last executing test programs: 33.278930183s ago: executing program 3 (id=1127): bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0xe66}, 0x8) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0xb, &(0x7f0000000140), 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f00000000c0)={0xfff9, 0x9, 0x4}, 0x8) sendto$inet6(r1, &(0x7f00000002c0)='W', 0x1, 0x4, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @private1, 0x8}, 0x1c) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x4) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)}) bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xa, 0xc, &(0x7f0000000900)=ANY=[], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000340), &(0x7f0000000300)}, 0x39) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r4}, 0x10) syslog(0x4, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x18) open(&(0x7f0000000000)='./bus\x00', 0x10000, 0x170) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) copy_file_range(0xffffffffffffffff, &(0x7f0000000400)=0x6, r4, &(0x7f0000000580)=0x1, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000a40)={[{@nolazytime}, {@lazytime}, {@jqfmt_vfsv0}, {@mb_optimize_scan}, {@lazytime}, {@noload}]}, 0x3, 0x45c, &(0x7f0000002400)="$eJzs3MtvG8UfAPDv+pG+m/yq/oA+gCBAlAJJk5bSAxcQSBxAQoJDOYYkrUrdBjVBIlUFBaFyRJU4cUEckfgLOMEFASckLhzgjipVqJcWTkYb76a2a+dVP0j9+UjrzuyuO/P1ztizM7EDGFij6UMSsTMifo+I4Vq28YTR2j+3blya/vvGpekkqtU3/kpK6eGbNy5N56fmz9uRZ0oRhU+SONCi3PnFi2enKpXZC1l+fOHcu+PzixefOXNu6vTs6dnzkydOHDs68dzxyWc7Emca1839H8wd3PfKW1dfmz559e2fvkny+Jvi6JDRlQ4+Xq12uLj+2lWXrrUMNoNirZtGean/D0cxbl+84Xj5475WDuiqarVava/94ctV4B6WRL9rAPRH/kGf3v/mW4+GHv8J11+o3QClcd/KttqRUhSyc8pN97edNBoRJy//82W6RXfmIQAAGnyXjn+ebjX+K0T9vNDubA1lJCL+FxF7IuJ4ROyNiP9HLJ17f0Q8sM7ymxdJ7hz/FK5tKLA1Ssd/z2drW43jv3z0FyPFLLdrKf5ycupMZfZI9pocivKWND+xQhnfv/TrZ+2O1Y//0i0tPx8LZvW4VtrS+JyZqYWpu4m53vWPIvaXWsWfLK8EJBGxLyL2b7CMM4e/Ptju2Orxr6AD60zVryKeqF3/y9EUfy5ZeX1yfGtUZo+M563iTj//cuX1duXfVfwdkF7/7S3b/3L8I0n9eu38ev73L55MH6/88Wnbe5qNtv+h5M2Gfe9PLSxcmIgYSl6tVbp+/2TTeZO3z0/jP/Ro6/6/J26/EgciIm3ED0bEQxHxcFb3R37bveqr8OOLj72z8fi7K41/Zu3XvzockTeExaHIEst7WieKZ3/4tqHQkdbx7257/Y8tpQ5le9by/reWeq23NQMAAMBmVYiInZEUxpbThcLYWO1v+PfG9kJlbn7hqVNz752fqX1HYCTKhXyma7huPnQiu63P85NN+aPZvPHnxW1L+bHpucpMv4OHAbejTf9P/Vnsd+2ArvN9LRhc+j8MLv0fBted/X9rX+oB9F6Lz/9t/agH0Hutxv8fruWJOztfF6C3mvq/ZT8YIOb/YHBtpP97z4B7Q2mln2we6mlVgN6Z3xarf0leYjMl8l+u6UYR5bS1HI6IxYtR6HukEl1M9PudCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDP+DQAA//+CSeFs") 31.995297962s ago: executing program 3 (id=1147): getitimer(0x0, &(0x7f0000000000)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fchdir(r2) open(&(0x7f0000000100)='.\x00', 0x591002, 0x50f) 31.941300373s ago: executing program 3 (id=1149): r0 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x5af82) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)="aefdda", 0x3}], 0x1) 31.816241055s ago: executing program 3 (id=1151): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040), 0x1, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{r0}, &(0x7f0000000c00), &(0x7f0000000ac0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$tmpfs(0x0, &(0x7f0000000400)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f00000013c0)=0xc) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="0000000000000000010000000100000000000000000000000100000002000000", @ANYRES32=r3, @ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="01000080"], 0x38, 0x40044}}], 0x1, 0x400c5) r6 = socket$netlink(0x10, 0x3, 0x6) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f00000000c0)=0xc) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000d00)=ANY=[@ANYBLOB="2800000018000100c0000000000000000200998e48cbe81592e130982f3c4d1df1000008000000040000000c00088008008392a7c64def784a712897c0f96a40ba0c00", @ANYRES32=r7, @ANYBLOB], 0x28}}, 0x0) mount$9p_virtio(&(0x7f0000000980), &(0x7f0000000a00)='./file0\x00', &(0x7f0000000a40), 0x209009, &(0x7f0000000b00)={'trans=virtio,', {[{@cache_none}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@access_user}, {@cache_none}, {@fscache}, {@cache_loose}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'ext4\x00'}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@uid_eq={'uid', 0x3d, 0xffffffffffffffff}}, {@euid_lt={'euid<', r7}}]}}) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80b, &(0x7f0000000d80)={[{@barrier_val}, {@resuid}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1}}, {@errors_remount}]}, 0x1, 0x79b, &(0x7f0000000180)="$eJzs3c1rXFUbAPDnTpImTfu+zQsv2LppVloonbQ1tgqCERciWCjo2jZMpiFmkimZSWlCFhYRBBG0uBB049qPunMruvZvcCMiLVXTYsWFjNz5SKb5mHw0k2mb3w9ucs6dc+ecZ+7cc8/MPcwNYM8aTP9kIo5ExIdJxKH6+iQieqqp7oiRWrl7iwu5dEmiUnn996Ra5u7iQi6atkkdqGcOR8T370Ycz6yutzQ3PzlaKORn6vmh8tTlodLc/ImJqdHx/Hh++syp4eHTZ589e2bnYv3zx/mDtz565emvR/5+54kbH/yQxEgcrD/WHMdOGYzB+mvSk76E93l5pyvrsKTTDWBb0kOzq3aUx5E4FF3VFADwOEvP/xUAYI9JnP8BYI9pfA9wd3Eh11g6+43E7rr9UkT01eJvXN+sPdJdv2bXV70O2n83ie76FdHYwetdgxHx2bdvfpku0abrkABreftaRFwcGFzd/yer5ixs1clNlBlckdf/we75Lh3/PLfW+C+zNP6JpfHPst41jt3tGIzY15xfffxnbq654Ys7UHl9/PdCbW5bGmjT+G9p0tpAVz33nzRzNCImCvm0b/tvRByLnt5LE4X8qRZ1HLvzz531Hmse//1x/a0v0vrT/8slMje7e+/fZmy0PPogMTe7fS3iye7luX33VvX/fdWx7sr9n6473+qJjy4nX33+vU/XK5bGn8bbWFbH316VzyOeirXjb0hazk8cSnf/ydrftev45udP+terv3n/p0taf+OzwG5I939/6/gHkub5mqWdrX/j+Nd+/+9L3qimG53H1dFyeeZUxL7ktdXrTy9v28g3yqfx1yJdGX+m5fs//SR4cZMxdt/67avtx7+kLVMs0/jHtrT/t564cW+ya/vxp/t/uJo6Vl+zmf5vsw18kNcOAAAAAAAAAAAAAAAAAAAAAAAAADYrExEHI8lkl9KZTDZbu4f3/6M/UyiWyscvFWenx6J6r+yB6Mk0furyUC2fNH7/dKApf3pF/pmI+F9EfNy7v5rP5oqFsU4HDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1B9a5/3/q195Otw4AaJu+DUvcyd+XrVQqlTa2BwBov43P/wDA46bF+X//brYDANg9Pv8DwN7j/A8Ae4/zPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG12/ty5dKn8tbiQS/NjV+ZmJ4tXTozlS5PZqdlcNlecuZwdLxbHC/lsrji10fMVisXLwzE9e3WonC+Vh0pz8xemirPT5QsTU6Pj+Qv5nl2JCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2pjQ3PzlaKORnHovE+xHxEDSjHYkkHopmdCTxy4mfDrcqc32Dt/HIQxHFI5bodM8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Gj4NwAA//8PbSWm") pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r8) sendmsg$NLBL_CIPSOV4_C_ADD(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="a4020000", @ANYRES16=r9, @ANYBLOB="01000000000000000000010020001c000480050003000100000005000300800000000500030005000000040108805400078008000600b4000000080006003600000008000600bf000000080006008500000008000500419d6a4d08000600d1000000080006007d00000008000600b80000000800060032000000080006003200000014000780080006003400000008000500e200207c0c00078008000600760000004c00078008000500a45eec2d08000500b97bcf02080006007c0000000800050096f6a0670800050054c6e21f0800060085000000080006004200000008000500c3272e1a0800050015dc893c3400078008000500d3d2b03a08000600920000000800060094000000080006003f000000080005009105476008000600e90000000c00078008000600f100000008000100030000003c00048005000300070000000500030002000000050003000700000005000300000000000500030006000000050003000000000005000300070000000800020003"], 