last executing test programs: 3.185281788s ago: executing program 3 (id=1201): ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000480)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x400}}, './file0\x00'}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x6, 0x8, &(0x7f0000000c80)=ANY=[@ANYRES16=r0, @ANYRES64=r0, @ANYBLOB="1f2f759b91cc55a07f429903ef48f8d1644dc08ae6f7d20e92f112e72edfa8bfc9e3cbf49c51de73440e6ffd28e4619a367d7ece87a3aabade26fdfe96b600584de73eb0d7627e55c05ad575493fc4b2d3105a9e04eb1dabb29a79cd65446315bd109d5e4caa025b841aaf72bd4e7bb0570f2dbc32ab80cc1d9700485934e0969a63872e4a91c3990bd8cb20705497f643006fc8e1f7efa33320b9c0e4d52af2862a47b16caae0d1fff954"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x33}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x3, &(0x7f0000000200)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) bpf$TOKEN_CREATE(0x24, &(0x7f0000000980)={0x0, r0}, 0x733233ab986db14d) socket$netlink(0x10, 0x3, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRESHEX=r2, @ANYRES32=r2, @ANYBLOB='\x00'/20, @ANYRES64=r1, @ANYRESOCT, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000640)=ANY=[], &(0x7f0000000a00)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KDGKBDIACR(r3, 0x4b4a, &(0x7f0000000140)=""/96) 3.111839259s ago: executing program 3 (id=1203): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x9, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x609e495c}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000400)='kfree\x00', r0}, 0x18) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000002c0), 0x60400, 0x0) syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x100, 0x0, 0x333}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x10, 0x6000, @fd=r0, 0x0, 0x0, 0x0, 0xc, 0x1}) syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), r2) sendmsg$kcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)="d8000000180081084e81f782db44b904021d0800fd007c06e8fe55a10a0015400600142603600e120800060000000201a80016000800014003e01100036010fab94dcf5c0461c1d67f6f9400e08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef409001b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed1bffec62070000cbee5de6ccd44a677575a62cef352a92954b43370e9701ee1b6ec75a526c5d5b5701cf8773", 0xd8}], 0x1}, 0x400c0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r5, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006, 0x0, 0xfe}]}, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001580)=ANY=[@ANYBLOB="1b00486bc951fce49bbaccecca000000000000e1ffffffffffffff00000000f2b351b31619d3eb4510042ca586a875e5c75b8aa5e71d03f117a10139da646ddd290b854d2c0e3511c7571ef5e18c5b9c93eba93463c1354e543bced52cb07a839a1564944de166aa058dfb0a6ad0b860079f048f", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") llistxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000c00)=""/4096, 0x1000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d) syz_clone(0x20324000, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00'}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r7}, &(0x7f0000000000), &(0x7f00000005c0)}, 0x20) ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f0000000000)=0x2) ioctl$PPPIOCSPASS(r6, 0x40107447, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x58, 0x0, 0x8}]}) openat$nci(0xffffffffffffff9c, &(0x7f00000001c0), 0x5400, 0x0) 2.560792362s ago: executing program 3 (id=1219): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000001000000080000000c"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r0}, 0x0, &(0x7f00000007c0)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==") r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0x200000000}, 0x18) r3 = socket$packet(0x11, 0x2, 0x300) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$packet(r3, &(0x7f0000000300)={0x11, 0x63dcbf62d8600606, r5, 0x1, 0x8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}}, 0x14) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1c, r5}, 0x14) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r8}, 0x10) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@remote}, {@in6=@remote, 0x4d3, 0x32}, @in=@broadcast, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}]}, 0x138}}, 0x0) write$binfmt_script(r6, &(0x7f00000004c0), 0x208e24b) 2.088624656s ago: executing program 3 (id=1229): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) futex(0x0, 0x3, 0x801, 0x0, 0x0, 0xfffffffc) mlock2(&(0x7f0000495000/0x2000)=nil, 0x2000, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="070000000400000020010000010200"], 0x50) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a1400000000000000000000000a00"/60], 0x3c}}, 0x4008044) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='thermal_power_devfreq_get_power\x00'}, 0x18) r3 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x5}}}}]}, 0x44}}, 0x20004000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x14, 0x2, [@TCA_CGROUP_EMATCHES={0x10, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x4}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x44}}, 0x1) r5 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x18) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0xa1, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400df7f08000a00", @ANYRES32=r9, @ANYBLOB], 0x3c}}, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) syz_mount_image$vfat(&(0x7f0000000880), &(0x7f0000003200)='./file1\x00', 0x3800204, &(0x7f0000003240)=ANY=[], 0x3, 0x33c, &(0x7f00000008c0)="$eJzs3M1LI2ccwPFfXk0imhxKSwvFh/bSXoaY9lwaikJpoKKmVAvCqJM2ZJpIJlhSStVTr6X3ngo9iEdvQus/4KW37mUve8tlYQ8ry7JZ5s28amI2blz9fmCZZ57n+c08T57J8pvBSePb338sFSytoNckGFMSEBE5F0lJUHwBbxt0ylFpty8fTz/5//2VtfWvsrncwrJSi9nVTzJKqdm5f376Je51O5mSs9RG43Hm0dnbZ+82Xqz+ULRU0VLlSk3parPysKZvmobaLlolTakl09AtQxXLllF12ytue8Gs7OzUlV7enknsVA3LUnq5rkpGXdUqqlatK/17vVhWmqapmYRgAHtBl/XsiNFbYx4Nbki1mtVDIhLvackfTmRAAABgorrz/6Cd0o+U/8usk//bnVv5/9EHp7Xpb45nT+zYjcZJtF/+/+kD91gd+X9MREbJ//+Ua+T/vRnR/ZI/XB49/8ftMBftqQp07Nn5f8L7/joOvjtKOwXyfwAAAAAAAAAAAAAAAAAAAAAA3gTnzWay2Wwm/a3/r/UKgbePO+my9Z8SkZi9+k3W/y5bWVuXmPPinr3G5m+7+d28u/U6nIqIKYakI85u84Jd9t88UraU/GvuOfHP7G3IackWpOjEz0tSUm58yIuyy4tf5hbmlcuLv3hNKdEen5GkvNV9fjc+0xlvj39vNx+Vjz5si9ckKf9tSUVM2XbO3Yr/dV6pL77OdcXH3ZMAAAAAAHAHaEoFvNvnVOf9r3uXrmlK9W93f2UkW3AeExmSlqQ8739/nu57fx5Ovhee9OwBAAAAALgfrPrPJd00jeoVhbgM7jN6ITxc52hXTeSqzqG2GQ47nqjzIEPkVef115CfakfB/0OKjqaYVznaePz5j2299ttrgjJEVLh78HN2hbrm2Q+8iVzU+I+Nopd8zrLUe5zgFVdCZGzX8zt//P10fF+Qz479K2Bw54NBB4xfciHFuq86pxC56f93AAAAALx+raTfr/m8vTkwkUEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDP3MhP+nUVJj1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4LZ4GQAA///hFPFh") r10 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) sendfile(r10, r10, 0x0, 0x800000009) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'lo\x00'}) r11 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r11, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x2000000) 1.599045079s ago: executing program 2 (id=1244): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a4c0000000e0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100"], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 1.550214439s ago: executing program 2 (id=1246): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x68}}, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 1.48408337s ago: executing program 2 (id=1247): setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000040)={'filter\x00', 0x7, 0x4, 0x3f0, 0x220, 0x0, 0x0, 0x308, 0x308, 0x308, 0x4, 0x0, {[{{@arp={@local, @remote, 0xffffff00, 0xba80b75a9dafc475, 0x7, 0x0, {@empty, {[0x0, 0x0, 0xff, 0x0, 0x0, 0xff]}}, {@mac=@broadcast, {[0x0, 0x0, 0x0, 0xff, 0xff, 0xff]}}, 0xa, 0xa0, 0x6, 0x0, 0x1000, 0x5, 'wlan0\x00', 'lo\x00', {0xff}, {0xff}, 0x0, 0xa3}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@local, @empty, @multicast2, @rand_addr=0x64010100, 0x1}}}, {{@arp={@dev={0xac, 0x14, 0x14, 0x44}, @private=0xa010102, 0x0, 0xffffff00, 0xd, 0x10, {@mac=@random="ed3355a5381e", {[0xff, 0x0, 0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0xff, 0xff, 0xff, 0xff, 0xff]}}, 0x6, 0x86d3, 0x5, 0xd0da, 0xc339, 0x6, 'lo\x00', 'wg2\x00', {}, {0xff}, 0x0, 0x21a}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @private=0xa010100, @empty, 0x2, 0xffffffff}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x3, 0x200, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000280), 0x8002) write$binfmt_aout(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000b5"], 0xc8) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) r3 = socket(0x1, 0x803, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r4 = syz_io_uring_setup(0x5c6, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4}, &(0x7f0000000300)=0x0, &(0x7f0000000580)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x4}) io_uring_enter(r4, 0x6e2, 0x3900, 0x1, 0x0, 0xe00) rt_sigsuspend(&(0x7f00000002c0)={[0x225c17d03]}, 0x8) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, 0x0, 0x0) r8 = socket(0x10, 0x803, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0xa5, 0x7, 0x7ffc0001}]}) r10 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) openat(r10, &(0x7f00000000c0)='./file0\x00', 0x6a1c2, 0x50) faccessat(r10, &(0x7f0000000000)='./file0\x00', 0x5) sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295a5, 0x0, 0x0, {0xa, 0x68, 0x90, 0xc8, r7}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}, @IFA_FLAGS={0x8, 0x8, 0x200}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$TIPC_NL_BEARER_ADD(r1, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="84000000", @ANYRES16=0x0, @ANYBLOB="000228ea7000fedbdf2515000000ac1ca1114f29e81ce027ed7f1cbea5313800078008000200010020000c000401ffff0000000000000c00030008000400000000000c000400b08600000000000008040000000000000000098008000100e40000002c0009800800020024000000ff9378345c000000080002000b000000000000cfc6151393a07e4b0b69307e2e4949e6e2ab24eb73b694cf822d2bb4264b06aaecf8071cad600983e9b579c52725fd9b0e96ee1042b8a6fadc5277f25a"], 0x84}, 0x1, 0x0, 0x0, 0x4000}, 0x24000084) r11 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NETID(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)={0x1c, r11, 0x1, 0x70bd29, 0x25dfdbff}, 0x1c}, 0x1, 0x0, 0x0, 0xc015}, 0x20008810) syz_io_uring_setup(0x5a4, &(0x7f00000004c0)={0x0, 0x5731, 0x4, 0x2, 0x9b}, &(0x7f00000006c0), &(0x7f0000000700)) ptrace$pokeuser(0x6, 0x0, 0xd0, 0x7fffffff) 1.4276099s ago: executing program 0 (id=1252): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x50, 0x2, 0x6, 0x201, 0x0, 0x0, {0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xfffffffa}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x8800) 1.40845194s ago: executing program 3 (id=1253): syz_io_uring_setup(0x49a, &(0x7f0000000200)={0x0, 0x79b0, 0x3180, 0x1, 0x116}, &(0x7f0000000080)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x1, 0x40, 0x1}) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="2e9b3d0007e03dd6", 0x8}], 0x1) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000bc3eb444cbaff137000000000000000000207892ea8c324c4e000000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r9 = msgget$private(0x0, 0x3ac) msgsnd(r9, &(0x7f0000000040)=ANY=[@ANYBLOB="02"], 0x8, 0x800) r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$TIOCSTI(r10, 0x5412, &(0x7f00000003c0)=0xf4) r11 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r11, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r11, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x4e23, 0xfffc, 0x4e23, 0x3, 0xa, 0x80, 0x30}, {0x100000000, 0x2, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x6, 0x8, 0x800000000001}, {0x9, 0xfffffffffffffffe, 0x0, 0x9}, 0xd6, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x210000, 0x33}, 0x0, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfffffffb}}, 0xe8) sendmmsg(r11, &(0x7f0000000480), 0x2e9, 0xffe0) msgrcv(r9, &(0x7f00000002c0)={0x0, ""/196}, 0xcc, 0x2, 0x1000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f00000004c0)='mmc_request_done\x00', r8, 0x0, 0xfffffffffffff001}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000200), 0x35c, 0x0) pselect6(0x40, &(0x7f0000000040)={0x9, 0x9f, 0x5, 0xdd3f, 0x2, 0xc, 0x4a, 0x101}, 0x0, 0x0, 0x0, 0x0) 1.40792282s ago: executing program 0 (id=1254): syz_io_uring_setup(0x49a, &(0x7f0000000200)={0x0, 0x79b0, 0x3180, 0x1, 0x116}, &(0x7f0000000080)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x1, 0x40, 0x1}) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="2e9b3d0007e03dd6", 0x8}], 0x1) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000500)=ANY=[@ANYBLOB, @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r9 = msgget$private(0x0, 0x3ac) msgsnd(r9, &(0x7f0000000040)=ANY=[@ANYBLOB="02"], 0x8, 0x800) r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$TIOCSTI(r10, 0x5412, &(0x7f00000003c0)=0xf4) r11 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r11, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r11, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x4e23, 0xfffc, 0x4e23, 0x3, 0xa, 0x80, 0x30}, {0x100000000, 0x2, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x6, 0x8, 0x800000000001}, {0x9, 0xfffffffffffffffe, 0x0, 0x9}, 0xd6, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x210000, 0x33}, 0x0, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfffffffb}}, 0xe8) sendmmsg(r11, &(0x7f0000000480), 0x2e9, 0xffe0) msgrcv(r9, &(0x7f00000002c0)={0x0, ""/196}, 0xcc, 0x2, 0x1000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f00000004c0)='mmc_request_done\x00', r8, 0x0, 0xfffffffffffff001}, 0x18) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a310000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a310000000058000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d61637674617000000008000140000000050a000700726f757465"], 0xf4}}, 0x10) 1.080415062s ago: executing program 2 (id=1259): r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x0, 0x1, @buffer={0x300, 0x0, 0x0}, &(0x7f0000000380), 0x0, 0xffffffff, 0x30, 0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x39) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000800000000000070000000900010073797a30000000007c000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d38001280140001800c000100636f756e7465720004000280200001800e000100636f6e6e6c696d69740000000c000280080001400000000808000340000001"], 0xc4}}, 0x20050890) r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) fchdir(r4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf583"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r5}, 0x94) openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x400) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) r7 = socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000) setsockopt$MRT6_DEL_MIF(r7, 0x29, 0xcb, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r8}, 0x18) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x8, 0x3, 0x4d0, 0x368, 0xa, 0x148, 0x0, 0x60, 0x438, 0x2a8, 0x2a8, 0x438, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2f8, 0x368, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x8601, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x4, 0x1, 0x1, 0x0, 0x1], 0x3}, {0x3, [0x2, 0x6, 0x1, 0x0, 0x0, 0x3], 0x4}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x530) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000010c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x460, 0x280, 0x268, 0x300, 0x280, 0x268, 0x390, 0x460, 0x460, 0x390, 0x460, 0x9, 0x0, {[{{@uncond, 0x0, 0x240, 0x280, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0xb, 0x0, 0x3, 0x0, 0x5, 0x9}}}, @common=@unspec=@limit={{0x48}, {0xfff, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x2}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x8, 0x21, "6bb6778f9bdec125b0fb4f26be757b1e6f2fb8e9079627dc6726c4bc85e9"}}}, {{@ipv6={@private2, @remote, [], [], 'ip6gretap0\x00', 'ip6_vti0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x511) 929.882243ms ago: executing program 4 (id=1264): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94) r0 = socket$inet6(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000000)={'ip6_vti0\x00', 0x0, 0x29, 0x3, 0x0, 0x464, 0xd, @rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x21}, 0x700, 0x0, 0x0, 0x7}}) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', r1, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000300)='neigh_update\x00', r3}, 0x18) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) r4 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDSKBSENT(r4, 0x4b49, &(0x7f0000001380)={0x46, "c44c86d62349ed8f2a50097897ecd3a7865d138ea00a94395783a66e70993b51127bff68b74eb82b3f8d5c007fb29bde875f92fb7e45ce15c3c4f769964e252430444754f577c27fd49efb22b24816f94a081f186c409ef2fba8e11390f33015cac4660b6c408ed422edaec244d7f8585ebdd0019b9d1cc3d8b96f6021f524efc45a25de669470e7d133f3ad6b1dff52087a4f1da29d2f31bd997a7cdc6557fa41b3aa3bf2d561eaa24a4ba0535765ca9c3871dbd7a52623647a2d3c79b7db7d2dc364f6f1b379998afe56760b234f1ec1a307d1907afba7a33aa7036ec07ec4ae7e1246fd46635f0a84be80c8d3628485bd272442429bba79e988291f46ec45e5d3e55f33ad580fa3031caab9ca2238e202152f7b9dc03393ae3dfafeb626fe2358183731b1be0d3a8b128d1f469b6fb392d57a701443436de9753585d5f6a0ec6b8bf03b08581377508aa6aaac6d13b606af5fda77986e4079d9fa61f14465ae4371349e02b467b79b75c0d2d5f6b29a0360a88a4bdc3eaad7b5a1aa46c5700a93ef584bb683f247108dbdc3496da21c51449072fdc7999b03f688e6ade02585d12bde56d0bf70f86e9d65c196d4844e19b449457f0d61dec511cc3b8897bc5e9a5ec769aea5704fcc08b0726e92c512b9aebe38829b55938ac7e78a0fa08fc0416feafc9ff42b0454900f6a86e94c778dac2ddec39e79b84bf85ba4cbcf36"}) sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0) 892.919264ms ago: executing program 2 (id=1265): personality(0x8) bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = gettid() ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r0, 0x4, 0x4002) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000b28000)=0x20000000000000ff) fcntl$setsig(r1, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r2}], 0x2c, 0xffffffffffbffff8) dup2(r1, r2) fcntl$setown(r1, 0x8, r0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x40}, 0x20000000) bpf$PROG_LOAD(0x5, 0x0, 0x0) uname(0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x9b6]}, 0x8, 0x80000) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) 843.666364ms ago: executing program 4 (id=1267): personality(0x8) bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = gettid() ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r0, 0x4, 0x4002) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000b28000)=0x20000000000000ff) fcntl$setsig(r1, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r2}], 0x2c, 0xffffffffffbffff8) r3 = dup2(r1, r2) fcntl$setown(r1, 