last executing test programs: 2m16.206822685s ago: executing program 4 (id=283): r0 = socket$packet(0x11, 0x3, 0x300) bind$packet(r0, &(0x7f00000001c0)={0x11, 0x5, 0x0, 0x1, 0xe, 0x6, @local}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) sendto$packet(r0, &(0x7f0000000180)="0b031200e0ff64000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x88a8}, 0x14) 2m16.206625925s ago: executing program 4 (id=284): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_CHANNEL(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, 0x0, 0x2, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x2, 0x6b}}}}, [@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x320}]}, 0x30}, 0x1, 0x0, 0x0, 0x2008001}, 0x0) r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x8311}, 0x0, 0x2, 0xfffffffe, 0x7, 0x3}, 0x0, 0xfff7ffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00'}) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, 0x0, 0x2c000010) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="b8000000140001000000000004000000e000000200000000000000000000000000000000000000000000000000000000000000000fff00000a00200000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00@'], 0xb8}, 0x1, 0x0, 0x0, 0x404c830}, 0x987a3a9f32358a4c) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/rt_acct\x00') ioctl$SIOCGSTAMP(0xffffffffffffffff, 0x8906, 0x0) ioctl$RTC_ALM_READ(r4, 0x80247008, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r5) sendmsg$NL80211_CMD_GET_WOWLAN(r5, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x24, r6, 0x100, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x1}, @val={0x8, 0x3, r1}, @void}}, ["", "", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x80) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000002540)="955232d6c9", 0x5}], 0x1}}], 0x1, 0x4c801) r7 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) splice(r2, &(0x7f0000000580)=0x4, 0xffffffffffffffff, &(0x7f00000005c0)=0x2, 0x2000000000000000, 0x5) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001080)=ANY=[@ANYBLOB="680000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="20000000000200003800128009000100766c616e000000002800028006000100000200001c0003800c0001000180ffff090000000c000100010000004f09000008000500", @ANYRES32=r8, @ANYBLOB="08000300"], 0x68}}, 0x0) 2m16.116307958s ago: executing program 4 (id=285): mkdir(&(0x7f00000000c0)='./file0\x00', 0x100) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000200)={[{@nogrpid}, {@dax_inode}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@i_version}]}, 0x3, 0x45a, &(0x7f0000000700)="$eJzs3M+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEQQ2ejDHxbjz6L3jSizGeTLzq3ZAQwwXwVDPtDNuWtrClpbr9fJKB92be8N63b177Zl5LACNrKvsjidgaEX9ExEQ921xgqv7X1ctnF65dPruQRLX69t9JrdyVy2cXiqLFeVvyzHQakX6exO429a6cPnN8vlJZOpXnZ1dPfDC7cvrMc8dOzB9dOrp0cv+hQwcPzL34wv7n+xJn1qYruz5e3rPzjfe+fvPwl03xt8TRJ1PdDj5Zrfa5uuHa1pBOxobYENalFBFZd5Vr438iSrHWeRPx+qdDbRwwUNVqtbql8+FzVWADS6I5b8jDqCg+6LP732JrnQS8PLjpx9BdeqV+A5TFfTXf6kfGIs3LlFvub/tpKiLePffPt9kWg3kOAQDQ5Mds/vNsu/lfGg80lLsnXxuajIh7I2J7RNwXETsi4v6IWtkHI+Khddbfukhy4/wnvdhTYLcom/+9lK9tNc//itlfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp9e+/2rTsca53/ZltVfzAXzdlwc29R8zuL86vztxNzo0vmIXWPt4k+urwQkEbEzInb1WMexp7/f0+nYzePvog/rTNXvIp6q9/+5aIm/kHRfn5y9KypL+2aLq+JGv/524a1O9d9W/H2Q9f/dba//6/FPJo3rtSvrr+PCn190vKfp9fofT96ppcfzfR/Nr66emosYTw7XG924f//auUW+KJ/FP723/fjfHmuvxO6IyC7ihyPikYh4NG/7YxHxeETs7RL/L68+8X7v8Q9WFv/iuvp/LTEerXvaJ0rHf/6hqdLJG+K/1r3/D9ZS0/meW3n/u5V29XY1AwAAwP9PGhFbI0lnrqfTdGam/n35HRFpZXll9Zkjyx+eXKz/RmAyymnxpGui4XnoXH5bX8+fj4j6VwuK4wfy58bflDbX8jMLy5XFYQcPI25Lh/Gf+as07NYBAzcWm4fdBGBIuqyjp3eyHcCd5/faMLqMfxhdbca/BwIwItp9/n8yhHYAd17L+LfsByPE/T+Mro7jfyP/zz9Ajc9/GEkrm+PmP5Lvmij+pR5P37CJKP8nmnEbic/qfVpN2nZupMNvocTgEsN9XwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiXfwMAAP//3Bjf8Q==") 2m16.029433781s ago: executing program 4 (id=287): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x2c, 0x1, 0x0, 0x0, 0x0, 0x9, 0xf40d9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0}, 0x204, 0x0, 0x43a1bd76, 0x6, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200c}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) setfsgid(0xee01) write$binfmt_script(r1, &(0x7f0000000540), 0x84) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0xffff}, 0x50) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94) r8 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_ext={0x1a, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8792}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000180)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x3a, r6, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1, r7, 0x0, 0x0, 0x0, 0x10, 0x4a6}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001ac0)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r9 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000001c0)={r10, @in={{0x2, 0x0, @empty}}, 0xffffffff, 0x3, 0x0, 0x0, 0x5, 0x0, 0xfe}, 0x9c) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000801000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0}, 0x68) move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x459, 0x8000, 0x3, 0x6, 0x0}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000140)={0xffc0, 0x4, 0x800, 0x5, r11}, 0x10) sendmmsg$inet(r0, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000000040)="16", 0xffe3}], 0x1}}], 0x1, 0x4000800) 2m15.859400156s ago: executing program 4 (id=290): pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) write$P9_RREADLINK(r0, &(0x7f0000000040)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_config_ext={0x7, 0x3ff}, 0x1efb0, 0x1000, 0x20da, 0x0, 0xa, 0x20005, 0x8a6, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffdfffffffffff, 0xffffffffffffffff, 0xb) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) personality(0x87bf5ac905ea0f7f) mount$9p_rdma(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x2, &(0x7f0000000540)={'trans=rdma,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@rq={'rq', 0x3d, 0x1000}}, {@sq={'sq', 0x3d, 0xfffffffffffffffb}}, {@timeout}, {@common=@aname={'aname', 0x3d, '&,'}}, {@timeout={'timeout', 0x3d, 0x7}}, {@common=@access_user}, {@common=@noxattr}], [{@dont_hash}, {@fsuuid={'fsuuid', 0x3d, {[0x38, 0x32, 0x65, 0x62, 0x39, 0x39, 0x31, 0x38], 0x2d, [0x36, 0x63, 0x39, 0x63], 0x2d, [0x35, 0x39, 0x6, 0x31], 0x2d, [0x30, 0x32, 0x31, 0x65], 0x2d, [0x61, 0x0, 0x65, 0x62, 0x38, 0x36, 0x37, 0x66]}}}]}}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280)={0xffffffffffffffff}, 0x106, 0x2}}, 0xfe5e) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f0000000480)=[{0x2d, 0x0, [0x2, 0x7, 0x4, 0x7, 0xedd, 0x6, 0x6, 0x2, 0x7, 0x5, 0x8000008, 0x28a, 0x6, 0x7ff, 0x1, 0x9]}, {0x2b, 0x0, [0x0, 0x4fb, 0x1000, 0x6, 0x3, 0x9, 0x4, 0x5, 0x4, 0xa59, 0x1, 0x6, 0xfffffffb, 0x2ad, 0x8, 0x7]}], r2, 0x1, 0x1, 0x90}}, 0x20) r3 = memfd_create(&(0x7f0000000680)='\x00\xc7\x8c\xa3I6\xbe\x91\x8d\x182)!\x9a%\xd9\x19\x17\xb0\xed|\xb3\xc2\x017h\xe9kL\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\b\x00\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R:\xf6\xff\xff\xff\xff\xff\xff\x18\x8f2\xf7]#\xed,\xc7\x03\x00\x00\x00\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8\'K\xb6o\x9a\x9e~\xf0|\xe6\xe4ZW\xbe2\xc9\xe4R$\xaa\x00U\x92\xd2\x99\xb8\x00Q\xe6\f\b\xcf\xdd\xdc+]\xe7\x87H\xcb\x9f\x91=\xe4K\xaf\xea\x14G\x19\r\xec6\xd4\xd0L\xb1UH_\xe8m\nP\x0f\xdcP\xcb\xd9\x0592\xcae\xec$gy!9\xf08\xf1V\x1a\xae\xbe\xb1\xc9\x9bB\x05\xcd\xc7\x9f\xe8\x19\x93\x87\xf4\n\x8e\x919\x9e\x15\x18\xb1\v\x81\x89\x17\x993>\x8d\xfd\xa3\x10\xb0\xcaRGTZS\x167.\x17\xcc\xc0P\xeb\x94fz\xfe\xf0\xdb\xa5x&\xff\f\xdc\xe0\x89|\xdaB\xc6Kp\xc0\xad\'\v\"V\x89I\xee\xef<\x17Z\xaf\xb4\x11\xf9\a\xfa\x9a\x97\x90\xf2\x01\'\xecCh\xd1g=\x96\x9f\xafk\x02\xd7\xb8\x8e\x81\xae(\xe6HNx\xedD\x9b\xc4\xc2\xe7&\xdb\x05\xac', 0xc) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000000080)={0x8}) fstat(r4, 0x0) fsetxattr$security_selinux(r3, &(0x7f0000000480), &(0x7f00000004c0)='system_u:object_r:hwdata_t:s0\x00', 0x1a, 0x0) 2m15.763295559s ago: executing program 4 (id=292): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r0, 0x0, 0x1, &(0x7f0000000000)=0xffffff7e, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x48, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x100000000}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWTABLE={0x50, 0x0, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0x2f, 0x6, "14d7b19017167a78b7d02fc9cde2879d81c437e7673296e30eebb82c6b8a00f831b84a0b82d2b5019b81ca"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xc0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000000a0a0102"], 0x14}}, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) 1m47.069676151s ago: executing program 32 (id=292): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r0, 0x0, 0x1, &(0x7f0000000000)=0xffffff7e, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x48, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x100000000}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWTABLE={0x50, 0x0, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0x2f, 0x6, "14d7b19017167a78b7d02fc9cde2879d81c437e7673296e30eebb82c6b8a00f831b84a0b82d2b5019b81ca"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xc0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000000a0a0102"], 0x14}}, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) 10.945131343s ago: executing program 5 (id=965): prlimit64(0x0, 0x9, &(0x7f00000001c0)={0x9, 0x7f}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 10.807052747s ago: executing program 5 (id=967): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0xa, 0x0, 0x0, 0x7ffc0006}]}) ioprio_set$pid(0x1, 0x0, 0x6000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xe, &(0x7f0000006680)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x4c142, 0x12) sendfile(r1, r1, 0x0, 0xe3aa6ea) fallocate(r0, 0x0, 0x1, 0x8ffff) statfs(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)=""/234) 10.539024246s ago: executing program 5 (id=968): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000003b00)=@newtfilter={0x44, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xe, 0xfff3}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_route={{0xa}, {0x14, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0x25}, @TCA_ROUTE4_FROM={0x8, 0x3, 0x9e}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0) 10.359121822s ago: executing program 5 (id=969): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) fsopen(0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000500)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0xf241f1a146326c4, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x8, 0x40008, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, @perf_config_ext={0x9, 0x2}, 0x4580, 0x0, 0x800000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000440)={[{@resgid={'resgid', 0x3d, 0xee00}}, {}, {@grpquota}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@delalloc}, {@nogrpid}, {@noauto_da_alloc}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=") setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f0000001380)=ANY=[], 0x835, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) creat(&(0x7f0000000240)='./file0/file0\x00', 0x20) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xc, 0x1c, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1b}}, {}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x5}, {0x3, 0x3, 0x6, 0xa, 0xa}, {0x5, 0x1, 0xb, 0x8, 0xa, 0x4}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x0}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x2}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c0}, 0x94) 7.790943193s ago: executing program 5 (id=978): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) fsopen(0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000500)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0xf241f1a146326c4, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x8, 0x40008, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, @perf_config_ext={0x9, 0x2}, 0x4580, 0x0, 0x800000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000440)={[{@resgid={'resgid', 0x3d, 0xee00}}, {}, {@grpquota}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@delalloc}, {@nogrpid}, {@noauto_da_alloc}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=") setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f0000001380)=ANY=[], 0x835, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r4, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000980)="91f8", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000001500)="24acadd7f04daaa04e88680351d9ce53f67fd2afefe557d4bd561f02df2570f175951d4bdd97ec433ec583c79fa668922a61c8662e0890ce06996f5ba401e582dfb5197822bee50c6cd4b3a6f9d14f1fde9b1698ad6847d4fde0458282ece396a1e212cd02e6fb62599df5ecb5984843ee04e96eb26fa2a8100a0b7b2d032fff965485ded83b39d6c9835416a8db5414a6c54101693e6b05e652b49fceaf4a0cc2b7898034ff0eb5150b3e85b9ff5658ba346d0b6b5a3a71eb084311606cf6b8ccf7c45a79b319a201e9c5ae9f0aab5c4dd7a77de7f5ae2edb307892dbfa8377446d8cabb9302b27250c66ddaeb3988933df044b6ae4570671cf861484b9124827dbe78a0388eecac9e6ad371287ca014fa658c6f1308b046b2fc0cc3d5b8ba48f3b1319d5976bb45f3c630f01c77b93f07fe2b304a98383258a37791da00145e24f619c5dd07939c39212ca7d8421dcf50ab703f86dacf4a4159a123d25a7a9ad2319a876af43da4cf86b0f6a7f261562e1b10681a71d941a5e90031452e37f4a616b85fe6b48803cbca2369565be720ef5fd1e6326234c34f6e13ba39f9460acc68e15eef508e402b29e452883c90b50b04d66ad07cb689d31426147a965dd4691519d844bfc83d830b8c5a679c41fbdcc2d16b3dcecc1f5be156f96fa2a315c68bfd1ebba95e9de0e3cdf7ad8e93b92cda3c4643ca88fcd710c1a24d0d62b54d937f2fbe7aa09ba34c71a17eefa0dba2d4752ae91850d734be15b1f2f5e36856786f5cf0afec24a46634f8d5aec6008c1ace1e404af77c8f4d37283847349ac22f6703d44fb66cec0ceb9390cf2f878d8390ecd8fbeb82a6ccd966bca4c4689a2e2a850a30dfa7c0c19ecec0c799e2880d2088ece8401306bfa4b34da709caa802c8f9d6deb5b599d262faa7de40de113c89a8e8e3a4f19ac1847387be89e27286e20dd49339021e79ddb0cf3bf72fcc25f3b7d35ca05c4473521320b1a6bee637e4f4da9692506931df8f990ed54e23000030d26f30c8ee3ace6c9d5795b7443aa0651ecb2b64549d4bd4bea0ed0f69e69291057bf7c3b92ad0a8ec4e5acf31c4ed8c372f1bd9b0bf6c51a7a29915fc2e5a24c36599612fd4527870ea6c7057f87c105c73386f738f98165cb8bac0d2ce46eeb7e39d9f3c2d93e4910d231ce946d65120f2bd4842ed181261c0ea728b06e6155944b6c3554d553724c5419d45f633d97bc59889ed7a4df1d35cc9bede168d3d8dca779293dd9564877b009d93c99a7a0f983e33e937bfb13b06e611c8c33313821f110e6911643cfabc2c75c42af256a07c8fee22c7795cb5a57dda8df2b668d893dd7a6bbfada01b49c6c96156bd5ebc10f16fd30579fa059207c4c9f69fff76a3e83839697324adc1037b64db5fe6f55a72fc9311a414c8848885071620e2c7539e6ac2684785ce04bba9785b4571e183bc12fdad8d58e57d0355c4082fbe08fdb8feedd6d3d6f7f586f22b06069ed48b931c7cbc2eca14b2e649432953a9ef28928450ca8907b90fce815cdfecf28816817e72fa25317324b64ff7259d1a2bb9ef8469048f652fd47638060a26a48ff9e05a1fc6fed416d5a0f461cb111ce1cc9cdd38032c30e7c6b520274d638ddd69ef1c08d8c66b134d8b8ca861e7eac50714bd71106ff", 0x49c}], 0x1}}], 0x2, 0x2090) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xc, 0x1c, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1b}}, {}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x5}, {0x3, 0x3, 0x6, 0xa, 0xa}, {0x5, 0x1, 0xb, 0x8, 0xa, 0x4}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x0}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x2}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c0}, 0x94) 6.400435428s ago: executing program 3 (id=983): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000440)={[{@resgid={'resgid', 0x3d, 0xee00}}, {}, {@grpquota}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@delalloc}, {@nogrpid}, {@noauto_da_alloc}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) 6.111308646s ago: executing program 3 (id=985): perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc0314, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_bp={0x0, 0xe}, 0x0, 0x3, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f0000000340), &(0x7f0000000380)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r1, 0x18000000000002a0, 0x15, 0x0, &(0x7f00000002c0)="b9ff030768323a9c563638e104268c989e54f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 5.982857231s ago: executing program 0 (id=988): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x630, 0x65, 0x400, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x8, 0x2}, {0x0, 0x1}, {0x5}}, [@filter_kind_options=@f_bpf={{0x8}, {0x504, 0x2, [@TCA_BPF_ACT={0x500, 0x1, [@m_simple={0xdc, 0xa, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x9, 0x3, '\xc2@\x1d,\x00'}, @TCA_DEF_DATA={0xa, 0x3, '%{^):\x00'}]}, {0x95, 0x6, "f2687c5aa78339e616deb3f19827c994141f940d92a804637d54cb155e6be27b3c2ad1ec52a0a08ca0fb9f17a3ef6ce3652e6f0136028c9b46b33e74015138ea6ba9c60c29dd78378bb28567c803e2a63a94c5fba4bb4bb2adcab7d81ccda8c5f8e000b81344003a049b8353b716e0d9c0c6c5fbd0a6ac6532013f1ee7bfec23f8da74544263415dacc108fada4f83a23b"}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_bpf={0x124, 0x8, 0x0, 0x0, {{0x8}, {0x18, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}]}, {0xe5, 0x6, "5d3aee85a6264cff4a2163adaec321e008985cfa435b8922eeb16f1932265618158a3fe72c442a68b182e8f673f9251a03dc831c5947be17ca906c3dcb99adb55bc5f0ad8886f235f45d7e29bb727715f2e7a3200ac63eb79f7a023835874514b60b0177c40370157c0c21b37875e7e4a2e75b3cc54be7d719fa695469336b975cb56bf3667e66922c0cf263fb2e4901e74673ec3bf8e140cb438b8aae24d0722b0ea76c66d09a9ae2578f669067fc7f4e7e11e7d6206ac703d98c3cd3b5372b60c63437cedd6c47eeb235ad519ca418c057a0c2e2efdad1db459ffde7207d4b45"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_nat={0x208, 0x6, 0x0, 0x0, {{0x8}, {0x16c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xab7, 0x4c1adacc, 0x5, 0x99, 0x6}, @remote, @local, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x1, 0x401, 0x7, 0x6, 0x5}, @rand_addr=0x64010102, @rand_addr=0x64010102, 0xff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x1, 0x5, 0x8, 0x0, 0xd}, @private=0xa010100, @empty, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x4ef0, 0x1, 0x4, 0x10000, 0xc0e}, @multicast1, @rand_addr=0x64010100, 0xff000000, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xe21, 0x1, 0x3, 0xfd30, 0x1}, @remote, @local, 0xff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x2, 0x11d, 0x5, 0x3, 0x1}, @multicast1, @empty, 0xff000000}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0xffffff7f, 0x5, 0x79, 0x74e69dde}, @broadcast, @empty, 0xffffffff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xffff000, 0x2cf, 0xffffffffffffffff, 0x7, 0xfffffffb}, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0xff000000, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x10, 0x8, 0x10000000, 0x1ff, 0x2}, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, 0xffffff00}}]}, {0x77, 0x6, "72c2816ab98a21c440078477977f213e81d0d0ff724f9d0109cdd14889252206b3196663ec1f74e5725f9c0ecf9c39784a71c0f063e45546f47be19f4cc6f84d49f14e97170ef06821de0ad03324f247a528ffe670b5612e99cdea1c052893a8bebddc718dcdb6f83131ecdce1ff76574eb3bd"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_connmark={0xf4, 0xb, 0x0, 0x0, {{0xd}, {0xac, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1ff, 0x5, 0x7, 0x1, 0x1e1c}, 0x5}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xd784, 