0x2a4}, 0x1, 0x0, 0x0, 0x10}, 0x2004c842) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$IEEE802154_LIST_PHY(r8, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r10, 0x200, 0x70bd27, 0x25dfdbfd, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000006}, 0x4044) lseek(r2, 0x5, 0x4) syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./bus\x00', 0x0, &(0x7f0000002480)=ANY=[], 0x1, 0x11f4, &(0x7f0000001280)="$eJzs3M+LG2UYB/DHbWvr1v2h1moL0he96GXo7sGLgiyyBWlAaRuhFYSpO9GQMQmZsBARV09e/TvEozdBvOllL/4N3vbisQdxxMTapsRDqXTa8Plc8pD3/cLzkjDwDvPO0ZvffNrrVFknH8fKE2/FyjAi3UqRYiVu+zJee+PnX166ev3G5Z1Wa/dKSpd2rm29nlJav/DjB59/9/JP49Pvf7/+w8k43Pzw6Pft3w7PHp47+vPaJ90qdavUH4xTnm4OBuP8ZlmkvW7Vy1J6ryzyqkjdflWM5sY75WA4nKS8v7e2OhwVVZXy/iT1ikkaD9J4NEn5x3m3n7IsS2urwYNof3urruuIuj4RT0Zd1/VTsRqn4+lYi/XYiM14Jp6N5+JMPB9n44V4Mc5NZzXdNwAAAAAAAAAAAAAAAAAAACyXBzr/f6Hh5gEAAAAAAAAAAAAAAAAAAGBJXL1+4/JOq7V7JaVTEeXX++399uxzNr7TiW6UUcTF2Ig/Ynr6f2ZWX3qntXsxTW3GV+XBP/mD/fax+fzW9HUCC/Nbs3yaz5+M1bvz27ERZxbntxfmT8Wrr9yVz2Ijfv0oBlHGXvydvZP/Yiult99t3ZM/P50HAAAAyyBL/1q4f8+y/xqf5e/j/sA9++vjcf54s2snopp81svLshg1XtzuaPbNQUQ8Io0tcXHi0Wjj/y2Ozf2Rmu/nMS2auybx8Nz50ZvuBAAAAAAAAAAAgPvxMB4nbHqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MUOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//86R81g") r11 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(r11, &(0x7f0000000180)='./bus\x00', 0x0) 30.392581317s ago: executing program 3 (id=1161): r0 = syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8042, &(0x7f0000000380)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}, {@nobarrier}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7fffffff}}]}, 0x1, 0x4f8, &(0x7f0000001900)="$eJzs3E1oXNUeAPD/nXz26zXvvb6+176+Z2oVg8WkTavNQpCKggsFsYK6DElaatNGmhRsqTIFqUspuBeXbl24VTdFXAlu61KQQpFu2griyJ25dzIzmUmaSTJjmt8Pbuace2fuOeeee+6ce07mBrBlDad/kkr4VkTsjohC4xuGKy/3716denD36lQUS6VTvyblj91L45lsN7Eji4wUIgofJYsbasxfvnJucnZ25mIWH1s4/97Y/OUrz5wdzNZMTCS9bRaqSXppue7t/3DuwL5X3rnx2lR1z3lqteVYL8Mx3CwrZU+ud2Jdtqsm3Ha90XHp+Z9WV1+5/e+Onliu8oodzBmw0UqlUmmg9eZiqdG1JWuATSsGu50DoDvyL/r0/jdfmnUE+jem+9F1d05WboDSct/PlojHyivzcZC+hvvb9TQcEW8Xf/ssXWKDxiEAAGp9czLvCTb0/4YqMyO/X7r5Qvr6t2wOZSgi/h4R/4iIf0bEnoj4V0TsjYh/R8R/GvbfExGlZdIfbohX069OQhVur1NRm0r7f89nc1vpsjj3VQ0N9WSxXRF5h3nmSHZMRqJv4PTZ2Zmjy6Tx7Us/ftJqW23/L13SPOR9wSwft3sbBuimJxcm2yvtUneuRezvXSx/pf+b9EYk1ZmAJCL2RcT+Vex3qCZ89ukvDlQjffXvW7n8ZaWm82jrMM9U+jziqUr9F6Na/qibREzq5ifPT56ZOTNzYXxi4vixoyeeG392bDBmZ46MpWfBkaZpfP/D9ddbpb9i+b/6ufEjL5/4+lTWstYurf/tNed/5PO3i+UfSiKS6nzt/OrTuP7Txy3vado9//uTN8vh/L70/cmFhYtHI/qTV5euH1/8bB5PX6NYKf/Iocbzv5xu+RqXH4n/RkR6Ev8vIv4flTvENO8HI+LxiDi0TPm/e/GJd9sv/8ZKyz8d9eWv1Hxd/S/O17cKJNncYN2m/kgDPecO3nrQ4uLxcPV/vBwaydY0v/4ldZeIVjnNv+3SNX+s+egBAADA5lCIiJ01Y0k7o1AYHa2MAe2J7YXZufmFw6fnLl2YTrdFDEVfIR/pqowH9yX5+OdQTXy8IX4sGzf+tGdbOT46NTc73dWSAzvKbT4pjEa81VPT/lO/rM8QM/BX5vdasHUt1/7TTvzeGx3MDNBRD//9f/ODDc0I0HE17b/VL/yLbfzfF7AJPPT3f9LyeTbAI2PlB/0YM4TNr6Qtw5a2qvZ/2EMA4VHSG29Uw4Wu5gToNP1/2JJW/F3/mgKlgeabBmPpm2Nw+R32RHvZ2NYkra4E0p5VV1Lf1s6n8omelu+Jwup2OBD1a/rbrNPTazwaxYvzZ/Yunvz5s0XWeJxL2f/Kr3cNftmRdtos0PFLEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIb4MwAA///GJdfC") r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="184504006800000000000000", @ANYRES16=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10) r2 = socket$xdp(0x2c, 0x3, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@mangle={'mangle\x00', 0x64, 0x6, 0x548, 0x0, 0x0, 0x2a8, 0x2a8, 0x1b8, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x5, 0x703}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00'}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4=@private}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x7, 0x6, @ipv4=@local, 0x4e23}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5a8) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000280)=""/5, 0x0, 0x0, 0x10004, 0x3}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000040)=0x40f3, 0x4) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10) getsockopt$XDP_STATISTICS(r2, 0x11b, 0x7, &(0x7f0000000240), &(0x7f0000000340)=0x30) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x101000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue0\x00', 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f0000000400)={0x0, 0x0, {0x1, 0x1, 0x0, 0x0, 0xa}}) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) bind$inet6(r7, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xffffffff}, 0x1c) r8 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r8, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x1}]}, 0x10) bind$inet6(r8, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @empty, 0x80ad}, 0x1c) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0) alarm(0x81) 30.006322032s ago: executing program 3 (id=1165): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x68, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x58, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x34, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x27}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xb9}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0x8}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xc0}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 29.940999233s ago: executing program 32 (id=1165): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x68, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x58, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x34, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x27}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xb9}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0x8}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xc0}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 5.517006056s ago: executing program 2 (id=1410): r0 = syz_open_dev$loop(&(0x7f0000000000), 0x7, 0x80940) signalfd(0xffffffffffffffff, &(0x7f0000000080)={[0xff]}, 0x8) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r3, {0x10, 0x4}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) r5 = syz_open_dev$loop(&(0x7f00000000c0), 0x2, 0x4442) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000004c0)) r6 = socket$inet6(0xa, 0x2, 0x3a) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000240)='bridge_slave_1\x00', 0x10) sendmmsg$inet6(r6, &(0x7f0000000440)=[{{&(0x7f0000000380)={0xa, 0x0, 0x0, @mcast1}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000480)="a0002882781ecc0e", 0x8}], 0x1}}], 0x1, 0x0) pipe(&(0x7f0000000040)) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000200)={r5, 