0x8, r0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x40}, 0x20000000) tkill(r0, 0x13) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x13, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x2c, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xffffffffffffffbe) futimesat(0xffffffffffffffff, 0x0, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x9b6]}, 0x8, 0x80000) 811.313195ms ago: executing program 4 (id=1268): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000780)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') preadv(r2, 0x0, 0x0, 0x90, 0xa4d) 794.864794ms ago: executing program 4 (id=1269): personality(0x8) bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = gettid() ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r0, 0x4, 0x4002) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000b28000)=0x20000000000000ff) fcntl$setsig(r1, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r2}], 0x2c, 0xffffffffffbffff8) r3 = dup2(r1, r2) fcntl$setown(r1, 0x8, r0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x40}, 0x20000000) tkill(r0, 0x13) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x13, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x2c, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xffffffffffffffbe) futimesat(0xffffffffffffffff, 0x0, 0x0) uname(0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = signalfd4(r4, &(0x7f0000000080)={[0x9b6]}, 0x8, 0x80000) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001440), 0x4) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = memfd_secret(0x80000) fcntl$setlease(r8, 0x400, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001580)=@bpf_ext={0x1c, 0x17, &(0x7f0000000340)=ANY=[@ANYBLOB="95a40317517400154cc30000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000000000008500000086000000185700000500000000000000000000001801000020207825000000000020", @ANYRES32=r4, @ANYBLOB="000000000000000018410000faffffff000000000000000018560000"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x1000, &(0x7f0000000400)=""/4096, 0x40f00, 0x40, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000001480)={0x7, 0x2}, 0x8, 0x10, &(0x7f00000014c0)={0x2, 0x5, 0x3, 0x10000}, 0x10, 0x1eeb, 0xffffffffffffffff, 0x1, &(0x7f0000001500)=[r7, r8], &(0x7f0000001540)=[{0x2, 0x2, 0xb, 0xf}], 0x10, 0xfffffff1}, 0x94) socket$inet6_sctp(0xa, 0x5, 0x84) 704.478455ms ago: executing program 4 (id=1270): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000080000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x50) 659.869306ms ago: executing program 4 (id=1272): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=@newtfilter={0x87c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xb, 0xfff3}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x84c, 0x2, [@TCA_FLOW_POLICE={0x848, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x8, 0x65, 0x2, 0x4d, {0x1, 0x2, 0x2, 0x3, 0x3, 0x4}, {0x5, 0x1, 0x3, 0xab, 0x0, 0x9}, 0x2, 0x6, 0x8000}}, @TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x7fffffff, 0x8, 0x7ff, 0x3, 0x2, 0x1, 0x401, 0xb9, 0xace, 0x0, 0x1, 0x9, 0x43, 0x7, 0x2, 0x0, 0x1ce00000, 0x7, 0x6, 0xff, 0x3, 0x1c000, 0x1ff, 0x2, 0x6, 0x9b16, 0x6, 0x100, 0x15a, 0xe, 0x40, 0x5, 0x4, 0x80000001, 0x4a, 0x1, 0x8, 0x99a9, 0x340d, 0x0, 0x2, 0x7, 0xd, 0x400, 0xfffffffa, 0x6, 0x100, 0x2, 0x5, 0x5, 0xe, 0xffff0001, 0x2, 0xdd1, 0x9, 0x81, 0x4, 0xf, 0x324, 0x6, 0x3, 0x6, 0x8c, 0x8, 0x401, 0x7fffffff, 0x4, 0x5, 0x800, 0x8261, 0x3, 0x6, 0x8, 0x2, 0x9, 0x4, 0x4, 0x6, 0x5, 0xf, 0x9, 0x38c8, 0x80000001, 0x4, 0xa11, 0x6, 0x3, 0x604, 0xfff, 0xab, 0x7, 0x5, 0x8, 0xc, 0x9, 0x401, 0xb, 0x4, 0x1ff, 0x4, 0x17, 0xffffff7f, 0x78, 0x4, 0x4, 0xa42, 0xfffffff7, 0x4, 0x5b564ea6, 0x2, 0x2, 0x2, 0x80000001, 0x1ff, 0x5, 0x3, 0x7, 0x6, 0xfffff000, 0x12aeb60c, 0x4, 0xbb6, 0x1, 0x3, 0x5, 0x7, 0x3, 0x85, 0x10, 0x1, 0x5, 0x1, 0x4, 0x6, 0xf65, 0x1d7, 0x9, 0x100, 0x0, 0x0, 0xc2, 0x1, 0x3, 0xffffffff, 0x1ff, 0x1, 0x30bb, 0x7, 0x40, 0xfffffff8, 0x5, 0x2, 0x1, 0x8, 0x8000, 0x5, 0x4, 0x31e, 0xffff8001, 0x6, 0xff, 0x9, 0x1ff, 0x9, 0x7, 0x7, 0x2, 0x412, 0x6, 0xf441, 0x6, 0x1, 0x7, 0x89, 0x3, 0x5, 0x0, 0x9, 0x7, 0x1, 0x4, 0xfffffffe, 0x4, 0x4, 0x10, 0x1, 0x720a, 0xffff, 0x5, 0x9, 0x7fff, 0x8, 0x1ac8efcb, 0x8, 0xf2c, 0x7, 0x80000000, 0x12, 0xfffff801, 0x2e4, 0x7, 0xfffffff9, 0x400, 0x4, 0x30, 0x10000, 0xfd, 0x4, 0x1, 0x5, 0x0, 0xc, 0x7, 0x47, 0x8, 0x0, 0x1, 0x7, 0x0, 0x8, 0x3, 0x6, 0x0, 0x10001, 0x0, 0xe9, 0x5, 0x1, 0x8d, 0xaacc, 0x6f, 0x7fffffff, 0x5, 0x6, 0x2, 0x10001, 0x4, 0x10000, 0x9, 0xe, 0x45e8, 0x9, 0xfffffff8, 0x6, 0x100, 0x5, 0xe, 0x73d, 0x31, 0x2000003, 0x0, 0x2, 0x3, 0xb70, 0x3]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0xfffffff7, 0x5, 0x7, 0x4, 0x2, 0x6, 0x1, 0xfb0, 0x8, 0x3, 0x5, 0x3, 0x0, 0x4, 0x9a, 0x9, 0x7, 0xfff, 0x7, 0x40, 0x5, 0x7fff, 0x9, 0x3, 0x5, 0x7ff, 0x4, 0x2, 0x7, 0x2, 0x83b, 0x2, 0x3b, 0x4, 0x0, 0x4, 0x9, 0xc, 0x1cabbb02, 0x4, 0x4, 0x2, 0x8001, 0x7fff, 0x80000000, 0x10000, 0xffff8906, 0x7fffffff, 0x0, 0x0, 0x9, 0xc0000000, 0x2, 0x6, 0x7f, 0x3, 0x10000, 0x0, 0x1, 0x6, 0x0, 0x1, 0x81, 0xcc2, 0x3800, 0x6, 0x18, 0x0, 0xfffffe00, 0x0, 0x6, 0x4, 0x3, 0x7, 0x1, 0xfffffffc, 0x8e4, 0xf5c1, 0x1, 0x5077, 0x3, 0x5, 0x7fff, 0x2, 0x4, 0x2, 0x3, 0x401, 0x6, 0x40, 0x7, 0x95, 0x5, 0x200, 0x1, 0x2, 0x7ff, 0x4, 0x8, 0xb, 0x0, 0x2, 0x0, 0xd266, 0x4, 0x0, 0x10001, 0x2, 0x101, 0x401, 0x200, 0x6, 0x1, 0x46, 0x8, 0x2, 0xfffffffe, 0x14e, 0x4, 0x3, 0x1, 0x2, 0x94e6, 0xfffffbff, 0xfffffffc, 0x10002, 0xfffd, 0xc, 0x4, 0x2, 0x40800000, 0x1f, 0x4, 0xffffffff, 0x800, 0x7, 0x3ff, 0x7ff, 0x101, 0x10, 0x5, 0x374, 0xc2f, 0x3, 0xffffff81, 0xfffffff7, 0x6, 0x8000, 0x8, 0x1, 0x1, 0x200, 0xcae, 0xc64, 0xffff, 0x7fff, 0x5, 0x8, 0x3c0, 0x9, 0x8, 0x6d5, 0xfffffff3, 0x401, 0x476b3752, 0xff, 0x0, 0x9, 0x7ff, 0x4, 0x3, 0x4, 0x7, 0x7249, 0x7, 0xffff8001, 0x95f, 0x8, 0x0, 0x1000, 0x800, 0x0, 0x2, 0xf2, 0x0, 0x3, 0xffff, 0x3, 0x0, 0x8000, 0x9, 0x4, 0xcc6, 0xffe00000, 0x22, 0xd56, 0x7, 0x3bb8, 0x10, 0x140, 0x81, 0x9, 0x9, 0x2, 0x2, 0x4, 0x3, 0x0, 0x3, 0xf, 0x0, 0xc527, 0x9, 0x8, 0x1, 0xffff86fd, 0x7, 0x2, 0x8, 0x3, 0x9, 0x5, 0x0, 0x4, 0xc12, 0x7f, 0x0, 0x0, 0x80000000, 0x3, 0x7, 0x9, 0x7, 0x9, 0x4, 0x8, 0xc9, 0xaf8, 0x3, 0x80000000, 0xad8c, 0x4, 0x2, 0xea9, 0x9, 0x5, 0x1, 0x7, 0x8, 0x9, 0x10000, 0x3, 0x7fb, 0xdbbb, 0x4, 0x2]}]}]}}]}, 0x87c}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xeb2ddb538380dd55, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) recvmmsg(r4, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/49, 0x31}, 0x6e1}], 0x1, 0x20, 0x0) setsockopt$sock_int(r4, 0x1, 0x28, &(0x7f0000000000)=0x3, 0x4) syz_emit_ethernet(0x2a, &(0x7f0000000580)=ANY=[@ANYBLOB="aaaaaaaaaaaa006c35d45e6bb0c79a59ee386eb3000000000008004500001c00000000000480b6e30000000007000000004e20000890787bcecd7697b671dcd565dc0c09477f70e976646d9d2857193e6dfe4c1edf776e0d43fbf3136c271308bebc248ff2f296f305d75e106187686ef95134ea5319d29a5dfcced697248c4281eb56f359c09a59b4ca87f78ac4ed4c9e57bf07000000596f7abd878c8b8ccb9dbfdb6cdf7087b69f443d1ea2a7d87d87e50e8f6dc4"], 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0xa044, &(0x7f0000000080)={[{@nodioread_nolock}, {@sb={'sb', 0x3d, 0x1}}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000400)='kmem_cache_free\x00', r3}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="12000000040000"], 0x50) bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=ANY=[@ANYBLOB="ec000000210001000000000000000000fc020000000000000000000000000001fe80000000000000000000000000003a00000000000000000a0000a02e0000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c0011000a010101000000000000000000f700007f000001000400000000000000000000fc02000000000000000000000000000100"/74], 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r0) open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x10) r6 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) 659.703496ms ago: executing program 1 (id=1273): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r1 = getpid() madvise(&(0x7f0000a5e000/0x1000)=nil, 0x1000, 0x17) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 605.110236ms ago: executing program 1 (id=1274): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2000003, 0x13, r0, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) readv(r2, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/88, 0x58}], 0x1) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4, 0x0, 0x2}, 0x18) symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000380)=@filename='./file0\x00', 0x0, 0x0) 585.145196ms ago: executing program 1 (id=1275): symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000380)=@filename='./file0\x00', 0x0, 0x0) 568.724506ms ago: executing program 1 (id=1276): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a0108000000000000000002000000090002007379"], 0x68}}, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 539.590327ms ago: executing program 3 (id=1277): personality(0x8) bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = gettid() ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r0, 0x4, 0x4002) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000b28000)=0x20000000000000ff) fcntl$setsig(r1, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r2}], 0x2c, 0xffffffffffbffff8) dup2(r1, r2) tkill(r0, 0x13) bpf$PROG_LOAD(0x5, 0x0, 0x0) futimesat(0xffffffffffffffff, 0x0, 0x0) 538.355247ms ago: executing program 0 (id=1278): creat(&(0x7f00000000c0)='./file0\x00', 0x0) symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') chroot(&(0x7f0000005040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00') pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x10, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {}, 0x2c, {[], [], 0x6b}}) 534.630236ms ago: executing program 1 (id=1279): personality(0x8) bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = gettid() ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r0, 0x4, 0x4002) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000b28000)=0x20000000000000ff) fcntl$setsig(r1, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r2}], 0x2c, 0xffffffffffbffff8) r3 = dup2(r1, r2) fcntl$setown(r1, 0x8, r0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x40}, 0x20000000) tkill(r0, 0x13) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x13, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x2c, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xffffffffffffffbe) futimesat(0xffffffffffffffff, 0x0, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x9b6]}, 0x8, 0x80000) 507.523777ms ago: executing program 0 (id=1280): personality(0x8) bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = gettid() ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r0, 0x4, 0x4002) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000b28000)=0x20000000000000ff) fcntl$setsig(r1, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r2}], 0x2c, 0xffffffffffbffff8) r3 = dup2(r1, r2) fcntl$setown(r1, 0x8, r0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x40}, 0x20000000) tkill(r0, 0x13) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x13, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x2c, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xffffffffffffffbe) futimesat(0xffffffffffffffff, 0x0, 0x0) uname(0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = signalfd4(r4, &(0x7f0000000080)={[0x9b6]}, 0x8, 0x80000) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001440), 0x4) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = memfd_secret(0x80000) fcntl$setlease(r8, 0x400, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001580)=@bpf_ext={0x1c, 0x17, &(0x7f0000000340)=ANY=[@ANYBLOB="95a40317517400154cc30000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000000000000850000008600000018570000050000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7", @ANYRES32=r4, @ANYBLOB="000000000000000018410000faffffff000000000000000018560000"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x1000, &(0x7f0000000400)=""/4096, 0x40f00, 0x40, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000001480)={0x7, 0x2}, 0x8, 0x10, &(0x7f00000014c0)={0x2, 0x5, 0x3, 0x10000}, 0x10, 0x1eeb, 0xffffffffffffffff, 0x1, &(0x7f0000001500)=[r7, r8], &(0x7f0000001540)=[{0x2, 0x2, 0xb, 0xf}], 0x10, 0xfffffff1}, 0x94) socket$inet6_sctp(0xa, 0x5, 0x84) 437.494307ms ago: executing program 1 (id=1281): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f00000006c0)=ANY=[], 0x2c, 0x1) setfsgid(0xee01) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]}) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x42, 0x61) r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0) write(r2, &(0x7f0000004200)='t', 0x1) sendfile(r2, r1, 0x0, 0x3ffff) sendfile(r2, r1, 0x0, 0x7ffff000) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xdb, '\x00', 0x0, @tracing=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x300, 0x198, 0xffffffff, 0xffffffff, 0x198, 0xffffffff, 0x268, 0xffffff7a, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1\x00', 'veth0_to_team\x00', {}, {}, 0x0, 0x0, 0x41}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x7d}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x2, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x360) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1d, 0xb, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000029cd949af69000000950000b9a303626ff4baf3cd9b265016dd7d4e1800"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x94) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x9}, 0x94) socket$packet(0x11, 0xa, 0x300) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xe, 0x0, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xcff, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xd9}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x48) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x1c}}, 0x0) setreuid(0xffffffffffffffff, 0xee01) open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) socket(0x2, 0x80805, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 422.088637ms ago: executing program 0 (id=1282): madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x73) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18) syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x40000000, 0x0) 233.332338ms ago: executing program 0 (id=1283): syz_io_uring_setup(0x49a, &(0x7f0000000200)={0x0, 0x79b0, 0x3180, 0x1, 0x116}, &(0x7f0000000080)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x1, 0x40, 0x1}) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="2e9b3d0007e03dd6", 0x8}], 0x1) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000bc3eb444cbaff137000000000000000000207892ea8c324c4e000000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r9 = msgget$private(0x0, 0x3ac) msgsnd(r9, &(0x7f0000000040)=ANY=[@ANYBLOB="02"], 0x8, 0x800) r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$TIOCSTI(r10, 0x5412, &(0x7f00000003c0)=0xf4) r11 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r11, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r11, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x4e23, 0xfffc, 0x4e23, 0x3, 0xa, 0x80, 0x30}, {0x100000000, 0x2, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x6, 0x8, 0x800000000001}, {0x9, 0xfffffffffffffffe, 0x0, 0x9}, 0xd6, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x210000, 0x33}, 0x0, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfffffffb}}, 0xe8) sendmmsg(r11, &(0x7f0000000480), 0x2e9, 0xffe0) msgrcv(r9, &(0x7f00000002c0)={0x0, ""/196}, 0xcc, 0x2, 0x1000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f00000004c0)='mmc_request_done\x00', r8, 0x0, 0xfffffffffffff001}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000200), 0x35c, 0x0) pselect6(0x40, &(0x7f0000000040)={0x9, 0x9f, 0x5, 0xdd3f, 0x2, 0xc, 0x4a, 0x101}, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 2 (id=1284): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000780)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') preadv(r2, &(0x7f0000000040)=[{&(0x7f0000000180)=""/88, 0x58}], 0x1, 0x90, 0xa4d) recvfrom$unix(r2, &(0x7f0000000480)=""/176, 0xb0, 0x100, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) pipe2(&(0x7f0000001cc0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',access=', @ANYRESDEC=0x0, @ANYBLOB=',\a']) kernel console output (not intermixed with test programs): 456] audit_log_subj_ctx+0xa4/0x3e0 [ 56.346737][ T4456] ? skb_put+0xa9/0xf0 [ 56.346819][ T4456] audit_log_task_context+0x48/0x70 [ 56.346853][ T4456] audit_log_task+0xf4/0x250 [ 56.346950][ T4456] ? kstrtouint+0x76/0xc0 [ 56.347036][ T4456] audit_seccomp+0x61/0x100 [ 56.347082][ T4456] ? __seccomp_filter+0x82d/0x1250 [ 56.347183][ T4456] __seccomp_filter+0x83e/0x1250 [ 56.347224][ T4456] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 56.347272][ T4456] ? vfs_write+0x7e8/0x960 [ 56.347326][ T4456] ? __rcu_read_unlock+0x4f/0x70 [ 56.347363][ T4456] ? __fget_files+0x184/0x1c0 [ 56.347407][ T4456] __secure_computing+0x82/0x150 [ 56.347449][ T4456] syscall_trace_enter+0xcf/0x1e0 [ 56.347493][ T4456] do_syscall_64+0xac/0x200 [ 56.347597][ T4456] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 56.347638][ T4456] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 56.347768][ T4456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.347798][ T4456] RIP: 0033:0x7f0717b3f6c9 [ 56.347822][ T4456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.347920][ T4456] RSP: 002b:00007f07165a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 56.347946][ T4456] RAX: ffffffffffffffda RBX: 00007f0717d95fa0 RCX: 00007f0717b3f6c9 [ 56.347963][ T4456] RDX: 0000000000000001 RSI: 000000000000f000 RDI: 0000200000000000 [ 56.347980][ T4456] RBP: 00007f07165a7090 R08: 0000000000000000 R09: 0000000000000000 [ 56.347996][ T4456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 56.348013][ T4456] R13: 00007f0717d96038 R14: 00007f0717d95fa0 R15: 00007ffeeec028e8 [ 56.348037][ T4456] [ 56.348108][ T4456] audit_panic: 1182 callbacks suppressed [ 56.348121][ T4456] audit: error in audit_log_subj_ctx [ 56.352532][ T4449] Code: 90 49 8d 7e 40 e8 c6 fc b8 ff 4d 8b 6e 40 4c 89 e7 e8 da f7 b8 ff 41 8b 56 48 48 c7 c7 83 d1 55 86 4c 89 ee e8 47 f8 67 ff 90 <0f> 0b 90 90 e9 ff fe ff ff e8 c8 e5 b5 03 0f 1f 84 00 00 00 00 00 [ 56.363133][ T29] audit: type=1326 audit(1762813727.338:2250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4455 comm="syz.3.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 56.372539][ T4449] RSP: 0018:ffffc9000f0575a0 EFLAGS: 00010246 [ 56.375815][ T29] audit: type=1326 audit(1762813727.338:2251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4455 comm="syz.3.