0x7ff, 0x20000000, 0x9, 0x4}, 0x2}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x4, 0x5, 0x8, 0x1}, 0x5}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x4, 0x2, 0x20000000, 0x6, 0x6a}, 0x80}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0x2, 0xfffffffffffffff7, 0x9, 0x7}, 0x6}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x3ff, 0x0, 0xb, 0xd}, 0xf40f}}]}, {0x19, 0x6, "b243cf248ea5504cf7e5a67f45c10cd2a166afa2d8"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0xb, 0x40}}, @filter_kind_options=@f_bpf={{0x8}, {0xf0, 0x2, [@TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0xe0, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_simple={0xac, 0xb, 0x0, 0x0, {{0xb}, {0x80, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xe, 0x3, ')&%!J*).,\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x6, 0x3, 0x1, 0x40}}, @TCA_DEF_PARMS={0x18, 0x2, {0x9, 0x8, 0x6, 0x3, 0xf}}, @TCA_DEF_PARMS={0x18, 0x2, {0x5, 0x1, 0x0, 0x37, 0x80000000}}, @TCA_DEF_PARMS={0x18, 0x2, {0x965, 0x3, 0x6, 0x8, 0x8}}, @TCA_DEF_DATA={0xa, 0x3, '%{^):\x00'}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}}]}, 0x630}, 0x1, 0x0, 0x0, 0x2404c080}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 5.953338211s ago: executing program 2 (id=989): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x4e8, 0x1d8, 0xffffffff, 0xffffffff, 0x1d8, 0xffffffff, 0x460, 0xffffffff, 0xffffffff, 0x460, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x168, 0x190, 0x0, {}, [@common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@private1, [0xff000000, 0xffffffff, 0xff, 0xffffffff], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xff, 0xffffffff, 0xffffffff], @ipv6=@empty, [0xff000000, 0xff, 0xff, 0xff], @ipv6=@local, [0xffffffff, 0xff000000, 0xff000000, 0xffffff00], 0x80, 0x54, 0x3b, 0x4e20, 0x4e23, 0x4e21, 0x4e23, 0x446, 0x39a}, 0x100, 0x20}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0xe, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x548) syz_emit_ethernet(0x56, &(0x7f0000000040)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x20, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e21, 0x41424344, 0x41424344, 0x1, 0x0, 0x8, 0x10, 0x1, 0x0, 0xffd, {[@generic={0x0, 0xb, "393fe0de62e77b4a01"}]}}}}}}}}, 0x0) 5.874708914s ago: executing program 3 (id=990): syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007f, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x17440000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000500)=@file={0x0, './mnt\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0xf241f1a146326c4, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r4 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0xa420, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r3) socketpair$tipc(0x1e, 0x1, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r5, &(0x7f0000001900)=[{&(0x7f0000000440)=""/139, 0x8b}, {&(0x7f0000000500)=""/217, 0xd9}, {0x0}, {&(0x7f0000000700)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/108, 0x6c}], 0x5, 0x4004, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x801}, 0x4000000) r6 = epoll_create(0x200) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0xa0000008}) close(0xffffffffffffffff) openat$hwrng(0xffffffffffffff9c, 0x0, 0x200, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0xa) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) openat(0xffffffffffffff9c, 0x0, 0x2040, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x40) capset(0x0, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7}) syz_clone3(&(0x7f000000dd80)={0xa04400, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x0, 0x0, 0x0}, 0x58) 5.761732628s ago: executing program 2 (id=991): perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x11feb0, 0x1002, 0x20da, 0x0, 0x0, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xc0, 0x8}, 0x143, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x0) r1 = syz_clone(0x2008400, 0x0, 0x0, 0x0, 0x0, 0x0) unshare(0x6a040000) quotactl$Q_SETQUOTA(0xffffffff80000801, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x106900, 0x10) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @rand_addr, 0x5}, 0x1c) listen(r2, 0x10040) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f00000002c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x68, 0x0, 0x95, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x4, 0xca, 0x0, 0x1000, {[@generic={0x0, 0x2}]}}}}}}}, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, &(0x7f0000000a00)={0x4, 0x1, 0x0, &(0x7f0000000980)=[{&(0x7f00000006c0)=""/192, 0xc0}, {&(0x7f0000000780)=""/160, 0xa0}, {&(0x7f0000000840)=""/93, 0x5d}, {&(0x7f00000008c0)=""/188, 0xbc}], &(0x7f00000009c0)=[0x4]}, 0x20) quotactl$Q_SETQUOTA(0xffffffff80000801, 0x0, 0x0, &(0x7f0000000180)={0x6, 0x2, 0xa9, 0x7fffffffffffffff, 0x1000000000000, 0xfffffffffffffff5, 0x0, 0x7fff, 0x400005}) r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) sendfile(r3, r3, 0x0, 0x800000009) sendmmsg(r3, &(0x7f0000006400), 0x0, 0x40) syz_clone3(&(0x7f0000002800)={0x200000, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000200), {0x8}, &(0x7f00000005c0)=""/234, 0xea, &(0x7f0000001340)=""/4096, &(0x7f00000027c0)=[r1, r1, 0x0], 0x3, {r3}}, 0x58) perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0x5c, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40008, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, @perf_config_ext={0x9, 0xc64}, 0x10096, 0x0, 0x800000, 0x1, 0x5, 0x2, 0x6, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000024c0)=@newlink={0x34, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x0, 0x4600}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x4000000) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), r3) sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2c4b46cd7fd355ea}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x24, r5, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4008814) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x25dfdc00, {0x0, 0x0, 0x74, 0x0, 0x800}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0xe}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000801}, 0x24008804) 5.747323138s ago: executing program 0 (id=992): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) fsopen(0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000500)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0xf241f1a146326c4, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x8, 0x40008, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, @perf_config_ext={0x9, 0x2}, 0x4580, 0x0, 0x800000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000440)={[{@resgid={'resgid', 0x3d, 0xee00}}, {}, {@grpquota}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@delalloc}, {@nogrpid}, {@noauto_da_alloc}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=") setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f0000001380)=ANY=[], 0x835, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 4.776485229s ago: executing program 5 (id=993): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r0 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)='\b', 0x1}, {&(0x7f0000000300)="2d0000008058", 0x6}], 0x2, &(0x7f00000004c0)=ANY=[], 0x40}, 0x4007fee) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x68, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) getxattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=@known='system.posix_acl_default\x00', &(0x7f0000000480)=""/4096, 0x1000) 3.437575501s ago: executing program 3 (id=994): ioctl$XFS_IOC_START_COMMIT(0xffffffffffffffff, 0x80585882, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x4, 0x400, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_config_ext={0x288}, 0xa236, 0x6, 0x11000, 0x4, 0x9484, 0x2001, 0x400, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x2) syz_mount_image$msdos(&(0x7f00000008c0), &(0x7f0000000000)='.\x02\x00', 0x4000, &(0x7f0000010300)=ANY=[@ANYBLOB="646973636172642c646f74732c646f74732c6e6f646f74732c636865636b3d7374726963742c646f74732c0080fcdc5c3dd34a5bee25f099008bade73ed878442a18112f260a6de8f9de23ca03128aff6e012a1d950f746fd8a192b6e048d4bcb62d5ee3a79d7ff9522014e3c0881f4cdda0cd5c0458cae665", @ANYRES8=0x0, @ANYBLOB="480739ec7f920fa6747a8d8b349973cf30a48915269c162dc20ae93cf8fbfa28624f375bdec0b1a8ea75b79c5d3d4d8ed5ac8a1508fb15b3ac020fccfcbbabba643c13fc7eac589762cbeb037eb9a48ae4fd4672bf3d1185e4693115a4b61ffece04ed4a690feb7ce885c8cec3623bb08fe74fd339982f378771670bc977462814b8835519212d0c4f23e8276671e88a5ac111f89af06d91333e6fe2cdf1e466adbd"], 0x1, 0x11f0, &(0x7f0000001b00)="$eJzs209rY1UYB+C3mdR2MrZT/43ObDzoRjcXZxauZlOkBZmAMjMRZgThDk01JCYhN4tkcDHgzpWfQ1y6E8Qv0G/hrgiim3FjpE1a2xq1BZtYfJ7NfcnvnNxz4CZwQt7d219+2twusu28H6WFhSh3FyM9TZGiFJdi7Em8+fnmL1/ce/Dwznq1unE3pc31+zffTimtvvrdh599/dr3/SsffLP67VLsrH20+9OtH3au7Vzf/e3+J40iNYrU7vRTnh51Ov38UauethpFM0vp/VY9L+qp0S7qvWP5dqvT7Q5T3t5aqXR79aJIeXuYmvVh6ndSvzdM+cd5o52yLEsrleCk0Wg0Ou3Y2ldP90b/Wjmcevl2Ja7Es7ESq3E11uK5eD5eiBfjpbgWL8crcf1M7w8AAAAAAAAAAAAAAAAAAACcxn7/f4xGi/HMfmf/5dD/DwAAAAAAAAAAAAAAAAAAALOm/x8AAAAAAAAAAAAAAAAAAADmT/8/AAAAAAAAAAAAAAAAAAAAzN+9Bw/vrFerG3dTWo748cmgNqiNr+N8893qxltp39ofs34eDGqXDvOb4zwdz5eiMslvTc2X443Xx/le9s571aN5KWo3Yuv8tw8AAAD/C1k6NPV8n2V/lY+rI78PnDjfl+NGedodlyfX0dXz2A9nUwwfN/NWq94rhosHxeN/uSjHaQcvTFZ1LstQXPBiafJ07L1yUP8nFnakKMc/jCn93fQpn8q5FbP/LmL2/vzsAQAAAAAAAAAAcBHM4u+EJ+9Zms9WAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5nB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwE4BAAD//z4uiDQ=") unshare(0x6020400) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)={@map, r1, 0x2f, 0x34}, 0x20) r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x4030582b, &(0x7f00000002c0)={'ip6gre0\x00', @remote}) setsockopt$RDS_GET_MR(r3, 0x114, 0x2, &(0x7f00000004c0)={{&(0x7f00000003c0)=""/176, 0xb0}, &(0x7f0000000480), 0x70}, 0xffffffffffffffb8) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r2, 0xc0185879, &(0x7f0000000040)={@id={0x2, 0x0, @b}}) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f0000000180)) 3.338587334s ago: executing program 1 (id=995): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={0x0, 0x0, 0x96, 0x0, 0x3}, 0x28) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct={0x0, 0x0, 0x0, 0x4, 0x0, 0x80000}]}}, 0x0, 0x26}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80) 2.350902486s ago: executing program 2 (id=996): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x2c, 0x1, 0x0, 0x0, 0x0, 0x9, 0x5d299, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x9, 0x9}, 0x0, 0x32, 0x1e, 0x7, 0x9, 0x9, 0x6, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a09007, 0x0) pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./file0\x00') 2.312796637s ago: executing program 3 (id=997): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) fsopen(0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000500)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0xf241f1a146326c4, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x8, 0x40008, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, @perf_config_ext={0x9, 0x2}, 0x4580, 0x0, 0x800000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000440)={[{@resgid={'resgid', 0x3d, 0xee00}}, {}, {@grpquota}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@delalloc}, {@nogrpid}, {@noauto_da_alloc}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=") setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f0000001380)=ANY=[], 0x835, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r4, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000980)="91f8", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000001500)="24acadd7f04daaa04e88680351d9ce53f67fd2afefe557d4bd561f02df2570f175951d4bdd97ec433ec583c79fa668922a61c8662e0890ce06996f5ba401e582dfb5197822bee50c6cd4b3a6f9d14f1fde9b1698ad6847d4fde0458282ece396a1e212cd02e6fb62599df5ecb5984843ee04e96eb26fa2a8100a0b7b2d032fff965485ded83b39d6c9835416a8db5414a6c54101693e6b05e652b49fceaf4a0cc2b7898034ff0eb5150b3e85b9ff5658ba346d0b6b5a3a71eb084311606cf6b8ccf7c45a79b319a201e9c5ae9f0aab5c4dd7a77de7f5ae2edb307892dbfa8377446d8cabb9302b27250c66ddaeb3988933df044b6ae4570671cf861484b9124827dbe78a0388eecac9e6ad371287ca014fa658c6f1308b046b2fc0cc3d5b8ba48f3b1319d5976bb45f3c630f01c77b93f07fe2b304a98383258a37791da00145e24f619c5dd07939c39212ca7d8421dcf50ab703f86dacf4a4159a123d25a7a9ad2319a876af43da4cf86b0f6a7f261562e1b10681a71d941a5e90031452e37f4a616b85fe6b48803cbca2369565be720ef5fd1e6326234c34f6e13ba39f9460acc68e15eef508e402b29e452883c90b50b04d66ad07cb689d31426147a965dd4691519d844bfc83d830b8c5a679c41fbdcc2d16b3dcecc1f5be156f96fa2a315c68bfd1ebba95e9de0e3cdf7ad8e93b92cda3c4643ca88fcd710c1a24d0d62b54d937f2fbe7aa09ba34c71a17eefa0dba2d4752ae91850d734be15b1f2f5e36856786f5cf0afec24a46634f8d5aec6008c1ace1e404af77c8f4d37283847349ac22f6703d44fb66cec0ceb9390cf2f878d8390ecd8fbeb82a6ccd966bca4c4689a2e2a850a30dfa7c0c19ecec0c799e2880d2088ece8401306bfa4b34da709caa802c8f9d6deb5b599d262faa7de40de113c89a8e8e3a4f19ac1847387be89e27286e20dd49339021e79ddb0cf3bf72fcc25f3b7d35ca05c4473521320b1a6bee637e4f4da9692506931df8f990ed54e23000030d26f30c8ee3ace6c9d5795b7443aa0651ecb2b64549d4bd4bea0ed0f69e69291057bf7c3b92ad0a8ec4e5acf31c4ed8c372f1bd9b0bf6c51a7a29915fc2e5a24c36599612fd4527870ea6c7057f87c105c73386f738f98165cb8bac0d2ce46eeb7e39d9f3c2d93e4910d231ce946d65120f2bd4842ed181261c0ea728b06e6155944b6c3554d553724c5419d45f633d97bc59889ed7a4df1d35cc9bede168d3d8dca779293dd9564877b009d93c99a7a0f983e33e937bfb13b06e611c8c33313821f110e6911643cfabc2c75c42af256a07c8fee22c7795cb5a57dda8df2b668d893dd7a6bbfada01b49c6c96156bd5ebc10f16fd30579fa059207c4c9f69fff76a3e83839697324adc1037b64db5fe6f55a72fc9311a414c8848885071620e2c7539e6ac2684785ce04bba9785b4571e183bc12fdad8d58e57d0355c4082fbe08fdb8feedd6d3d6f7f586f22b06069ed48b931c7cbc2eca14b2e649432953a9ef28928450ca8907b90fce815cdfecf28816817e72fa25317324b64ff7259d1a2bb9ef8469048f652fd47638060a26a48ff9e05a1fc6fed416d5a0f461cb111ce1cc9cdd38032c30e7c6b520274d638ddd69ef1c08d8c66b134d8b8ca861e7eac50714bd71106ff", 0x49c}], 0x1}}], 0x2, 0x2090) creat(&(0x7f0000000240)='./file0/file0\x00', 0x20) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xc, 0x1c, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1b}}, {}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x5}, {0x3, 0x3, 0x6, 0xa, 0xa}, {0x5, 0x1, 0xb, 0x8, 0xa, 0x4}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x0}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x2}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c0}, 0x94) 2.272129888s ago: executing program 1 (id=998): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r0, 0x1) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0xfffffffe, @empty, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x1, @empty, 0x8}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r2, 0xfffffffb) r3 = fsopen(&(0x7f0000000140)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x9) fchdir(r4) creat(&(0x7f0000000200)='./file1\x00', 0x1) 2.22536557s ago: executing program 0 (id=999): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={0x0, 0x0, 0x96, 0x0, 0x3}, 0x28) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct={0x0, 0x0, 0x0, 0x4, 0x0, 0x80000}]}}, 0x0, 0x26}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80) 2.209826621s ago: executing program 2 (id=1000): perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc0314, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_bp={0x0, 0xe}, 0x0, 0x3, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f0000000340), &(0x7f0000000380)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r1, 0x18000000000002a0, 0x15, 0x0, &(0x7f00000002c0)="b9ff030768323a9c563638e104268c989e54f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 2.181666771s ago: executing program 1 (id=1001): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x4e8, 0x1d8, 0xffffffff, 0xffffffff, 0x1d8, 0xffffffff, 0x460, 0xffffffff, 0xffffffff, 0x460, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x168, 0x190, 0x0, {}, [@common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@private1, [0xff000000, 0xffffffff, 0xff, 0xffffffff], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xff, 0xffffffff, 0xffffffff], @ipv6=@empty, [0xff000000, 0xff, 0xff, 0xff], @ipv6=@local, [0xffffffff, 0xff000000, 0xff000000, 0xffffff00], 0x80, 0x54, 0x3b, 0x4e20, 0x4e23, 0x4e21, 0x4e23, 0x446, 0x39a}, 0x100, 0x20}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0xe, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x548) syz_emit_ethernet(0x56, &(0x7f0000000040)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x20, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e21, 0x41424344, 0x41424344, 0x1, 0x0, 0x8, 0x10, 0x1, 0x0, 0xffd, {[@generic={0x0, 0xb, "393fe0de62e77b4a01"}]}}}}}}}}, 0x0) 2.113813194s ago: executing program 1 (id=1002): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000440)={[{@resgid={'resgid', 0x3d, 0xee00}}, {}, {@grpquota}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@delalloc}, {@nogrpid}, {@noauto_da_alloc}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) 2.110098973s ago: executing program 0 (id=1003): prlimit64(0x0, 0x9, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 1.765927434s ago: executing program 2 (id=1004): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) unshare(0x400) r1 = syz_pidfd_open(r0, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc040ff0b, &(0x7f0000000180)) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401f, 0x68180, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6f, 0x0, @perf_config_ext={0x4, 0x7}, 0x10c040, 0x3, 0x7, 0x3, 0x40006, 0x8, 0x7fff, 0x0, 0x0, 0x0, 0x8b}, 0x0, 0xff6fbfffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb010018000000000000007c0000007c00000002000000f3ff00000000000e0000000000000000000000000600000d00000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000c20000000000000000000000900000000000000000000000900000000000000000000000902"], 0x0, 0x96, 0x0, 0x3}, 0x28) ioctl$FS_IOC_SETFSLABEL(r3, 0x41009432, &(0x7f0000000600)="608ac280af647de77b8a4807c4718544ea17787a89fcac60758719a969b0023916e91a8f635cd42e2d329194975e3c92968de85fcdcee6afa44ab8995db94c335852db95a1fc09d92fcbfb24c8eca9bacf3b00c90e324afb4279b4b1b7ad8a099cd498ed403bf100f4c9f047774d76ea0a4a4020e96302e29c0712844eca77dda521247cf501c2c2d9037c310e27ef8d6d6fc8f1db8ea14b2b88077521d359803134e590c97201904e3d19fd90286dd3868f6a6cae07ccf89375c7c5b9cff047efdb3fb863d67ab01f02bf0f2042a04b41ec0d9e9504e8441e5f63fd341538d2e35ed342c79520737279733cae8fcfbd465de1efa2946c376cdb4f7c0dcc02c1") r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct={0x0, 0x0, 0x0, 0x4, 0x0, 0x80000}]}}, 0x0, 0x26}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80) open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r6, 0x89f0, &(0x7f0000000380)={'ip6tnl0\x00', &(0x7f0000000280)={'syztnl2\x00', 0x0, 0x0, 0x4, 0x8, 0xac75, 0x73, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, 0x7, 0x700, 0x9, 0x9}}) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cbq={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x9, 0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001d80)={0x6, 0xb, &(0x7f0000000bc0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffff801, 0x0, 0x0, 0x0, 