0x9, {0x0, 0x0, 0x0, 0x8000000000000000, 0xfff, 0x0, 0x9, 0x19, 0x14, "112e92cfea3f846dfa081a4381e06b79ebeae62c89c5117b0fdc870c8ae629caf30543c13eed4cede48079690f4707e6d8ea8844968e6e670aaca0373938e1e2", "b74b77e02c54570a3c318d9e492e0f23991a27eaeb62d8d1fdf81eb6fa710f0e21c905c1123d6797b940f1a8324bcc554af8cac3c41c857f20bcf8621fe8ba7f", "d190a4a24ab3307ec2fad4e90414546f1c74c698738b934bde8aee16dafcabfb", [0x7, 0x100]}}) 5.099423562s ago: executing program 2 (id=1417): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$BTRFS_IOC_RM_DEV(r0, 0x5000940b, &(0x7f0000000e80)={{r0}, "023f08f52a910202cda96b7a047e045b4129fe9e7756c2ec9650090ddf03f71a47767a964293ef307a13aa52abf57cab081251af280a394a146e5a187ee92499ff71cf9acc9b4f6768df7ac7ec4d7ed8e08cbacd2945ff69f2a0dab8d6744678a9a5d824edc6f3d5a14e469deb84cb13d9d5d674dfdf584177a0cb55314cf103bf591c1f379b65c4b258345edae36040b353eec117802c2c1d860d4be219554ef69b227f5272bacacab3623f858ab6f945875f47ae17434b50a90f49c1e1220a6bcff68df9bcb4e0d0656de0ab248bf2a5fc94c4fee6f06520be4a5e1a3a2f7b9bde3cdd5563bc73de6f2a5adfbc10a0e56b86ccefba78d7bb16f5b12dfdbfa009a280ca2c40fde249a97bb107148c68bf242d6e80ec0f3e99fa392070342d1bf85a27c74fc24b848cede9d832a06a3db436da133d2f2b7e19891f7a5a410be2c898cd6c119fb1c00e63af75a015f2b90e06031f2ececc6bd657fc11288c5ccde7d109e380b9cf6486ad5e0ca783b85229308df3dd5e5de2d52a3831fa1ebf08805e64e6e7b5825b5347dbc9a4aab8aed183d1ead5f555003f6d463a73fa8ef16fe219d1c5bf5f4aa56fd8c1fecf83aa3466a609a494fa05377f555a9f5947ad9205e80e684653ec256eafb61cc4d33c6174982b30c6e23bb4308177a4101e43a0cc72da6ba0e62635453c293115b82ddad63013164fb4a3ddb50a0a0e1405f62d1d393e34d8778e85ff9d1110cdbce3f3a2647f2506bd142ae9d9d48b8a4a2d16972de6a5ac283bc4a9d347b21684a271df1863f51a18423780cb43a4acd97757c0433472438dadb68333aa28ea9a0254e88ea6c27185fa2a04afded74215f4f917fb2db031d1991541d101902ce79ef7e56f813942a566b58fbb3e109f9e00c8a4c6d087cd8ed8f6807de42677c9c71ad10e8df1210096c9ad5f59b3c844b720a11e9e85255cbedfb9353388f2d36f7d29af4317c52951ea7f28af3645472c4f0d8a94cf98699b547d1c41df6a6c20836879c7edc187ca8df1c3e1030dc793957e93d0c7958b9493e88f5b5b0550d2968f8e895b97cc03ac43901e438663aec8fd568385d1197f563ff59094c50d4b7d8c65e7557723c73895495ff332d728b2ea305d3cdae78e7998c984f9177df02aaa5c2ccc951149f90e07ee81e2911f80aebc6ec7b18df6b261daabffb44cbee2dd8d32eeea1b49c4ac3460a8e78aa4a4d4b2bae7c054cea3a6b5b6f364abd41926857b1ac06f6b944e614235bd47dff91eadbf4385c632539e68eede7adc5237a3b70400b24ba76115fbd725315a9160e73d1f2ca2e10efa7823006fa58252bd23c04d6d52913215dbcb5dbfe4c0ba41870d2ffce72aafff488cd033ef98715ddd0168f22d7a3fc58caf175f9e72ec7fe74f617c6f1cdb1269ba688bbbbc9816676869c51c96ca02da230256eaf6bfb4af615349bae1727385058feec63098156f06fb187fd651feac9a94e9db729f50669acd2da8644935e74c6523c66f399d4b1660231f169bbffb0f6e95175a1dbc9d85c7ccb3bc478e36383903390f6cf6b1c1d3bd7b546bacbc6be9bf04aa79dc1c1cc10b6679a04862be452e65cb7e460854d8c1a5d47eb87c7b40403d92c16c470c2b2742fc331468961459b95fb9bf1181a3da5cc7fdb21ee20c9ab7f233137ad72a488d5f022b95bf24c1c034ae7aee8e0091b19c0c12aa57fb43849a7b69b951717e3eeca673e7dd5b89a783b7a0b0084672a24ddf3ebb869c6fd1ef611524ae8836800570c04271d58f29668dbe8e7540827c06e58872c26d31d073dd393406ee8e21da7584380dabf5295a74e963f37819720ccbf29c343cd536f380a69f03d693821b2bce1bee79ff55fcf508ca2d888eb573f23af9c84f73ea5905b7311bddf6aeb3aa844e576b73e5e9f1ac4b26e05e99b7688a1f547bc067e8d8694c3447a4d7faabaaa24d00aecd502806410371392e2db13691c1b178058e7d69776691b3a8334e1682017458bd2dbc6bc874d9c1388bf6411b5617f6ebd9e0687c8048546853795f8dc9e1c0e776d511a1acc61463d723ae60f5680c4c64d9832ca975c0e58040b2c7604a5fee59b4a1ef346b32eda980f4d5291218d1867cd64e704bcb39d4a07ea7aa65174b242704cd28ae3a81286786bc1a9707e9bbc674fcada2e3648b015eac723213b3223101fa8273411f54f0514f95cd90b5e49bfbf693ef5f43210c147e6c682b6da7505da708f5030ec2e0b77d334e1772427bdd572baaf8ab90855bf562540b3083706c209ae1fa8c79b684a851ad566aa59ea10d9e6f9b400b2aee90ae4341f1fffd4770474dc77b28f958443636db206da08ea00e311a9d78639982f7e478e73f2bc97fd88ab0c944f24926f0968cb2dbea59f190408d7d801a2c7a555a510657cf912a4f3ec4a9d3ff36cb7689e66b6152f12d62b82c8e041f856ca523cdd7cbabe2d8056a1a946439bd2d08a187f2afc5fbae1a5cae2e21bde88bea83cc788b468d58f14aa7933686bf60b3451d097f38a1dcf7713c9a8453fc45e0dc573b9735b502fc3f5480709dabb5a8b5b6ad2e8cea536c00b12dc5c8d72eaa1f74136d854c033d0591ad2260c89b1bdb391bcebd740b303e76097f82232853c2777dff010a5397ae27ff9019f71e6293247e0dbda5730e2803d502feee925346d7b0de8f029486b7e1a80bfec723cc83793471a59d4b46dbcfe2a6f71446bd368cd816756abc299de68e90b35d62d16acfd1edf75ce55dce386473c841a091647c76a4883580d2eeda44e50a3981f515c139dfc11cc671f415bf557da183cb245636936793f49f9be65a3f3ab1471e1d295b5434234869b8134ee37abbbea1615fb4ae1b8e6f88dc953a2463d93fa2e16ea558f3c20ea145b2fa0c96148942742c93de91d94ea30cd413be32b3f2aeec29bc151b625e78bd24d4c023650cff08a31061d07b1fbe9eee5baeba9e0141c3f1fb8f44d3bd4f083e654da107730032275e42d38a9db96ac09e70053e3ebf5aab324473fdb8f57a12b200eec66950764647af0fb727e64f4857c5534d845fe4fcbb4cd9859584e6fb03b5207c338bf8f12085ce4da6414ae991c35d744894d5a8ce54f4cc966621487713eca8bfb6dc9b53425a17f7c6575bb21bf771924ee7ce21144595d4f06d2fe56fd39ae7c43706c13727316313396f3db9adc2d8baa745c4d72207a226ba395fbed9bca82c960569871eb3fbd21a8157412ca0ac552e143a9f080d1eb01559155450dd2e99f3e7c575ea1d124c66ee85fa43628a1229df8ee6cfbf3b06d09ad933439f59157bc3f568f7f367c99352880e7d506eae87fa53d65d7e967b6dcc0f19974588840e3b7c411d9cc407f79b75ec0d02bbb81e3ba796e3b0820ff60545f16c4b1f1b17954368f976faf749fa834faca46e1f072374d399622328987d0d209c82f8a3d3f76a4198ddc39b16931d637dbb980ec413c0def9da7de5b7536914e786c80a0c53a8cf5e4764448d20d9900a0b0b52db5ba910e7cd2620ca2d5db00989c4d82598acb016da1c8bd1153be336f6676b3d6b7766d572783fe31b1535cdf47f0f467f5c3942de31400c48c9121c3b8e13fb68f260e40311ca0b7ff52082cd3210d1a4b8c2d488df0d8a5a3e208dd1d3445a2dc68691b08f07622543039cc72daf696073f579c45fd7ed2ad913e48abd773fd718298c405d1fdde13503c93cf2cf0d3ca86f64cd077310a7f073f2d6e769f2b49470042c3e09baf1a80c0096452fe5b11a387032538ee409c378a55ef90b44d4ab5fca58efb71c1ebaa6b5b9a376c31884454fb921c116f42bc8be9ec4bc95ce87ae14552ccbda7ce1bf6bf1bcca36235693689794e8a655c36e53254622b63f971ccd163dde573f21c757745c8199230ab8c70fb3756822f2b1fe8de9a9d5e1e48636ac5e0286d5ca5b6069815f5c5ef046b47bb3c22974de73aa168955b815d35105d9445289845cb6bbdbf26bae4faa4c78dbc96825be9aed91141b1adef3b8fe58a8784d3c70ca12ba75960a4a1b65edb8f5c4c876a0def1c57581d5f42d3795fd1cea1a104ce9b3d08db6537ca95f36dd881278a1342362a4769120e348dbb17c837e1dcc25fc4150216fdb51b7297e8e1778a4f83feceb6e8ba96e0e7397eaf8ac382328bd3c0717fe7475cf393da2523121820aa42c38f723672b7116eee2c4e6348e8e260dc30d4622d2f81210a44bd85d23675068efc126aada06ddba3a43eaa68aedeb4630ba72405eb8f9a79192c70e86d9da8fce6bc59364a50ef6a41beb374cf376428f33f731bca03f227d63f9487496