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 56.375879][ T29] audit: type=1326 audit(1762813727.338:2252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4455 comm="syz.3.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 56.375913][ T29] audit: type=1326 audit(1762813727.338:2253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4455 comm="syz.3.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0717b3df10 code=0x7ffc0000 [ 56.378900][ T4449] [ 56.378908][ T4449] RAX: 7581337d2617e500 RBX: ffff888119c59bb8 RCX: 0000000000080000 [ 56.383331][ T29] audit: type=1326 audit(1762813727.338:2254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4455 comm="syz.3.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0717b3e17f code=0x7ffc0000 [ 56.387926][ T4449] RDX: ffffc90001f79000 RSI: 0000000000003c38 RDI: 0000000000003c39 [ 56.393104][ T29] audit: type=1326 audit(1762813727.338:2255): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=4455 comm="syz.3.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 56.396856][ T4449] RBP: 0000000000000002 R08: 0001c9000f057427 R09: 0000000000000000 [ 56.401381][ T29] audit: type=1326 audit(1762813727.408:2256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4455 comm="syz.3.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f0717b3e0dc code=0x7ffc0000 [ 56.407761][ T4449] R10: 00000000ffffffff R11: 0000000000000002 R12: ffff888119c59b68 [ 56.407782][ T4449] R13: 000000000000000b R14: ffff888119c59b20 R15: 0000000000000001 [ 56.412908][ T29] audit: type=1326 audit(1762813727.408:2257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4455 comm="syz.3.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0717b3e17f code=0x7ffc0000 [ 56.417752][ T4449] FS: 00007f9d9219f6c0(0000) GS:ffff8882aef13000(0000) knlGS:0000000000000000 [ 56.422779][ T29] audit: type=1326 audit(1762813727.408:2258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4455 comm="syz.3.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f0717b3e32a code=0x7ffc0000 [ 56.428692][ T4449] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.914731][ T4449] CR2: 00007ffeeec02b68 CR3: 0000000105a86000 CR4: 00000000003506f0 [ 56.922745][ T4449] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.930757][ T4449] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 56.938839][ T4449] Call Trace: [ 56.942125][ T4449] [ 56.945068][ T4449] ext4_xattr_set_entry+0x77f/0x1020 [ 56.950532][ T4449] ext4_xattr_ibody_set+0x184/0x3c0 [ 56.955771][ T4449] ext4_expand_extra_isize_ea+0xcbb/0x11f0 [ 56.961669][ T4449] __ext4_expand_extra_isize+0x246/0x280 [ 56.967358][ T4449] __ext4_mark_inode_dirty+0x29d/0x3f0 [ 56.972839][ T4449] ext4_evict_inode+0x80e/0xd90 [ 56.977876][ T4449] ? __pfx_ext4_evict_inode+0x10/0x10 [ 56.983336][ T4449] evict+0x2e3/0x550 [ 56.987300][ T4449] ? __dquot_initialize+0x146/0x7c0 [ 56.992522][ T4449] iput+0x4ed/0x650 [ 56.996363][ T4449] ext4_process_orphan+0x1a9/0x1c0 [ 57.001622][ T4449] ext4_orphan_cleanup+0x6a8/0xa00 [ 57.006787][ T4449] ext4_fill_super+0x3483/0x3810 [ 57.011739][ T4449] ? snprintf+0x86/0xb0 [ 57.015949][ T4449] ? set_blocksize+0x1a8/0x310 [ 57.020721][ T4449] ? sb_set_blocksize+0xe3/0x100 [ 57.025953][ T4449] ? setup_bdev_super+0x30e/0x370 [ 57.031217][ T4449] ? __pfx_ext4_fill_super+0x10/0x10 [ 57.036548][ T4449] get_tree_bdev_flags+0x291/0x300 [ 57.041806][ T4449] ? __pfx_ext4_fill_super+0x10/0x10 [ 57.047116][ T4449] get_tree_bdev+0x1f/0x30 [ 57.051586][ T4449] ext4_get_tree+0x1c/0x30 [ 57.056087][ T4449] vfs_get_tree+0x57/0x1d0 [ 57.060591][ T4449] do_new_mount+0x24d/0x660 [ 57.065248][ T4449] path_mount+0x4a5/0xb70 [ 57.069598][ T4449] ? user_path_at+0x109/0x130 [ 57.074394][ T4449] __se_sys_mount+0x28c/0x2e0 [ 57.079147][ T4449] __x64_sys_mount+0x67/0x80 [ 57.083779][ T4449] x64_sys_call+0x2b51/0x3000 [ 57.088542][ T4449] do_syscall_64+0xd2/0x200 [ 57.093129][ T4449] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 57.099270][ T4449] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 57.105140][ T4449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.111076][ T4449] RIP: 0033:0x7f9d93740e6a [ 57.115615][ T4449] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.135379][ T4449] RSP: 002b:00007f9d9219ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 57.143845][ T4449] RAX: ffffffffffffffda RBX: 00007f9d9219eef0 RCX: 00007f9d93740e6a [ 57.151908][ T4449] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f9d9219eeb0 [ 57.159915][ T4449] RBP: 0000200000000180 R08: 00007f9d9219eef0 R09: 0000000001a08700 [ 57.168017][ T4449] R10: 0000000001a08700 R11: 0000000000000246 R12: 00002000000001c0 [ 57.176023][ T4449] R13: 00007f9d9219eeb0 R14: 0000000000000470 R15: 0000200000000700 [ 57.184044][ T4449] [ 57.187101][ T4449] ---[ end trace 0000000000000000 ]--- [ 57.193582][ T4449] EXT4-fs (loop0): 1 orphan inode deleted [ 57.199919][ T4449] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.231968][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.481534][ T4490] loop3: detected capacity change from 0 to 512 [ 57.536734][ T4490] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.553804][ T4490] ext4 filesystem being mounted at /54/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 57.581971][ T4490] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.293: corrupted inode contents [ 57.594847][ T4490] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #2: comm syz.3.293: mark_inode_dirty error [ 57.607316][ T4490] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.293: corrupted inode contents [ 57.620557][ T4490] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.293: mark_inode_dirty error [ 57.643919][ T4490] __nla_validate_parse: 2 callbacks suppressed [ 57.643936][ T4490] netlink: 4 bytes leftover after parsing attributes in process `syz.3.293'. [ 57.786761][ T4490] team0: Port device team_slave_1 removed [ 57.941681][ T3544] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 57.942473][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 57.976920][ T4496] loop1: detected capacity change from 0 to 128 [ 58.011278][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.069984][ T4500] netlink: 12 bytes leftover after parsing attributes in process `syz.3.296'. [ 58.079032][ T4500] netlink: 12 bytes leftover after parsing attributes in process `syz.3.296'. [ 58.136123][ T4506] bio_check_eod: 242 callbacks suppressed [ 58.136138][ T4506] syz.1.294: attempt to access beyond end of device [ 58.136138][ T4506] loop1: rw=2049, sector=154, nr_sectors = 6 limit=128 [ 58.157545][ T4506] syz.1.294: attempt to access beyond end of device [ 58.157545][ T4506] loop1: rw=2049, sector=158, nr_sectors = 2 limit=128 [ 58.171260][ T4506] buffer_io_error: 158 callbacks suppressed [ 58.171279][ T4506] Buffer I/O error on dev loop1, logical block 79, lost async page write [ 58.194780][ T4506] syz.1.294: attempt to access beyond end of device [ 58.194780][ T4506] loop1: rw=2049, sector=160, nr_sectors = 2 limit=128 [ 58.208389][ T4506] Buffer I/O error on dev loop1, logical block 80, lost async page write [ 58.218323][ T4506] syz.1.294: attempt to access beyond end of device [ 58.218323][ T4506] loop1: rw=2049, sector=162, nr_sectors = 6 limit=128 [ 58.232637][ T4506] syz.1.294: attempt to access beyond end of device [ 58.232637][ T4506] loop1: rw=2049, sector=166, nr_sectors = 2 limit=128 [ 58.235646][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.246083][ T4506] Buffer I/O error on dev loop1, logical block 83, lost async page write [ 58.246191][ T4506] syz.1.294: attempt to access beyond end of device [ 58.246191][ T4506] loop1: rw=2049, sector=168, nr_sectors = 2 limit=128 [ 58.277146][ T4506] Buffer I/O error on dev loop1, logical block 84, lost async page write [ 58.287737][ T4506] syz.1.294: attempt to access beyond end of device [ 58.287737][ T4506] loop1: rw=2049, sector=186, nr_sectors = 6 limit=128 [ 58.305311][ T4506] syz.1.294: attempt to access beyond end of device [ 58.305311][ T4506] loop1: rw=2049, sector=190, nr_sectors = 2 limit=128 [ 58.318787][ T4506] Buffer I/O error on dev loop1, logical block 95, lost async page write [ 58.327414][ T4506] syz.1.294: attempt to access beyond end of device [ 58.327414][ T4506] loop1: rw=2049, sector=192, nr_sectors = 2 limit=128 [ 58.341259][ T4506] Buffer I/O error on dev loop1, logical block 96, lost async page write [ 58.356147][ T4522] netlink: 16 bytes leftover after parsing attributes in process `syz.0.301'. [ 58.363894][ T4506] syz.1.294: attempt to access beyond end of device [ 58.363894][ T4506] loop1: rw=2049, sector=194, nr_sectors = 6 limit=128 [ 58.381229][ T4506] Buffer I/O error on dev loop1, logical block 99, lost async page write [ 58.389792][ T4506] Buffer I/O error on dev loop1, logical block 100, lost async page write [ 58.465648][ T4506] Buffer I/O error on dev loop1, logical block 111, lost async page write [ 58.474643][ T4506] Buffer I/O error on dev loop1, logical block 112, lost async page write [ 58.590972][ T4536] loop3: detected capacity change from 0 to 512 [ 58.611626][ T4536] EXT4-fs (loop3): fragment/cluster size (4096) != block size (2048) [ 58.776334][ T4542] netlink: 12 bytes leftover after parsing attributes in process `syz.2.307'. [ 58.785341][ T4542] netlink: 12 bytes leftover after parsing attributes in process `syz.2.307'. [ 59.218535][ T4550] loop1: detected capacity change from 0 to 1024 [ 59.267378][ T4550] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (58532!=20869) [ 59.355409][ T4550] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002] [ 59.373872][ T4550] EXT4-fs (loop1): failed to initialize system zone (-117) [ 59.394264][ T4558] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 59.404759][ T4550] EXT4-fs (loop1): mount failed [ 59.415381][ T4560] FAULT_INJECTION: forcing a failure. [ 59.415381][ T4560] name failslab, interval 1, probability 0, space 0, times 0 [ 59.428090][ T4560] CPU: 0 UID: 0 PID: 4560 Comm: syz.0.314 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 59.428130][ T4560] Tainted: [W]=WARN [ 59.428139][ T4560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 59.428177][ T4560] Call Trace: [ 59.428186][ T4560] [ 59.428196][ T4560] __dump_stack+0x1d/0x30 [ 59.428297][ T4560] dump_stack_lvl+0xe8/0x140 [ 59.428319][ T4560] dump_stack+0x15/0x1b [ 59.428338][ T4560] should_fail_ex+0x265/0x280 [ 59.428363][ T4560] should_failslab+0x8c/0xb0 [ 59.428395][ T4560] kmem_cache_alloc_noprof+0x50/0x480 [ 59.428427][ T4560] ? security_inode_alloc+0x37/0x100 [ 59.428526][ T4560] security_inode_alloc+0x37/0x100 [ 59.428549][ T4560] inode_init_always_gfp+0x4b7/0x500 [ 59.428594][ T4560] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 59.428618][ T4560] alloc_inode+0x58/0x170 [ 59.428651][ T4560] new_inode+0x1d/0xe0 [ 59.428679][ T4560] shmem_get_inode+0x244/0x750 [ 59.428727][ T4560] __shmem_file_setup+0x113/0x210 [ 59.428749][ T4560] shmem_file_setup+0x3b/0x50 [ 59.428768][ T4560] __se_sys_memfd_create+0x2c3/0x590 [ 59.428856][ T4560] __x64_sys_memfd_create+0x31/0x40 [ 59.428881][ T4560] x64_sys_call+0x2ac2/0x3000 [ 59.428906][ T4560] do_syscall_64+0xd2/0x200 [ 59.428945][ T4560] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 59.428975][ T4560] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 59.429012][ T4560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.429035][ T4560] RIP: 0033:0x7f9d9373f6c9 [ 59.429051][ T4560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.429077][ T4560] RSP: 002b:00007f9d9219ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 59.429105][ T4560] RAX: ffffffffffffffda RBX: 0000000000000531 RCX: 00007f9d9373f6c9 [ 59.429179][ T4560] RDX: 00007f9d9219eef0 RSI: 0000000000000000 RDI: 00007f9d937c2960 [ 59.429192][ T4560] RBP: 0000200000000640 R08: 00007f9d9219ebb7 R09: 00007f9d9219ee40 [ 59.429205][ T4560] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000 [ 59.429218][ T4560] R13: 00007f9d9219eef0 R14: 00007f9d9219eeb0 R15: 00002000000001c0 [ 59.429239][ T4560] [ 59.430051][ T4553] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 59.656414][ T4556] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 59.656570][ T4553] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 59.672817][ T4556] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 59.685558][ T4562] netlink: 12 bytes leftover after parsing attributes in process `syz.0.315'. [ 59.694542][ T4562] netlink: 12 bytes leftover after parsing attributes in process `syz.0.315'. [ 59.770727][ T4565] loop1: detected capacity change from 0 to 128 [ 59.779739][ T4566] netlink: 4 bytes leftover after parsing attributes in process `syz.0.316'. [ 59.844366][ T4573] netlink: 40 bytes leftover after parsing attributes in process `syz.0.320'. [ 59.859699][ T4574] loop4: detected capacity change from 0 to 512 [ 59.894839][ T4574] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.913701][ T4574] ext4 filesystem being mounted at /72/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 59.952221][ T4574] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #2: comm syz.4.321: corrupted inode contents [ 59.965900][ T4574] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #2: comm syz.4.321: mark_inode_dirty error [ 59.977755][ T4574] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #2: comm syz.4.321: corrupted inode contents [ 60.005149][ T4574] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.321: mark_inode_dirty error [ 60.024942][ T4584] FAULT_INJECTION: forcing a failure. [ 60.024942][ T4584] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 60.038314][ T4584] CPU: 0 UID: 0 PID: 4584 Comm: syz.0.324 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 60.038382][ T4584] Tainted: [W]=WARN [ 60.038389][ T4584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 60.038402][ T4584] Call Trace: [ 60.038410][ T4584] [ 60.038417][ T4584] __dump_stack+0x1d/0x30 [ 60.038520][ T4584] dump_stack_lvl+0xe8/0x140 [ 60.038549][ T4584] dump_stack+0x15/0x1b [ 60.038675][ T4584] should_fail_ex+0x265/0x280 [ 60.038701][ T4584] should_fail+0xb/0x20 [ 60.038720][ T4584] should_fail_usercopy+0x1a/0x20 [ 60.038748][ T4584] _copy_from_user+0x1c/0xb0 [ 60.038781][ T4584] __sys_bpf+0x183/0x7c0 [ 60.038870][ T4584] __x64_sys_bpf+0x41/0x50 [ 60.038911][ T4584] x64_sys_call+0x2aee/0x3000 [ 60.038985][ T4584] do_syscall_64+0xd2/0x200 [ 60.039006][ T4584] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 60.039045][ T4584] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 60.039147][ T4584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.039176][ T4584] RIP: 0033:0x7f9d9373f6c9 [ 60.039196][ T4584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.039220][ T4584] RSP: 002b:00007f9d9219f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 60.039260][ T4584] RAX: ffffffffffffffda RBX: 00007f9d93995fa0 RCX: 00007f9d9373f6c9 [ 60.039277][ T4584] RDX: 0000000000000094 RSI: 00002000000001c0 RDI: 0000000000000005 [ 60.039293][ T4584] RBP: 00007f9d9219f090 R08: 0000000000000000 R09: 0000000000000000 [ 60.039309][ T4584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.039322][ T4584] R13: 00007f9d93996038 R14: 00007f9d93995fa0 R15: 00007ffe061952f8 [ 60.039341][ T4584] [ 60.247842][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.411133][ T4594] loop0: detected capacity change from 0 to 8192 [ 60.458740][ T4603] vlan2: entered allmulticast mode [ 60.545740][ T4587] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 60.553412][ T4587] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 60.561675][ T4587] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 60.569207][ T4587] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 60.763629][ T4625] netlink: 'syz.4.341': attribute type 21 has an invalid length. [ 60.780417][ T4625] loop4: detected capacity change from 0 to 512 [ 60.789109][ T4625] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.341: inode has both inline data and extents flags [ 60.802336][ T4625] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.341: couldn't read orphan inode 15 (err -117) [ 60.818489][ T4625] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.869938][ T4634] 8021q: adding VLAN 0 to HW filter on device bond1 [ 60.889871][ T4634] vlan2: entered allmulticast mode [ 60.895190][ T4634] bond1: entered allmulticast mode [ 61.061176][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.073872][ T4651] lo speed is unknown, defaulting to 1000 [ 61.088768][ T4651] lo speed is unknown, defaulting to 1000 [ 61.104654][ T4651] lo speed is unknown, defaulting to 1000 [ 61.123392][ T4651] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 61.149024][ T4651] infiniband s{z2: RDMA CMA: cma_listen_on_dev, error -98 [ 61.161600][ T4651] lo speed is unknown, defaulting to 1000 [ 61.167946][ T4651] lo speed is unknown, defaulting to 1000 [ 61.174410][ T4651] lo speed is unknown, defaulting to 1000 [ 61.181177][ T4651] lo speed is unknown, defaulting to 1000 [ 61.188918][ T4651] lo speed is unknown, defaulting to 1000 [ 61.195633][ T4651] lo speed is unknown, defaulting to 1000 [ 61.201922][ T4651] lo speed is unknown, defaulting to 1000 [ 61.355269][ T29] kauditd_printk_skb: 432 callbacks suppressed [ 61.355287][ T29] audit: type=1326 audit(1762813732.378:2691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8400f6c9 code=0x7ffc0000 [ 61.386013][ T29] audit: type=1326 audit(1762813732.378:2692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8400f6c9 code=0x7ffc0000 [ 61.409492][ T29] audit: type=1326 audit(1762813732.378:2693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f7c8400f6c9 code=0x7ffc0000 [ 61.433058][ T29] audit: type=1326 audit(1762813732.378:2694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8400f6c9 code=0x7ffc0000 [ 61.456412][ T29] audit: type=1326 audit(1762813732.378:2695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c8400f6c9 code=0x7ffc0000 [ 61.480013][ T29] audit: type=1326 audit(1762813732.378:2696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8400f6c9 code=0x7ffc0000 [ 61.503358][ T29] audit: type=1326 audit(1762813732.378:2697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7c8400f6c9 code=0x7ffc0000 [ 61.526842][ T29] audit: type=1326 audit(1762813732.378:2698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8400f6c9 code=0x7ffc0000 [ 61.550191][ T29] audit: type=1326 audit(1762813732.378:2699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8400f6c9 code=0x7ffc0000 [ 61.606176][ T4679] loop1: detected capacity change from 0 to 128 [ 61.759921][ T4693] vlan2: entered allmulticast mode [ 61.821103][ T4702] loop1: detected capacity change from 0 to 128 [ 61.847547][ T29] audit: type=1326 audit(1762813732.868:2700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4703 comm="syz.0.