0x2e}, [@alu={0x4, 0x0, 0x9, 0x0, 0x0, 0x30}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x9}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x3}, @generic={0xf5, 0x3, 0x1, 0x4, 0x3}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x1}]}, &(0x7f0000000c40)='GPL\x00', 0x40, 0x1000, &(0x7f0000000c80)=""/4096, 0x41000, 0x11, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000001c80)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000001cc0)={0x5, 0x1, 0x4, 0x52}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000001d00)=[r7], &(0x7f0000001d40)=[{0x1, 0x5, 0xe}], 0x10, 0x5}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, &(0x7f0000000240)={0x84, @rand_addr=0x64010102, 0x4e20, 0x3, 'lblcr\x00', 0x1, 0xa7e, 0x70}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r8, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4f21, 0x3, 'lc\x00', 0x5, 0x8, 0x10}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e20, 0x10048, 0xcd, 0x48}}, 0x44) 1.100836516s ago: executing program 2 (id=1005): r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) syz_open_dev$MSR(0x0, 0xfff, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c1) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x9, 0x80552, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, @perf_bp={0x0, 0xa}, 0x102260, 0x10000, 0x0, 0x1, 0x5, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x2000000020000005}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fd, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, @perf_bp={0x0, 0xd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r2, 0x65, 0x2, &(0x7f0000000400)=0x2, 0x4) bind$can_raw(r2, &(0x7f0000000480), 0x10) close(r2) fcntl$setlease(r1, 0x400, 0x0) 1.026243208s ago: executing program 1 (id=1006): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) pread64(r1, &(0x7f0000000180)=""/82, 0x52, 0x3) r2 = perf_event_open(0x0, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/32], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) setfsgid(0xee01) write$binfmt_script(r1, &(0x7f0000000540), 0x84) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0xffff}, 0x50) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94) r8 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_ext={0x1a, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8792}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000180)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x3a, r6, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1, r7, 0x0, 0x0, 0x0, 0x10, 0x4a6}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001ac0)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r9 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000001c0)={r10, @in={{0x2, 0x0, @empty}}, 0xffffffff, 0x3, 0x0, 0x0, 0x5, 0x0, 0xfe}, 0x9c) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000801000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0}, 0x68) move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x459, 0x8000, 0x3, 0x6, 0x0}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000140)={0xffc0, 0x4, 0x800, 0x5, r11}, 0x10) sendmmsg$inet(r0, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000000040)="16", 0xffe3}], 0x1}}], 0x1, 0x4000800) 762.147316ms ago: executing program 0 (id=1007): socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000050000000000000000000000000d0000000c000300686173683a697000050004000000dfff0800020073797a00050005000200000000000000"], 0x3c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000040)={0xa, 0x85}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x200040b4) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x38, 0x9, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10040057}, 0x240008c4) sendmsg$IPSET_CMD_LIST(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000000706010400000000000000000500000a0500010007000000d74f60678715c628a0c449fbfbd18fd2f571abc18fe059b01a8e9c133e050f346a8335806db529cd53e84bb08b30337ea2185c98660e5126a5b26d404317a0cf1305386cc7dd2d2ce77cb40046798dda96330f5c"], 0x1c}, 0x1, 0x0, 0x0, 0x20004055}, 0x48000) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r6) r8 = socket$kcm(0x10, 0x100000000002, 0x4) sendmsg$kcm(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601618575e285af0180000000171300883795c04a31ba377a1b2cc32b38d3740000ffffffffffffffff", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0) socket$inet(0xa, 0x801, 0x84) 162.670235ms ago: executing program 0 (id=1008): perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x11feb0, 0x1002, 0x20da, 0x0, 0x0, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xc0, 0x8}, 0x143, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x0) r1 = syz_clone(0x2008400, 0x0, 0x0, 0x0, 0x0, 0x0) unshare(0x6a040000) quotactl$Q_SETQUOTA(0xffffffff80000801, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x106900, 0x10) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @rand_addr, 0x5}, 0x1c) listen(r2, 0x10040) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x3a, &(0x7f00000002c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x68, 0x0, 0x95, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x4, 0xca, 0x0, 0x1000, {[@generic={0x0, 0x2}]}}}}}}}, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='sched\x00') write$cgroup_type(r3, 0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS2(r3, 0xf, &(0x7f0000000a00)={0x4, 0x1, 0x0, &(0x7f0000000980)=[{&(0x7f00000006c0)=""/192, 0xc0}, {&(0x7f0000000780)=""/160, 0xa0}, {&(0x7f0000000840)=""/93, 0x5d}, {&(0x7f00000008c0)=""/188, 0xbc}], &(0x7f00000009c0)=[0x4]}, 0x20) quotactl$Q_SETQUOTA(0xffffffff80000801, 0x0, 0x0, &(0x7f0000000180)={0x6, 0x2, 0xa9, 0x7fffffffffffffff, 0x1000000000000, 0xfffffffffffffff5, 0x0, 0x7fff, 0x400005}) r4 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) sendfile(r4, r4, 0x0, 0x800000009) sendmmsg(r4, &(0x7f0000006400), 0x0, 0x40) syz_clone3(&(0x7f0000002800)={0x200000, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000200), {0x8}, &(0x7f00000005c0)=""/234, 0xea, &(0x7f0000001340)=""/4096, &(0x7f00000027c0)=[r1, r1, 0x0], 0x3, {r4}}, 0x58) perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0x5c, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40008, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, @perf_config_ext={0x9, 0xc64}, 0x10096, 0x0, 0x800000, 0x1, 0x5, 0x2, 0x6, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000024c0)=@newlink={0x34, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x0, 0x4600}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x4000000) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), r4) sendmsg$BATADV_CMD_TP_METER_CANCEL(r4, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2c4b46cd7fd355ea}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x24, r6, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4008814) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x25dfdc00, {0x0, 0x0, 0x74, 0x0, 0x800}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0xe}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000801}, 0x24008804) 132.529636ms ago: executing program 3 (id=1009): ioctl$XFS_IOC_START_COMMIT(0xffffffffffffffff, 0x80585882, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x4, 0x400, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_config_ext={0x288}, 0xa236, 0x6, 0x11000, 0x4, 0x9484, 0x2001, 0x400, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x2) syz_mount_image$msdos(&(0x7f00000008c0), &(0x7f0000000000)='.\x02\x00', 0x4000, &(0x7f0000010300)=ANY=[@ANYBLOB="646973636172642c646f74732c646f74732c6e6f646f74732c636865636b3d7374726963742c646f74732c0080fcdc5c3dd34a5bee25f099008bade73ed878442a18112f260a6de8f9de23ca03128aff6e012a1d950f746fd8a192b6e048d4bcb62d5ee3a79d7ff9522014e3c0881f4cdda0cd5c0458cae665", @ANYRES8=0x0, @ANYBLOB="480739ec7f920fa6747a8d8b349973cf30a48915269c162dc20ae93cf8fbfa28624f375bdec0b1a8ea75b79c5d3d4d8ed5ac8a1508fb15b3ac020fccfcbbabba643c13fc7eac589762cbeb037eb9a48ae4fd4672bf3d1185e4693115a4b61ffece04ed4a690feb7ce885c8cec3623bb08fe74fd339982f378771670bc977462814b8835519212d0c4f23e8276671e88a5ac111f89af06d91333e6fe2cdf1e466adbd"], 0x1, 0x11f0, &(0x7f0000001b00)="$eJzs209rY1UYB+C3mdR2MrZT/43ObDzoRjcXZxauZlOkBZmAMjMRZgThDk01JCYhN4tkcDHgzpWfQ1y6E8Qv0G/hrgiim3FjpE1a2xq1BZtYfJ7NfcnvnNxz4CZwQt7d219+2twusu28H6WFhSh3FyM9TZGiFJdi7Em8+fnmL1/ce/Dwznq1unE3pc31+zffTimtvvrdh599/dr3/SsffLP67VLsrH20+9OtH3au7Vzf/e3+J40iNYrU7vRTnh51Ov38UauethpFM0vp/VY9L+qp0S7qvWP5dqvT7Q5T3t5aqXR79aJIeXuYmvVh6ndSvzdM+cd5o52yLEsrleCk0Wg0Ou3Y2ldP90b/Wjmcevl2Ja7Es7ESq3E11uK5eD5eiBfjpbgWL8crcf1M7w8AAAAAAAAAAAAAAAAAAACcxn7/f4xGi/HMfmf/5dD/DwAAAAAAAAAAAAAAAAAAALOm/x8AAAAAAAAAAAAAAAAAAADmT/8/AAAAAAAAAAAAAAAAAAAAzN+9Bw/vrFerG3dTWo748cmgNqiNr+N8893qxltp39ofs34eDGqXDvOb4zwdz5eiMslvTc2X443Xx/le9s571aN5KWo3Yuv8tw8AAAD/C1k6NPV8n2V/lY+rI78PnDjfl+NGedodlyfX0dXz2A9nUwwfN/NWq94rhosHxeN/uSjHaQcvTFZ1LstQXPBiafJ07L1yUP8nFnakKMc/jCn93fQpn8q5FbP/LmL2/vzsAQAAAAAAAAAAcBHM4u+EJ+9Zms9WAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5nB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwE4BAAD//z4uiDQ=") unshare(0x6020400) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)={@map, r1, 0x2f, 0x34}, 0x20) r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x4030582b, &(0x7f00000002c0)={'ip6gre0\x00', @remote}) setsockopt$RDS_GET_MR(r3, 0x114, 0x2, &(0x7f00000004c0)={{&(0x7f00000003c0)=""/176, 0xb0}, &(0x7f0000000480), 0x70}, 0xffffffffffffffb8) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r2, 0xc0185879, &(0x7f0000000040)={@id={0x2, 0x0, @b}}) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f0000000180)) 0s ago: executing program 1 (id=1010): mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1c0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x800001, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x3, 0x800000, 0x8, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x10) r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="940000000001010400000000000000000a00000a3c0001802c00018014000300fe8000000000110000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe80000000000000000000aa14000400ff01000000000000000000ce000000010c00028005000100000000"], 0x94}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0) mkdir(0x0, 0x1cb) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x88a0a0, 0x0) socket$igmp6(0xa, 0x3, 0x2) syz_emit_ethernet(0x56, &(0x7f0000000040)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x20, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e21, 0x41424344, 0x41424344, 0x1, 0x0, 0x8, 0x10, 0x1, 0x0, 0xffd, {[@generic={0x0, 0xb, "393fe0de62e77b4a01"}]}}}}}}}}, 0x0) kernel console output (not intermixed with test programs): 9.016026][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.117364][ T289] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 109.127824][ T289] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 109.137484][ T289] bond0 (unregistering): Released all slaves [ 109.212655][ T289] hsr_slave_0: left promiscuous mode [ 109.218687][ T289] hsr_slave_1: left promiscuous mode [ 109.224045][ T28] audit: type=1400 audit(1781066201.947:1895): avc: denied { write } for pid=4792 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=486 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 109.248256][ T289] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 109.256135][ T289] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 109.264926][ T289] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 109.272387][ T28] audit: type=1400 audit(1781066201.947:1896): avc: denied { create } for pid=4792 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 109.294831][ T289] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 109.302046][ T28] audit: type=1400 audit(1781066201.947:1897): avc: denied { write } for pid=4792 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth1.link" dev="tmpfs" ino=3404 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 109.328202][ T28] audit: type=1400 audit(1781066201.947:1898): avc: denied { append } for pid=4792 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" dev="tmpfs" ino=3404 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 109.328857][ T289] veth1_macvtap: left promiscuous mode [ 109.352415][ T28] audit: type=1400 audit(1781066202.007:1899): avc: denied { write } for pid=4803 comm="rm" name="hook-state" dev="tmpfs" ino=486 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 109.360497][ T289] veth0_macvtap: left promiscuous mode [ 109.379982][ T28] audit: type=1400 audit(1781066202.007:1900): avc: denied { unlink } for pid=4803 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=3404 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 109.385932][ T289] veth1_vlan: left promiscuous mode [ 109.413991][ T289] veth0_vlan: left promiscuous mode [ 109.488333][ T289] team0 (unregistering): Port device team_slave_1 removed [ 109.498740][ T289] team0 (unregistering): Port device team_slave_0 removed [ 109.519699][ T68] smc: removing ib device syz0 [ 109.555153][ T3023] 8021q: adding VLAN 0 to HW filter on device eth1 [ 109.562371][ T11] wg1 speed is unknown, defaulting to 1000 [ 109.570119][ T11] syz0: Port: 1 Link DOWN [ 109.679197][ T28] audit: type=1400 audit(1781066202.407:1901): avc: denied { write } for pid=4807 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=486 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 109.725396][ T3023] 8021q: adding VLAN 0 to HW filter on device eth2 [ 109.833733][ T3023] 8021q: adding VLAN 0 to HW filter on device eth3 [ 109.847858][ T289] IPVS: stop unused estimator thread 0... [ 109.945487][ T3023] 8021q: adding VLAN 0 to HW filter on device eth4 [ 120.137273][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 120.137293][ T28] audit: type=1400 audit(1781066212.867:1907): avc: denied { write } for pid=4859 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=486 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 120.177100][ T28] audit: type=1400 audit(1781066212.907:1908): avc: denied { write } for pid=4870 comm="rm" name="hook-state" dev="tmpfs" ino=486 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 120.562550][ T28] audit: type=1400 audit(1781066213.287:1909): avc: denied { write } for pid=4873 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=486 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 120.596879][ T28] audit: type=1400 audit(1781066213.327:1910): avc: denied { write } for pid=4884 comm="rm" name="hook-state" dev="tmpfs" ino=486 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 120.687507][ T28] audit: type=1400 audit(1781066213.417:1911): avc: denied { write } for pid=4887 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=486 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 120.720711][ T28] audit: type=1400 audit(1781066213.447:1912): avc: denied { write } for pid=4898 comm="rm" name="hook-state" dev="tmpfs" ino=486 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 121.461771][ T28] audit: type=1400 audit(1781066214.187:1913): avc: denied { write } for pid=4901 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=486 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 121.495581][ T28] audit: type=1400 audit(1781066214.227:1914): avc: denied { write } for pid=4912 comm="rm" name="hook-state" dev="tmpfs" ino=486 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 122.183130][ T28] audit: type=1400 audit(1781066214.907:1915): avc: denied { ioctl } for pid=4915 comm="syz.0.372" path="socket:[9548]" dev="sockfs" ino=9548 ioctlcmd=0x943c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 122.218250][ T4928] netlink: 8 bytes leftover after parsing attributes in process `syz.2.374'. [ 122.313125][ T28] audit: type=1400 audit(1781066215.037:1916): avc: denied { read } for pid=4919 comm="syz.2.374" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 122.633538][ T4923] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.641345][ T4923] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.648976][ T4923] bridge_slave_0: entered allmulticast mode [ 122.655638][ T4923] bridge_slave_0: entered promiscuous mode [ 122.662596][ T4923] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.669960][ T4923] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.677319][ T4923] bridge_slave_1: entered allmulticast mode [ 122.684073][ T4923] bridge_slave_1: entered promiscuous mode [ 122.721773][ T4923] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 122.739041][ T4923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 122.775092][ T4923] team0: Port device team_slave_0 added [ 122.781902][ T4923] team0: Port device team_slave_1 added [ 122.799096][ T4923] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.806207][ T4923] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 122.834233][ T4923] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.846684][ T4923] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.853836][ T4923] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 122.885098][ T4923] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.911304][ T4958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.381'. [ 123.079857][ T4966] netlink: 4 bytes leftover after parsing attributes in process `syz.0.382'. [ 123.107576][ T4923] hsr_slave_0: entered promiscuous mode [ 123.113891][ T4923] hsr_slave_1: entered promiscuous mode [ 123.119900][ T4923] debugfs: 'hsr0' already exists in 'hsr' [ 123.125682][ T4923] Cannot create hsr debugfs directory [ 123.187114][ T4965] loop2: detected capacity change from 0 to 8192 [ 124.474598][ T4975] bond0: (slave dummy0): Releasing backup interface [ 124.521798][ T4975] batman_adv: batadv0: Adding interface: dummy0 [ 124.538218][ T4975] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 124.576459][ T4992] loop2: detected capacity change from 0 to 164 [ 124.582905][ T4975] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 124.612424][ T4992] rock: corrupted directory entry. extent=32, offset=131072, size=237 [ 124.724087][ T4923] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 124.743188][ T4923] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 124.791351][ T4923] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 124.804450][ T4923] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 124.853575][ T4923] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 124.867441][ T4923] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 124.894532][ T4923] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 124.920867][ T4923] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 125.034587][ T4923] 8021q: adding VLAN 0 to HW filter on device bond0 [ 125.042032][ T5000] loop1: detected capacity change from 0 to 1024 [ 125.085857][ T4923] 8021q: adding VLAN 0 to HW filter on device team0 [ 125.090053][ T5000] EXT4-fs: Ignoring removed bh option [ 125.102491][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.109683][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.128357][ T3451] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.135509][ T3451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.169793][ T5000] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.187432][ T5003] netlink: 8 bytes leftover after parsing attributes in