a4394817f87846721d3cea2031616a169289c5fa722095a860e53298691dd273621566c1c72ecec6585f921a9efb9496826ea37756ed41b28ba4ced874344a627754000922e0d375c2823a603034a7e48cd5ace54584c85451667a742e5df763da5f05ee5fa0b2bb6f0a4339ee521ef79655a52fd68663c49c0baf395c9008770b468a132365ca08183eba2f1e1edaca3c4388b39c3a13ce826911ae5783254e02d12092d475b44ce763c9e2b051fe6440a7f674e9f374671a8652afcb5945367e990099f5b014868c8314d089e21715105d698506568f8c21152a6c97788b93b163eb8fb37e8533635972e9827f2aa5948144870f3c567c2a53465d3cad4d401f3e002df8b3c78a28ed36d290c522f07864a539d3c3ae6ac9b0a581b51a07c0da01dceb4194d7d5407cb249d6487411952a6cda1e49c8f1d11027a1cd1463b688346d3160ffc2239612da7b3677bb202dd2b56a8b813d31660836b613f35d1cc2ff7fc36e9a3cdd28a26c53b980e67bbf911ae1e1ca4f0166bc821e035778dc9183e7ba4bf065577d9a6457b2a9cc79411d00ffa92db0e56d06f6b0f4e6957aa92e08fe34712f400618662e9972947238b5a1ad4928f15eac1e4051f529f23387a24b6c060ad7bd42cb03d52de8256b33bfea2209d102ccb00b112c492edb5702fcccf42f756503230b0ed7a5baa048d0b87bea03284ebf7006aba30b0489ced2cc7868ee3aad6d6a0c172d92cb3b744ee24c4750cbabd99bcc390f30b42c73596726cce3aeca8c2403f48f283f07f3070abb4f2c9f4dd17cd20f79575d214fa06396326e82eed6e7762c12d81a07d9f8186864631ca002461476d4c3ab0e605976eaaee3d2f45a6e502967177e0af0a688faf1e404439cc25b3bd6708bf448902653e210af91a761f9d6211997edfb4b35fb3da78ca3f1fb4c72d88cfd0c43cd422723e07ca37268a86627e49cca215056134e82fcc680a7808c948b90d56fd13da4004efbe46168ef582fa4132089882dd222f36acf73c8f2055f66366030b1bdd30e87d3d91b0b6a3b2f4a24f9189a8baf682f4243e76c35b9655aca09a319f04a505fb875362339e85cf40a69c976c841625b63a1c8f3bdbce287d702ba0d4e7b42f86452385caf9dc2f247ca3cd0c3ed2d22733aeba24f708b08b3d3b957f39a6fcdb2d2b12aeebc91f88102b6d0e5eba66ec4fe18292ed469c0265a2618f94560172aa7c8f07de60799e69b86c4feb0be71923cbd0b13d2de821f3ee4f182743b86bbd9841975a4111fe59c8a72fc01712bd8a063b8889aa4367d4e762fb9675b3d6ab03903d6c7a850471d3a1682acb2a41eae097b9e5e7a1b42b88d21cf1982e8bfdaef2214d34615710b9400ec1f85cb9efd4b1eeb0d5c861cf0b20d70e71d1359c14c0d2c49b70932afa24eb2bd7c3c38b94721011b2f16e09fa346a389e3"}) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r2 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0xffffeffe, 0x400, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r4}, 0x10) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001000)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x17) bind$inet6(0xffffffffffffffff, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x8, 0x2c, 0x0, @remote, @local, {[], {{0x1100, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 4.754068318s ago: executing program 2 (id=1421): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0e00000004000000040000000c"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x4868800c1b5db081, 0x4382, 0x4, 0x2, 0x100, r0, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x50) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000180)={@multicast1, @rand_addr, 0x0}, &(0x7f00000002c0)=0xc) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x1, 0x0, r2, 0x8, '\x00', r3, r4, 0x4, 0x4, 0x5}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r1}, 0x10) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000600), 0x200002, 0x0) sendmsg$AUDIT_USER(r5, &(0x7f0000000940)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000900)={&(0x7f0000000800)={0x100, 0x3ed, 0x2, 0x70bd27, 0x25dfdbfe, "dd3429f7597848328bea7a68456adc9958121be201555664aff4e44dc7c853ca26f4a3d4376ee11e5ef11c0737b0b18b9e3648377d2be27968e41b1c20f720080121938c5180c032f0b1573c71bcb5c1fb431f17c69d227931230787cd1ce1ffb43799ee004cac984de344bf60cb018b613c5bc84dd380f3ba6ccc1a3565f623e126cdc45fe25041454ea90e82e5923548b345ee9aa5056bb8c46f4b260c9937903e0886d6307af4e5eca70cb9d804e8b8be3735e3ff998db3e8b46da70fffb9f99578657998fe5d30b9c366c8202409e68ffd0a27afcc7f8789ca18be8726e8dcd4b281ee297ec2803ba11e98", ["", "", ""]}, 0x100}, 0x1, 0x0, 0x0, 0xc400}, 0x4) io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f0000000680)=[{&(0x7f00000003c0)=""/114, 0x72}, {&(0x7f0000000440)=""/138, 0x8a}, {&(0x7f0000000540)=""/39, 0x27}, {&(0x7f0000000580)=""/131, 0x83}, {&(0x7f0000000640)}], 0x5) 4.693756139s ago: executing program 2 (id=1422): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0600000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000d5648c1d82a145dd6415ad67039417a73d8512f05ddb80fb359dac5afc9a43f182c63ca1ee2410f5eea28095ba11cca5d7c7e353e4065669139c82624a3ddf037d814dc859ca5c25e5634beca63fb3e70a55b1077dad76610e983f07b838140253dd262e02bdf34549661325f46583855df014a2bd752c90f081a82aef5520f5ce2446eddad7fef6d484ec68d22f8e123d878cc6fa7ec0e4b55d5f6cbbce2d5f7a5a9e89ca60cfb2b2a9f64f226b7bd9113fc2e61521a24433e7900214552a7a7d5120f2dba9509cef", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000) perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x102, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}, 0x4110, 0x0, 0x0, 0x5, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000140)=ANY=[], 0xfe44, 0x2) syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2, 0x0, 0xffffffffffffffff}, 0x18) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002080)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{0x0, 0x0, 0x4}, {}, {0x0, 0xffffffff, 0x1}, {0x0, 0x0, 0x3800}, {}, {}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x20000}, {}, {}, {0x0, 0x0, 0x1}, {0x1}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x7}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0xffffffff}, {0x0, 0x2}, {}, {}, {}, {0xfffffffc}, {}, {0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x0, 0x1}, {0x7}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {0x0, 0x800000, 0x0, 0x0, 0x0, 0x2000000}, {}, {0x0, 0x0, 0x1ff}, {}, {0x0, 0x0, 0x2}, {0x4, 0x4000000}, {}, {0x0, 0x80000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x0, 0x0, 0x0, 0x767c4148}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfff}, {0x0, 0x3, 0x0, 0x80000}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x2, 0xfffffffd}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x100000}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfffffffc}, {0xfffffffd}, {}, {0x0, 0x0, 0x4}, {0x0, 0x0, 0x1, 0x0, 0x747}, {0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x2, 0x4}, {0xfeb, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0xfffffffe}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, {}, {0x0, 0x0, 0xfffffff8}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x6}, {}, {}, {0x0, 0x3, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x4}, {}, {0x0, 0x5}], [{0x2}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {0x0, 0x1}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {0x3}, {0x9f6acee820ff84a1}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {0x5, 