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d9373f6c9 code=0x7ffc0000 [ 61.888496][ T4706] loop2: detected capacity change from 0 to 128 [ 62.219518][ T4730] bond1: Invalid ad_actor_system MAC address. [ 62.225863][ T4730] bond1: option ad_actor_system: invalid value (149) [ 62.233998][ T4730] bond1 (unregistering): Released all slaves [ 62.241595][ T4727] FAULT_INJECTION: forcing a failure. [ 62.241595][ T4727] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 62.254967][ T4727] CPU: 0 UID: 0 PID: 4727 Comm: syz.2.372 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 62.255008][ T4727] Tainted: [W]=WARN [ 62.255014][ T4727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 62.255026][ T4727] Call Trace: [ 62.255032][ T4727] [ 62.255039][ T4727] __dump_stack+0x1d/0x30 [ 62.255093][ T4727] dump_stack_lvl+0xe8/0x140 [ 62.255133][ T4727] dump_stack+0x15/0x1b [ 62.255202][ T4727] should_fail_ex+0x265/0x280 [ 62.255228][ T4727] should_fail+0xb/0x20 [ 62.255243][ T4727] should_fail_usercopy+0x1a/0x20 [ 62.255263][ T4727] _copy_to_user+0x20/0xa0 [ 62.255286][ T4727] simple_read_from_buffer+0xb5/0x130 [ 62.255338][ T4727] proc_fail_nth_read+0x10e/0x150 [ 62.255370][ T4727] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 62.255399][ T4727] vfs_read+0x1a8/0x770 [ 62.255496][ T4727] ? __rcu_read_unlock+0x4f/0x70 [ 62.255520][ T4727] ? __fget_files+0x184/0x1c0 [ 62.255547][ T4727] ksys_read+0xda/0x1a0 [ 62.255571][ T4727] __x64_sys_read+0x40/0x50 [ 62.255658][ T4727] x64_sys_call+0x27c0/0x3000 [ 62.255680][ T4727] do_syscall_64+0xd2/0x200 [ 62.255699][ T4727] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 62.255725][ T4727] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 62.255826][ T4727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.255846][ T4727] RIP: 0033:0x7fd71d5ee0dc [ 62.255860][ T4727] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 62.255876][ T4727] RSP: 002b:00007fd71c057030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 62.255893][ T4727] RAX: ffffffffffffffda RBX: 00007fd71d845fa0 RCX: 00007fd71d5ee0dc [ 62.255905][ T4727] RDX: 000000000000000f RSI: 00007fd71c0570a0 RDI: 0000000000000005 [ 62.255961][ T4727] RBP: 00007fd71c057090 R08: 0000000000000000 R09: 0000000000000000 [ 62.255973][ T4727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 62.255985][ T4727] R13: 00007fd71d846038 R14: 00007fd71d845fa0 R15: 00007ffd927e2478 [ 62.256002][ T4727] [ 62.463390][ T4737] loop3: detected capacity change from 0 to 256 [ 62.470308][ T4737] FAT-fs (loop3): bogus number of FAT sectors [ 62.476554][ T4737] FAT-fs (loop3): Can't find a valid FAT filesystem [ 62.511278][ T4739] net_ratelimit: 12 callbacks suppressed [ 62.511300][ T4739] netlink: zone id is out of range [ 62.522123][ T4739] netlink: zone id is out of range [ 62.527323][ T4739] netlink: zone id is out of range [ 62.532457][ T4739] netlink: zone id is out of range [ 62.542278][ T4739] netlink: zone id is out of range [ 62.547496][ T4739] netlink: zone id is out of range [ 62.553750][ T4739] netlink: zone id is out of range [ 62.558958][ T4739] netlink: zone id is out of range [ 62.564232][ T4739] netlink: zone id is out of range [ 62.569745][ T4739] netlink: zone id is out of range [ 62.627613][ T4747] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 62.640109][ T4747] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 62.659931][ T4747] bond0: (slave ipvlan2): Error -95 calling set_mac_address [ 62.673946][ T4751] __nla_validate_parse: 15 callbacks suppressed [ 62.673997][ T4751] netlink: 12 bytes leftover after parsing attributes in process `syz.3.379'. [ 62.702040][ T4752] loop4: detected capacity change from 0 to 4096 [ 62.709622][ T4752] EXT4-fs: Ignoring removed nomblk_io_submit option [ 62.722917][ T4752] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.752005][ T4760] loop3: detected capacity change from 0 to 128 [ 62.765739][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.845383][ T4774] netlink: 12 bytes leftover after parsing attributes in process `syz.4.383'. [ 62.860494][ T4773] loop2: detected capacity change from 0 to 128 [ 62.880940][ T4778] vlan2: entered allmulticast mode [ 62.962727][ T4777] loop0: detected capacity change from 0 to 8192 [ 63.006916][ T4792] netlink: 28 bytes leftover after parsing attributes in process `syz.3.388'. [ 63.017334][ T4791] netlink: 83992 bytes leftover after parsing attributes in process `syz.0.387'. [ 63.066739][ T4798] netlink: 40 bytes leftover after parsing attributes in process `syz.0.391'. [ 63.110568][ T4803] vlan2: entered allmulticast mode [ 63.133876][ T4807] vlan2: entered allmulticast mode [ 63.675230][ T4814] loop4: detected capacity change from 0 to 8192 [ 63.734424][ T4820] loop4: detected capacity change from 0 to 128 [ 63.748801][ T4820] bio_check_eod: 284 callbacks suppressed [ 63.748818][ T4820] syz.4.400: attempt to access beyond end of device [ 63.748818][ T4820] loop4: rw=2049, sector=154, nr_sectors = 6 limit=128 [ 63.769187][ T4820] syz.4.400: attempt to access beyond end of device [ 63.769187][ T4820] loop4: rw=2049, sector=158, nr_sectors = 2 limit=128 [ 63.771500][ T4822] netlink: 83992 bytes leftover after parsing attributes in process `syz.1.401'. [ 63.782935][ T4820] buffer_io_error: 186 callbacks suppressed [ 63.782954][ T4820] Buffer I/O error on dev loop4, logical block 79, lost async page write [ 63.808348][ T4820] syz.4.400: attempt to access beyond end of device [ 63.808348][ T4820] loop4: rw=2049, sector=160, nr_sectors = 2 limit=128 [ 63.822053][ T4820] Buffer I/O error on dev loop4, logical block 80, lost async page write [ 63.831990][ T4820] syz.4.400: attempt to access beyond end of device [ 63.831990][ T4820] loop4: rw=2049, sector=162, nr_sectors = 6 limit=128 [ 63.850391][ T4820] syz.4.400: attempt to access beyond end of device [ 63.850391][ T4820] loop4: rw=2049, sector=166, nr_sectors = 2 limit=128 [ 63.863884][ T4820] Buffer I/O error on dev loop4, logical block 83, lost async page write [ 63.872652][ T4820] syz.4.400: attempt to access beyond end of device [ 63.872652][ T4820] loop4: rw=2049, sector=168, nr_sectors = 2 limit=128 [ 63.886570][ T4820] Buffer I/O error on dev loop4, logical block 84, lost async page write [ 63.900801][ T4820] syz.4.400: attempt to access beyond end of device [ 63.900801][ T4820] loop4: rw=2049, sector=186, nr_sectors = 6 limit=128 [ 63.914657][ T4820] syz.4.400: attempt to access beyond end of device [ 63.914657][ T4820] loop4: rw=2049, sector=190, nr_sectors = 2 limit=128 [ 63.928273][ T4820] Buffer I/O error on dev loop4, logical block 95, lost async page write [ 63.939215][ T4820] syz.4.400: attempt to access beyond end of device [ 63.939215][ T4820] loop4: rw=2049, sector=192, nr_sectors = 2 limit=128 [ 63.952665][ T4820] Buffer I/O error on dev loop4, logical block 96, lost async page write [ 63.962155][ T4820] syz.4.400: attempt to access beyond end of device [ 63.962155][ T4820] loop4: rw=2049, sector=194, nr_sectors = 6 limit=128 [ 63.976322][ T4820] Buffer I/O error on dev loop4, logical block 99, lost async page write [ 63.985143][ T4820] Buffer I/O error on dev loop4, logical block 100, lost async page write [ 63.996988][ T4828] netlink: 40 bytes leftover after parsing attributes in process `syz.0.404'. [ 63.997524][ T4820] Buffer I/O error on dev loop4, logical block 111, lost async page write [ 64.022895][ T4820] Buffer I/O error on dev loop4, logical block 112, lost async page write [ 64.105157][ T4834] loop2: detected capacity change from 0 to 8192 [ 64.130587][ T4838] loop1: detected capacity change from 0 to 512 [ 64.148318][ T4838] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -13 [ 64.160698][ T4838] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #13: comm syz.1.409: iget: bad i_size value: 12154757448730 [ 64.185553][ T4838] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.409: couldn't read orphan inode 13 (err -117) [ 64.189540][ T4845] netlink: 12 bytes leftover after parsing attributes in process `syz.3.407'. [ 64.200321][ T4838] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 64.230256][ T4838] EXT4-fs warning (device loop1): ext4_lookup:1799: Inconsistent encryption contexts: 2/12 [ 64.245631][ T4849] netlink: 316 bytes leftover after parsing attributes in process `syz.4.412'. [ 64.269162][ T4851] vlan2: entered allmulticast mode [ 64.283206][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.510622][ T4876] loop1: detected capacity change from 0 to 128 [ 64.526679][ T4874] lo speed is unknown, defaulting to 1000 [ 64.614501][ T4865] siw: device registration error -23 [ 64.684256][ T4887] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.738898][ T4887] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.758267][ T4888] pimreg: entered allmulticast mode [ 64.797054][ T4887] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.889432][ T4887] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.935993][ T4226] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.946937][ T4226] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.959479][ T4226] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.974048][ T96] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.983200][ T4887] pimreg: left allmulticast mode [ 65.007070][ T4896] smc: net device bond0 applied user defined pnetid SYZ0 [ 65.007628][ T4898] syz.1.426 uses obsolete (PF_INET,SOCK_PACKET) [ 65.024367][ T4898] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 65.032923][ T4898] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 65.107763][ T4899] loop3: detected capacity change from 0 to 8192 [ 65.174494][ T4911] netlink: 104 bytes leftover after parsing attributes in process `syz.4.433'. [ 65.779279][ T4939] loop0: detected capacity change from 0 to 512 [ 65.926182][ T4951] loop3: detected capacity change from 0 to 128 [ 66.409992][ T4998] netlink: 'syz.2.470': attribute type 21 has an invalid length. [ 66.437472][ T29] kauditd_printk_skb: 508 callbacks suppressed [ 66.437490][ T29] audit: type=1326 audit(1762813737.458:3209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4999 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 66.468171][ T29] audit: type=1326 audit(1762813737.458:3210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4999 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 66.491672][ T29] audit: type=1326 audit(1762813737.458:3211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4999 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 66.515347][ T29] audit: type=1326 audit(1762813737.458:3212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4999 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 66.539450][ T29] audit: type=1326 audit(1762813737.458:3213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4999 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 66.562905][ T29] audit: type=1326 audit(1762813737.458:3214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4999 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 66.586491][ T29] audit: type=1326 audit(1762813737.458:3215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4999 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 66.609985][ T29] audit: type=1326 audit(1762813737.458:3216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4999 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 66.633354][ T29] audit: type=1326 audit(1762813737.458:3217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4999 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 66.657168][ T29] audit: type=1326 audit(1762813737.458:3218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4999 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0717b3df10 code=0x7ffc0000 [ 66.837551][ T5021] vlan2: entered allmulticast mode [ 66.911711][ T5028] loop2: detected capacity change from 0 to 128 [ 67.209308][ T5043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.223693][ T5043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.251606][ T5049] loop2: detected capacity change from 0 to 8192 [ 67.449459][ T5061] netlink: 'syz.2.494': attribute type 21 has an invalid length. [ 67.681075][ T5076] __nla_validate_parse: 14 callbacks suppressed [ 67.681096][ T5076] netlink: 316 bytes leftover after parsing attributes in process `syz.3.501'. [ 67.707812][ T5074] netlink: 8 bytes leftover after parsing attributes in process `syz.0.500'. [ 67.800179][ T5085] vlan2: entered allmulticast mode [ 67.959330][ T5099] netlink: 83992 bytes leftover after parsing attributes in process `syz.1.511'. [ 67.968555][ T5099] net_ratelimit: 23 callbacks suppressed [ 67.968569][ T5099] netlink: zone id is out of range [ 67.979477][ T5099] netlink: zone id is out of range [ 67.984751][ T5099] netlink: zone id is out of range [ 67.989902][ T5099] netlink: zone id is out of range [ 67.995083][ T5099] netlink: zone id is out of range [ 68.000387][ T5099] netlink: zone id is out of range [ 68.006781][ T5099] netlink: zone id is out of range [ 68.011968][ T5099] netlink: zone id is out of range [ 68.017356][ T5099] netlink: zone id is out of range [ 68.022528][ T5099] netlink: zone id is out of range [ 68.062389][ T5107] netlink: 83992 bytes leftover after parsing attributes in process `syz.1.514'. [ 68.073963][ T5109] netlink: 'syz.3.515': attribute type 21 has an invalid length. [ 68.094886][ T5109] netlink: 156 bytes leftover after parsing attributes in process `syz.3.515'. [ 68.104025][ T5109] netlink: 4 bytes leftover after parsing attributes in process `syz.3.515'. [ 68.167591][ T5111] loop4: detected capacity change from 0 to 8192 [ 68.230193][ T5123] loop3: detected capacity change from 0 to 512 [ 68.239589][ T5125] netlink: 40 bytes leftover after parsing attributes in process `syz.1.522'. [ 68.298344][ T5129] netlink: 83992 bytes leftover after parsing attributes in process `syz.4.524'. [ 68.409955][ T5139] loop1: detected capacity change from 0 to 128 [ 68.524025][ T5143] loop4: detected capacity change from 0 to 8192 [ 68.674740][ T5154] netlink: 256 bytes leftover after parsing attributes in process `syz.0.536'. [ 68.691803][ T5161] netlink: 'syz.2.539': attribute type 21 has an invalid length. [ 68.712407][ T5161] netlink: 156 bytes leftover after parsing attributes in process `syz.2.539'. [ 68.728601][ T5166] netlink: 'syz.1.540': attribute type 21 has an invalid length. [ 68.744020][ T5161] loop2: detected capacity change from 0 to 512 [ 68.764104][ T5161] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.539: inode has both inline data and extents flags [ 68.778523][ T5161] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.539: couldn't read orphan inode 15 (err -117) [ 68.791226][ T5161] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 68.830342][ T5180] vlan2: entered allmulticast mode [ 69.027996][ T5199] loop3: detected capacity change from 0 to 128 [ 69.056810][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.122881][ T5217] bio_check_eod: 200 callbacks suppressed [ 69.122901][ T5217] syz.3.554: attempt to access beyond end of device [ 69.122901][ T5217] loop3: rw=2049, sector=154, nr_sectors = 6 limit=128 [ 69.144533][ T5217] syz.3.554: attempt to access beyond end of device [ 69.144533][ T5217] loop3: rw=2049, sector=158, nr_sectors = 2 limit=128 [ 69.158124][ T5217] buffer_io_error: 130 callbacks suppressed [ 69.158143][ T5217] Buffer I/O error on dev loop3, logical block 79, lost async page write [ 69.173822][ T5217] syz.3.554: attempt to access beyond end of device [ 69.173822][ T5217] loop3: rw=2049, sector=160, nr_sectors = 2 limit=128 [ 69.187223][ T5217] Buffer I/O error on dev loop3, logical block 80, lost async page write [ 69.196279][ T5217] syz.3.554: attempt to access beyond end of device [ 69.196279][ T5217] loop3: rw=2049, sector=162, nr_sectors = 6 limit=128 [ 69.223028][ T5217] syz.3.554: attempt to access beyond end of device [ 69.223028][ T5217] loop3: rw=2049, sector=166, nr_sectors = 2 limit=128 [ 69.236635][ T5217] Buffer I/O error on dev loop3, logical block 83, lost async page write [ 69.245683][ T5217] syz.3.554: attempt to access beyond end of device [ 69.245683][ T5217] loop3: rw=2049, sector=168, nr_sectors = 2 limit=128 [ 69.259049][ T5217] Buffer I/O error on dev loop3, logical block 84, lost async page write [ 69.272194][ T5228] vlan2: entered allmulticast mode [ 69.284241][ T5217] syz.3.554: attempt to access beyond end of device [ 69.284241][ T5217] loop3: rw=2049, sector=186, nr_sectors = 6 limit=128 [ 69.298969][ T5217] syz.3.554: attempt to access beyond end of device [ 69.298969][ T5217] loop3: rw=2049, sector=190, nr_sectors = 2 limit=128 [ 69.312578][ T5217] Buffer I/O error on dev loop3, logical block 95, lost async page write [ 69.326058][ T5217] syz.3.554: attempt to access beyond end of device [ 69.326058][ T5217] loop3: rw=2049, sector=192, nr_sectors = 2 limit=128 [ 69.339471][ T5217] Buffer I/O error on dev loop3, logical block 96, lost async page write [ 69.348638][ T5217] syz.3.554: attempt to access beyond end of device [ 69.348638][ T5217] loop3: rw=2049, sector=194, nr_sectors = 6 limit=128 [ 69.362622][ T5217] Buffer I/O error on dev loop3, logical block 99, lost async page write [ 69.372221][ T5217] Buffer I/O error on dev loop3, logical block 100, lost async page write [ 69.387584][ T5217] Buffer I/O error on dev loop3, logical block 111, lost async page write [ 69.397291][ T5217] Buffer I/O error on dev loop3, logical block 112, lost async page write [ 69.653468][ T5257] Cannot find add_set index 0 as target [ 69.674886][ T5259] netlink: 'syz.2.578': attribute type 21 has an invalid length. [ 69.700268][ T5259] loop2: detected capacity change from 0 to 512 [ 69.710153][ T5259] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.578: inode has both inline data and extents flags [ 69.723581][ T5259] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.578: couldn't read orphan inode 15 (err -117) [ 69.736114][ T5259] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.774582][ T5266] netlink: 'syz.3.581': attribute type 21 has an invalid length. [ 69.789994][ T5269] FAULT_INJECTION: forcing a failure. [ 69.789994][ T5269] name failslab, interval 1, probability 0, space 0, times 0 [ 69.790950][ T5266] loop3: detected capacity change from 0 to 512 [ 69.802817][ T5269] CPU: 1 UID: 0 PID: 5269 Comm: syz.4.582 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 69.802856][ T5269] Tainted: [W]=WARN [ 69.802866][ T5269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 69.802883][ T5269] Call Trace: [ 69.802895][ T5269] [ 