process `syz.3.389'. [ 125.220452][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 125.220469][ T28] audit: type=1400 audit(1781066217.947:1931): avc: denied { unmount } for pid=3314 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 125.391956][ T28] audit: type=1400 audit(1781066218.117:1932): avc: denied { write } for pid=4999 comm="syz.1.388" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 125.895351][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.998686][ T5019] loop3: detected capacity change from 0 to 128 [ 126.234099][ T5019] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 126.234273][ T5019] ext4 filesystem being mounted at /92/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.395211][ T28] audit: type=1400 audit(1781066218.117:1933): avc: denied { add_name } for pid=4999 comm="syz.1.388" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 126.416115][ T28] audit: type=1400 audit(1781066218.117:1934): avc: denied { read append } for pid=4999 comm="syz.1.388" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 126.439460][ T28] audit: type=1400 audit(1781066218.117:1935): avc: denied { open } for pid=4999 comm="syz.1.388" path="/101/file1/file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 127.329924][ T5033] loop1: detected capacity change from 0 to 512 [ 127.412622][ T28] audit: type=1400 audit(1781066218.967:1936): avc: denied { write } for pid=5018 comm="syz.3.392" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 127.446468][ T28] audit: type=1400 audit(1781066218.967:1937): avc: denied { ioctl open } for pid=5018 comm="syz.3.392" path="/92/file1/file1" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 127.606838][ T5033] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.624453][ T3313] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 127.653803][ T5033] ext4 filesystem being mounted at /103/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.751998][ T4923] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 127.774299][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.165524][ T4923] veth0_vlan: entered promiscuous mode [ 128.191024][ T4923] veth1_vlan: entered promiscuous mode [ 128.238628][ T4923] veth0_macvtap: entered promiscuous mode [ 128.262098][ T4923] veth1_macvtap: entered promiscuous mode [ 128.302255][ T4923] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 128.336777][ T4923] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 128.370446][ T3451] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.395497][ T3451] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.419488][ T28] audit: type=1400 audit(1781066218.967:1938): avc: denied { setattr } for pid=5018 comm="syz.3.392" path="/92/file1/file1" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 128.440566][ T3451] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.442697][ T28] audit: type=1400 audit(1781066219.007:1939): avc: denied { read write } for pid=5018 comm="syz.3.392" name="file1" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 128.498331][ T3451] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.553352][ T5077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 128.594480][ T5077] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 128.769952][ T5077] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 128.776624][ T5077] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 128.792812][ T28] audit: type=1400 audit(1781066220.437:1940): avc: denied { write } for pid=5031 comm="syz.1.395" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 128.857972][ T5077] vhci_hcd vhci_hcd.0: Device attached [ 128.861910][ T5087] loop2: detected capacity change from 0 to 512 [ 128.879812][ T5084] vhci_hcd: connection closed [ 128.880157][ T36] vhci_hcd vhci_hcd.3: stop threads [ 128.906870][ T5087] EXT4-fs: dax option not supported [ 128.925060][ T36] vhci_hcd vhci_hcd.3: release socket [ 128.930605][ T36] vhci_hcd vhci_hcd.3: disconnect device [ 129.182036][ T5101] netlink: 8 bytes leftover after parsing attributes in process `syz.1.408'. [ 129.253152][ T5101] xt_hashlimit: size too large, truncated to 1048576 [ 129.550352][ T5105] loop3: detected capacity change from 0 to 1024 [ 129.618493][ T5105] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 129.641604][ T5105] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 129.748058][ T3386] IPVS: starting estimator thread 0... [ 129.758992][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 129.856052][ T5112] IPVS: using max 2304 ests per chain, 115200 per kthread [ 129.979659][ T5120] netlink: 56 bytes leftover after parsing attributes in process `syz.2.415'. [ 130.403787][ T5142] loop5: detected capacity change from 0 to 1024 [ 130.406550][ T5137] pim6reg: entered allmulticast mode [ 130.421682][ T5145] pim6reg: left allmulticast mode [ 130.473437][ T5142] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 130.496502][ T5142] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.511729][ T5137] loop0: detected capacity change from 0 to 512 [ 130.533472][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 130.533548][ T28] audit: type=1400 audit(1781066223.257:1947): avc: denied { write } for pid=5141 comm="syz.5.423" name="/" dev="loop5" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 130.568642][ T5147] loop2: detected capacity change from 0 to 8192 [ 130.607995][ T5137] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 130.623002][ T4923] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 130.734258][ T5137] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.758412][ T5137] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.889105][ T5154] loop5: detected capacity change from 0 to 256 [ 131.280386][ T5154] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 131.346112][ T5154] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 131.433453][ T5154] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 131.471154][ T5154] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 131.496282][ T5154] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 131.509611][ T5154] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 131.546463][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.607320][ T5171] netlink: 8 bytes leftover after parsing attributes in process `syz.1.432'. [ 131.708578][ T5176] FAULT_INJECTION: forcing a failure. [ 131.708578][ T5176] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 131.723638][ T5176] CPU: 0 UID: 0 PID: 5176 Comm: syz.2.434 Not tainted syzkaller #0 PREEMPT(lazy) [ 131.723666][ T5176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 131.723679][ T5176] Call Trace: [ 131.723723][ T5176] [ 131.723734][ T5176] __dump_stack+0x1d/0x30 [ 131.723763][ T5176] dump_stack_lvl+0x95/0xd0 [ 131.723789][ T5176] dump_stack+0x15/0x1b [ 131.723813][ T5176] should_fail_ex+0x263/0x280 [ 131.723840][ T5176] should_fail+0xb/0x20 [ 131.723865][ T5176] should_fail_usercopy+0x1a/0x20 [ 131.723892][ T5176] _copy_to_user+0x20/0xa0 [ 131.723971][ T5176] simple_read_from_buffer+0xb5/0x130 [ 131.724015][ T5176] proc_fail_nth_read+0x10e/0x150 [ 131.724055][ T5176] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 131.724232][ T5176] vfs_read+0x1ab/0x7f0 [ 131.724295][ T5176] ? __rcu_read_unlock+0x4e/0x70 [ 131.724363][ T5176] ? __fget_files+0x184/0x1c0 [ 131.724389][ T5176] ? mutex_lock+0x57/0x90 [ 131.724476][ T5176] ksys_read+0xdc/0x1a0 [ 131.724514][ T5176] __x64_sys_read+0x40/0x50 [ 131.724573][ T5176] x64_sys_call+0x2886/0x3020 [ 131.724621][ T5176] do_syscall_64+0x12c/0x3b0 [ 131.724664][ T5176] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.724712][ T5176] RIP: 0033:0x7fadf2bbd68e [ 131.724738][ T5176] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 131.724761][ T5176] RSP: 002b:00007fadf1656fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 131.724792][ T5176] RAX: ffffffffffffffda RBX: 00007fadf16576c0 RCX: 00007fadf2bbd68e [ 131.724810][ T5176] RDX: 000000000000000f RSI: 00007fadf16570a0 RDI: 0000000000000005 [ 131.724827][ T5176] RBP: 00007fadf1657090 R08: 0000000000000000 R09: 0000000000000000 [ 131.724844][ T5176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.724940][ T5176] R13: 00007fadf2e76038 R14: 00007fadf2e75fa0 R15: 00007ffc90a9cf68 [ 131.724966][ T5176] [ 131.927702][ T3427] IPVS: starting estimator thread 0... [ 132.005809][ T5171] xt_hashlimit: size too large, truncated to 1048576 [ 132.009364][ T5187] netlink: 8 bytes leftover after parsing attributes in process `syz.5.436'. [ 132.037418][ T5183] IPVS: using max 1632 ests per chain, 81600 per kthread [ 132.238928][ T5205] loop0: detected capacity change from 0 to 512 [ 132.241595][ T5197] netlink: 8 bytes leftover after parsing attributes in process `syz.3.441'. [ 132.292088][ T5205] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 132.319335][ T5190] pim6reg: entered allmulticast mode [ 132.438750][ T5200] pim6reg: left allmulticast mode [ 132.454511][ T5215] loop3: detected capacity change from 0 to 128 [ 132.461137][ T5205] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.471249][ T5215] EXT4-fs: Ignoring removed nobh option [ 132.476258][ T5205] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.615583][ T5215] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 132.669128][ T5215] ext4 filesystem being mounted at /100/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 132.811757][ T28] audit: type=1400 audit(1781066225.537:1948): avc: denied { write } for pid=5214 comm="syz.3.445" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 132.965372][ T28] audit: type=1400 audit(1781066225.567:1949): avc: denied { map } for pid=5214 comm="syz.3.445" path="/100/mnt/file1" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 132.991783][ T5223] netlink: 'syz.3.445': attribute type 5 has an invalid length. [ 133.006409][ T28] audit: type=1400 audit(1781066225.567:1950): avc: denied { execute } for pid=5214 comm="syz.3.445" path="/100/mnt/file1" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 133.070024][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.120602][ T5225] loop5: detected capacity change from 0 to 8192 [ 133.136201][ T28] audit: type=1400 audit(1781066225.867:1951): avc: denied { create } for pid=5226 comm="syz.0.449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 133.215223][ T28] audit: type=1400 audit(1781066225.867:1952): avc: denied { getopt } for pid=5226 comm="syz.0.449" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 133.367758][ T3313] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 133.491625][ T28] audit: type=1400 audit(1781066226.217:1953): avc: denied { read } for pid=5245 comm="syz.0.456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 133.531946][ T5250] loop5: detected capacity change from 0 to 512 [ 133.553942][ T28] audit: type=1400 audit(1781066226.237:1954): avc: denied { allowed } for pid=5248 comm="syz.2.457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 133.560779][ T5237] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 133.601853][ T28] audit: type=1400 audit(1781066226.277:1955): avc: denied { write } for pid=5245 comm="syz.0.456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 133.622204][ T5250] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.674818][ T5250] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 133.784851][ T5237] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.854300][ T5263] EXT4-fs: inline encryption not supported [ 133.861097][ T4923] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.876367][ T5263] EXT4-fs (loop3): can't mount with data_err=abort, fs mounted w/o journal [ 133.883326][ T5237] ext4 filesystem being mounted at /114/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.006264][ T5271] netlink: 8 bytes leftover after parsing attributes in process `syz.3.462'. [ 134.100427][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.109775][ T28] audit: type=1400 audit(1781066226.827:1956): avc: denied { setopt } for pid=5270 comm="syz.3.462" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 134.500735][ T5271] xt_hashlimit: size too large, truncated to 1048576 [ 134.627898][ T5290] set_capacity_and_notify: 2 callbacks suppressed [ 134.628005][ T5290] loop1: detected capacity change from 0 to 1024 [ 134.701402][ T5290] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 134.714089][ T5290] ext4 filesystem being mounted at /118/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.837305][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 134.946005][ T5302] xt_hashlimit: overflow, try lower: 17592186044416/2047 [ 135.057615][ T5303] loop1: detected capacity change from 0 to 512 [ 135.064667][ T5303] /dev/loop1: Can't open blockdev [ 135.116075][ T5296] pim6reg: entered allmulticast mode [ 135.128089][ T5305] pim6reg: left allmulticast mode [ 135.274512][ T5296] loop2: detected capacity change from 0 to 512 [ 135.355501][ T5296] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 135.367687][ T5315] loop5: detected capacity change from 0 to 512 [ 135.388605][ T5315] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 135.514583][ T5315] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.529314][ T5323] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5323 comm=syz.0.476 [ 135.534175][ T5296] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.687305][ T5296] ext4 filesystem being mounted at /98/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 135.737084][ T5315] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.107618][ T4923] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.124082][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.353516][ T5341] netlink: 56 bytes leftover after parsing attributes in process `syz.3.482'. [ 136.787259][ T5332] syz.2.479 (5332) used greatest stack depth: 8784 bytes left [ 136.909638][ T5360] loop2: detected capacity change from 0 to 8192 [ 137.820571][ T28] kauditd_printk_skb: 99 callbacks suppressed [ 137.820650][ T28] audit: type=1326 audit(1781066230.547:2056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.491" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fa2cbce59 code=0x7ffc0000 [ 137.865515][ T5373] netlink: 8 bytes leftover after parsing attributes in process `syz.3.492'. [ 137.948927][ T28] audit: type=1326 audit(1781066230.577:2057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.491" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fa2cbce59 code=0x7ffc0000 [ 137.992229][ T28] audit: type=1326 audit(1781066230.577:2058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.491" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fa2cbce59 code=0x7ffc0000 [ 138.070065][ T28] audit: type=1326 audit(1781066230.577:2059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.491" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7f1fa2cbce59 code=0x7ffc0000 [ 138.150711][ T28] audit: type=1326 audit(1781066230.577:2060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.491" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fa2cbce59 code=0x7ffc0000 [ 138.213028][ T28] audit: type=1326 audit(1781066230.587:2061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.491" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fa2cbce59 code=0x7ffc0000 [ 138.252194][ T5390] FAULT_INJECTION: forcing a failure. [ 138.252194][ T5390] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 138.284152][ T28] audit: type=1326 audit(1781066230.587:2062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.491" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fa2cbce59 code=0x7ffc0000 [ 138.309762][ T28] audit: type=1326 audit(1781066230.587:2063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.491" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fa2cbce59 code=0x7ffc0000 [ 138.328593][ T5390] CPU: 1 UID: 0 PID: 5390 Comm: syz.1.498 Not tainted syzkaller #0 PREEMPT(lazy) [ 138.328720][ T5390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 138.328761][ T5390] Call Trace: [ 138.328782][ T5390] [ 138.328805][ T5390] __dump_stack+0x1d/0x30 [ 138.328897][ T5390] dump_stack_lvl+0x95/0xd0 [ 138.329027][ T5390] dump_stack+0x15/0x1b [ 138.329092][ T5390] should_fail_ex+0x263/0x280 [ 138.329207][ T5390] should_fail+0xb/0x20 [ 138.329268][ T5390] should_fail_usercopy+0x1a/0x20 [ 138.329343][ T5390] _copy_to_user+0x20/0xa0 [ 138.329484][ T5390] simple_read_from_buffer+0xb5/0x130 [ 138.329714][ T5390] proc_fail_nth_read+0x10e/0x150 [ 138.329820][ T5390] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 138.329916][ T5390] vfs_read+0x1ab/0x7f0 [ 138.330032][ T5390] ? __rcu_read_unlock+0x4e/0x70 [ 138.330105][ T5390] ? __fget_files+0x184/0x1c0 [ 138.330178][ T5390] ? mutex_lock+0x57/0x90 [ 138.330332][ T5390] ksys_read+0xdc/0x1a0 [ 138.330371][ T5390] __x64_sys_read+0x40/0x50 [ 138.330415][ T5390] x64_sys_call+0x2886/0x3020 [ 138.330569][ T5390] do_syscall_64+0x12c/0x3b0 [ 138.330675][ T5390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.330782][ T5390] RIP: 0033:0x7f12d41ad68e [ 138.330849][ T5390] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 138.330935][ T5390] RSP: 002b:00007f12d2c3efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 138.331060][ T5390] RAX: ffffffffffffffda RBX: 00007f12d2c3f6c0 RCX: 00007f12d41ad68e [ 138.331105][ T5390] RDX: 000000000000000f RSI: 00007f12d2c3f0a0 RDI: 0000000000000004 [ 138.331148][ T5390] RBP: 00007f12d2c3f090 R08: 0000000000000000 R09: 0000000000000000 [ 138.331190][ T5390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 138.331232][ T5390] R13: 00007f12d4466038 R14: 00007f12d4465fa0 R15: 00007ffc429e1238 [ 138.331368][ T5390] [ 138.540362][ T5394] netlink: 8 bytes leftover after parsing attributes in process `syz.2.500'. [ 138.637276][ T5397] netlink: 36 bytes leftover after parsing attributes in process `syz.3.501'. [ 138.655738][ T28] audit: type=1326 audit(1781066230.587:2064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.491" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f1fa2cbce59 code=0x7ffc0000 [ 138.681205][ T28] audit: type=1326 audit(1781066230.587:2065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.491" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fa2cbce59 code=0x7ffc0000 [ 138.721290][ T5397] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.728525][ T5397] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.980828][ T5402] hub 8-0:1.0: USB hub found [ 139.061544][ T5402] hub 8-0:1.0: 8 ports detected [ 139.526097][ T5413] netlink: 56 bytes leftover after parsing attributes in process `syz.5.507'. [ 139.542680][ T5411] loop2: detected capacity change from 0 to 1024 [ 139.711666][ T5411] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 139.791730][ T5415] netlink: 8 bytes leftover after parsing attributes in process `syz.0.506'. [ 139.831867][ T5411] ext4 filesystem being mounted at /106/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.022903][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 140.145452][ T5438] loop0: detected capacity change from 0 to 8192 [ 140.306709][ T5449] FAULT_INJECTION: forcing a failure. [ 140.306709][ T5449] name failslab, interval 1, probability 0, space 0, times 0 [ 140.319806][ T5449] CPU: 