0x9463d21cb8c2d83b}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0) r3 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18117700229ac44badb611f2e59afff613fa11018fa31c1ea0dec82ea350bae402918fe2e6945241f9a49a4a80", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000400)='sched_switch\x00', r4}, 0x18) unshare(0x6a040000) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82) syz_open_dev$sg(&(0x7f0000000280), 0x80000000002, 0x1) r5 = syz_open_dev$tty20(0xc, 0x4, 0x0) write$binfmt_misc(r5, &(0x7f0000000240), 0xfffffecc) ioctl$TIOCSSOFTCAR(r5, 0x541a, &(0x7f0000000000)=0x81d) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000006820010000000000e873ed25ef532ffc6e2093978ecc007976a152e9d28fda00000006000700800c0000000000000000", @ANYRES32=0x0, @ANYBLOB], 0x38}}, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000300)={'pim6reg1\x00', &(0x7f00000001c0)=@ethtool_sset_info={0x37, 0x6, 0x9, [0x30d2, 0x0, 0x8001, 0x7]}}) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) 3.680721734s ago: executing program 4 (id=1430): r0 = socket(0x10, 0x3, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000340)={0x10000000}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRES8=r0, @ANYBLOB="f56c70275afd932acc122b1b1c81d273a69a", @ANYRES32=r0], 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x10, 0x5, &(0x7f0000000840)=ANY=[@ANYBLOB="180000000600000000000000000000007910000000000000631b6372c920b932610000000000000079a50a876dfac75efd5e49c0d63b6012a8d1c58c4a02938932b57e81886bcec95f7ff6691bfb5704571e1321e67b764f1c44f6bb008b354af2e758a02910b6f0bac7761cb429d093d9c3dffcbbe7e5a09c2b66a4941221ebe36c63250283ec4779ce08b7024f4ed698cb62c487664c85b360890c66bc2ff8055480cac6e735a713c4fb883e40183f79074ea112e1b1e1f6e369d440f3e3e3a0fcd9ce7a68aa9a6c5df5b05cd330d24d72811693723d013adbc5570031554001c85463424fff8ae828266495263bebf557def6bc6c4caef8309be5fba36e28eab16a7d9812e4577f2125d8706409019320658f239440c1eeabe18db4ca45891b"], &(0x7f0000000100)='GPL\x00', 0x2, 0xc4, &(0x7f00000002c0)=""/196}, 0x80) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) memfd_secret(0x80000) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f000019d000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000020000000f502f70000004944090000000000009833574fc8b23c01f95dea4b38c9a2eeb0445ef71207848a19545fb010d86141b5577a52c4ddd40dbcadafec78b192716ac76e45c277629521a8a06087"], 0x50) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d) unshare(0x40000000) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10) syz_io_uring_setup(0x3b52, &(0x7f0000000140)={0x0, 0x5883, 0x1000, 0x5, 0x1c2}, &(0x7f0000000040)=0x0, &(0x7f0000000680)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x6, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1}) 3.368923209s ago: executing program 4 (id=1436): io_uring_setup(0x4a85, &(0x7f00000004c0)={0x0, 0x4176, 0x1, 0x8001003, 0x3d7}) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='veth1_to_bond\x00', 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x8000000}, 0x18) r2 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200)) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/bus/input/handlers\x00', 0x0, 0x0) preadv2(r3, &(0x7f00000004c0)=[{&(0x7f00000000c0)=""/139, 0x8b}], 0x1, 0x867, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x1c, 0x45, &(0x7f0000000000)="adc3313930ddcacf798cb06800df6187bd21a969b81bcdbd9ef2d796", &(0x7f0000000340)=""/69, 0xc3ea, 0x0, 0xb2, 0x9f, &(0x7f0000000400)="aa741a4a7c861e61c29de6e867f4451a9cd862c99179f9f8a036bb2e32f4e4f44d5d4b61b08abfc6b527c3775bbd521a2d38786c057da37f089169ef95144fca63d1772cb294943d1807837addda373263389b4af194295d7272f71ee908c81c9ebfc9b12ced890d4f5dafd9cd28f576c5d5af9a254c5fc757de291699de4b0b808e2a6cf40d262512134dd416019c1aa6f76629493c1ad1723cc20155b44006f355e3e9b85aa9c5d4f96017be76d1d04aab", &(0x7f0000000540)="f9d85a99c8a067c3502fb588e1f011084264f1a9af7747de19eb5d017b6eb0b2266f4dfb11fc632f580d14dc534a258871bfe265aa78fed8af1ce522f6a2e4ff0c183c76f6a6d02798f6bcc10a41c759053a673a2da119209152acdfb676bf4df427e68f4e8856795a1211fd9670de6caf37c14e9bace730b6556b94fc64a0b7f89da633789d86582da043fc76ebdd8673a506e7fcddf68f6663b675b1272e", 0x1, 0x0, 0x3ff}, 0x50) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2000002, 0x42032, 0xffffffffffffffff, 0x80000000) 3.146861802s ago: executing program 4 (id=1440): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000008000000000000000000004850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x4}, 0x18) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000) r9 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0) r10 = fsmount(r9, 0x0, 0x0) fchdir(r10) setresuid(0xee00, 0xee01, 0xee01) r11 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) utimensat(r11, 0x0, &(0x7f0000000580)={{0x0, 0x3ffffffe}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) 3.126920963s ago: executing program 5 (id=1443): r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r2, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000084000100b7000000000000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6) syz_open_dev$tty1(0xc, 0x4, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a301000000088000000090a010400000000000000000700000308000a3d000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e4e6c696d69740000000c000280080001400000e41f0800034000000120140000001000010000000000000000000084000a"], 0xd0}}, 0x20050800) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f00000004c0)={[{@mblk_io_submit}, {@dioread_nolock}, {@bh}, {@errors_continue}, {@nouid32}, {@quota}, {@init_itable}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==") r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r8}, 0x10) r9 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r9, 0xc0105512, &(0x7f0000000200)) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) write$binfmt_script(r10, &(0x7f0000000040), 0x208e24b) 3.028123814s ago: executing program 1 (id=1444): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r1, @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000084000100b7000000000000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) ioctl$AUTOFS_IOC_FAIL(0xffffffffffffffff, 0x4c80, 0xffffffffffffffb6) syz_open_dev$tty1(0xc, 0x4, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a301000000088000000090a010400000000000000000700000308000a3d000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e4e6c696d69740000000c000280080001400000e41f0800034000000120140000001000010000000000000000000084000a"], 0xd0}}, 0x20050800) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f00000004c0)={[{@mblk_io_submit}, {@dioread_nolock}, {@bh}, {@errors_continue}, {@nouid32}, {@quota}, {@init_itable}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==") r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) r8 