69.802906][ T5269] __dump_stack+0x1d/0x30 [ 69.802943][ T5269] dump_stack_lvl+0xe8/0x140 [ 69.803003][ T5269] dump_stack+0x15/0x1b [ 69.803029][ T5269] should_fail_ex+0x265/0x280 [ 69.803057][ T5269] should_failslab+0x8c/0xb0 [ 69.803100][ T5269] __kmalloc_node_track_caller_noprof+0xa5/0x580 [ 69.803224][ T5269] ? sidtab_sid2str_get+0xa0/0x130 [ 69.803329][ T5269] kmemdup_noprof+0x2b/0x70 [ 69.803368][ T5269] sidtab_sid2str_get+0xa0/0x130 [ 69.803413][ T5269] security_sid_to_context_core+0x1eb/0x2e0 [ 69.803499][ T5269] security_sid_to_context+0x27/0x40 [ 69.803545][ T5269] selinux_lsmprop_to_secctx+0x67/0xf0 [ 69.803592][ T5269] security_lsmprop_to_secctx+0x1a3/0x1c0 [ 69.803627][ T5269] audit_log_subj_ctx+0xa4/0x3e0 [ 69.803659][ T5269] ? skb_put+0xa9/0xf0 [ 69.803704][ T5269] audit_log_task_context+0x48/0x70 [ 69.803737][ T5269] audit_log_task+0xf4/0x250 [ 69.803862][ T5269] ? kstrtouint+0x76/0xc0 [ 69.803909][ T5269] audit_seccomp+0x61/0x100 [ 69.803956][ T5269] ? __seccomp_filter+0x82d/0x1250 [ 69.804050][ T5269] __seccomp_filter+0x83e/0x1250 [ 69.804092][ T5269] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 69.804139][ T5269] ? vfs_write+0x7e8/0x960 [ 69.804213][ T5269] __secure_computing+0x82/0x150 [ 69.804295][ T5269] syscall_trace_enter+0xcf/0x1e0 [ 69.804340][ T5269] do_syscall_64+0xac/0x200 [ 69.804372][ T5269] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 69.804414][ T5269] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 69.804516][ T5269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.804546][ T5269] RIP: 0033:0x7f96a026f6c9 [ 69.804571][ T5269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.804596][ T5269] RSP: 002b:00007f969ecd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000007f [ 69.804624][ T5269] RAX: ffffffffffffffda RBX: 00007f96a04c5fa0 RCX: 00007f96a026f6c9 [ 69.804642][ T5269] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 69.804712][ T5269] RBP: 00007f969ecd7090 R08: 0000000000000000 R09: 0000000000000000 [ 69.804728][ T5269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 69.804745][ T5269] R13: 00007f96a04c6038 R14: 00007f96a04c5fa0 R15: 00007fff3d5ad628 [ 69.804772][ T5269] [ 70.066945][ T5266] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.581: inode has both inline data and extents flags [ 70.081228][ T5266] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.581: couldn't read orphan inode 15 (err -117) [ 70.093887][ T5266] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.128948][ T5283] loop0: detected capacity change from 0 to 128 [ 70.165868][ T5289] vlan2: entered allmulticast mode [ 70.194939][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.242195][ T5295] netlink: 'syz.2.592': attribute type 21 has an invalid length. [ 70.256342][ T5295] loop2: detected capacity change from 0 to 512 [ 70.265717][ T5295] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.592: inode has both inline data and extents flags [ 70.282568][ T5295] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.592: couldn't read orphan inode 15 (err -117) [ 70.295684][ T5295] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.386381][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.481799][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.539897][ T5322] loop2: detected capacity change from 0 to 2048 [ 70.557216][ T5322] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 70.569458][ T5320] loop3: detected capacity change from 0 to 8192 [ 70.569525][ T5322] ext4 filesystem being mounted at /113/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 70.606914][ T5328] loop0: detected capacity change from 0 to 512 [ 70.678436][ T5333] loop3: detected capacity change from 0 to 512 [ 70.926953][ T5344] loop4: detected capacity change from 0 to 128 [ 71.265769][ T5363] loop4: detected capacity change from 0 to 8192 [ 71.305321][ T5170] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 345: padding at end of block bitmap is not set [ 71.362874][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.394610][ T5365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.403186][ T5365] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.515035][ T5379] netlink: 'syz.2.622': attribute type 21 has an invalid length. [ 71.524647][ T29] kauditd_printk_skb: 548 callbacks suppressed [ 71.524666][ T29] audit: type=1326 audit(1762813742.538:3766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5378 comm="syz.2.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 71.554781][ T5379] loop2: detected capacity change from 0 to 512 [ 71.561249][ T29] audit: type=1326 audit(1762813742.538:3767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5378 comm="syz.2.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 71.568802][ T5379] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.622: inode has both inline data and extents flags [ 71.584769][ T29] audit: type=1326 audit(1762813742.538:3768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5378 comm="syz.2.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 71.598561][ T5379] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.622: couldn't read orphan inode 15 (err -117) [ 71.621261][ T29] audit: type=1326 audit(1762813742.538:3769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5378 comm="syz.2.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 71.636000][ T5379] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.657625][ T29] audit: type=1326 audit(1762813742.538:3770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5378 comm="syz.2.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 71.657703][ T29] audit: type=1326 audit(1762813742.538:3771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5378 comm="syz.2.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 71.717194][ T29] audit: type=1326 audit(1762813742.538:3772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5378 comm="syz.2.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 71.740808][ T29] audit: type=1326 audit(1762813742.538:3773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5378 comm="syz.2.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 71.764255][ T29] audit: type=1326 audit(1762813742.548:3774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5378 comm="syz.2.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 71.787791][ T29] audit: type=1326 audit(1762813742.548:3775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5378 comm="syz.2.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 71.915626][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.019171][ T5403] Cannot find add_set index 0 as target [ 72.030733][ T5404] loop4: detected capacity change from 0 to 512 [ 72.052471][ T5406] vlan2: entered allmulticast mode [ 72.323805][ T5417] loop2: detected capacity change from 0 to 8192 [ 72.371508][ T5420] Cannot find add_set index 0 as target [ 72.424421][ T5427] netlink: 'syz.0.640': attribute type 21 has an invalid length. [ 72.439558][ T5427] loop0: detected capacity change from 0 to 512 [ 72.448503][ T5427] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.640: inode has both inline data and extents flags [ 72.461955][ T5427] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.640: couldn't read orphan inode 15 (err -117) [ 72.474733][ T5427] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.700094][ T5443] __nla_validate_parse: 23 callbacks suppressed [ 72.700110][ T5443] netlink: 148 bytes leftover after parsing attributes in process `syz.2.645'. [ 72.715824][ T5443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.645'. [ 72.754955][ T5445] loop2: detected capacity change from 0 to 1024 [ 72.762953][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.780584][ T5445] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.829421][ T5454] vlan2: entered allmulticast mode [ 72.888143][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.997588][ T5451] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 73.006112][ T5451] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 73.035766][ T5459] Cannot find del_set index 3 as target [ 73.082408][ T5465] Cannot find del_set index 3 as target [ 73.106796][ T5468] netlink: 40 bytes leftover after parsing attributes in process `syz.2.654'. [ 73.170700][ T5461] loop1: detected capacity change from 0 to 1024 [ 73.177976][ T5461] EXT4-fs: Ignoring removed orlov option [ 73.186049][ T5461] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.205303][ T5475] loop2: detected capacity change from 0 to 512 [ 73.213366][ T5475] netlink: 156 bytes leftover after parsing attributes in process `syz.2.656'. [ 73.223834][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.343155][ T5478] netlink: 12 bytes leftover after parsing attributes in process `syz.1.657'. [ 73.609132][ T5483] loop0: detected capacity change from 0 to 512 [ 73.673835][ T5487] netlink: 4 bytes leftover after parsing attributes in process `syz.4.661'. [ 73.688434][ T5487] bond1: Invalid ad_actor_system MAC address. [ 73.694605][ T5487] bond1: option ad_actor_system: invalid value (149) [ 73.702983][ T5487] bond1 (unregistering): Released all slaves [ 73.814996][ T5495] netlink: 'syz.4.664': attribute type 21 has an invalid length. [ 73.823241][ T5495] netlink: 156 bytes leftover after parsing attributes in process `syz.4.664'. [ 73.832329][ T5495] netlink: 4 bytes leftover after parsing attributes in process `syz.4.664'. [ 73.854099][ T5485] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 73.862836][ T5485] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 73.941441][ T5504] netlink: 40 bytes leftover after parsing attributes in process `syz.4.667'. [ 74.026802][ T5508] loop4: detected capacity change from 0 to 8192 [ 74.225425][ T5513] loop4: detected capacity change from 0 to 512 [ 74.237002][ T5513] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.671: Failed to acquire dquot type 1 [ 74.249480][ T5513] EXT4-fs (loop4): 1 truncate cleaned up [ 74.255668][ T5513] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.268454][ T5513] ext4 filesystem being mounted at /141/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 74.300572][ T5528] netlink: 'syz.1.676': attribute type 21 has an invalid length. [ 74.308650][ T5528] netlink: 156 bytes leftover after parsing attributes in process `syz.1.676'. [ 74.451880][ T5536] netlink: 'syz.1.680': attribute type 21 has an invalid length. [ 74.462495][ T5534] loop0: detected capacity change from 0 to 1024 [ 74.474993][ T5536] loop1: detected capacity change from 0 to 512 [ 74.489797][ T5536] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.680: inode has both inline data and extents flags [ 74.503503][ T5536] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.680: couldn't read orphan inode 15 (err -117) [ 74.504104][ T5534] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.516112][ T5536] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.544999][ T5542] loop3: detected capacity change from 0 to 512 [ 74.608950][ T5534] FAULT_INJECTION: forcing a failure. [ 74.608950][ T5534] name failslab, interval 1, probability 0, space 0, times 0 [ 74.621821][ T5534] CPU: 0 UID: 0 PID: 5534 Comm: syz.0.678 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 74.621855][ T5534] Tainted: [W]=WARN [ 74.621864][ T5534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 74.621935][ T5534] Call Trace: [ 74.621943][ T5534] [ 74.621952][ T5534] __dump_stack+0x1d/0x30 [ 74.622033][ T5534] dump_stack_lvl+0xe8/0x140 [ 74.622059][ T5534] dump_stack+0x15/0x1b [ 74.622151][ T5534] should_fail_ex+0x265/0x280 [ 74.622195][ T5534] should_failslab+0x8c/0xb0 [ 74.622235][ T5534] __kmalloc_noprof+0xa5/0x570 [ 74.622274][ T5534] ? copy_splice_read+0xc2/0x660 [ 74.622300][ T5534] copy_splice_read+0xc2/0x660 [ 74.622351][ T5534] ? __pfx_ext4_file_splice_read+0x10/0x10 [ 74.622374][ T5534] splice_direct_to_actor+0x290/0x680 [ 74.622420][ T5534] ? __pfx_direct_splice_actor+0x10/0x10 [ 74.622457][ T5534] do_splice_direct+0xda/0x150 [ 74.622547][ T5534] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 74.622583][ T5534] do_sendfile+0x380/0x650 [ 74.622632][ T5534] __x64_sys_sendfile64+0x105/0x150 [ 74.622729][ T5534] x64_sys_call+0x2bb4/0x3000 [ 74.622757][ T5534] do_syscall_64+0xd2/0x200 [ 74.622785][ T5534] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 74.622858][ T5534] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 74.622934][ T5534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.622962][ T5534] RIP: 0033:0x7f9d9373f6c9 [ 74.622979][ T5534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.623003][ T5534] RSP: 002b:00007f9d9219f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 74.623046][ T5534] RAX: ffffffffffffffda RBX: 00007f9d93995fa0 RCX: 00007f9d9373f6c9 [ 74.623062][ T5534] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 74.623078][ T5534] RBP: 00007f9d9219f090 R08: 0000000000000000 R09: 0000000000000000 [ 74.623098][ T5534] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001 [ 74.623114][ T5534] R13: 00007f9d93996038 R14: 00007f9d93995fa0 R15: 00007ffe061952f8 [ 74.623136][ T5534] [ 74.857707][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.876199][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.956980][ T5549] loop1: detected capacity change from 0 to 512 [ 74.971877][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.983164][ T5549] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 74.996467][ T5549] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 75.013780][ T5549] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 75.035418][ T5549] EXT4-fs (loop1): 1 truncate cleaned up [ 75.044595][ T5563] netlink: 'syz.4.688': attribute type 21 has an invalid length. [ 75.060612][ T5549] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.132204][ T5568] loop2: detected capacity change from 0 to 512 [ 75.157775][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.177172][ T5572] netlink: 'syz.1.692': attribute type 21 has an invalid length. [ 75.192640][ T5572] loop1: detected capacity change from 0 to 512 [ 75.201486][ T5572] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.692: inode has both inline data and extents flags [ 75.215437][ T5572] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.692: couldn't read orphan inode 15 (err -117) [ 75.227981][ T5572] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.302185][ T5567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 75.310908][ T5567] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 75.421973][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.440731][ T5593] FAULT_INJECTION: forcing a failure. [ 75.440731][ T5593] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 75.454089][ T5593] CPU: 0 UID: 0 PID: 5593 Comm: syz.1.698 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 75.454138][ T5593] Tainted: [W]=WARN [ 75.454147][ T5593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 75.454174][ T5593] Call Trace: [ 75.454189][ T5593] [ 75.454200][ T5593] __dump_stack+0x1d/0x30 [ 75.454276][ T5593] dump_stack_lvl+0xe8/0x140 [ 75.454301][ T5593] dump_stack+0x15/0x1b [ 75.454318][ T5593] should_fail_ex+0x265/0x280 [ 75.454338][ T5593] should_fail_alloc_page+0xf2/0x100 [ 75.454445][ T5593] alloc_pages_bulk_noprof+0xef/0x540 [ 75.454547][ T5593] copy_splice_read+0xf3/0x660 [ 75.454592][ T5593] ? __pfx_copy_splice_read+0x10/0x10 [ 75.454666][ T5593] splice_direct_to_actor+0x26f/0x680 [ 75.454809][ T5593] ? __pfx_direct_splice_actor+0x10/0x10 [ 75.454867][ T5593] do_splice_direct+0xda/0x150 [ 75.454892][ T5593] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 75.454930][ T5593] do_sendfile+0x380/0x650 [ 75.455019][ T5593] __x64_sys_sendfile64+0x105/0x150 [ 75.455139][ T5593] x64_sys_call+0x2bb4/0x3000 [ 75.455167][ T5593] do_syscall_64+0xd2/0x200 [ 75.455191][ T5593] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 75.455229][ T5593] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 75.455292][ T5593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.455318][ T5593] RIP: 0033:0x7f7c8400f6c9 [ 75.455386][ T5593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.455404][ T5593] RSP: 002b:00007f7c82a77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 75.455424][ T5593] RAX: ffffffffffffffda RBX: 00007f7c84265fa0 RCX: 00007f7c8400f6c9 [ 75.455440][ T5593] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 75.455456][ T5593] RBP: 00007f7c82a77090 R08: 0000000000000000 R09: 0000000000000000 [ 75.455537][ T5593] R10: 7fffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 75.455632][ T5593] R13: 00007f7c84266038 R14: 00007f7c84265fa0 R15: 00007fff6951dc38 [ 75.455657][ T5593] [ 75.703359][ T5598] x_tables: duplicate underflow at hook 1 [ 75.744296][ T5602] netlink: 'syz.1.702': attribute type 21 has an invalid length. [ 75.760664][ T5602] loop1: detected capacity change from 0 to 512 [ 75.770399][ T5602] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.702: inode has both inline data and extents flags [ 75.783846][ T5602] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.702: couldn't read orphan inode 15 (err -117) [ 75.796324][ T5602] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.811169][ T5591] loop3: detected capacity change from 0 to 1024 [ 75.818459][ T5591] EXT4-fs: Ignoring removed orlov option [ 75.826924][ T5591] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.856418][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.944535][ T5623] net_ratelimit: 45 callbacks suppressed [ 75.944557][ T5623] netlink: zone id is out of range [ 75.955490][ T5623] netlink: zone id is out of range [ 75.960924][ T5623] netlink: zone id is out of range [ 75.966143][ T5623] netlink: zone id is out of range [ 75.974095][ T5626] loop3: detected capacity change from 0 to 512 [ 75.982085][ T5623] netlink: zone id is out of range [ 75.988831][ T5623] netlink: zone id is out of range [ 75.995324][ T5623] netlink: zone id is out of range [ 76.000460][ T5623] netlink: zone id is out of range [ 76.005968][ T5623] netlink: zone id is out of range [ 76.011240][ T5623] netlink: zone id is out of range [ 76.062493][ T5633] FAULT_INJECTION: forcing a failure. [ 76.062493][ T5633] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 76.075843][ T5633] CPU: 0 UID: 0 PID: 5633 Comm: syz.0.711 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 76.075969][ T5633] Tainted: [W]=WARN [ 76.075978][ T5633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 76.076058][ T5633] Call Trace: [ 76.076067][ T5633] [ 76.076077][ T5633] __dump_stack+0x1d/0x30 [ 76.076108][ T5633] dump_stack_lvl+0xe8/0x140 [ 76.076173][ T5633] dump_stack+0x15/0x1b [ 76.076196][ T5633] should_fail_ex+0x265/0x280 [ 76.076221][ T5633] should_fail_alloc_page+0xf2/0x100 [ 76.076261][ T5633] __alloc_frozen_pages_noprof+0xff/0x360 [ 76.076347][ T5633] alloc_pages_mpol+0xb3/0x260 [ 76.076376][ T5633] alloc_pages_noprof+0x90/0x130 [ 76.076402][ T5633] pte_alloc_one+0x1e/0xd0 [ 76.076425][ T5633] __pte_alloc+0x32/0x290 [ 76.076505][ T5633] handle_mm_fault+0x1c18/0x2be0 [ 76.076590][ T5633] ? check_vma_flags+0x26e/0x340 [ 76.076680][ T5633] __get_user_pages+0x102a/0x1ed0 [ 76.076712][ T5633] __gup_longterm_locked+0x8ef/0xe60 [ 76.076875][ T5633] ? security_ptrace_access_check+0x69/0x80 [ 76.076969][ T5633] ? __ptrace_may_access+0x2c3/0x340 [ 76.077039][ T5633] pin_user_pages_remote+0x7e/0xb0 [ 76.077065][ T5633] process_vm_rw+0x484/0x960 [ 76.077125][ T5633] __x64_sys_process_vm_writev+0x78/0x90 [ 76.077224][ T5633] x64_sys_call+0x2a80/0x3000 [ 76.077244][ T5633] do_syscall_64+0xd2/0x200 [ 76.077262][ T5633] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 76.077288][ T5633] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 76.077423][ T5633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.077442][ T5633] RIP: 0033:0x7f9d9373f6c9 [ 76.077474][ T5633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.077490][ T5633] RSP: 002b:00007f9d9219f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 76.077507][ T5633] RAX: ffffffffffffffda RBX: 00007f9d93995fa0 RCX: 00007f9d9373f6c9 [ 76.077518][ T5633] RDX: 0000000000000001 RSI: 0000200000001c80 RDI: 0000000000000166 [ 76.077529][ T5633] RBP: 00007f9d9219f090 R08: 0000000000000001 R09: 0000000000000000 [ 76.077603][ T5633] R10: 0000200000001d80 R11: 0000000000000246 R12: 0000000000000001 [ 76.077614][ T5633] R13: 00007f9d93996038 R14: 00007f9d93995fa0 R15: 00007ffe061952f8 [ 76.077632][ T5633] [ 76.326770][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.447557][ T5638] Cannot find add_set index 0 as target [ 76.538389][ T5636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.547290][ T5636] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.626899][ T5646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.635524][ T5646] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.685378][ T5657] Cannot find add_set index 0 as target [ 76.787579][ T5663] loop1: detected capacity change from 0 to 128 [ 76.856599][ T5666] bio_check_eod: 116 callbacks suppressed [ 76.856616][ T5666] syz.1.725: attempt to access beyond end of device [ 76.856616][ T5666] loop1: rw=1, sector=145, nr_sectors = 16 limit=128 [ 76.876367][ T5666] syz.1.725: attempt to access beyond end of device [ 76.876367][ T5666] loop1: rw=1, sector=169, nr_sectors = 8 limit=128 [ 76.889499][ T5666] syz.1.725: attempt to access beyond end of device [ 76.889499][ T5666] loop1: rw=1, sector=185, nr_sectors = 8 limit=128 [ 76.902780][ T5666] syz.1.725: attempt to access beyond end of device [ 76.902780][ T5666] loop1: rw=1, sector=201, nr_sectors = 8 limit=128 [ 76.921853][ T5666] syz.1.725: attempt to access beyond end of device [ 76.921853][ T5666] loop1: rw=1, sector=217, nr_sectors = 8 limit=128 [ 76.937452][ T5666] syz.1.725: attempt to access beyond end of device [ 76.937452][ T5666] loop1: rw=1, sector=233, nr_sectors = 8 limit=128 [ 76.950606][ T5666] syz.1.725: attempt to access beyond end of device [ 76.950606][ T5666] loop1: rw=1, sector=249, nr_sectors = 8 limit=128 [ 76.963738][ T5666] syz.1.725: attempt to access beyond end of device [ 76.963738][ T5666] loop1: rw=1, sector=265, nr_sectors = 8 limit=128 [ 76.976887][ T5666] syz.1.725: attempt to access beyond end of device [ 76.976887][ T5666] loop1: rw=1, sector=281, nr_sectors = 8 limit=128 [ 76.990087][ T5666] syz.1.725: attempt to access beyond end of device [ 76.990087][ T5666] loop1: rw=1, sector=297, nr_sectors = 8 limit=128 [ 77.031394][ T29] kauditd_printk_skb: 547 callbacks suppressed [ 77.031413][ T29] audit: type=1326 audit(1762813748.048:4321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5667 comm="syz.1.727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8400f6c9 code=0x7ffc0000 [ 77.071944][ T29] audit: type=1326 audit(1762813748.048:4322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5667 comm="syz.1.727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8400f6c9 code=0x7ffc0000 [ 77.095314][ T29] audit: type=1326 audit(1762813748.048:4323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5667 comm="syz.1.727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7c8400df10 code=0x7ffc0000 [ 77.118638][ T29] audit: type=1326 audit(1762813748.048:4324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5667 comm="syz.1.727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7c8400df10 code=0x7ffc0000 [ 77.142056][ T29] audit: type=1326 audit(1762813748.048:4325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5667 comm="syz.1.727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8400f6c9 code=0x7ffc0000 [ 77.165437][ T29] audit: type=1326 audit(1762813748.048:4326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5667 comm="syz.1.727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7f7c8400f6c9 code=0x7ffc0000 [ 77.188924][ T29] audit: type=1326 audit(1762813748.048:4327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5667 comm="syz.1.727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c8400f6c9 code=0x7ffc0000 [ 77.367985][ T5676] Cannot find del_set index 3 as target [ 77.400950][ T5687] loop1: detected capacity change from 0 to 512 [ 77.426827][ T5687] EXT4-fs (loop1): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.470508][ T5687] EXT4-fs error (device loop1): htree_dirblock_to_tree:1051: inode #2: comm syz.1.736: Directory hole found for htree leaf block 0 [ 77.475134][ T29] audit: type=1326 audit(1762813748.488:4328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5693 comm="syz.0.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d9373f6c9 code=0x7ffc0000 [ 77.507539][ T29] audit: type=1326 audit(1762813748.488:4329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5693 comm="syz.0.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9d9373df10 code=0x7ffc0000 [ 77.530902][ T29] audit: type=1326 audit(1762813748.488:4330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5693 comm="syz.0.738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9d9373df10 code=0x7ffc0000 [ 77.570603][ T5687] EXT4-fs error (device loop1): ext4_add_entry:2417: inode #2: comm syz.1.736: Directory hole found for htree leaf block 0 [ 77.597565][ T3313] EXT4-fs (loop1): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 77.692490][ T5711] loop1: detected capacity change from 0 to 1024 [ 77.699706][ T5711] EXT4-fs: Ignoring removed orlov option [ 77.708747][ T5711] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.729461][ T5716] netlink: 'syz.2.744': attribute type 6 has an invalid length. [ 77.737266][ T5716] __nla_validate_parse: 25 callbacks suppressed [ 77.737284][ T5716] netlink: 140 bytes leftover after parsing attributes in process `syz.2.744'. [ 77.762304][ T5711] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 77.765977][ T5716] netlink: 260 bytes leftover after parsing attributes in process `syz.2.744'. [ 77.779715][ T5716] netlink: 260 bytes leftover after parsing attributes in process `syz.2.744'. [ 77.793273][ T5721] loop0: detected capacity change from 0 to 128 [ 77.794780][ T5718] vlan2: entered allmulticast mode [ 77.817977][ T5721] buffer_io_error: 74 callbacks suppressed [ 77.817999][ T5721] Buffer I/O error on dev loop0, logical block 79, lost async page write [ 77.835234][ T5721] Buffer I/O error on dev loop0, logical block 80, lost async page write [ 77.844678][ T5721] Buffer I/O error on dev loop0, logical block 83, lost async page write [ 77.865261][ T5721] Buffer I/O error on dev loop0, logical block 84, lost async page write [ 77.885473][ T5721] Buffer I/O error on dev loop0, logical block 95, lost async page write [ 77.894340][ T5721] Buffer I/O error on dev loop0, logical block 96, lost async page write [ 77.894746][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.908031][ T5721] Buffer I/O error on dev loop0, logical block 99, lost async page write [ 77.920569][ T5726] loop2: detected capacity change from 0 to 128 [ 77.920702][ T5721] Buffer I/O error on dev loop0, logical block 100, lost async page write [ 77.937152][ T5721] Buffer I/O error on dev loop0, logical block 111, lost async page write [ 77.946523][ T5721] Buffer I/O error on dev loop0, logical block 112, lost async page write [ 77.962533][ T5730] loop1: detected capacity change from 0 to 128 [ 78.107314][ T5740] netlink: 'syz.0.751': attribute type 21 has an invalid length. [ 78.115241][ T5740] netlink: 156 bytes leftover after parsing attributes in process `syz.0.751'. [ 78.124203][ T5740] netlink: 4 bytes leftover after parsing attributes in process `syz.0.751'. [ 78.141933][ T5740] loop0: detected capacity change from 0 to 512 [ 78.153329][ T5740] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.751: inode has both inline data and extents flags [ 78.169870][ T5743] netlink: 'syz.1.752': attribute type 21 has an invalid length. [ 78.177923][ T5740] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.751: couldn't read orphan inode 15 (err -117) [ 78.178943][ T5743] netlink: 156 bytes leftover after parsing attributes in process `syz.1.752'. [ 78.194741][ T5740] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.198737][ T5743] netlink: 4 bytes leftover after parsing attributes in process `syz.1.752'. [ 78.400820][ T5769] FAULT_INJECTION: forcing a failure. [ 78.400820][ T5769] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 78.413992][ T5769] CPU: 0 UID: 0 PID: 5769 Comm: syz.1.760 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 78.414028][ T5769] Tainted: [W]=WARN [ 78.414044][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 78.414115][ T5769] Call Trace: [ 78.414123][ T5769] [ 78.414133][ T5769] __dump_stack+0x1d/0x30 [ 78.414159][ T5769] dump_stack_lvl+0xe8/0x140 [ 78.414234][ T5769] dump_stack+0x15/0x1b [ 78.414252][ T5769] should_fail_ex+0x265/0x280 [ 78.414273][ T5769] should_fail+0xb/0x20 [ 78.414340][ T5769] should_fail_usercopy+0x1a/0x20 [ 78.414363][ T5769] _copy_from_user+0x1c/0xb0 [ 78.414390][ T5769] sg_write+0x1ed/0x750 [ 78.414466][ T5769] vfs_writev+0x406/0x8b0 [ 78.414501][ T5769] ? __pfx_sg_write+0x10/0x10 [ 78.414538][ T5769] do_writev+0xe7/0x210 [ 78.414573][ T5769] __x64_sys_writev+0x45/0x50 [ 78.414664][ T5769] x64_sys_call+0x1e9a/0x3000 [ 78.414688][ T5769] do_syscall_64+0xd2/0x200 [ 78.414710][ T5769] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 78.414826][ T5769] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 78.414940][ T5769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.414962][ T5769] RIP: 0033:0x7f7c8400f6c9 [ 78.414982][ T5769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.415001][ T5769] RSP: 002b:00007f7c82a77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 78.415074][ T5769] RAX: ffffffffffffffda RBX: 00007f7c84265fa0 RCX: 00007f7c8400f6c9 [ 78.415091][ T5769] RDX: 0000000000000002 RSI: 0000200000000080 RDI: 0000000000000003 [ 78.415107][ T5769] RBP: 00007f7c82a77090 R08: 0000000000000000 R09: 0000000000000000 [ 78.415190][ T5769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 78.415204][ T5769] R13: 00007f7c84266038 R14: 00007f7c84265fa0 R15: 00007fff6951dc38 [ 78.415224][ T5769] [ 78.636889][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.756921][ T5780] loop0: detected capacity change from 0 to 512 [ 78.769025][ T5780] EXT4-fs: Ignoring removed nomblk_io_submit option [ 78.778936][ T5780] EXT4-fs: test_dummy_encryption option not supported [ 78.781502][ T5783] netlink: 40 bytes leftover after parsing attributes in process `syz.2.767'. [ 78.916885][ T5784] Cannot find add_set index 0 as target [ 78.964495][ T5797] FAULT_INJECTION: forcing a failure. [ 78.964495][ T5797] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 78.978107][ T5797] CPU: 1 UID: 0 PID: 5797 Comm: syz.0.772 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 78.978190][ T5797] Tainted: [W]=WARN [ 78.978199][ T5797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 78.978215][ T5797] Call Trace: [ 78.978224][ T5797] [ 78.978233][ T5797] __dump_stack+0x1d/0x30 [ 78.978262][ T5797] dump_stack_lvl+0xe8/0x140 [ 78.978290][ T5797] dump_stack+0x15/0x1b [ 78.978397][ T5797] should_fail_ex+0x265/0x280 [ 78.978422][ T5797] should_fail+0xb/0x20 [ 78.978442][ T5797] should_fail_usercopy+0x1a/0x20 [ 78.978465][ T5797] _copy_from_iter+0xd2/0xe80 [ 78.978518][ T5797] ? __build_skb_around+0x1ab/0x200 [ 78.978575][ T5797] ? __alloc_skb+0x223/0x320 [ 78.978656][ T5797] netlink_sendmsg+0x471/0x6b0 [ 78.978687][ T5797] ? __pfx_netlink_sendmsg+0x10/0x10 [ 78.978713][ T5797] __sock_sendmsg+0x145/0x180 [ 78.978758][ T5797] ____sys_sendmsg+0x31e/0x4e0 [ 78.978800][ T5797] ___sys_sendmsg+0x17b/0x1d0 [ 78.978832][ T5797] __x64_sys_sendmsg+0xd4/0x160 [ 78.978880][ T5797] x64_sys_call+0x191e/0x3000 [ 78.979010][ T5797] do_syscall_64+0xd2/0x200 [ 78.979035][ T5797] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 78.979073][ T5797] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 78.979112][ T5797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.979158][ T5797] RIP: 0033:0x7f9d9373f6c9 [ 78.979203][ T5797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.979226][ T5797] RSP: 002b:00007f9d9219f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 78.979247][ T5797] RAX: ffffffffffffffda RBX: 00007f9d93995fa0 RCX: 00007f9d9373f6c9 [ 78.979259][ T5797] RDX: 0000000000000004 RSI: 00002000000004c0 RDI: 0000000000000003 [ 78.979271][ T5797] RBP: 00007f9d9219f090 R08: 0000000000000000 R09: 0000000000000000 [ 78.979339][ T5797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 78.979355][ T5797] R13: 00007f9d93996038 R14: 00007f9d93995fa0 R15: 00007ffe061952f8 [ 78.979380][ T5797] [ 78.981832][ T5799] vlan2: entered allmulticast mode [ 79.089794][ T5790] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 79.184388][ T5808] FAULT_INJECTION: forcing a failure. [ 79.184388][ T5808] name failslab, interval 1, probability 0, space 0, times 0 [ 79.186180][ T5790] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 79.188233][ T5808] CPU: 0 UID: 0 PID: 5808 Comm: syz.0.776 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 79.188356][ T5808] Tainted: [W]=WARN [ 79.188366][ T5808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 79.188384][ T5808] Call Trace: [ 79.188394][ T5808] [ 79.188405][ T5808] __dump_stack+0x1d/0x30 [ 79.188498][ T5808] dump_stack_lvl+0xe8/0x140 [ 79.188529][ T5808] dump_stack+0x15/0x1b [ 79.188554][ T5808] should_fail_ex+0x265/0x280 [ 79.188584][ T5808] should_failslab+0x8c/0xb0 [ 79.188668][ T5808] __kmalloc_node_track_caller_noprof+0xa5/0x580 [ 79.188725][ T5808] ? sidtab_sid2str_get+0xa0/0x130 [ 79.188830][ T5808] kmemdup_noprof+0x2b/0x70 [ 79.188976][ T5808] sidtab_sid2str_get+0xa0/0x130 [ 79.189023][ T5808] security_sid_to_context_core+0x1eb/0x2e0 [ 79.189071][ T5808] security_sid_to_context+0x27/0x40 [ 79.189114][ T5808] selinux_lsmprop_to_secctx+0x67/0xf0 [ 79.189160][ T5808] security_lsmprop_to_secctx+0x1a3/0x1c0 [ 79.189195][ T5808] audit_log_subj_ctx+0xa4/0x3e0 [ 79.189275][ T5808] ? skb_put+0xa9/0xf0 [ 79.189382][ T5808] audit_log_task_context+0x48/0x70 [ 79.189415][ T5808] audit_log_task+0xf4/0x250 [ 79.189465][ T5808] ? kstrtouint+0x76/0xc0 [ 79.189539][ T5808] audit_seccomp+0x61/0x100 [ 79.189611][ T5808] ? __seccomp_filter+0x82d/0x1250 [ 79.189654][ T5808] __seccomp_filter+0x83e/0x1250 [ 79.189706][ T5808] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 79.189824][ T5808] ? vfs_write+0x7e8/0x960 [ 79.189869][ T5808] __secure_computing+0x82/0x150 [ 79.189915][ T5808] syscall_trace_enter+0xcf/0x1e0 [ 79.189958][ T5808] do_syscall_64+0xac/0x200 [ 79.190008][ T5808] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 79.190049][ T5808] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 79.190097][ T5808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.190129][ T5808] RIP: 0033:0x7f9d9373f6c9 [ 79.190152][ T5808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.190177][ T5808] RSP: 002b:00007f9d9219f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9 [ 79.190268][ T5808] RAX: ffffffffffffffda RBX: 00007f9d93995fa0 RCX: 00007f9d9373f6c9 [ 79.190286][ T5808] RDX: 0000200000002d40 RSI: 0000200000002d00 RDI: 0000200000002cc0 [ 79.190304][ T5808] RBP: 00007f9d9219f090 R08: 0000000000000000 R09: 0000000000000000 [ 79.190322][ T5808] R10: fffffffffffffffe R11: 0000000000000246 R12: 0000000000000001 [ 79.190339][ T5808] R13: 00007f9d93996038 R14: 00007f9d93995fa0 R15: 00007ffe061952f8 [ 79.190367][ T5808] [ 79.553088][ T5818] netlink: 40 bytes leftover after parsing attributes in process `syz.4.780'. [ 79.607310][ T5816] Cannot find add_set index 0 as target [ 79.734213][ T5833] loop4: detected capacity change from 0 to 128 [ 79.882131][ T5844] netlink: 96 bytes leftover after parsing attributes in process `syz.2.790'. [ 79.892505][ T5845] loop3: detected capacity change from 0 to 512 [ 79.913255][ T5849] wireguard0: entered promiscuous mode [ 79.918809][ T5849] wireguard0: entered allmulticast mode [ 79.981262][ T5847] Cannot find add_set index 0 as target [ 80.109429][ T5868] vlan2: entered allmulticast mode [ 80.119231][ T5870] loop0: detected capacity change from 0 to 128 [ 80.154482][ T5873] loop4: detected capacity change from 0 to 128 [ 80.400365][ T5886] Cannot find add_set index 0 as target [ 80.477495][ T5893] loop0: detected capacity change from 0 to 512 [ 80.484478][ T5893] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 80.495750][ T5893] EXT4-fs (loop0): 1 truncate cleaned up [ 80.502080][ T5893] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.514841][ T5884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 80.515541][ T5893] EXT4-fs error (device loop0): ext4_generic_delete_entry:2668: inode #2: block 13: comm syz.0.808: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 80.523670][ T5884] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 80.543672][ T5893] EXT4-fs (loop0): Remounting filesystem read-only [ 80.557821][ T5893] EXT4-fs warning (device loop0): ext4_rename_delete:3731: inode #2: comm syz.0.808: Deleting old file: nlink 4, error=-117 [ 80.595871][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.921980][ T5916] Cannot find add_set index 0 as target [ 80.965201][ T5927] netlink: 'syz.0.821': attribute type 21 has an invalid length. [ 80.980589][ T5927] loop0: detected capacity change from 0 to 512 [ 80.989804][ T5927] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.821: inode has both inline data and extents flags [ 81.003524][ T5927] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.821: couldn't read orphan inode 15 (err -117) [ 81.016358][ T5927] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.257760][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.300480][ T5955] net_ratelimit: 45 callbacks suppressed [ 81.300496][ T5955] netlink: zone id is out of range [ 81.311387][ T5955] netlink: zone id is out of range [ 81.317122][ T5955] netlink: zone id is out of range [ 81.322445][ T5955] netlink: zone id is out of range [ 81.327846][ T5955] netlink: zone id is out of range [ 81.333032][ T5955] netlink: zone id is out of range [ 81.339477][ T5955] netlink: zone id is out of range [ 81.344650][ T5955] netlink: zone id is out of range [ 81.350388][ T5955] netlink: zone id is out of range [ 81.355888][ T5955] netlink: zone id is out of range [ 81.397829][ T5960] vlan2: entered allmulticast mode [ 81.602494][ T5978] netlink: 'syz.1.839': attribute type 21 has an invalid length. [ 81.683516][ T5986] netlink: 'syz.1.843': attribute type 21 has an invalid length. [ 81.705497][ T5986] loop1: detected capacity change from 0 to 512 [ 81.716556][ T5986] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.843: inode has both inline data and extents flags [ 81.730031][ T5986] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.843: couldn't read orphan inode 15 (err -117) [ 81.743830][ T5986] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.855347][ T5991] Cannot find add_set index 0 as target [ 81.991194][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.038454][ T6017] vlan2: entered allmulticast mode [ 82.041334][ T29] kauditd_printk_skb: 890 callbacks suppressed [ 82.041353][ T29] audit: type=1326 audit(1762813753.058:5220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6018 comm="syz.4.856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 82.073673][ T29] audit: type=1326 audit(1762813753.088:5221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6018 comm="syz.4.856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 82.097013][ T29] audit: type=1326 audit(1762813753.088:5222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6018 comm="syz.4.856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 82.120448][ T29] audit: type=1326 audit(1762813753.088:5223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6018 comm="syz.4.856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 82.143895][ T29] audit: type=1326 audit(1762813753.088:5224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6018 comm="syz.4.856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 82.167401][ T29] audit: type=1326 audit(1762813753.088:5225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6018 comm="syz.4.856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 82.190811][ T29] audit: type=1326 audit(1762813753.088:5226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6018 comm="syz.4.856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 82.198374][ T6006] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 82.214155][ T29] audit: type=1326 audit(1762813753.088:5227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6018 comm="syz.4.856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 82.223018][ T6006] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 82.245887][ T29] audit: type=1326 audit(1762813753.088:5228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6018 comm="syz.4.856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 82.277085][ T29] audit: type=1326 audit(1762813753.088:5229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6018 comm="syz.4.856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 82.382541][ T6039] loop0: detected capacity change from 0 to 128 [ 82.392531][ T6041] netlink: 'syz.4.865': attribute type 21 has an invalid length. [ 82.408181][ T6041] loop4: detected capacity change from 0 to 512 [ 82.418159][ T6041] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.865: inode has both inline data and extents flags [ 82.431595][ T6041] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.865: couldn't read orphan inode 15 (err -117) [ 82.444373][ T6041] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.458271][ T6050] bio_check_eod: 353 callbacks suppressed [ 82.458288][ T6050] syz.0.864: attempt to access beyond end of device [ 82.458288][ T6050] loop0: rw=2049, sector=154, nr_sectors = 6 limit=128 [ 82.478204][ T6050] syz.0.864: attempt to access beyond end of device [ 82.478204][ T6050] loop0: rw=2049, sector=158, nr_sectors = 2 limit=128 [ 82.491836][ T6050] syz.0.864: attempt to access beyond end of device [ 82.491836][ T6050] loop0: rw=2049, sector=160, nr_sectors = 2 limit=128 [ 82.505806][ T6050] syz.0.864: attempt to access beyond end of device [ 82.505806][ T6050] loop0: rw=2049, sector=162, nr_sectors = 6 limit=128 [ 82.519975][ T6050] syz.0.864: attempt to access beyond end of device [ 82.519975][ T6050] loop0: rw=2049, sector=166, nr_sectors = 2 limit=128 [ 82.533511][ T6050] syz.0.864: attempt to access beyond end of device [ 82.533511][ T6050] loop0: rw=2049, sector=168, nr_sectors = 2 limit=128 [ 82.547321][ T6050] syz.0.864: attempt to access beyond end of device [ 82.547321][ T6050] loop0: rw=2049, sector=186, nr_sectors = 6 limit=128 [ 82.561055][ T6050] syz.0.864: attempt to access beyond end of device [ 82.561055][ T6050] loop0: rw=2049, sector=190, nr_sectors = 2 limit=128 [ 82.574488][ T6050] syz.0.864: attempt to access beyond end of device [ 82.574488][ T6050] loop0: rw=2049, sector=192, nr_sectors = 2 limit=128 [ 82.588237][ T6050] syz.0.864: attempt to access beyond end of device [ 82.588237][ T6050] loop0: rw=2049, sector=194, nr_sectors = 6 limit=128 [ 82.659008][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.809067][ T6066] vlan2: entered allmulticast mode [ 82.850856][ T6069] __nla_validate_parse: 17 callbacks suppressed [ 82.850879][ T6069] netlink: 12 bytes leftover after parsing attributes in process `syz.0.871'. [ 82.873328][ T6074] netlink: 83992 bytes leftover after parsing attributes in process `syz.2.872'. [ 83.011138][ T6085] loop2: detected capacity change from 0 to 8192 [ 83.082172][ T6100] netlink: 96 bytes leftover after parsing attributes in process `syz.4.882'. [ 83.122090][ T6102] vlan2: entered allmulticast mode [ 83.149607][ T6097] Cannot find del_set index 3 as target [ 83.191637][ T6105] netlink: 83992 bytes leftover after parsing attributes in process `syz.2.886'. [ 83.234030][ T6108] loop2: detected capacity change from 0 to 1024 [ 83.247032][ T6108] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.438224][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.654678][ T6118] netlink: 12 bytes leftover after parsing attributes in process `syz.3.889'. [ 83.766667][ T6126] loop3: detected capacity change from 0 to 8192 [ 83.854898][ T6134] loop1: detected capacity change from 0 to 128 [ 83.864360][ T6134] buffer_io_error: 186 callbacks suppressed [ 83.864374][ T6134] Buffer I/O error on dev loop1, logical block 79, lost async page write [ 83.879194][ T6134] Buffer I/O error on dev loop1, logical block 80, lost async page write [ 83.888330][ T6134] Buffer I/O error on dev loop1, logical block 83, lost async page write [ 83.896966][ T6134] Buffer I/O error on dev loop1, logical block 84, lost async page write [ 83.906265][ T6134] Buffer I/O error on dev loop1, logical block 95, lost async page write [ 83.915268][ T6134] Buffer I/O error on dev loop1, logical block 96, lost async page write [ 83.924849][ T6134] Buffer I/O error on dev loop1, logical block 99, lost async page write [ 83.933878][ T6134] Buffer I/O error on dev loop1, logical block 100, lost async page write [ 83.943352][ T6134] Buffer I/O error on dev loop1, logical block 111, lost async page write [ 83.953621][ T6134] Buffer I/O error on dev loop1, logical block 112, lost async page write [ 84.162252][ T6155] netlink: 60 bytes leftover after parsing attributes in process `syz.0.902'. [ 84.171237][ T6155] netlink: 12 bytes leftover after parsing attributes in process `syz.0.902'. [ 84.180183][ T6155] netlink: 60 bytes leftover after parsing attributes in process `syz.0.902'. [ 84.180288][ T6153] loop3: detected capacity change from 0 to 8192 [ 84.231421][ T6155] netlink: 60 bytes leftover after parsing attributes in process `syz.0.902'. [ 84.240450][ T6155] netlink: 12 bytes leftover after parsing attributes in process `syz.0.902'. [ 84.505057][ T6168] Cannot find del_set index 3 as target [ 84.658439][ T6174] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 84.667344][ T6174] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 84.778242][ T6179] loop2: detected capacity change from 0 to 8192 [ 84.979329][ T6187] vlan2: entered allmulticast mode [ 84.985384][ T6189] netlink: 'syz.0.918': attribute type 21 has an invalid length. [ 85.004979][ T6189] loop0: detected capacity change from 0 to 512 [ 85.013237][ T6189] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.918: inode has both inline data and extents flags [ 85.026650][ T6189] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.918: couldn't read orphan inode 15 (err -117) [ 85.039029][ T6189] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.145534][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.250485][ T6207] loop0: detected capacity change from 0 to 512 [ 85.283743][ T6211] loop1: detected capacity change from 0 to 512 [ 86.131549][ T6243] vlan2: entered allmulticast mode [ 86.405294][ T6252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 86.413970][ T6252] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 87.068897][ T29] kauditd_printk_skb: 474 callbacks suppressed [ 87.068913][ T29] audit: type=1326 audit(1762813758.088:5704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6292 comm="syz.3.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 87.102263][ T29] audit: type=1326 audit(1762813758.118:5705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6292 comm="syz.3.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 87.125660][ T29] audit: type=1326 audit(1762813758.118:5706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6292 comm="syz.3.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 87.135174][ T6295] loop0: detected capacity change from 0 to 8192 [ 87.149101][ T29] audit: type=1326 audit(1762813758.118:5707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6292 comm="syz.3.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 87.178817][ T29] audit: type=1326 audit(1762813758.118:5708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6292 comm="syz.3.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 87.202253][ T29] audit: type=1326 audit(1762813758.118:5709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6292 comm="syz.3.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 87.225577][ T29] audit: type=1326 audit(1762813758.118:5710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6292 comm="syz.3.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 87.248947][ T29] audit: type=1326 audit(1762813758.118:5711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6292 comm="syz.3.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 87.272381][ T29] audit: type=1326 audit(1762813758.118:5712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6292 comm="syz.3.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 87.295753][ T29] audit: type=1326 audit(1762813758.118:5713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6292 comm="syz.3.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 87.335078][ T6298] vlan2: entered allmulticast mode [ 87.421617][ T6310] netlink: 'syz.0.968': attribute type 21 has an invalid length. [ 87.436731][ T6310] loop0: detected capacity change from 0 to 512 [ 87.445723][ T6310] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.968: inode has both inline data and extents flags [ 87.459638][ T6310] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.968: couldn't read orphan inode 15 (err -117) [ 87.472459][ T6310] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.490308][ T6302] Cannot find del_set index 3 as target [ 87.623152][ T6326] loop4: detected capacity change from 0 to 8192 [ 87.694295][ T6330] loop2: detected capacity change from 0 to 128 [ 87.713424][ T6332] vlan2: entered allmulticast mode [ 87.762583][ T6342] bio_check_eod: 74 callbacks suppressed [ 87.762601][ T6342] syz.2.974: attempt to access beyond end of device [ 87.762601][ T6342] loop2: rw=2049, sector=154, nr_sectors = 6 limit=128 [ 87.784372][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.784513][ T6342] syz.2.974: attempt to access beyond end of device [ 87.784513][ T6342] loop2: rw=2049, sector=158, nr_sectors = 2 limit=128 [ 87.807162][ T6342] syz.2.974: attempt to access beyond end of device [ 87.807162][ T6342] loop2: rw=2049, sector=160, nr_sectors = 2 limit=128 [ 87.821623][ T6342] syz.2.974: attempt to access beyond end of device [ 87.821623][ T6342] loop2: rw=2049, sector=162, nr_sectors = 6 limit=128 [ 87.836075][ T6342] syz.2.974: attempt to access beyond end of device [ 87.836075][ T6342] loop2: rw=2049, sector=166, nr_sectors = 2 limit=128 [ 87.851853][ T6342] syz.2.974: attempt to access beyond end of device [ 87.851853][ T6342] loop2: rw=2049, sector=168, nr_sectors = 2 limit=128 [ 87.865838][ T6342] syz.2.974: attempt to access beyond end of device [ 87.865838][ T6342] loop2: rw=2049, sector=186, nr_sectors = 6 limit=128 [ 87.879794][ T6342] syz.2.974: attempt to access beyond end of device [ 87.879794][ T6342] loop2: rw=2049, sector=190, nr_sectors = 2 limit=128 [ 87.893293][ T6342] syz.2.974: attempt to access beyond end of device [ 87.893293][ T6342] loop2: rw=2049, sector=192, nr_sectors = 2 limit=128 [ 87.908024][ T6342] syz.2.974: attempt to access beyond end of device [ 87.908024][ T6342] loop2: rw=2049, sector=194, nr_sectors = 6 limit=128 [ 87.930361][ T6351] __nla_validate_parse: 14 callbacks suppressed [ 87.930381][ T6351] netlink: 32 bytes leftover after parsing attributes in process `syz.0.979'. [ 88.235531][ T6365] loop3: detected capacity change from 0 to 512 [ 88.402775][ T6369] Cannot find del_set index 3 as target [ 88.797499][ T6385] loop2: detected capacity change from 0 to 128 [ 88.832905][ T6383] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.841611][ T6383] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.287408][ T6412] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1003'. [ 89.429740][ T6422] loop4: detected capacity change from 0 to 512 [ 89.438632][ T6422] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1007'. [ 89.451767][ T6424] loop2: detected capacity change from 0 to 128 [ 89.530225][ T6435] buffer_io_error: 74 callbacks suppressed [ 89.530247][ T6435] Buffer I/O error on dev loop2, logical block 79, lost async page write [ 89.546138][ T6438] netlink: 'syz.3.1010': attribute type 21 has an invalid length. [ 89.554280][ T6438] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1010'. [ 89.563510][ T6438] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1010'. [ 89.563709][ T6435] Buffer I/O error on dev loop2, logical block 80, lost async page write [ 89.586614][ T6438] loop3: detected capacity change from 0 to 512 [ 89.588397][ T6435] Buffer I/O error on dev loop2, logical block 83, lost async page write [ 89.596107][ T6438] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.1010: inode has both inline data and extents flags [ 89.601595][ T6435] Buffer I/O error on dev loop2, logical block 84, lost async page write [ 89.614867][ T6438] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1010: couldn't read orphan inode 15 (err -117) [ 89.624076][ T6435] Buffer I/O error on dev loop2, logical block 95, lost async page write [ 89.643984][ T6435] Buffer I/O error on dev loop2, logical block 96, lost async page write [ 89.644592][ T6438] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.653561][ T6435] Buffer I/O error on dev loop2, logical block 99, lost async page write [ 89.673523][ T6435] Buffer I/O error on dev loop2, logical block 100, lost async page write [ 89.682956][ T6435] Buffer I/O error on dev loop2, logical block 111, lost async page write [ 89.691625][ T6435] Buffer I/O error on dev loop2, logical block 112, lost async page write [ 89.927488][ T6459] loop0: detected capacity change from 0 to 128 [ 89.968579][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.076185][ T6462] Cannot find del_set index 3 as target [ 90.107847][ T6468] lo speed is unknown, defaulting to 1000 [ 90.217830][ T6482] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1026'. [ 90.283021][ T6494] loop0: detected capacity change from 0 to 128 [ 90.456099][ T6512] serio: Serial port ptm0 [ 90.532474][ T6518] ip6erspan0: entered promiscuous mode [ 90.596566][ T6520] loop2: detected capacity change from 0 to 8192 [ 90.647551][ T6538] loop3: detected capacity change from 0 to 128 [ 90.767060][ T6542] loop0: detected capacity change from 0 to 8192 [ 90.819399][ T6532] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 90.820174][ T6555] vlan2: entered allmulticast mode [ 90.828144][ T6532] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 90.897814][ T6560] vlan2: entered allmulticast mode [ 91.119300][ T6574] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1064'. [ 91.151527][ T6576] netlink: 83992 bytes leftover after parsing attributes in process `syz.3.1065'. [ 91.160962][ T6576] net_ratelimit: 56 callbacks suppressed [ 91.160976][ T6576] netlink: zone id is out of range [ 91.172011][ T6576] netlink: zone id is out of range [ 91.177313][ T6576] netlink: zone id is out of range [ 91.182535][ T6576] netlink: zone id is out of range [ 91.187687][ T6576] netlink: zone id is out of range [ 91.192814][ T6576] netlink: zone id is out of range [ 91.198796][ T6576] netlink: zone id is out of range [ 91.204005][ T6576] netlink: zone id is out of range [ 91.209163][ T6576] netlink: zone id is out of range [ 91.214295][ T6576] netlink: zone id is out of range [ 91.275816][ T6579] loop3: detected capacity change from 0 to 8192 [ 91.368794][ T6587] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1070'. [ 91.378433][ T6587] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1070'. [ 91.459752][ T6588] lo speed is unknown, defaulting to 1000 [ 91.547028][ T6600] loop1: detected capacity change from 0 to 512 [ 91.559232][ T6601] loop4: detected capacity change from 0 to 512 [ 91.724026][ T6607] loop0: detected capacity change from 0 to 8192 [ 91.753845][ T6610] loop2: detected capacity change from 0 to 128 [ 91.986885][ T6614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 91.995521][ T6614] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.177020][ T6627] loop2: detected capacity change from 0 to 128 [ 92.359526][ T29] kauditd_printk_skb: 431 callbacks suppressed [ 92.359547][ T29] audit: type=1326 audit(1762813763.378:6145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6633 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 92.392202][ T29] audit: type=1326 audit(1762813763.378:6146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6633 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 92.393582][ T6634] vlan2: entered allmulticast mode [ 92.415929][ T29] audit: type=1326 audit(1762813763.378:6147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6633 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd71d5edf10 code=0x7ffc0000 [ 92.415998][ T29] audit: type=1326 audit(1762813763.378:6148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6633 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd71d5edf10 code=0x7ffc0000 [ 92.416065][ T29] audit: type=1326 audit(1762813763.378:6149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6633 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 92.416099][ T29] audit: type=1326 audit(1762813763.378:6150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6633 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 92.516017][ T29] audit: type=1326 audit(1762813763.378:6151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6633 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 92.539587][ T29] audit: type=1326 audit(1762813763.378:6152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6633 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 92.563056][ T29] audit: type=1326 audit(1762813763.378:6153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6633 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd71d5ef6c9 code=0x7ffc0000 [ 92.597530][ T6637] netlink: 'syz.4.1091': attribute type 21 has an invalid length. [ 92.607116][ T29] audit: type=1326 audit(1762813763.628:6154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6636 comm="syz.4.