [ 130.503475][ T8238] netlink: zone id is out of range [ 130.514706][ T8238] netlink: zone id is out of range [ 130.514720][ T8238] netlink: zone id is out of range [ 130.762415][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.809529][ T41] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm kworker/u8:2: lblock 1 mapped to illegal pblock 1 (length 15) [ 130.811773][ T8253] program syz.3.1740 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 130.842694][ T41] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 130.855216][ T41] EXT4-fs (loop2): This should not happen!! Data will be lost [ 130.855216][ T41] [ 130.891126][ T8256] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1738'. [ 130.900020][ T8256] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1738'. [ 130.903561][ T41] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 130.946239][ T41] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2052 with max blocks 2048 with error 28 [ 130.958997][ T41] EXT4-fs (loop2): This should not happen!! Data will be lost [ 130.958997][ T41] [ 130.968676][ T41] EXT4-fs (loop2): Total free blocks count 0 [ 130.974704][ T41] EXT4-fs (loop2): Free/Dirty block details [ 130.980803][ T41] EXT4-fs (loop2): free_blocks=4293918720 [ 130.986612][ T41] EXT4-fs (loop2): dirty_blocks=7920 [ 130.992029][ T41] EXT4-fs (loop2): Block reservation details [ 130.998524][ T8253] sd 0:0:1:0: device reset [ 131.109799][ T8256] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1738'. [ 131.179717][ T8265] netlink: 'syz.3.1743': attribute type 2 has an invalid length. [ 131.187765][ T8265] netlink: 4868 bytes leftover after parsing attributes in process `syz.3.1743'. [ 131.502152][ T8273] loop3: detected capacity change from 0 to 128 [ 131.627142][ T8277] IPVS: stopping master sync thread 7923 ... [ 131.700688][ T29] kauditd_printk_skb: 78 callbacks suppressed [ 131.700705][ T29] audit: type=1326 audit(1755973721.364:3334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8278 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dece5ebe9 code=0x7ffc0000 [ 131.769394][ T29] audit: type=1326 audit(1755973721.364:3335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8278 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dece5ebe9 code=0x7ffc0000 [ 131.793580][ T29] audit: type=1326 audit(1755973721.374:3336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8278 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7f4dece5ebe9 code=0x7ffc0000 [ 131.817512][ T29] audit: type=1326 audit(1755973721.374:3337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8278 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dece5ebe9 code=0x7ffc0000 [ 131.841204][ T29] audit: type=1326 audit(1755973721.374:3338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8278 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dece5ebe9 code=0x7ffc0000 [ 131.865210][ T29] audit: type=1326 audit(1755973721.374:3339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8278 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f4dece5ebe9 code=0x7ffc0000 [ 131.889015][ T29] audit: type=1326 audit(1755973721.374:3340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8278 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dece5ebe9 code=0x7ffc0000 [ 131.912538][ T29] audit: type=1326 audit(1755973721.374:3341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8278 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f4dece5ebe9 code=0x7ffc0000 [ 131.936329][ T29] audit: type=1326 audit(1755973721.374:3342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8278 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4dece5ec23 code=0x7ffc0000 [ 131.959949][ T29] audit: type=1326 audit(1755973721.374:3343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8278 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4dece5ec23 code=0x7ffc0000 [ 132.052538][ T8300] atomic_op ffff88811a2aa528 conn xmit_atomic 0000000000000000 [ 132.053156][ T8299] loop3: detected capacity change from 0 to 512 [ 132.119407][ T8299] EXT4-fs: Ignoring removed orlov option [ 132.145341][ T8299] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 132.170112][ T8308] netlink: 'syz.1.1763': attribute type 1 has an invalid length. [ 132.178018][ T8308] netlink: 'syz.1.1763': attribute type 4 has an invalid length. [ 132.185870][ T8308] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1763'. [ 132.211333][ T8299] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 132.238212][ T8299] EXT4-fs (loop3): 1 orphan inode deleted [ 132.251058][ T8299] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.347418][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.375155][ T8319] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1762'. [ 132.504182][ T8332] atomic_op ffff888128eebd28 conn xmit_atomic 0000000000000000 [ 132.658429][ T8346] loop4: detected capacity change from 0 to 1024 [ 132.665741][ T8346] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 132.677654][ T8346] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #3: block 1: comm syz.4.1775: lblock 1 mapped to illegal pblock 1 (length 1) [ 132.705375][ T8346] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.1775: Failed to acquire dquot type 0 [ 132.718379][ T8346] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.1775: Freeing blocks not in datazone - block = 0, count = 4096 [ 132.735911][ T8346] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.1775: Invalid inode bitmap blk 0 in block_group 0 [ 132.816997][ T8346] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 132.859698][ T8346] EXT4-fs (loop4): 1 orphan inode deleted [ 132.891606][ T8346] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.948983][ T8346] EXT4-fs error (device loop4): ext4_search_dir:1474: inode #2: block 16: comm syz.4.1775: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 133.058060][ T41] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 133.107367][ T41] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:2: Failed to release dquot type 0 [ 133.134351][ T8376] bridge0: entered promiscuous mode [ 133.139788][ T8376] macsec1: entered promiscuous mode [ 133.148139][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.158192][ T8376] bridge0: port 1(macsec1) entered blocking state [ 133.165073][ T8376] bridge0: port 1(macsec1) entered disabled state [ 133.178600][ T8376] macsec1: entered allmulticast mode [ 133.183966][ T8376] bridge0: entered allmulticast mode [ 133.190325][ T8376] macsec1: left allmulticast mode [ 133.195432][ T8376] bridge0: left allmulticast mode [ 133.202905][ T8376] bridge0: left promiscuous mode [ 133.759643][ T8403] __nla_validate_parse: 6 callbacks suppressed [ 133.759661][ T8403] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1795'. [ 134.087083][ T8413] atomic_op ffff8881049f7928 conn xmit_atomic 0000000000000000 [ 134.198947][ T8418] netlink: 14593 bytes leftover after parsing attributes in process `syz.3.1800'. [ 135.125608][ T8433] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1805'. [ 135.134839][ T8433] netem: unknown loss type 12 [ 135.139588][ T8433] netem: change failed [ 135.357195][ T8450] atomic_op ffff8881199dc528 conn xmit_atomic 0000000000000000 [ 135.434223][ T8443] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1809'. [ 135.443165][ T8443] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1809'. [ 135.452487][ T47] ================================================================== [ 135.460604][ T47] BUG: KCSAN: data-race in copy_process / free_pid [ 135.467117][ T47] [ 135.469437][ T47] read-write to 0xffffffff8685fc48 of 4 bytes by task 3305 on cpu 1: [ 135.477497][ T47] free_pid+0x77/0x180 [ 135.481597][ T47] free_pids+0x54/0xb0 [ 135.485680][ T47] release_task+0x9a9/0xb60 [ 135.490198][ T47] wait_consider_task+0x114a/0x1660 [ 135.495415][ T47] __do_wait+0xfa/0x510 [ 135.499585][ T47] do_wait+0xb7/0x260 [ 135.503576][ T47] kernel_wait4+0x16b/0x1e0 [ 135.508265][ T47] __x64_sys_wait4+0x91/0x120 [ 135.512949][ T47] x64_sys_call+0x2a66/0x2ff0 [ 135.517631][ T47] do_syscall_64+0xd2/0x200 [ 135.522140][ T47] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.528033][ T47] [ 135.530356][ T47] read to 0xffffffff8685fc48 of 4 bytes by task 47 on cpu 0: [ 135.537725][ T47] copy_process+0x14a6/0x2000 [ 135.542407][ T47] kernel_clone+0x16c/0x5c0 [ 135.546924][ T47] user_mode_thread+0x7d/0xb0 [ 135.551608][ T47] call_usermodehelper_exec_work+0x7a/0x160 [ 135.557511][ T47] process_scheduled_works+0x4ce/0x9d0 [ 135.562977][ T47] worker_thread+0x582/0x770 [ 135.567578][ T47] kthread+0x486/0x510 [ 135.571646][ T47] ret_from_fork+0xda/0x150 [ 135.576153][ T47] ret_from_fork_asm+0x1a/0x30 [ 135.580918][ T47] [ 135.583279][ T47] value changed: 0x800000e2 -> 0x800000e1 [ 135.588991][ T47] [ 135.591333][ T47] Reported by Kernel Concurrency Sanitizer on: [ 135.597492][ T47] CPU: 0 UID: 0 PID: 47 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(voluntary) [ 135.607228][ T47] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 135.617377][ T47] Workqueue: events_unbound call_usermodehelper_exec_work [ 135.624508][ T47] ================================================================== [ 135.633481][ T8454] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1809'. [ 138.530837][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 138.537984][ C0] bridge0: port 2(bridge_slave_1) entered learning state