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, &(0x7f0000000200)) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000040), 0x208e24b) 1.620444145s ago: executing program 4 (id=1445): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x40008, 0x590, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x4c58, 0x0, 0x0, 0x0, 0x8, 0xffffffff, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x13, r0, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x67a, 0x1, 0xfffffffe, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r3 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r3, 0x6, 0x23, &(0x7f0000000040)=""/36, &(0x7f0000000200)=0x24) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x37}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[], 0x15) r5 = dup(r4) write$P9_RLERRORu(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r6}, &(0x7f0000000000), &(0x7f00000005c0)=r7}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r5, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[]) creat(&(0x7f0000000300)='./file0\x00', 0x20) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x1, 0x0, 0x0, 0x1, 0x7, 0x80000}, {0x8, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5, 0x0, 0x0, 0x0, 0x784}, {}, {0x0, 0x10}, {0x0, 0x4, 0x0, 0x8000000}, {}, {0x2, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8000000}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x20}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffc, 0xfffffffd}, {}, {}, {0x0, 0x7, 0x0, 0x0, 0xffffffff}, {0x2, 0x0, 0x4, 0x2, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xffffffff, 0x9}, {0x0, 0x0, 0x3, 0x0, 0xfffff800}, {}, {}, {0xffffffff}, {}, {}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {}, {0x80}, {0x80}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0x8510}, {0xffff}, {}, {0x0, 0x0, 0x0, 0x401}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0xfffefffd}, {0x0, 0x0, 0x0, 0x1}, {}, {0x5}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, {0x0, 0x0, 0x200}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {0x5}, {}, {}, {}, {0x0, 0x101, 0x8000000, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x9}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xf0a7}, {}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x56}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0xfffffffd}, {0x6}, {0x7f, 0x0, 0x0, 0x0, 0x0, 0x1000}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {0x2, 0x0, 0x20000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x46923d3d}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x7, 0x1}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0xda4}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3, 0x0, 0x0, 0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x800000, 0x7fffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0xffffffff, 0x0, 0x8}, {}, {}, {}, {0xfffffffe, 0x0, 0x4, 0x0, 0x8000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x8000}, {0x0, 0x0, 0x10000}, {0x0, 0x80000000, 0x0, 0x7fff800}, {}, {}, {0x4, 0x0, 0x0, 0x3, 0x0, 0x4}], [{}, {}, {}, {}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x4}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x1}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x3}, {0x2, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x2}, {}, {}, {0x4}, {0x3}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0) 1.131260472s ago: executing program 4 (id=1446): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x110, 0x4) sendmmsg$inet(r2, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002b00)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000002c00000018000180140002006e657464657673696d30"], 0x2c}}, 0x0) 959.172615ms ago: executing program 0 (id=1447): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000080)={[{@nobh}, {@usrjquota}]}, 0x1, 0x77e, &(0x7f0000000a80)="$eJzs3d9rW1UcAPDvTX/tl7aCoPOpIGhhLLWzbgo+VHwQwcFAn91CmpXZtBlNOtZS0CGCL4KKb/qyZ3/MN1/98ar/hQ/imNoNJz5I5abJmq1Jl25pMs3nA7c9596bnPO9P849yT3cBNC3xtM/mYjDEfFhEjFam59ExFA1NRgxs7nezfW1fDolsbHx+u9JdZ0b62v5aHhN6mAt83hEfP9exJHM9nLLK6vzuWKxsFTLT1YWzk+WV1aPnlvIzRXmCovHp6anj5147sTxzsX650+rh65+9MrTX838/e5jVz74IYmZOFRb1hhHp4zHeG2bDKWb8DYvd7qwHkt6XQHuSXpqDmye5XE4RmOgmgIA/s/ejogNAKDPJK7/ANBn6t8D3Fhfy9en3n4j0V3XXoqIfZvx1+9vbi4ZrN2z21e9D3rgRnLbnZEkIsY6UP54RHz2zZtfpFPs0X1IgGbeuRQRZ8bGt7f/ybYxC7v1zA7Lhmv/x++Yr/2D7vk27f8836z/l7nV/4km/Z+RJufuvai+x/BWftv5v78Dhewg7f+92DC27WZD/DVjA7XcQ9U+31By9lyxkLZtD0fERAyNpPmpHcqYuP7P9VbLGvt/f3z81udp+en/rTUyvw6O3P6a2Vwldz8xN7p2KeKJwWbxJ7f2f9Ki/3uqzTJefeH9T1stS+NP461P2+OP2uikvbFxOeKppvt/a0RbsuP4xMnq4TBZPyia+Prn1vVv3P/plJZf/yzQDen+P7Bz/GNJ43jN8u7L+PHy6Hetlt09/ubH/3DyRjVdbzou5iqVpamI4eS17fOPbb22nq+vn8Y/8WTz83+n4z/9THimzfgHr/725b3Hv7fS+Gd3tf93n7hyc36gVfnt7f/pamqiNqed9q/dCt7PtgMAAAAAAAAAAAAAAAAAAAAAAACAdmUi4lAkmeytdCaTzW7+hvejcSBTLJUrR86Wlhdno/pb2WMxlKk/6nK04XmoU7Xn4dfzx+7IPxsRj0TEJyP7k/pzFGd7HDsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1B1s8fv/qV9Gel07AGDP7Ot1BQCArnP9B4D+4/oPAP3H9R8A+o/rPwD0H9d/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9tipkyfTaeOv9bV8mp+9sLI8X7pwdLZQns8uLOez+dLS+excqTRXLGTzpYW7vV+xVDo/HYvLFycrhXJlsryyenqhtLxYOX1uITdXOF0Y6kpUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA75ZXV+VyxWFiS2EqkG6atlTd6XtUOJGY68D4DtcPpAQin+4nkwahGhxPNWovhrrZNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8F/wYAAP//hNkgcA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x40) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) 955.928125ms ago: executing program 5 (id=1448): r0 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x4a, {0x2, 0x0, @dev}}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) connect$802154_dgram(0xffffffffffffffff, &(0x7f0000000000)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0002}}}, 0x14) r2 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(r2, 0x84, 0x80, &(0x7f0000000000)=""/4102, &(0x7f00000010c0)=0x1006) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x0, @local}, 0x4a, {0x2, 0x0, @multicast2}, 'syz_tun\x00'}) 907.649006ms ago: executing program 4 (id=1449): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0xfffffff0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x4e22, @remote}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x10000002}, 0x18) mount$9p_rdma(&(0x7f0000001d00), &(0x7f0000001d40)='./file0\x00', &(0x7f0000001d80), 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB='tea=0x0000000000004e24,\x00']) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x41200100, 0x0, 0x0, 0x0, 0x0, 0x0) 823.351537ms ago: executing program 1 (id=1450): r0 = syz_io_uring_setup(0x27b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x3, 