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 92.641580][ T6637] loop4: detected capacity change from 0 to 512 [ 92.660073][ T6637] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.1091: inode has both inline data and extents flags [ 92.673565][ T6637] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1091: couldn't read orphan inode 15 (err -117) [ 92.686135][ T6637] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.893682][ T6672] loop0: detected capacity change from 0 to 512 [ 92.921988][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.073204][ T6682] __nla_validate_parse: 9 callbacks suppressed [ 93.073274][ T6682] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1103'. [ 93.638959][ T6694] netlink: 'syz.3.1108': attribute type 21 has an invalid length. [ 93.647053][ T6694] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1108'. [ 93.656275][ T6694] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1108'. [ 93.670931][ T6694] loop3: detected capacity change from 0 to 512 [ 93.685835][ T6694] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.1108: inode has both inline data and extents flags [ 93.699345][ T6694] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1108: couldn't read orphan inode 15 (err -117) [ 93.712245][ T6694] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.759790][ T6701] loop0: detected capacity change from 0 to 128 [ 93.825735][ T6714] bio_check_eod: 326 callbacks suppressed [ 93.825755][ T6714] syz.0.1110: attempt to access beyond end of device [ 93.825755][ T6714] loop0: rw=2049, sector=154, nr_sectors = 6 limit=128 [ 93.846899][ T6714] syz.0.1110: attempt to access beyond end of device [ 93.846899][ T6714] loop0: rw=2049, sector=158, nr_sectors = 2 limit=128 [ 93.861050][ T6714] syz.0.1110: attempt to access beyond end of device [ 93.861050][ T6714] loop0: rw=2049, sector=160, nr_sectors = 2 limit=128 [ 93.874725][ T6714] syz.0.1110: attempt to access beyond end of device [ 93.874725][ T6714] loop0: rw=2049, sector=162, nr_sectors = 6 limit=128 [ 93.889560][ T6714] syz.0.1110: attempt to access beyond end of device [ 93.889560][ T6714] loop0: rw=2049, sector=166, nr_sectors = 2 limit=128 [ 93.903076][ T6714] syz.0.1110: attempt to access beyond end of device [ 93.903076][ T6714] loop0: rw=2049, sector=168, nr_sectors = 2 limit=128 [ 93.909853][ T6718] netlink: 83992 bytes leftover after parsing attributes in process `syz.4.1112'. [ 93.917593][ T6714] syz.0.1110: attempt to access beyond end of device [ 93.917593][ T6714] loop0: rw=2049, sector=186, nr_sectors = 6 limit=128 [ 93.941779][ T6714] syz.0.1110: attempt to access beyond end of device [ 93.941779][ T6714] loop0: rw=2049, sector=190, nr_sectors = 2 limit=128 [ 93.955443][ T6714] syz.0.1110: attempt to access beyond end of device [ 93.955443][ T6714] loop0: rw=2049, sector=192, nr_sectors = 2 limit=128 [ 93.972893][ T6714] syz.0.1110: attempt to access beyond end of device [ 93.972893][ T6714] loop0: rw=2049, sector=194, nr_sectors = 6 limit=128 [ 94.046450][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.070561][ T6723] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1114'. [ 94.079672][ T6723] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1114'. [ 94.105812][ T6724] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1113'. [ 94.145924][ T6729] loop0: detected capacity change from 0 to 128 [ 94.290979][ T6736] loop3: detected capacity change from 0 to 8192 [ 94.342367][ T6742] netlink: 83992 bytes leftover after parsing attributes in process `syz.0.1123'. [ 94.426707][ T6734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 94.445277][ T6734] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 94.480740][ T6750] loop3: detected capacity change from 0 to 8192 [ 94.638465][ T6762] loop0: detected capacity change from 0 to 128 [ 94.647418][ T6762] buffer_io_error: 214 callbacks suppressed [ 94.647432][ T6762] Buffer I/O error on dev loop0, logical block 79, lost async page write [ 94.662421][ T6762] Buffer I/O error on dev loop0, logical block 80, lost async page write [ 94.671510][ T6762] Buffer I/O error on dev loop0, logical block 83, lost async page write [ 94.680199][ T6762] Buffer I/O error on dev loop0, logical block 84, lost async page write [ 94.689442][ T6762] Buffer I/O error on dev loop0, logical block 95, lost async page write [ 94.698100][ T6762] Buffer I/O error on dev loop0, logical block 96, lost async page write [ 94.707066][ T6762] Buffer I/O error on dev loop0, logical block 99, lost async page write [ 94.715552][ T6762] Buffer I/O error on dev loop0, logical block 100, lost async page write [ 94.724579][ T6762] Buffer I/O error on dev loop0, logical block 111, lost async page write [ 94.733242][ T6762] Buffer I/O error on dev loop0, logical block 112, lost async page write [ 94.973603][ T6778] loop4: detected capacity change from 0 to 512 [ 94.991811][ T6778] netlink: 136 bytes leftover after parsing attributes in process `syz.4.1139'. [ 95.246585][ T6791] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1144'. [ 95.387753][ T6802] loop1: detected capacity change from 0 to 128 [ 95.389870][ T6799] vlan2: entered allmulticast mode [ 95.610058][ T6815] vlan2: entered allmulticast mode [ 96.069770][ T6846] loop4: detected capacity change from 0 to 128 [ 96.483215][ T6881] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 96.627853][ T6894] loop3: detected capacity change from 0 to 128 [ 96.762915][ T6909] loop0: detected capacity change from 0 to 512 [ 96.958118][ T6922] net_ratelimit: 67 callbacks suppressed [ 96.958135][ T6922] netlink: zone id is out of range [ 96.968987][ T6922] netlink: zone id is out of range [ 96.980715][ T6922] netlink: zone id is out of range [ 96.985918][ T6922] netlink: zone id is out of range [ 96.991206][ T6922] netlink: zone id is out of range [ 96.996534][ T6922] netlink: zone id is out of range [ 97.002913][ T6922] netlink: zone id is out of range [ 97.008086][ T6922] netlink: zone id is out of range [ 97.013365][ T6922] netlink: zone id is out of range [ 97.018639][ T6922] netlink: zone id is out of range [ 97.031799][ T6924] 9pnet_fd: Insufficient options for proto=fd [ 97.033736][ T6925] 9pnet_fd: Insufficient options for proto=fd [ 97.165835][ T6947] netlink: 'syz.3.1203': attribute type 21 has an invalid length. [ 97.182478][ T6947] loop3: detected capacity change from 0 to 512 [ 97.191547][ T6947] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.1203: inode has both inline data and extents flags [ 97.205635][ T6947] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1203: couldn't read orphan inode 15 (err -117) [ 97.218183][ T6947] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.240178][ T6952] loop4: detected capacity change from 0 to 128 [ 97.328790][ T6960] 9pnet_fd: Insufficient options for proto=fd [ 97.389000][ T29] kauditd_printk_skb: 1426 callbacks suppressed [ 97.389015][ T29] audit: type=1326 audit(1762813768.408:7581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6953 comm="syz.3.1203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 97.418872][ T6964] loop2: detected capacity change from 0 to 512 [ 97.428970][ T29] audit: type=1326 audit(1762813768.438:7582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6946 comm="syz.3.1203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 97.452625][ T29] audit: type=1326 audit(1762813768.438:7583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6946 comm="syz.3.1203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0717b3f6c9 code=0x7ffc0000 [ 97.531091][ T29] audit: type=1326 audit(1762813768.548:7584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 97.554666][ T29] audit: type=1326 audit(1762813768.548:7585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 97.578183][ T29] audit: type=1326 audit(1762813768.548:7586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 97.601626][ T29] audit: type=1326 audit(1762813768.548:7587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 97.612156][ T6977] SELinux: failed to load policy [ 97.625181][ T29] audit: type=1326 audit(1762813768.548:7588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 97.653581][ T29] audit: type=1326 audit(1762813768.548:7589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 97.677141][ T29] audit: type=1326 audit(1762813768.548:7590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f96a026f6c9 code=0x7ffc0000 [ 97.737585][ T6986] FAULT_INJECTION: forcing a failure. [ 97.737585][ T6986] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 97.751096][ T6986] CPU: 0 UID: 0 PID: 6986 Comm: syz.4.1217 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 97.751153][ T6986] Tainted: [W]=WARN [ 97.751162][ T6986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 97.751179][ T6986] Call Trace: [ 97.751186][ T6986] [ 97.751196][ T6986] __dump_stack+0x1d/0x30 [ 97.751278][ T6986] dump_stack_lvl+0xe8/0x140 [ 97.751305][ T6986] dump_stack+0x15/0x1b [ 97.751328][ T6986] should_fail_ex+0x265/0x280 [ 97.751354][ T6986] should_fail+0xb/0x20 [ 97.751376][ T6986] should_fail_usercopy+0x1a/0x20 [ 97.751464][ T6986] _copy_from_iter+0xd2/0xe80 [ 97.751558][ T6986] ? __build_skb_around+0x1ab/0x200 [ 97.751597][ T6986] ? __alloc_skb+0x223/0x320 [ 97.751695][ T6986] netlink_sendmsg+0x471/0x6b0 [ 97.751718][ T6986] ? __pfx_netlink_sendmsg+0x10/0x10 [ 97.751762][ T6986] __sock_sendmsg+0x145/0x180 [ 97.751872][ T6986] __sys_sendto+0x268/0x330 [ 97.751921][ T6986] __x64_sys_sendto+0x76/0x90 [ 97.751962][ T6986] x64_sys_call+0x2d14/0x3000 [ 97.751992][ T6986] do_syscall_64+0xd2/0x200 [ 97.752035][ T6986] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 97.752143][ T6986] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 97.752212][ T6986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.752232][ T6986] RIP: 0033:0x7f96a026f6c9 [ 97.752246][ T6986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.752269][ T6986] RSP: 002b:00007f969ecd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 97.752292][ T6986] RAX: ffffffffffffffda RBX: 00007f96a04c5fa0 RCX: 00007f96a026f6c9 [ 97.752309][ T6986] RDX: 0000000000000090 RSI: 00002000000000c0 RDI: 0000000000000003 [ 97.752392][ T6986] RBP: 00007f969ecd7090 R08: 0000000000000000 R09: 0000000000000000 [ 97.752407][ T6986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.752419][ T6986] R13: 00007f96a04c6038 R14: 00007f96a04c5fa0 R15: 00007fff3d5ad628 [ 97.752440][ T6986] [ 97.762309][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.980799][ T6995] loop3: detected capacity change from 0 to 128 [ 98.258072][ T7007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 98.267048][ T7007] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 98.270444][ T7022] bridge0: port 3(batadv1) entered blocking state [ 98.281520][ T7022] bridge0: port 3(batadv1) entered disabled state [ 98.288946][ T7024] __nla_validate_parse: 14 callbacks suppressed [ 98.288964][ T7024] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1230'. [ 98.303563][ T7022] batadv1: entered allmulticast mode [ 98.304356][ T7024] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1230'. [ 98.311000][ T7022] batadv1: entered promiscuous mode [ 98.326480][ T7025] loop3: detected capacity change from 0 to 128 [ 98.350641][ T7029] netlink: 83992 bytes leftover after parsing attributes in process `syz.2.1232'. [ 98.365307][ T7025] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 98.451708][ T7041] 9pnet_fd: Insufficient options for proto=fd [ 98.541834][ T7050] loop1: detected capacity change from 0 to 512 [ 98.551622][ T7050] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1239'. [ 98.740177][ T7058] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1244'. [ 98.776004][ T96] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 98.785410][ T96] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 98.914601][ T7078] vlan2: entered allmulticast mode [ 98.936064][ T7080] vlan2: entered allmulticast mode [ 99.236030][ T7093] 9pnet_fd: Insufficient options for proto=fd [ 99.367233][ T7095] Cannot find del_set index 3 as target [ 99.391839][ T7104] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1263'. [ 99.676117][ T7129] loop4: detected capacity change from 0 to 512 [ 99.684366][ T7129] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1272'. [ 99.751980][ T7135] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1276'. [ 99.789319][ T7137] 9pnet_fd: Insufficient options for proto=fd [ 99.862427][ T7147] loop1: detected capacity change from 0 to 1024 [ 99.869707][ T7147] EXT4-fs: Ignoring removed orlov option [ 99.878408][ T7147] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.013736][ T7155] xt_CT: You must specify a L4 protocol and not use inversions on it [ 100.082274][ T7155] EXT4-fs error (device loop1): ext4_iget_extra_inode:5075: inode #15: comm syz.1.1281: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 100.128116][ T7157] vlan2: entered allmulticast mode [ 100.285494][ T7147] ================================================================== [ 100.293707][ T7147] BUG: KCSAN: data-race in xas_find_marked / xas_set_mark [ 100.300858][ T7147] [ 100.303271][ T7147] write to 0xffff888119c5a0f4 of 4 bytes by task 7154 on cpu 1: [ 100.310923][ T7147] xas_set_mark+0x12b/0x140 [ 100.315458][ T7147] __folio_start_writeback+0x155/0x390 [ 100.320941][ T7147] ext4_bio_write_folio+0x5ad/0x9f0 [ 100.326190][ T7147] mpage_process_page_bufs+0x4a1/0x620 [ 100.331682][ T7147] mpage_prepare_extent_to_map+0x786/0xc00 [ 100.337522][ T7147] ext4_do_writepages+0xa05/0x2750 [ 100.342654][ T7147] ext4_writepages+0x176/0x300 [ 100.347457][ T7147] do_writepages+0x1c6/0x310 [ 100.352079][ T7147] file_write_and_wait_range+0x156/0x2c0 [ 100.357754][ T7147] generic_buffers_fsync_noflush+0x45/0x120 [ 100.363686][ T7147] ext4_sync_file+0x1ab/0x690 [ 100.368391][ T7147] vfs_fsync_range+0x10d/0x130 [ 100.373214][ T7147] ext4_buffered_write_iter+0x34f/0x3c0 [ 100.378919][ T7147] ext4_file_write_iter+0x387/0xf60 [ 100.384234][ T7147] iter_file_splice_write+0x666/0xa60 [ 100.389639][ T7147] direct_splice_actor+0x156/0x2a0 [ 100.394787][ T7147] splice_direct_to_actor+0x312/0x680 [ 100.400200][ T7147] do_splice_direct+0xda/0x150 [ 100.405040][ T7147] do_sendfile+0x380/0x650 [ 100.409506][ T7147] __x64_sys_sendfile64+0x105/0x150 [ 100.414755][ T7147] x64_sys_call+0x2bb4/0x3000 [ 100.419478][ T7147] do_syscall_64+0xd2/0x200 [ 100.424015][ T7147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.429936][ T7147] [ 100.432285][ T7147] read to 0xffff888119c5a0f4 of 4 bytes by task 7147 on cpu 0: [ 100.439857][ T7147] xas_find_marked+0x5dc/0x620 [ 100.444742][ T7147] find_get_entry+0x5d/0x380 [ 100.449376][ T7147] filemap_get_folios_tag+0x92/0x210 [ 100.454702][ T7147] mpage_prepare_extent_to_map+0x320/0xc00 [ 100.460553][ T7147] ext4_do_writepages+0xa05/0x2750 [ 100.465863][ T7147] ext4_writepages+0x176/0x300 [ 100.470673][ T7147] do_writepages+0x1c6/0x310 [ 100.475558][ T7147] file_write_and_wait_range+0x156/0x2c0 [ 100.481329][ T7147] generic_buffers_fsync_noflush+0x45/0x120 [ 100.487287][ T7147] ext4_sync_file+0x1ab/0x690 [ 100.492087][ T7147] vfs_fsync_range+0x10d/0x130 [ 100.496904][ T7147] ext4_buffered_write_iter+0x34f/0x3c0 [ 100.502487][ T7147] ext4_file_write_iter+0x387/0xf60 [ 100.507720][ T7147] iter_file_splice_write+0x666/0xa60 [ 100.513125][ T7147] direct_splice_actor+0x156/0x2a0 [ 100.518275][ T7147] splice_direct_to_actor+0x312/0x680 [ 100.523682][ T7147] do_splice_direct+0xda/0x150 [ 100.528471][ T7147] do_sendfile+0x380/0x650 [ 100.532936][ T7147] __x64_sys_sendfile64+0x105/0x150 [ 100.538175][ T7147] x64_sys_call+0x2bb4/0x3000 [ 100.542879][ T7147] do_syscall_64+0xd2/0x200 [ 100.547410][ T7147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.553331][ T7147] [ 100.555669][ T7147] value changed: 0x0a000021 -> 0x04000021 [ 100.561432][ T7147] [ 100.563819][ T7147] Reported by Kernel Concurrency Sanitizer on: [ 100.569982][ T7147] CPU: 0 UID: 0 PID: 7147 Comm: syz.1.1281 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 100.581376][ T7147] Tainted: [W]=WARN [ 100.585215][ T7147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 100.595550][ T7147] ================================================================== [ 100.706099][ T7147] syz.1.1281 (7147) used greatest stack depth: 9064 bytes left [ 100.724673][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.