1 UID: 0 PID: 5449 Comm: syz.5.518 Not tainted syzkaller #0 PREEMPT(lazy) [ 140.319838][ T5449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 140.319852][ T5449] Call Trace: [ 140.319859][ T5449] [ 140.319868][ T5449] __dump_stack+0x1d/0x30 [ 140.319897][ T5449] dump_stack_lvl+0x95/0xd0 [ 140.319920][ T5449] dump_stack+0x15/0x1b [ 140.319969][ T5449] should_fail_ex+0x263/0x280 [ 140.320049][ T5449] should_failslab+0x8c/0xb0 [ 140.320086][ T5449] __kmalloc_cache_node_noprof+0x6b/0x470 [ 140.320139][ T5449] ? avc_has_perm_noaudit+0xab/0x130 [ 140.320172][ T5449] ? __get_vm_area_node+0x106/0x1d0 [ 140.320279][ T5449] __get_vm_area_node+0x106/0x1d0 [ 140.320328][ T5449] __vmalloc_node_range_noprof+0x25a/0x11c0 [ 140.320353][ T5449] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 140.320428][ T5449] ? cred_has_capability+0x224/0x2a0 [ 140.320511][ T5449] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 140.320537][ T5449] __vmalloc_noprof+0xa4/0xf0 [ 140.320634][ T5449] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 140.320661][ T5449] bpf_prog_alloc_no_stats+0x47/0x390 [ 140.320687][ T5449] ? bpf_prog_alloc+0x2a/0x150 [ 140.320712][ T5449] bpf_prog_alloc+0x3c/0x150 [ 140.320737][ T5449] bpf_prog_load+0x50d/0x1030 [ 140.320774][ T5449] ? security_bpf+0x2b/0x90 [ 140.320797][ T5449] __sys_bpf+0x505/0x7e0 [ 140.320839][ T5449] __x64_sys_bpf+0x41/0x50 [ 140.320863][ T5449] x64_sys_call+0x10cb/0x3020 [ 140.320963][ T5449] do_syscall_64+0x12c/0x3b0 [ 140.321000][ T5449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.321025][ T5449] RIP: 0033:0x7f756441ce59 [ 140.321044][ T5449] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 140.321078][ T5449] RSP: 002b:00007f7562e6f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 140.321102][ T5449] RAX: ffffffffffffffda RBX: 00007f7564695fa0 RCX: 00007f756441ce59 [ 140.321119][ T5449] RDX: 0000000000000094 RSI: 0000200000001480 RDI: 0000000000000005 [ 140.321134][ T5449] RBP: 00007f7562e6f090 R08: 0000000000000000 R09: 0000000000000000 [ 140.321148][ T5449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.321198][ T5449] R13: 00007f7564696038 R14: 00007f7564695fa0 R15: 00007fff062927a8 [ 140.321219][ T5449] [ 140.321314][ T5449] syz.5.518: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null) [ 140.522135][ T5454] loop1: detected capacity change from 0 to 1024 [ 140.590253][ T5454] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 140.617506][ T5449] ,cpuset=/,mems_allowed=0 [ 140.622027][ T5449] CPU: 0 UID: 0 PID: 5449 Comm: syz.5.518 Not tainted syzkaller #0 PREEMPT(lazy) [ 140.622069][ T5449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 140.622086][ T5449] Call Trace: [ 140.622095][ T5449] [ 140.622106][ T5449] __dump_stack+0x1d/0x30 [ 140.622130][ T5449] dump_stack_lvl+0x95/0xd0 [ 140.622151][ T5449] dump_stack+0x15/0x1b [ 140.622205][ T5449] warn_alloc+0x145/0x1c0 [ 140.622238][ T5449] __vmalloc_node_range_noprof+0x27f/0x11c0 [ 140.622278][ T5449] ? cred_has_capability+0x224/0x2a0 [ 140.622335][ T5449] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 140.622362][ T5449] __vmalloc_noprof+0xa4/0xf0 [ 140.622382][ T5449] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 140.622406][ T5449] bpf_prog_alloc_no_stats+0x47/0x390 [ 140.622509][ T5449] ? bpf_prog_alloc+0x2a/0x150 [ 140.622540][ T5449] bpf_prog_alloc+0x3c/0x150 [ 140.622571][ T5449] bpf_prog_load+0x50d/0x1030 [ 140.622625][ T5449] ? security_bpf+0x2b/0x90 [ 140.622705][ T5449] __sys_bpf+0x505/0x7e0 [ 140.622742][ T5449] __x64_sys_bpf+0x41/0x50 [ 140.622771][ T5449] x64_sys_call+0x10cb/0x3020 [ 140.622804][ T5449] do_syscall_64+0x12c/0x3b0 [ 140.622875][ T5449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.622904][ T5449] RIP: 0033:0x7f756441ce59 [ 140.622925][ T5449] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 140.622949][ T5449] RSP: 002b:00007f7562e6f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 140.623046][ T5449] RAX: ffffffffffffffda RBX: 00007f7564695fa0 RCX: 00007f756441ce59 [ 140.623061][ T5449] RDX: 0000000000000094 RSI: 0000200000001480 RDI: 0000000000000005 [ 140.623074][ T5449] RBP: 00007f7562e6f090 R08: 0000000000000000 R09: 0000000000000000 [ 140.623136][ T5449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.623152][ T5449] R13: 00007f7564696038 R14: 00007f7564695fa0 R15: 00007fff062927a8 [ 140.623178][ T5449] [ 140.623203][ T5449] Mem-Info: [ 140.869848][ T5449] active_anon:15111 inactive_anon:0 isolated_anon:0 [ 140.869848][ T5449] active_file:25529 inactive_file:2333 isolated_file:0 [ 140.869848][ T5449] unevictable:0 dirty:357 writeback:0 [ 140.869848][ T5449] slab_reclaimable:3330 slab_unreclaimable:16618 [ 140.869848][ T5449] mapped:40467 shmem:9119 pagetables:1216 [ 140.869848][ T5449] sec_pagetables:0 bounce:0 [ 140.869848][ T5449] kernel_misc_reclaimable:0 [ 140.869848][ T5449] free:1852688 free_pcp:25176 free_cma:0 [ 140.871240][ T5454] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.009262][ T5449] Node 0 active_anon:60444kB inactive_anon:0kB active_file:102116kB inactive_file:9332kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:161984kB dirty:1428kB writeback:0kB shmem:36476kB kernel_stack:3664kB pagetables:4748kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 141.050369][ T5449] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 141.084972][ T5449] lowmem_reserve[]: 0 2878 7857 7857 [ 141.095582][ T5449] Node 0 DMA32 free:2944456kB boost:0kB min:4128kB low:7052kB high:9976kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2947980kB mlocked:0kB bounce:0kB free_pcp:3524kB local_pcp:3524kB free_cma:0kB [ 141.253089][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.276636][ T5461] netlink: 8 bytes leftover after parsing attributes in process `syz.0.519'. [ 141.290220][ T5449] lowmem_reserve[]: 0 0 4978 4978 [ 141.304743][ T5449] Node 0 Normal free:4461144kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48148kB inactive_anon:0kB active_file:102116kB inactive_file:9332kB unevictable:0kB writepending:1428kB zspages:0kB present:5242880kB managed:5098236kB mlocked:0kB bounce:0kB free_pcp:99288kB local_pcp:82400kB free_cma:0kB [ 141.409106][ T5449] lowmem_reserve[]: 0 0 0 0 [ 141.413737][ T5449] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 141.426914][ T5449] Node 0 DMA32: 4*4kB (M) 3*8kB (M) 4*16kB (M) 3*32kB (M) 4*64kB (M) 2*128kB (M) 3*256kB (M) 2*512kB (M) 3*1024kB (M) 3*2048kB (M) 716*4096kB (M) = 2944456kB [ 141.443623][ T5449] Node 0 Normal: 638*4kB (UM) 324*8kB (UM) 481*16kB (UME) 620*32kB (UME) 440*64kB (UM) 225*128kB (UME) 84*256kB (UME) 40*512kB (UM) 20*1024kB (UM) 18*2048kB (UME) 1043*4096kB (UM) = 4461096kB [ 141.463126][ T5449] Node 0 hugepages_total=4 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 141.472616][ T5449] 30945 total pagecache pages [ 141.477492][ T5449] 0 pages in swap cache [ 141.481689][ T5449] Free swap = 124996kB [ 141.486040][ T5449] Total swap = 124996kB [ 141.490304][ T5449] 2097051 pages RAM [ 141.494195][ T5449] 0 pages HighMem/MovableOnly [ 141.525572][ T5449] 81657 pages reserved [ 141.581818][ T5470] netlink: 8 bytes leftover after parsing attributes in process `syz.1.523'. [ 141.617623][ T5477] loop3: detected capacity change from 0 to 512 [ 141.646849][ T5477] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 141.706306][ T5477] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.727609][ T5477] ext4 filesystem being mounted at /116/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 141.753698][ T5484] loop1: detected capacity change from 0 to 512 [ 141.812802][ T5484] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31 [ 141.835498][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.985664][ T5491] loop3: detected capacity change from 0 to 1024 [ 141.998727][ T5495] netlink: 8 bytes leftover after parsing attributes in process `syz.1.532'. [ 142.047989][ T5491] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 142.087680][ T5491] ext4 filesystem being mounted at /117/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.253244][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 142.307129][ T5510] netlink: 48 bytes leftover after parsing attributes in process `syz.0.538'. [ 142.377410][ T5510] loop0: detected capacity change from 0 to 2048 [ 142.399783][ T5510] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 142.414479][ T5514] netlink: 8 bytes leftover after parsing attributes in process `syz.3.539'. [ 143.271399][ T5536] netlink: 8 bytes leftover after parsing attributes in process `syz.3.545'. [ 143.543230][ T5541] loop1: detected capacity change from 0 to 1024 [ 143.553489][ T5531] loop5: detected capacity change from 0 to 8192 [ 143.624843][ T5541] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 143.711174][ T5541] ext4 filesystem being mounted at /134/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.747481][ T28] kauditd_printk_skb: 116 callbacks suppressed [ 143.747500][ T28] audit: type=1400 audit(1781066236.477:2182): avc: denied { mount } for pid=5547 comm="syz.3.549" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 143.849058][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 143.881750][ T28] audit: type=1400 audit(1781066236.517:2183): avc: denied { write } for pid=5540 comm="syz.1.547" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 143.930300][ T28] audit: type=1326 audit(1781066236.647:2184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.5.552" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f756441ce59 code=0x7ffc0000 [ 143.956223][ T28] audit: type=1326 audit(1781066236.647:2185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.5.552" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f756441ce59 code=0x7ffc0000 [ 143.998112][ T5554] syzkaller0: entered promiscuous mode [ 144.007084][ T5554] syzkaller0: entered allmulticast mode [ 144.057203][ T28] audit: type=1326 audit(1781066236.647:2186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.5.552" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f756441ce59 code=0x7ffc0000 [ 144.136540][ T28] audit: type=1326 audit(1781066236.647:2187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.5.552" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7f756441ce59 code=0x7ffc0000 [ 144.216888][ T28] audit: type=1326 audit(1781066236.647:2188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.5.552" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f756441ce59 code=0x7ffc0000 [ 144.298178][ T28] audit: type=1326 audit(1781066236.647:2189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.5.552" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f756441ce59 code=0x7ffc0000 [ 144.374012][ T28] audit: type=1326 audit(1781066236.647:2190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.5.552" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f756441ce59 code=0x7ffc0000 [ 144.463797][ T28] audit: type=1326 audit(1781066236.647:2191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.5.552" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f756441ce59 code=0x7ffc0000 [ 144.596338][ T5564] loop0: detected capacity change from 0 to 2048 [ 144.669919][ T5564] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.748042][ T5564] netlink: 'syz.0.556': attribute type 5 has an invalid length. [ 144.783631][ T5575] loop3: detected capacity change from 0 to 512 [ 144.866689][ T5573] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.880010][ T5573] ext4 filesystem being mounted at /136/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.894205][ T5575] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 144.966368][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.136424][ T5575] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.164212][ T5575] ext4 filesystem being mounted at /127/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 145.715429][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.740607][ T68] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 145.763692][ T68] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 145.780264][ T68] EXT4-fs (loop0): This should not happen!! Data will be lost [ 145.780264][ T68] [ 145.794273][ T68] EXT4-fs (loop0): Total free blocks count 0 [ 145.804584][ T68] EXT4-fs (loop0): Free/Dirty block details [ 145.813759][ T68] EXT4-fs (loop0): free_blocks=4096 [ 145.819586][ T68] EXT4-fs (loop0): dirty_blocks=32 [ 145.825035][ T68] EXT4-fs (loop0): Block reservation details [ 145.831184][ T68] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 145.837704][ T68] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28 [ 145.856966][ T3312] EXT4-fs warning (device loop0): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 146.027421][ T5595] set_capacity_and_notify: 1 callbacks suppressed [ 146.027574][ T5595] loop3: detected capacity change from 0 to 8192 [ 146.052522][ T5604] netlink: 8 bytes leftover after parsing attributes in process `syz.0.566'. [ 146.275454][ T5614] loop1: detected capacity change from 0 to 512 [ 146.306442][ T5614] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.319661][ T5614] ext4 filesystem being mounted at /139/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.369227][ T5629] loop5: detected capacity change from 0 to 512 [ 146.395809][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.455789][ T5629] FAULT_INJECTION: forcing a failure. [ 146.455789][ T5629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.487969][ T5629] CPU: 1 UID: 0 PID: 5629 Comm: syz.5.574 Not tainted syzkaller #0 PREEMPT(lazy) [ 146.488075][ T5629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 146.488185][ T5629] Call Trace: [ 146.488194][ T5629] [ 146.488203][ T5629] __dump_stack+0x1d/0x30 [ 146.488235][ T5629] dump_stack_lvl+0x95/0xd0 [ 146.488263][ T5629] dump_stack+0x15/0x1b [ 146.488308][ T5629] should_fail_ex+0x263/0x280 [ 146.488396][ T5629] should_fail+0xb/0x20 [ 146.488420][ T5629] should_fail_usercopy+0x1a/0x20 [ 146.488449][ T5629] _copy_to_user+0x20/0xa0 [ 146.488548][ T5629] simple_read_from_buffer+0xb5/0x130 [ 146.488585][ T5629] proc_fail_nth_read+0x10e/0x150 [ 146.488690][ T5629] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 146.488720][ T5629] vfs_read+0x1ab/0x7f0 [ 146.488755][ T5629] ? __rcu_read_unlock+0x4e/0x70 [ 146.488783][ T5629] ? __fget_files+0x184/0x1c0 [ 146.488873][ T5629] ? mutex_lock+0x57/0x90 [ 146.488908][ T5629] ksys_read+0xdc/0x1a0 [ 146.488947][ T5629] __x64_sys_read+0x40/0x50 [ 146.488985][ T5629] x64_sys_call+0x2886/0x3020 [ 146.489048][ T5629] do_syscall_64+0x12c/0x3b0 [ 146.489102][ T5629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.489130][ T5629] RIP: 0033:0x7f75643dd68e [ 146.489149][ T5629] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 146.489207][ T5629] RSP: 002b:00007f7562e6efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 146.489228][ T5629] RAX: ffffffffffffffda RBX: 00007f7562e6f6c0 RCX: 00007f75643dd68e [ 146.489242][ T5629] RDX: 000000000000000f RSI: 00007f7562e6f0a0 RDI: 0000000000000009 [ 146.489262][ T5629] RBP: 00007f7562e6f090 R08: 0000000000000000 R09: 0000000000000000 [ 146.489275][ T5629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.489291][ T5629] R13: 00007f7564696038 R14: 00007f7564695fa0 R15: 00007fff062927a8 [ 146.489313][ T5629] [ 147.396145][ T5646] loop2: detected capacity change from 0 to 8192 [ 147.646827][ T5666] loop5: detected capacity change from 0 to 512 [ 147.714431][ T5666] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 147.798863][ T5668] loop1: detected capacity change from 0 to 512 [ 147.833180][ T5668] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.846258][ T5668] ext4 filesystem being mounted at /143/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.862908][ T5666] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.886799][ T5666] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.911637][ T5671] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5671 comm=syz.2.588 [ 147.925572][ T5671] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5671 comm=syz.2.588 [ 147.964379][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.975203][ T4923] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.088968][ T5690] loop1: detected capacity change from 0 to 1024 [ 148.108444][ T5690] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 148.135273][ T5690] ext4 filesystem being mounted at /145/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.806771][ T5699] loop3: detected capacity change from 0 to 8192 [ 148.811652][ T5708] loop0: detected capacity change from 0 to 512 [ 148.819932][ T5708] EXT4-fs: Ignoring removed i_version option [ 148.842170][ T5708] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.869528][ T5708] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.883176][ T28] kauditd_printk_skb: 298 callbacks suppressed [ 148.883194][ T28] audit: type=1400 audit(1781066241.607:2490): avc: denied { write } for pid=5707 comm="syz.0.598" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 148.891899][ T5710] netlink: 8 bytes leftover after parsing attributes in process `syz.2.599'. [ 148.926624][ T28] audit: type=1400 audit(1781066241.607:2491): avc: denied { create } for pid=5707 comm="syz.0.598" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 149.036564][ T5714] loop2: detected capacity change from 0 to 512 [ 149.057534][ T5714] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 149.074434][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 149.088338][ T28] audit: type=1400 audit(1781066241.817:2492): avc: denied { write } for pid=5716 comm="syz.5.602" name="ptp0" dev="devtmpfs" ino=247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 149.116845][ T5714] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.601: iget: bad i_size value: 38620345925642 [ 149.149713][ T5714] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 149.154759][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 149.170456][ C0] EXT4-fs (loop2): initial error at time 1781066241: ext4_orphan_get:1397: inode 15 [ 149.179933][ C0] EXT4-fs (loop2): last error at time 1781066241: ext4_orphan_get:1397: inode 15 [ 149.193430][ T5714] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.601: couldn't read orphan inode 15 (err -117) [ 149.205973][ T5714] loop2: lost filesystem error report for type 5 error -117 [ 149.233947][ T5714] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.266217][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.268278][ T5729] netlink: 8 bytes leftover after parsing attributes in process `syz.5.605'. [ 149.292754][ T28] audit: type=1400 audit(1781066242.027:2493): avc: denied { write } for pid=5713 comm="syz.2.601" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 149.319521][ T5714] /dev/md0: Can't lookup blockdev [ 149.325674][ T28] audit: type=1400 audit(1781066242.027:2494): avc: denied { append } for pid=5713 comm="syz.2.601" path="/120/bus/cpuset.effective_mems" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 149.354446][ T28] audit: type=1400 audit(1781066242.047:2495): avc: denied { write } for pid=5713 comm="syz.2.601" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 149.457528][ T5737] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.601: bg 0: block 5: invalid block bitmap [ 149.481787][ T5737] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 412 with error 28 [ 149.513361][ T28] audit: type=1400 audit(1781066242.047:2496): avc: denied { mounton } for pid=5713 comm="syz.2.601" path="/120/bus/file0" dev="loop2" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 149.537138][ T28] audit: type=1400 audit(1781066242.107:2497): avc: denied { bind } for pid=5713 comm="syz.2.601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 149.557572][ T5737] EXT4-fs (loop2): This should not happen!! Data will be lost [ 149.557572][ T5737] [ 149.587674][ T5737] EXT4-fs (loop2): Total free blocks count 0 [ 149.606662][ T5737] EXT4-fs (loop2): Free/Dirty block details [ 149.624841][ T5737] EXT4-fs (loop2): free_blocks=0 [ 149.654503][ T5737] EXT4-fs (loop2): dirty_blocks=416 [ 149.729659][ T5737] EXT4-fs (loop2): Block reservation details [ 149.807196][ T5737] EXT4-fs (loop2): i_reserved_data_blocks=416 [ 150.152075][ T5714] EXT4-fs (loop2): shut down requested (0) [ 150.158557][ T5750] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 150.158666][ T5750] ext4 filesystem being mounted at /108/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.161093][ T28] audit: type=1400 audit(1781066242.887:2498): avc: denied { write } for pid=5749 comm="syz.0.611" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 150.516620][ T28] audit: type=1400 audit(1781066243.247:2499): avc: denied { create } for pid=5764 comm="syz.3.614" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 150.658400][ T5768] netlink: 8 bytes leftover after parsing attributes in process `syz.2.616'. [ 150.698013][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 150.923427][ T5775] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 150.953538][ T5775] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 151.082291][ T5772] set_capacity_and_notify: 3 callbacks suppressed [ 151.082596][ T5772] loop1: detected capacity change from 0 to 1024 [ 151.294325][ T5772] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 151.533434][ T5772] ext4 filesystem being mounted at /149/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 151.576665][ T5778] loop0: detected capacity change from 0 to 1024 [ 151.613057][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 151.634163][ T5778] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 151.661531][ T5778] ext4 filesystem being mounted at /109/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 151.811255][ T5786] loop1: detected capacity change from 0 to 4096 [ 151.822037][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 151.980952][ T5786] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.092971][ T5801] netlink: 8 bytes leftover after parsing attributes in process `syz.1.620'. [ 152.138721][ T5802] loop5: detected capacity change from 0 to 512 [ 152.154082][ T5802] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 152.199396][ T5802] EXT4-fs (loop5): 1 truncate cleaned up [ 152.212648][ T5802] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.253096][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.641953][ T5814] loop0: detected capacity change from 0 to 1024 [ 152.750117][ T5814] ext4 filesystem being mounted at /111/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 153.670686][ T5832] loop3: detected capacity change from 0 to 1024 [ 153.748936][ T5832] ext4 filesystem being mounted at /140/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.390528][ T5836] netlink: 8 bytes leftover after parsing attributes in process `syz.3.631'. [ 154.474339][ T5836] xt_hashlimit: size too large, truncated to 1048576 [ 154.727772][ T5839] netlink: 8 bytes leftover after parsing attributes in process `syz.5.632'. [ 154.773211][ T5788] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 154.999098][ T5852] loop0: detected capacity change from 0 to 512 [ 155.013955][ T5852] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 155.034956][ T5852] EXT4-fs (loop0): 1 truncate cleaned up [ 155.182868][ T5858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.638'. [ 155.285716][ T5839] xt_hashlimit: size too large, truncated to 1048576 [ 155.549520][ T5867] loop0: detected capacity change from 0 to 1024 [ 155.641311][ T5867] EXT4-fs mount: 8 callbacks suppressed [ 155.641358][ T5867] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 155.660601][ T5867] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 155.676248][ T28] kauditd_printk_skb: 124 callbacks suppressed [ 155.676266][ T28] audit: type=1400 audit(1781066248.407:2624): avc: denied { write } for pid=5866 comm="syz.0.641" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 155.734103][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 155.801079][ T5876] loop0: detected capacity change from 0 to 1024 [ 155.841493][ T5876] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 155.862224][ T5876] ext4 filesystem being mounted at /117/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 155.923399][ T28] audit: type=1400 audit(1781066248.647:2625): avc: denied { write } for pid=5875 comm="syz.0.643" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 155.955259][ T5884] netlink: 8 bytes leftover after parsing attributes in process `syz.5.645'. [ 155.964595][ T5873] xt_hashlimit: size too large, truncated to 1048576 [ 156.024430][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 156.106061][ T5888] loop5: detected capacity change from 0 to 512 [ 156.124580][ T5888] EXT4-fs: Ignoring removed i_version option [ 156.140686][ T5888] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 156.163156][ T5888] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 156.188030][ T28] audit: type=1400 audit(1781066248.917:2626): avc: denied { write } for pid=5886 comm="syz.5.647" name="/" dev="loop5" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 156.361838][ T5894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.649'. [ 156.386773][ T4923] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.427300][ T5896] FAULT_INJECTION: forcing a failure. [ 156.427300][ T5896] name failslab, interval 1, probability 0, space 0, times 0 [ 156.469598][ T5896] CPU: 0 UID: 0 PID: 5896 Comm: syz.5.650 Not tainted syzkaller #0 PREEMPT(lazy) [ 156.469671][ T5896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 156.469687][ T5896] Call Trace: [ 156.469696][ T5896] [ 156.469707][ T5896] __dump_stack+0x1d/0x30 [ 156.469737][ T5896] dump_stack_lvl+0x95/0xd0 [ 156.469791][ T5896] dump_stack+0x15/0x1b [ 156.469824][ T5896] should_fail_ex+0x263/0x280 [ 156.469868][ T5896] should_failslab+0x8c/0xb0 [ 156.469903][ T5896] __kmalloc_noprof+0xb8/0x4d0 [ 156.470015][ T5896] ? sock_kmalloc+0x85/0xc0 [ 156.470048][ T5896] sock_kmalloc+0x85/0xc0 [ 156.470075][ T5896] ____sys_sendmsg+0xf9/0x5b0 [ 156.470106][ T5896] ___sys_sendmsg+0x195/0x1e0 [ 156.470174][ T5896] ? path_openat+0x1b01/0x2050 [ 156.470226][ T5896] __sys_sendmmsg+0x185/0x320 [ 156.470268][ T5896] __x64_sys_sendmmsg+0x57/0x70 [ 156.470336][ T5896] x64_sys_call+0x27aa/0x3020 [ 156.470367][ T5896] do_syscall_64+0x12c/0x3b0 [ 156.470402][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.470460][ T5896] RIP: 0033:0x7f756441ce59 [ 156.470477][ T5896] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 156.470496][ T5896] RSP: 002b:00007f7562e6f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 156.470516][ T5896] RAX: ffffffffffffffda RBX: 00007f7564695fa0 RCX: 00007f756441ce59 [ 156.470550][ T5896] RDX: 0000000000000001 RSI: 0000200000001500 RDI: 0000000000000003 [ 156.470567][ T5896] RBP: 00007f7562e6f090 R08: 0000000000000000 R09: 0000000000000000 [ 156.470584][ T5896] R10: 000000000000c040 R11: 0000000000000246 R12: 0000000000000001 [ 156.470600][ T5896] R13: 00007f7564696038 R14: 00007f7564695fa0 R15: 00007fff062927a8 [ 156.470673][ T5896] [ 156.702158][ T5899] FAULT_INJECTION: forcing a failure. [ 156.702158][ T5899] name failslab, interval 1, probability 0, space 0, times 0 [ 156.716057][ T5899] CPU: 1 UID: 0 PID: 5899 Comm: syz.5.651 Not tainted syzkaller #0 PREEMPT(lazy) [ 156.716094][ T5899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 156.716125][ T5899] Call Trace: [ 156.716131][ T5899] [ 156.716140][ T5899] __dump_stack+0x1d/0x30 [ 156.716165][ T5899] dump_stack_lvl+0x95/0xd0 [ 156.716188][ T5899] dump_stack+0x15/0x1b [ 156.716213][ T5899] should_fail_ex+0x263/0x280 [ 156.716235][ T5899] should_failslab+0x8c/0xb0 [ 156.716288][ T5899] kmem_cache_alloc_noprof+0x66/0x3f0 [ 156.716407][ T5899] ? do_getname+0x2e/0x1c0 [ 156.716428][ T5899] do_getname+0x2e/0x1c0 [ 156.716452][ T5899] getname_flags+0x1d/0x30 [ 156.716475][ T5899] __se_sys_mq_unlink+0x6a/0x220 [ 156.716519][ T5899] __x64_sys_mq_unlink+0x1f/0x30 [ 156.716551][ T5899] x64_sys_call+0x88e/0x3020 [ 156.716593][ T5899] do_syscall_64+0x12c/0x3b0 [ 156.716627][ T5899] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.716694][ T5899] RIP: 0033:0x7f756441ce59 [ 156.716717][ T5899] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 156.716736][ T5899] RSP: 002b:00007f7562e6f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f1 [ 156.716797][ T5899] RAX: ffffffffffffffda RBX: 00007f7564695fa0 RCX: 00007f756441ce59 [ 156.716816][ T5899] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 156.716832][ T5899] RBP: 00007f7562e6f090 R08: 0000000000000000 R09: 0000000000000000 [ 156.716849][ T5899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 156.716866][ T5899] R13: 00007f7564696038 R14: 00007f7564695fa0 R15: 00007fff062927a8 [ 156.716894][ T5899] [ 157.010160][ T5894] xt_hashlimit: size too large, truncated to 1048576 [ 157.181374][ T5912] loop5: detected capacity change from 0 to 1024 [ 157.258105][ T5912] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 157.305202][ T28] audit: type=1400 audit(1781066250.017:2627): avc: denied { name_bind } for pid=5919 comm="syz.2.657" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 157.305202][ T5912] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 157.376518][ T5918] loop3: detected capacity change from 0 to 8192 [ 157.471261][ T5924] netlink: 8 bytes leftover after parsing attributes in process `syz.1.661'. [ 157.668788][ T4923] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 157.729179][ T5933] loop0: detected capacity change from 0 to 1024 [ 157.779031][ T5933] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 157.791490][ T5933] ext4 filesystem being mounted at /121/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 157.804444][ T28] audit: type=1400 audit(1781066250.527:2628): avc: denied { write } for pid=5931 comm="syz.0.664" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 157.827799][ T5942] loop2: detected capacity change from 0 to 512 [ 157.841398][ T28] audit: type=1400 audit(1781066250.567:2629): avc: denied { execute } for pid=5936 comm="syz.3.665" path="/148/pids.current" dev="tmpfs" ino=825 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 157.846517][ T5942] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 157.883510][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 157.909494][ T5942] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.666: invalid indirect mapped block 32768 (level 2) [ 157.923388][ T5942] loop2: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 157.923962][ T5942] EXT4-fs (loop2): 1 orphan inode deleted [ 157.933147][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 157.933173][ C1] EXT4-fs (loop2): initial error at time 1781066250: ext4_free_branches:1023: inode 16 [ 157.933215][ C1] EXT4-fs (loop2): last error at time 1781066250: ext4_free_branches:1023: inode 16 [ 157.969043][ T5942] EXT4-fs (loop2): 1 truncate cleaned up [ 157.980482][ T5942] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 157.993189][ T5942] EXT4-fs error (device loop2): ext4_search_dir:1474: inode #12: block 7: comm syz.2.666: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0 [ 158.014624][ T5942] EXT4-fs error (device loop2): ext4_inlinedir_to_tree:1332: inode #12: block 7: comm syz.2.666: path /129/file0/file0: bad entry in directory: directory entry overrun - offset=788, inode=13, rec_len=784, size=60 fake=0 [ 158.069960][ T5950] loop3: detected capacity change from 0 to 512 [ 158.092662][ T5948] EXT4-fs error (device loop2): ext4_check_all_de:659: inode #12: block 7: comm syz.2.666: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0 [ 158.110149][ T5950] EXT4-fs: Ignoring removed i_version option [ 158.111441][ T28] audit: type=1400 audit(1781066250.817:2630): avc: denied { write } for pid=5941 comm="syz.2.666" name="file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 158.336937][ T5950] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 158.350563][ T5950] ext4 filesystem being mounted at /149/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 158.378978][ T28] audit: type=1400 audit(1781066251.097:2631): avc: denied { write } for pid=5949 comm="syz.3.668" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 158.400994][ T5959] FAULT_INJECTION: forcing a failure. [ 158.400994][ T5959] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.430320][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.433223][ T5959] CPU: 0 UID: 0 PID: 5959 Comm: syz.1.670 Not tainted syzkaller #0 PREEMPT(lazy) [ 158.433343][ T5959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 158.433401][ T5959] Call Trace: [ 158.433486][ T5959] [ 158.433509][ T5959] __dump_stack+0x1d/0x30 [ 158.433580][ T5959] dump_stack_lvl+0x95/0xd0 [ 158.433653][ T5959] dump_stack+0x15/0x1b [ 158.433717][ T5959] should_fail_ex+0x263/0x280 [ 158.433837][ T5959] should_fail+0xb/0x20 [ 158.433892][ T5959] should_fail_usercopy+0x1a/0x20 [ 158.433968][ T5959] _copy_from_iter+0xcf/0xea0 [ 158.434136][ T5959] ? __alloc_skb+0x4f6/0x690 [ 158.434212][ T5959] ? __alloc_skb+0x200/0x690 [ 158.434289][ T5959] netlink_sendmsg+0x4ae/0x6f0 [ 158.434405][ T5959] ? __pfx_netlink_sendmsg+0x10/0x10 [ 158.434544][ T5959] ____sys_sendmsg+0x563/0x5b0 [ 158.434652][ T5959] ___sys_sendmsg+0x195/0x1e0 [ 158.434836][ T5959] __x64_sys_sendmsg+0xd4/0x160 [ 158.435022][ T5959] x64_sys_call+0x194c/0x3020 [ 158.435151][ T5959] do_syscall_64+0x12c/0x3b0 [ 158.435229][ T5959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.435288][ T5959] RIP: 0033:0x7f12d41ece59 [ 158.435341][ T5959] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 158.435403][ T5959] RSP: 002b:00007f12d2c3f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 158.435515][ T5959] RAX: ffffffffffffffda RBX: 00007f12d4465fa0 RCX: 00007f12d41ece59 [ 158.435566][ T5959] RDX: 0000000000002014 RSI: 0000200000000000 RDI: 0000000000000004 [ 158.435609][ T5959] RBP: 00007f12d2c3f090 R08: 0000000000000000 R09: 0000000000000000 [ 158.435653][ T5959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.435769][ T5959] R13: 00007f12d4466038 R14: 00007f12d4465fa0 R15: 00007ffc429e1238 [ 158.435863][ T5959] [ 158.491306][ T28] audit: type=1326 audit(1781066251.217:2632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5960 comm="syz.0.671" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fa2cbce59 code=0x7ffc0000 [ 158.657688][ T28] audit: type=1326 audit(1781066251.257:2633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5960 comm="syz.0.671" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fa2cbce59 code=0x7ffc0000 [ 158.708059][ T5966] netlink: 4 bytes leftover after parsing attributes in process `syz.2.672'. [ 158.782774][ T5968] netlink: 8 bytes leftover after parsing attributes in process `syz.2.674'. [ 158.815732][ T5971] netlink: 8 bytes leftover after parsing attributes in process `syz.0.675'. [ 159.001664][ T5974] loop0: detected capacity change from 0 to 512 [ 159.083105][ T5968] xt_hashlimit: size too large, truncated to 1048576 [ 159.380380][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.452945][ T5974] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.498869][ T5974] ext4 filesystem being mounted at /124/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 159.628710][ T5988] FAULT_INJECTION: forcing a failure. [ 159.628710][ T5988] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 159.652123][ T5989] loop1: detected capacity change from 0 to 512 [ 159.673497][ T5989] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 159.681381][ T5988] CPU: 0 UID: 0 PID: 5988 Comm: syz.3.676 Not tainted syzkaller #0 PREEMPT(lazy) [ 159.681484][ T5988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 159.681527][ T5988] Call Trace: [ 159.681556][ T5988] [ 159.681610][ T5988] __dump_stack+0x1d/0x30 [ 159.681749][ T5988] dump_stack_lvl+0x95/0xd0 [ 159.681844][ T5988] dump_stack+0x15/0x1b [ 159.681909][ T5988] should_fail_ex+0x263/0x280 [ 159.682017][ T5988] should_fail+0xb/0x20 [ 159.682097][ T5988] should_fail_usercopy+0x1a/0x20 [ 159.682175][ T5988] _copy_to_iter+0x387/0xea0 [ 159.682258][ T5988] ? __skb_checksum_complete+0x148/0x1c0 [ 159.682392][ T5988] udp_recvmsg+0x38c/0x8a0 [ 159.682478][ T5988] ? __pfx_udp_recvmsg+0x10/0x10 [ 159.682499][ T5988] inet_recvmsg+0xc6/0x210 [ 159.682663][ T5988] ? security_socket_recvmsg+0x2b/0x90 [ 159.682772][ T5988] ? __pfx_inet_recvmsg+0x10/0x10 [ 159.682870][ T5988] sock_recvmsg+0xda/0x120 [ 159.683067][ T5988] ____sys_recvmsg+0xf5/0x280 [ 159.683220][ T5988] ___sys_recvmsg+0x11f/0x3b0 [ 159.683357][ T5988] do_recvmmsg+0x1ef/0x560 [ 159.683624][ T5988] ? fput+0x8f/0xc0 [ 159.683694][ T5988] __x64_sys_recvmmsg+0xe5/0x170 [ 159.683801][ T5988] x64_sys_call+0x80f/0x3020 [ 159.683913][ T5988] do_syscall_64+0x12c/0x3b0 [ 159.684019][ T5988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.684154][ T5988] RIP: 0033:0x7f5568f9ce59 [ 159.684209][ T5988] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 159.684273][ T5988] RSP: 002b:00007f55679ce028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 159.684341][ T5988] RAX: ffffffffffffffda RBX: 00007f5569216090 RCX: 00007f5568f9ce59 [ 159.684395][ T5988] RDX: 0000000000000001 RSI: 0000200000000400 RDI: 0000000000000003 [ 159.684469][ T5988] RBP: 00007f55679ce090 R08: 0000000000000000 R09: 0000000000000000 [ 159.684513][ T5988] R10: 0000000040000023 R11: 0000000000000246 R12: 0000000000000001 [ 159.684556][ T5988] R13: 00007f5569216128 R14: 00007f5569216090 R15: 00007ffdf3ec9ae8 [ 159.684664][ T5988] [ 159.901116][ T5989] EXT4-fs (loop1): 1 truncate cleaned up [ 159.907704][ T5989] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.050371][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.121356][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.250916][ T6010] loop0: detected capacity change from 0 to 2048 [ 160.274139][ T6016] loop1: detected capacity change from 0 to 1024 [ 160.398339][ T6016] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 160.422503][ T6010] Alternate GPT is invalid, using primary GPT. [ 160.430909][ T6010] loop0: p2 p3 p7 [ 160.435187][ T6016] ext4 filesystem being mounted at /162/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 160.538726][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 160.851123][ T6032] netlink: 48 bytes leftover after parsing attributes in process `syz.5.692'. [ 161.007389][ T6032] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 161.116126][ T4971] udevd[4971]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 161.194547][ T5926] udevd[5926]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 161.198291][ T5925] udevd[5925]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 161.420012][ T6041] netlink: 8 bytes leftover after parsing attributes in process `syz.3.694'. [ 161.549135][ T5925] udevd[5925]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 161.569002][ T4971] udevd[4971]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 161.580251][ T5926] udevd[5926]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 161.798468][ T6051] set_capacity_and_notify: 1 callbacks suppressed [ 161.798484][ T6051] loop3: detected capacity change from 0 to 512 [ 161.941262][ T6051] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 161.956901][ T6051] ext4 filesystem being mounted at /154/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 162.069011][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.143176][ T28] kauditd_printk_skb: 94 callbacks suppressed [ 162.143249][ T28] audit: type=1400 audit(1781066254.867:2728): avc: denied { read } for pid=6068 comm="syz.3.700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 163.011731][ T6086] loop0: detected capacity change from 0 to 512 [ 163.169573][ T6086] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 163.435986][ T6086] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 163.549040][ T6086] ext4 filesystem being mounted at /130/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 163.620932][ T6102] netlink: 8 bytes leftover after parsing attributes in process `syz.5.710'. [ 163.771723][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.799877][ T6102] loop5: detected capacity change from 0 to 512 [ 163.862620][ T6113] loop0: detected capacity change from 0 to 512 [ 163.882047][ T6113] EXT4-fs: Ignoring removed i_version option [ 163.932815][ T6113] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 163.945789][ T6113] ext4 filesystem being mounted at /131/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 163.970622][ T28] audit: type=1400 audit(1781066256.687:2729): avc: denied { write } for pid=6112 comm="syz.0.713" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 164.074610][ T6102] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 164.171486][ T6117] loop3: detected capacity change from 0 to 8192 [ 164.213615][ T6102] ext4 filesystem being mounted at /63/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 164.270178][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.339808][ T4923] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.402265][ T28] audit: type=1400 audit(1781066257.127:2730): avc: denied { ioctl } for pid=6132 comm="syz.0.719" path="socket:[13533]" dev="sockfs" ino=13533 ioctlcmd=0x89ea scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 164.723124][ T6148] loop0: detected capacity change from 0 to 512 [ 164.734725][ T6149] netlink: 8 bytes leftover after parsing attributes in process `syz.2.723'. [ 164.773904][ T6148] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 164.952378][ T6148] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 164.966251][ T6143] loop3: detected capacity change from 0 to 4096 [ 164.979499][ T6143] ext4: Bad value for 'commit' [ 165.059432][ T6148] ext4 filesystem being mounted at /134/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.256307][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.487190][ T6173] loop3: detected capacity change from 0 to 1024 [ 167.511544][ T6173] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 167.559240][ T6173] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.940511][ T6177] netlink: 8 bytes leftover after parsing attributes in process `syz.0.731'. [ 168.082982][ T6177] loop0: detected capacity change from 0 to 512 [ 168.183046][ T6177] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.254048][ T6177] ext4 filesystem being mounted at /137/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.475318][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.945557][ T6194] loop2: detected capacity change from 0 to 1024 [ 168.997831][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.192359][ T6194] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 169.229997][ T6194] ext4 filesystem being mounted at /146/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 169.230596][ T6200] netlink: 8 bytes leftover after parsing attributes in process `syz.3.737'. [ 169.295017][ T6205] xt_hashlimit: size too large, truncated to 1048576 [ 169.328334][ T28] audit: type=1400 audit(1781066262.057:2731): avc: denied { write } for pid=6193 comm="syz.2.736" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 169.433337][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 169.774250][ T6210] loop2: detected capacity change from 0 to 1024 [ 169.799708][ T6210] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 169.898048][ T6210] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.014785][ T28] audit: type=1400 audit(1781066262.727:2732): avc: denied { write } for pid=6207 comm="syz.2.738" name="file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 171.471370][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.671627][ T6221] loop2: detected capacity change from 0 to 1024 [ 171.728988][ T6221] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 171.745215][ T6221] ext4 filesystem being mounted at /148/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 172.012769][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 172.578209][ T6243] loop3: detected capacity change from 0 to 512 [ 172.590014][ T6243] EXT4-fs: Ignoring removed i_version option [ 172.618123][ T6243] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 172.637003][ T6243] ext4 filesystem being mounted at /166/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 172.650636][ T28] audit: type=1400 audit(1781066265.377:2733): avc: denied { write } for pid=6242 comm="syz.3.747" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 172.799395][ T6248] loop2: detected capacity change from 0 to 1024 [ 172.854770][ T6248] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 172.876016][ T6248] ext4 filesystem being mounted at /150/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 172.936340][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.953245][ T28] audit: type=1400 audit(1781066265.677:2734): avc: denied { write } for pid=6247 comm="syz.2.748" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 173.029206][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 173.123509][ T6257] loop3: detected capacity change from 0 to 1024 [ 173.154706][ T28] audit: type=1400 audit(1781066265.877:2735): avc: denied { view } for pid=6260 comm="syz.2.753" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 173.196119][ T6257] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 173.236656][ T6257] ext4 filesystem being mounted at /167/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 173.244217][ T28] audit: type=1400 audit(1781066265.967:2736): avc: denied { connect } for pid=6264 comm="syz.2.754" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 173.294097][ T28] audit: type=1400 audit(1781066266.007:2737): avc: denied { write } for pid=6264 comm="syz.2.754" laddr=fe80::a8aa:aaff:feaa:aaaa lport=58 faddr=ff03::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 173.318582][ T28] audit: type=1400 audit(1781066266.007:2738): avc: denied { ioctl } for pid=6264 comm="syz.2.754" path="socket:[14609]" dev="sockfs" ino=14609 ioctlcmd=0x89f7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 173.433644][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 173.815687][ T28] audit: type=1326 audit(1781066266.537:2739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6286 comm="syz.3.760" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5568f9ce59 code=0x7ffc0000 [ 173.923090][ T28] audit: type=1326 audit(1781066266.537:2740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6286 comm="syz.3.760" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5568f9ce59 code=0x7ffc0000 [ 174.096819][ T6294] xt_hashlimit: size too large, truncated to 1048576 [ 174.223928][ T6292] loop1: detected capacity change from 0 to 1024 [ 174.304113][ T6292] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 174.367604][ T6292] ext4 filesystem being mounted at /172/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 174.440588][ T28] kauditd_printk_skb: 96 callbacks suppressed [ 174.440686][ T28] audit: type=1400 audit(1781066267.167:2837): avc: denied { write } for pid=6291 comm="syz.1.762" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 174.509056][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 174.537059][ T6298] xt_hashlimit: size too large, truncated to 1048576 [ 174.733834][ T6311] loop1: detected capacity change from 0 to 8192 [ 175.065150][ T6321] netlink: 8 bytes leftover after parsing attributes in process `syz.5.773'. [ 175.144816][ T6321] loop5: detected capacity change from 0 to 512 [ 175.170861][ T6321] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.184019][ T6321] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 175.271143][ T4923] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.475163][ T6344] loop3: detected capacity change from 0 to 512 [ 175.494175][ T6344] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 175.524638][ T6344] EXT4-fs (loop3): 1 truncate cleaned up [ 175.551525][ T6344] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 175.572413][ T6343] loop2: detected capacity change from 0 to 1024 [ 175.652084][ T6347] xt_hashlimit: size too large, truncated to 1048576 [ 175.671361][ T6343] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 175.693378][ T3427] IPVS: starting estimator thread 0... [ 175.737342][ T6343] ext4 filesystem being mounted at /159/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 175.759916][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.784832][ T6351] IPVS: using max 1632 ests per chain, 81600 per kthread [ 175.794713][ T28] audit: type=1400 audit(1781066268.517:2838): avc: denied { write } for pid=6342 comm="syz.2.778" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 175.842880][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 175.880367][ T28] audit: type=1326 audit(1781066268.597:2839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6353 comm="syz.3.780" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5568f9ce59 code=0x7ffc0000 [ 175.929908][ T28] audit: type=1326 audit(1781066268.597:2840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6353 comm="syz.3.780" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5568f9ce59 code=0x7ffc0000 [ 175.984542][ T28] audit: type=1326 audit(1781066268.597:2841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6353 comm="syz.3.780" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5568f9ce59 code=0x7ffc0000 [ 176.010409][ T28] audit: type=1326 audit(1781066268.597:2842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6353 comm="syz.3.780" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5568f9ce59 code=0x7ffc0000 [ 176.051999][ T28] audit: type=1326 audit(1781066268.597:2843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6353 comm="syz.3.780" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5568f9ce59 code=0x7ffc0000 [ 176.123687][ T28] audit: type=1326 audit(1781066268.597:2844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6353 comm="syz.3.780" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7f5568f9ce59 code=0x7ffc0000 [ 176.149214][ T28] audit: type=1326 audit(1781066268.597:2845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6353 comm="syz.3.780" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5568f9ce59 code=0x7ffc0000 [ 176.229722][ T28] audit: type=1326 audit(1781066268.597:2846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6353 comm="syz.3.780" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5568f9ce59 code=0x7ffc0000 [ 176.854152][ T6376] loop3: detected capacity change from 0 to 1024 [ 177.696160][ T6376] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 177.736674][ T6376] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.421171][ T6396] xt_hashlimit: size too large, truncated to 1048576 [ 178.468216][ T6395] loop2: detected capacity change from 0 to 1024 [ 178.538375][ T6395] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 178.598036][ T6395] ext4 filesystem being mounted at /164/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.740857][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.761702][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 178.860509][ T6403] xt_hashlimit: size too large, truncated to 1048576 [ 179.280798][ T6415] loop0: detected capacity change from 0 to 8192 [ 179.497316][ T6423] loop2: detected capacity change from 0 to 512 [ 179.521682][ T6423] EXT4-fs: Ignoring removed i_version option [ 179.560118][ T6423] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 179.602676][ T6423] ext4 filesystem being mounted at /167/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 179.631004][ T6431] loop0: detected capacity change from 0 to 1024 [ 179.646364][ T28] kauditd_printk_skb: 125 callbacks suppressed [ 179.646383][ T28] audit: type=1400 audit(1781066272.377:2972): avc: denied { write } for pid=6422 comm="syz.2.799" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 179.698108][ T6431] EXT4-fs: Ignoring removed bh option [ 179.748952][ T6431] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 179.787566][ T28] audit: type=1400 audit(1781066272.507:2973): avc: denied { write } for pid=6430 comm="syz.0.802" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 179.828477][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.850201][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.003977][ T6438] loop2: detected capacity change from 0 to 1024 [ 180.069215][ T6438] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 180.094082][ T6438] ext4 filesystem being mounted at /168/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 180.138971][ T6443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.804'. [ 180.176576][ T28] audit: type=1400 audit(1781066272.907:2974): avc: denied { write } for pid=6437 comm="syz.2.803" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 180.227554][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 180.520770][ T6451] xt_hashlimit: size too large, truncated to 1048576 [ 180.730331][ T6468] loop1: detected capacity change from 0 to 512 [ 180.738706][ T6468] EXT4-fs: Ignoring removed i_version option [ 180.802939][ T6471] loop3: detected capacity change from 0 to 1024 [ 180.821573][ T6468] ext4 filesystem being mounted at /178/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 180.835524][ T6471] EXT4-fs: Ignoring removed bh option [ 180.857707][ T28] audit: type=1400 audit(1781066273.587:2975): avc: denied { write } for pid=6465 comm="syz.1.814" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 180.921503][ T28] audit: type=1400 audit(1781066273.607:2976): avc: denied { write } for pid=6470 comm="syz.3.815" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 181.109436][ T6480] loop3: detected capacity change from 0 to 1024 [ 181.290241][ T6485] loop0: detected capacity change from 0 to 1024 [ 182.271661][ T6489] loop2: detected capacity change from 0 to 1024 [ 182.485863][ T6485] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 183.116185][ T6480] ext4 filesystem being mounted at /184/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.446927][ T6489] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 184.077254][ T6494] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set [ 184.389595][ T28] audit: type=1400 audit(1781066277.087:2977): avc: denied { write } for pid=6479 comm="syz.3.816" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 184.537285][ T6485] EXT4-fs warning (device loop0): ext4_multi_mount_protect:394: Unable to create kmmpd thread for loop0. [ 184.552407][ T6489] EXT4-fs warning (device loop2): ext4_multi_mount_protect:394: Unable to create kmmpd thread for loop2. [ 185.123934][ T6516] loop0: detected capacity change from 0 to 1024 [ 185.133549][ T6516] EXT4-fs: Ignoring removed bh option [ 185.176632][ T28] audit: type=1400 audit(1781066277.907:2978): avc: denied { write } for pid=6515 comm="syz.0.826" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 185.282066][ T6526] loop1: detected capacity change from 0 to 512 [ 185.287808][ T6523] xt_hashlimit: size too large, truncated to 1048576 [ 185.312749][ T6526] EXT4-fs: Ignoring removed i_version option [ 185.330207][ T6526] ext4 filesystem being mounted at /180/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 185.364716][ T28] audit: type=1400 audit(1781066278.087:2979): avc: denied { write } for pid=6524 comm="syz.1.829" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 185.928674][ T6551] loop1: detected capacity change from 0 to 1024 [ 186.022518][ T6551] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 186.101494][ T6551] EXT4-fs mount: 10 callbacks suppressed [ 186.101719][ T6551] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.221968][ T28] audit: type=1400 audit(1781066278.937:2980): avc: denied { write } for pid=6542 comm="syz.1.833" name="file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 186.464982][ T6560] netlink: 8 bytes leftover after parsing attributes in process `syz.2.837'. [ 187.563955][ T6584] loop3: detected capacity change from 0 to 1024 [ 187.594924][ T6584] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 187.644909][ T6584] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.737557][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.687342][ T6591] loop2: detected capacity change from 0 to 1024 [ 189.105307][ T6591] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 190.557668][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.602203][ T6591] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.018846][ T6607] loop0: detected capacity change from 0 to 8192 [ 191.060077][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.301845][ T6614] loop2: detected capacity change from 0 to 1024 [ 191.353692][ T6614] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 191.441691][ T6614] ext4 filesystem being mounted at /179/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 191.704334][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 191.886801][ T6636] loop1: detected capacity change from 0 to 1024 [ 191.906791][ T6636] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 191.988796][ T6636] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.104785][ T28] audit: type=1400 audit(1781066284.777:2981): avc: denied { write } for pid=6627 comm="syz.1.856" name="file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 192.712256][ T6634] xt_hashlimit: size too large, truncated to 1048576 [ 193.375631][ T6649] loop0: detected capacity change from 0 to 1024 [ 193.454745][ T6651] sctp: [Deprecated]: syz.3.862 (pid 6651) Use of int in max_burst socket option deprecated. [ 193.454745][ T6651] Use struct sctp_assoc_value instead [ 193.472864][ T6649] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 193.518297][ T6649] ext4 filesystem being mounted at /174/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 193.573291][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.596076][ T28] audit: type=1400 audit(1781066286.317:2982): avc: denied { write } for pid=6648 comm="syz.0.861" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 193.678850][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 194.061326][ T6674] loop3: detected capacity change from 0 to 512 [ 194.085392][ T6674] EXT4-fs: Ignoring removed i_version option [ 194.142821][ T6674] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 194.178883][ T6674] ext4 filesystem being mounted at /200/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 194.333321][ T28] audit: type=1400 audit(1781066287.027:2983): avc: denied { write } for pid=6673 comm="syz.3.871" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 194.506159][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.487325][ T6694] loop3: detected capacity change from 0 to 1024 [ 195.504789][ T6695] loop2: detected capacity change from 0 to 1024 [ 195.518831][ T6694] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 195.533814][ T6695] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 195.641277][ T6694] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 195.663712][ T6695] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.142917][ T6696] loop1: detected capacity change from 0 to 1024 [ 196.297546][ T6696] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 196.336772][ T6696] ext4 filesystem being mounted at /187/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 196.410942][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 196.422473][ T28] audit: type=1400 audit(1781066289.097:2984): avc: denied { write } for pid=6690 comm="syz.1.875" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 196.990622][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.068300][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.793459][ T6733] loop3: detected capacity change from 0 to 1024 [ 197.987347][ T6742] loop1: detected capacity change from 0 to 1024 [ 198.011884][ T6742] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 198.751367][ T6744] loop2: detected capacity change from 0 to 1024 [ 198.931094][ T6744] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 199.756196][ T6733] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 199.778633][ T6733] ext4 filesystem being mounted at /205/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 200.089547][ T6742] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.114614][ T28] audit: type=1400 audit(1781066292.837:2985): avc: denied { write } for pid=6732 comm="syz.3.886" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 201.230732][ T6744] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 201.653042][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 201.663288][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.881941][ T6768] loop5: detected capacity change from 0 to 1024 [ 201.905556][ T6768] EXT4-fs (loop5): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 201.954010][ T6768] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 202.915517][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.929838][ T6781] loop0: detected capacity change from 0 to 1024 [ 203.344888][ T6781] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 203.752239][ T4923] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.537432][ T6791] loop1: detected capacity change from 0 to 1024 [ 205.046537][ T6791] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 205.325546][ T6781] EXT4-fs: error -4 creating inode table initialization thread [ 205.333244][ T6781] EXT4-fs (loop0): mount failed [ 206.435781][ T6791] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.983588][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.613470][ T6808] xt_hashlimit: size too large, truncated to 1048576 [ 208.781994][ T6825] netlink: 8 bytes leftover after parsing attributes in process `syz.1.903'. [ 208.841612][ T6825] loop1: detected capacity change from 0 to 512 [ 208.878338][ T6825] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 208.891963][ T6825] ext4 filesystem being mounted at /191/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 208.942428][ T6838] loop3: detected capacity change from 0 to 1024 [ 209.061579][ T6838] EXT4-fs: Ignoring removed bh option [ 209.086260][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.218785][ T6840] loop0: detected capacity change from 0 to 1024 [ 209.321729][ T6840] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 209.343939][ T6838] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.406894][ T6840] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 209.999835][ T28] audit: type=1400 audit(1781066302.727:2986): avc: denied { write } for pid=6834 comm="syz.3.907" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 210.072238][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.911188][ T6865] loop1: detected capacity change from 0 to 1024 [ 210.931025][ T6865] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 210.958139][ T6865] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.996219][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.997979][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.392906][ T6890] loop3: detected capacity change from 0 to 1024 [ 214.466231][ T6890] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 214.513753][ T6890] ext4 filesystem being mounted at /212/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 214.590689][ T6901] netlink: 8 bytes leftover after parsing attributes in process `syz.1.925'. [ 214.627111][ T6905] netlink: 8 bytes leftover after parsing attributes in process `syz.0.927'. [ 214.745155][ T6911] loop2: detected capacity change from 0 to 1024 [ 214.752926][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 214.755834][ T6911] EXT4-fs: Ignoring removed bh option [ 214.807177][ T6911] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 214.835208][ T28] audit: type=1400 audit(1781066307.567:2987): avc: denied { write } for pid=6910 comm="syz.2.929" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 214.898883][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.933444][ T6917] netlink: 8 bytes leftover after parsing attributes in process `syz.0.931'. [ 214.995871][ T6921] loop3: detected capacity change from 0 to 1024 [ 215.041590][ T6921] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 215.100353][ T6921] ext4 filesystem being mounted at /214/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 215.127371][ T6922] xt_hashlimit: size too large, truncated to 1048576 [ 215.190325][ T28] audit: type=1400 audit(1781066307.907:2988): avc: denied { write } for pid=6920 comm="syz.3.933" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 215.267702][ T6895] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set [ 215.311600][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 215.392825][ T6929] netlink: 8 bytes leftover after parsing attributes in process `syz.3.934'. [ 215.499585][ T6931] netlink: 8 bytes leftover after parsing attributes in process `syz.2.935'. [ 215.622706][ T6933] xt_hashlimit: size too large, truncated to 1048576 [ 215.761339][ T6941] netlink: 48 bytes leftover after parsing attributes in process `syz.3.937'. [ 216.026252][ T3386] IPVS: starting estimator thread 0... [ 216.114828][ T6948] IPVS: using max 2304 ests per chain, 115200 per kthread [ 216.234010][ T6953] loop1: detected capacity change from 0 to 1024 [ 216.260626][ T6953] EXT4-fs: Ignoring removed bh option [ 216.332704][ T6953] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 216.397600][ T28] audit: type=1400 audit(1781066309.127:2989): avc: denied { write } for pid=6952 comm="syz.1.942" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 216.480835][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.521822][ T6962] loop3: detected capacity change from 0 to 512 [ 216.539562][ T6962] EXT4-fs: Ignoring removed i_version option [ 216.573550][ T6962] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 216.602262][ T6962] ext4 filesystem being mounted at /218/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 216.690401][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.863557][ T6963] loop2: detected capacity change from 0 to 1024 [ 216.919205][ T6969] loop3: detected capacity change from 0 to 8192 [ 216.982488][ T6963] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 217.108809][ T6963] ext4 filesystem being mounted at /198/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 217.228278][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 217.288621][ T6978] netlink: 48 bytes leftover after parsing attributes in process `syz.2.949'. [ 217.321603][ T6976] loop3: detected capacity change from 0 to 1024 [ 217.379965][ T6976] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 217.414436][ T6976] ext4 filesystem being mounted at /220/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 217.581863][ T6984] netlink: 8 bytes leftover after parsing attributes in process `syz.2.951'. [ 217.616971][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 218.035455][ T7002] loop1: detected capacity change from 0 to 8192 [ 218.283646][ T7020] loop2: detected capacity change from 0 to 512 [ 218.293753][ T7020] EXT4-fs: Ignoring removed i_version option [ 218.414847][ T7020] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 218.434496][ T7020] ext4 filesystem being mounted at /202/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 218.456146][ T28] audit: type=1400 audit(1781066311.187:2990): avc: denied { write } for pid=7019 comm="syz.2.966" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 219.064530][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.581806][ T7038] set_capacity_and_notify: 1 callbacks suppressed [ 219.581828][ T7038] loop5: detected capacity change from 0 to 1024 [ 220.145640][ T7038] EXT4-fs (loop5): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 220.269308][ T7042] netlink: 104 bytes leftover after parsing attributes in process `syz.1.972'. [ 220.496894][ T7038] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.033264][ T28] audit: type=1400 audit(1781066313.297:2991): avc: denied { write } for pid=7033 comm="syz.5.969" name="file0" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 221.062092][ T7045] netlink: 8 bytes leftover after parsing attributes in process `syz.2.971'. [ 221.079007][ T7045] netlink: 4 bytes leftover after parsing attributes in process `syz.2.971'. [ 221.144979][ T7045] netlink: 'syz.2.971': attribute type 18 has an invalid length. [ 221.397564][ T4923] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.433111][ T28] audit: type=1326 audit(1781066314.157:2992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7061 comm="syz.2.979" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf2bfce59 code=0x7ffc0000 [ 221.576530][ T28] audit: type=1326 audit(1781066314.307:2993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7061 comm="syz.2.979" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf2bfce59 code=0x7ffc0000 [ 221.689274][ T28] audit: type=1326 audit(1781066314.337:2994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7061 comm="syz.2.979" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf2bfce59 code=0x7ffc0000 [ 221.793090][ T7069] loop5: detected capacity change from 0 to 1024 [ 221.870691][ T7069] EXT4-fs (loop5): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 221.965117][ T7069] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 222.257669][ T28] audit: type=1326 audit(1781066314.337:2995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7061 comm="syz.2.979" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf2bfce59 code=0x7ffc0000 [ 222.283536][ T28] audit: type=1326 audit(1781066314.337:2996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7061 comm="syz.2.979" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7fadf2bfce59 code=0x7ffc0000 [ 222.515515][ T7068] loop1: detected capacity change from 0 to 512 [ 222.528810][ T28] audit: type=1326 audit(1781066314.337:2997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7061 comm="syz.2.979" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf2bfce59 code=0x7ffc0000 [ 222.636010][ T7068] EXT4-fs: Ignoring removed i_version option [ 222.695359][ T28] audit: type=1326 audit(1781066314.337:2998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7061 comm="syz.2.979" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf2bfce59 code=0x7ffc0000 [ 222.774253][ T7073] loop0: detected capacity change from 0 to 8192 [ 222.824809][ T28] audit: type=1326 audit(1781066314.337:2999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7061 comm="syz.2.979" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf2bfce59 code=0x7ffc0000 [ 222.851964][ T7068] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 222.874156][ T7077] loop3: detected capacity change from 0 to 1024 [ 222.898312][ T7077] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 222.956073][ T7068] ext4 filesystem being mounted at /208/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 222.976503][ T7077] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 222.991792][ T28] audit: type=1326 audit(1781066314.337:3000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7061 comm="syz.2.979" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf2bfce59 code=0x7ffc0000 [ 223.072264][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.333482][ T7106] loop0: detected capacity change from 0 to 1024 [ 224.443184][ T4923] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.448565][ T7106] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 225.831537][ T7106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 226.305227][ T7113] loop3: detected capacity change from 0 to 8192 [ 226.742950][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.959779][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.153788][ T7136] loop1: detected capacity change from 0 to 1024 [ 227.215768][ T7136] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 227.288676][ T7137] loop3: detected capacity change from 0 to 1024 [ 227.326852][ T7137] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 227.420101][ T7137] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 227.610332][ T28] kauditd_printk_skb: 93 callbacks suppressed [ 227.610429][ T28] audit: type=1400 audit(1781066320.277:3094): avc: denied { write } for pid=7124 comm="syz.3.997" name="file0" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 227.743747][ T7136] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.162094][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.244341][ T28] audit: type=1326 audit(1781066320.967:3095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7151 comm="syz.1.1006" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d41ece59 code=0x7ffc0000 [ 228.332362][ T28] audit: type=1326 audit(1781066320.967:3096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7151 comm="syz.1.1006" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d41ece59 code=0x7ffc0000 [ 228.424047][ T28] audit: type=1326 audit(1781066320.967:3097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7151 comm="syz.1.1006" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d41ece59 code=0x7ffc0000 [ 228.887907][ T28] audit: type=1326 audit(1781066320.967:3098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7151 comm="syz.1.1006" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d41ece59 code=0x7ffc0000 [ 228.917595][ T28] audit: type=1326 audit(1781066320.967:3099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7151 comm="syz.1.1006" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d41ece59 code=0x7ffc0000 [ 228.951388][ T28] audit: type=1326 audit(1781066320.997:3100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7151 comm="syz.1.1006" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7f12d41ece59 code=0x7ffc0000 [ 229.049158][ T28] audit: type=1326 audit(1781066320.997:3101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7151 comm="syz.1.1006" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d41ece59 code=0x7ffc0000 [ 229.055913][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.074927][ T28] audit: type=1326 audit(1781066321.007:3102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7151 comm="syz.1.1006" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d41ece59 code=0x7ffc0000 [ 229.109520][ T28] audit: type=1326 audit(1781066321.007:3103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7151 comm="syz.1.1006" exe="/root/ci2-upstream-kcsan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d41ece59 code=0x7ffc0000 [ 229.238743][ T7161] loop3: detected capacity change from 0 to 8192 [ 229.268774][ T7163] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1010'. [ 229.312389][ T3314] ================================================================== [ 229.320742][ T3314] BUG: KCSAN: data-race in shmem_add_to_page_cache / shmem_getattr [ 229.328708][ T3314] [ 229.331069][ T3314] read-write to 0xffff88811ef39500 of 8 bytes by task 7150 on cpu 1: [ 229.339169][ T3314] shmem_add_to_page_cache+0x4b2/0x5b0 [ 229.344690][ T3314] shmem_get_folio_gfp+0x4f3/0xd60 [ 229.349853][ T3314] shmem_write_begin+0xfc/0x1f0 [ 229.354751][ T3314] generic_perform_write+0x183/0x490 [ 229.360087][ T3314] shmem_file_write_iter+0xc5/0xf0 [ 229.365261][ T3314] __kernel_write_iter+0x319/0x590 [ 229.370450][ T3314] dump_user_range+0xa73/0xd00 [ 229.375267][ T3314] elf_core_dump+0x21a2/0x2330 [ 229.380087][ T3314] coredump_write+0xabd/0xdb0 [ 229.384807][ T3314] vfs_coredump+0x26dd/0x31e0 [ 229.389532][ T3314] get_signal+0xd5c/0xf20 [ 229.393913][ T3314] arch_do_signal_or_restart+0x96/0x480 [ 229.399510][ T3314] irqentry_exit+0x145/0x5d0 [ 229.404141][ T3314] asm_exc_page_fault+0x26/0x30 [ 229.409033][ T3314] [ 229.411433][ T3314] read to 0xffff88811ef39500 of 8 bytes by task 3314 on cpu 0: [ 229.419015][ T3314] shmem_getattr+0x68/0x200 [ 229.423608][ T3314] vfs_getattr_nosec+0x146/0x1e0 [ 229.428594][ T3314] vfs_getattr+0x48/0x60 [ 229.432887][ T3314] vfs_statx_path+0x28/0x140 [ 229.437534][ T3314] vfs_statx+0xc4/0x170 [ 229.441721][ T3314] vfs_fstatat+0x118/0x170 [ 229.446172][ T3314] __se_sys_newfstatat+0x55/0x3e0 [ 229.451233][ T3314] __x64_sys_newfstatat+0x55/0x70 [ 229.456322][ T3314] x64_sys_call+0x2c64/0x3020 [ 229.461060][ T3314] do_syscall_64+0x12c/0x3b0 [ 229.465707][ T3314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.471741][ T3314] [ 229.474098][ T3314] value changed: 0x00000000000006b3 -> 0x00000000000006b5 [ 229.481241][ T3314] [ 229.483593][ T3314] Reported by Kernel Concurrency Sanitizer on: [ 229.489801][ T3314] CPU: 0 UID: 0 PID: 3314 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(lazy) [ 229.499387][ T3314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 229.509470][ T3314] ==================================================================