0x313}, &(0x7f0000000240)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2}, 0x0, 0x40000103}) io_uring_enter(r0, 0x46f3, 0x0, 0x0, 0x0, 0x0) 718.591659ms ago: executing program 2 (id=1451): mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) ioctl$SG_IO(r2, 0x2285, 0x0) writev(r2, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd24", 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2) 705.732059ms ago: executing program 0 (id=1452): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$BTRFS_IOC_RM_DEV(r0, 0x5000940b, &(0x7f0000000e80)={{r0}, "023f08f52a910202cda96b7a047e045b4129fe9e7756c2ec9650090ddf03f71a47767a964293ef307a13aa52abf57cab081251af280a394a146e5a187ee92499ff71cf9acc9b4f6768df7ac7ec4d7ed8e08cbacd2945ff69f2a0dab8d6744678a9a5d824edc6f3d5a14e469deb84cb13d9d5d674dfdf584177a0cb55314cf103bf591c1f379b65c4b258345edae36040b353eec117802c2c1d860d4be219554ef69b227f5272bacacab3623f858ab6f945875f47ae17434b50a90f49c1e1220a6bcff68df9bcb4e0d0656de0ab248bf2a5fc94c4fee6f06520be4a5e1a3a2f7b9bde3cdd5563bc73de6f2a5adfbc10a0e56b86ccefba78d7bb16f5b12dfdbfa009a280ca2c40fde249a97bb107148c68bf242d6e80ec0f3e99fa392070342d1bf85a27c74fc24b848cede9d832a06a3db436da133d2f2b7e19891f7a5a410be2c898cd6c119fb1c00e63af75a015f2b90e06031f2ececc6bd657fc11288c5ccde7d109e380b9cf6486ad5e0ca783b85229308df3dd5e5de2d52a3831fa1ebf08805e64e6e7b5825b5347dbc9a4aab8aed183d1ead5f555003f6d463a73fa8ef16fe219d1c5bf5f4aa56fd8c1fecf83aa3466a609a494fa05377f555a9f5947ad9205e80e684653ec256eafb61cc4d33c6174982b30c6e23bb4308177a4101e43a0cc72da6ba0e62635453c293115b82ddad63013164fb4a3ddb50a0a0e1405f62d1d393e34d8778e85ff9d1110cdbce3f3a2647f2506bd142ae9d9d48b8a4a2d16972de6a5ac283bc4a9d347b21684a271df1863f51a18423780cb43a4acd97757c0433472438dadb68333aa28ea9a0254e88ea6c27185fa2a04afded74215f4f917fb2db031d1991541d101902ce79ef7e56f813942a566b58fbb3e109f9e00c8a4c6d087cd8ed8f6807de42677c9c71ad10e8df1210096c9ad5f59b3c844b720a11e9e85255cbedfb9353388f2d36f7d29af4317c52951ea7f28af3645472c4f0d8a94cf98699b547d1c41df6a6c20836879c7edc187ca8df1c3e1030dc793957e93d0c7958b9493e88f5b5b0550d2968f8e895b97cc03ac43901e438663aec8fd568385d1197f563ff59094c50d4b7d8c65e7557723c73895495ff332d728b2ea305d3cdae78e7998c984f9177df02aaa5c2ccc951149f90e07ee81e2911f80aebc6ec7b18df6b261daabffb44cbee2dd8d32eeea1b49c4ac3460a8e78aa4a4d4b2bae7c054cea3a6b5b6f364abd41926857b1ac06f6b944e614235bd47dff91eadbf4385c632539e68eede7adc5237a3b70400b24ba76115fbd725315a9160e73d1f2ca2e10efa7823006fa58252bd23c04d6d52913215dbcb5dbfe4c0ba41870d2ffce72aafff488cd033ef98715ddd0168f22d7a3fc58caf175f9e72ec7fe74f617c6f1cdb1269ba688bbbbc9816676869c51c96ca02da230256eaf6bfb4af615349bae1727385058feec63098156f06fb187fd651feac9a94e9db729f50669acd2da8644935e74c6523c66f399d4b1660231f169bbffb0f6e95175a1dbc9d85c7ccb3bc478e36383903390f6cf6b1c1d3bd7b546bacbc6be9bf04aa79dc1c1cc10b6679a04862be452e65cb7e460854d8c1a5d47eb87c7b40403d92c16c470c2b2742fc331468961459b95fb9bf1181a3da5cc7fdb21ee20c9ab7f233137ad72a488d5f022b95bf24c1c034ae7aee8e0091b19c0c12aa57fb43849a7b69b951717e3eeca673e7dd5b89a783b7a0b0084672a24ddf3ebb869c6fd1ef611524ae8836800570c04271d58f29668dbe8e7540827c06e58872c26d31d073dd393406ee8e21da7584380dabf5295a74e963f37819720ccbf29c343cd536f380a69f03d693821b2bce1bee79ff55fcf508ca2d888eb573f23af9c84f73ea5905b7311bddf6aeb3aa844e576b73e5e9f1ac4b26e05e99b7688a1f547bc067e8d8694c3447a4d7faabaaa24d00aecd502806410371392e2db13691c1b178058e7d69776691b3a8334e1682017458bd2dbc6bc874d9c1388bf6411b5617f6ebd9e0687c8048546853795f8dc9e1c0e776d511a1acc61463d723ae60f5680c4c64d9832ca975c0e58040b2c7604a5fee59b4a1ef346b32eda980f4d5291218d1867cd64e704bcb39d4a07ea7aa65174b242704cd28ae3a81286786bc1a9707e9bbc674fcada2e3648b015eac723213b3223101fa8273411f54f0514f95cd90b5e49bfbf693ef5f43210c147e6c682b6da7505da708f5030ec2e0b77d334e1772427bdd572baaf8ab90855bf562540b3083706c209ae1fa8c79b684a851ad566aa59ea10d9e6f9b400b2aee90ae4341f1fffd4770474dc77b28f958443636db206da08ea00e311a9d78639982f7e478e73f2bc97fd88ab0c944f24926f0968cb2dbea59f190408d7d801a2c7a555a510657cf912a4f3ec4a9d3ff36cb7689e66b6152f12d62b82c8e041f856ca523cdd7cbabe2d8056a1a946439bd2d08a187f2afc5fbae1a5cae2e21bde88bea83cc788b468d58f14aa7933686bf60b3451d097f38a1dcf7713c9a8453fc45e0dc573b9735b502fc3f5480709dabb5a8b5b6ad2e8cea536c00b12dc5c8d72eaa1f74136d854c033d0591ad2260c89b1bdb391bcebd740b303e76097f82232853c2777dff010a5397ae27ff9019f71e6293247e0dbda5730e2803d502feee925346d7b0de8f029486b7e1a80bfec723cc83793471a59d4b46dbcfe2a6f71446bd368cd816756abc299de68e90b35d62d16acfd1edf75ce55dce386473c841a091647c76a4883580d2eeda44e50a3981f515c139dfc11cc671f415bf557da183cb245636936793f49f9be65a3f3ab1471e1d295b5434234869b8134ee37abbbea1615fb4ae1b8e6f88dc953a2463d93fa2e16ea558f3c20ea145b2fa0c96148942742c93de91d94ea30cd413be32b3f2aeec29bc151b625e78bd24d4c023650cff08a31061d07b1fbe9eee5baeba9e0141c3f1fb8f44d3bd4f083e654da107730032275e42d38a9db96ac09e70053e3ebf5aab324473fdb8f57a12b200eec66950764647af0fb727e64f4857c5534d845fe4fcbb4cd9859584e6fb03b5207c338bf8f12085ce4da6414ae991c35d744894d5a8ce54f4cc966621487713eca8bfb6dc9b53425a17f7c6575bb21bf771924ee7ce21144595d4f06d2fe56fd39ae7c43706c13727316313396f3db9adc2d8baa745c4d72207a226ba395fbed9bca82c960569871eb3fbd21a8157412ca0ac552e143a9f080d1eb01559155450dd2e99f3e7c575ea1d124c66ee85fa43628a1229df8ee6cfbf3b06d09ad933439f59157bc3f568f7f367c99352880e7d506eae87fa53d65d7e967b6dcc0f19974588840e3b7c411d9cc407f79b75ec0d02bbb81e3ba796e3b0820ff60545f16c4b1f1b17954368f976faf749fa834faca46e1f072374d399622328987d0d209c82f8a3d3f76a4198ddc39b16931d637dbb980ec413c0def9da7de5b7536914e786c80a0c53a8cf5e4764448d20d9900a0b0b52db5ba910e7cd2620ca2d5db00989c4d82598acb016da1c8bd1153be336f6676b3d6b7766d572783fe31b1535cdf47f0f467f5c3942de31400c48c9121c3b8e13fb68f260e40311ca0b7ff52082cd3210d1a4b8c2d488df0d8a5a3e208dd1d3445a2dc68691b08f07622543039cc72daf696073f579c45fd7ed2ad913e48abd773fd718298c405d1fdde13503c93cf2cf0d3ca86f64cd077310a7f073f2d6e769f2b49470042c3e09baf1a80c0096452fe5b11a387032538ee409c378a55ef90b44d4ab5fca58efb71c1ebaa6b5b9a376c31884454fb921c116f42bc8be9ec4bc95ce87ae14552ccbda7ce1bf6bf1bcca36235693689794e8a655c36e53254622b63f971ccd163dde573f21c757745c8199230ab8c70fb3756822f2b1fe8de9a9d5e1e48636ac5e0286d5ca5b6069815f5c5ef046b47bb3c22974de73aa168955b815d35105d9445289845cb6bbdbf26bae4faa4c78dbc96825be9aed91141b1adef3b8fe58a8784d3c70ca12ba75960a4a1b65edb8f5c4c876a0def1c57581d5f42d3795fd1cea1a104ce9b3d08db6537ca95f36dd881278a1342362a4769120e348dbb17c837e1dcc25fc4150216fdb51b7297e8e1778a4f83feceb6e8ba96e0e7397eaf8ac382328bd3c0717fe7475cf393da2523121820aa42c38f723672b7116eee2c4e6348e8e260dc30d4622d2f81210a44bd85d23675068efc126aada06ddba3a43eaa68aedeb4630ba72405eb8f9a79192c70e86d9da8fce6bc59364a50ef6a41beb374cf376428f33f731bca03f227d63f9487496a4394817f87846721d3cea2031616a169289c5fa722095a860e53298691dd273621566c1c72ecec6585f921a9efb9496826ea37756ed41b28ba4ced874344a627754000922e0d375c2823a603034a7e48cd5ace54584c85451667a742e5df763da5f05ee5fa0b2bb6f0a4339ee521ef79655a52fd68663c49c0baf395c9008770b468a132365ca08183eba2f1e1edaca3c4388b39c3a13ce826911ae5783254e02d12092d475b44ce763c9e2b051fe6440a7f674e9f374671a8652afcb5945367e990099f5b014868c8314d089e21715105d698506568f8c21152a6c97788b93b163eb8fb37e8533635972e9827f2aa5948144870f3c567c2a53465d3cad4d401f3e002df8b3c78a28ed36d290c522f07864a539d3c3ae6ac9b0a581b51a07c0da01dceb4194d7d5407cb249d6487411952a6cda1e49c8f1d11027a1cd1463b688346d3160ffc2239612da7b3677bb202dd2b56a8b813d31660836b613f35d1cc2ff7fc36e9a3cdd28a26c53b980e67bbf911ae1e1ca4f0166bc821e035778dc9183e7ba4bf065577d9a6457b2a9cc79411d00ffa92db0e56d06f6b0f4e6957aa92e08fe34712f400618662e9972947238b5a1ad4928f15eac1e4051f529f23387a24b6c060ad7bd42cb03d52de8256b33bfea2209d102ccb00b112c492edb5702fcccf42f756503230b0ed7a5baa048d0b87bea03284ebf7006aba30b0489ced2cc7868ee3aad6d6a0c172d92cb3b744ee24c4750cbabd99bcc390f30b42c73596726cce3aeca8c2403f48f283f07f3070abb4f2c9f4dd17cd20f79575d214fa06396326e82eed6e7762c12d81a07d9f8186864631ca002461476d4c3ab0e605976eaaee3d2f45a6e502967177e0af0a688faf1e404439cc25b3bd6708bf448902653e210af91a761f9d6211997edfb4b35fb3da78ca3f1fb4c72d88cfd0c43cd422723e07ca37268a86627e49cca215056134e82fcc680a7808c948b90d56fd13da4004efbe46168ef582fa4132089882dd222f36acf73c8f2055f66366030b1bdd30e87d3d91b0b6a3b2f4a24f9189a8baf682f4243e76c35b9655aca09a319f04a505fb875362339e85cf40a69c976c841625b63a1c8f3bdbce287d702ba0d4e7b42f86452385caf9dc2f247ca3cd0c3ed2d22733aeba24f708b08b3d3b957f39a6fcdb2d2b12aeebc91f88102b6d0e5eba66ec4fe18292ed469c0265a2618f94560172aa7c8f07de60799e69b86c4feb0be71923cbd0b13d2de821f3ee4f182743b86bbd9841975a4111fe59c8a72fc01712bd8a063b8889aa4367d4e762fb9675b3d6ab03903d6c7a850471d3a1682acb2a41eae097b9e5e7a1b42b88d21cf1982e8bfdaef2214d34615710b9400ec1f85cb9efd4b1eeb0d5c861cf0b20d70e71d1359c14c0d2c49b70932afa24eb2bd7c3c38b94721011b2f16e09fa346a389e3"}) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r2 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0xffffeffe, 0x400, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r4}, 0x10) connect$inet6(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x8, 0x2c, 0x0, @remote, @local, {[], {{0x1100, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 681.143079ms ago: executing program 5 (id=1453): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/12], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r2, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, &(0x7f0000000ec0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) (fail_nth: 1) 653.144ms ago: executing program 1 (id=1454): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x110, 0x4) sendmmsg$inet(r2, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002b00)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000002c00000018000180140002006e657464657673696d30"], 0x2c}}, 0x0) 539.808782ms ago: executing program 1 (id=1455): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002b00)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000002c00000018000180140002006e657464657673696d30"], 0x2c}}, 0x0) 539.316301ms ago: executing program 5 (id=1456): prctl$PR_SET_NAME(0xf, &(0x7f0000000500)='kfree\x00') openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040), 0x48a201, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf7cf39e3100c8acaa47684f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d7559f3b14820ed58b15627c95aa0b784625704f07372c29184ff7f4a7c0000070015006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e000000000000041201baa80b0b8ed8fb1ec577c377f627daaf787a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bdeda7be586602d985430cea080000000000fb1a26abfb0767192361448279b05d96a703a660587a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aab926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb155481ef836eb0f8c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaed2b25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec0271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761036eafed1fb2b98b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe514283707c70600000000000000b7561301bb997316db01ee601f2c9659db9bc04f7089a660d8dcc3ae83169cf331efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a515d83129cd857c775f9e7d6101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbe3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562e00e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb2214209ed2d5d776e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b55ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f608ce27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e30400000000000000000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a95d32f46ed9bd1f00fb8191bbab2dc599dda61ee2010000294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bfe2777e808fcba821a00e8c5c39609ff854256cb490000000000c1fee30a3f7a85d1b2b458c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd210819203828b202779d386ed295f023c67d867014d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff00004043060000005dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df40600000000000000e9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b0600b805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1202000000b59fed817072a0da60160761fd3dffda0f7c742eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7000000000000000542954c167dd9b4acd946ffffffffffffffff1389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c9e281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b630500163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f700400fa0c61d5fe6d8ff353f631080405547d65375ae04f44f0c2543c772c5ccb137be7dc87746e1785a8214454d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b036e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e010000005a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb3985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1428c0805b4031a667e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a9cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab9100781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c1227c8bed10591958c906321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b863af34bac64c247672a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c39132a0f27080ece2a94c360b002c77f82662675a7713c7067081cac1599a998c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc215a18ca0265400abf38e90000000000000000008faf2cddffbfa66bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942ce18e57bb7f337df5435bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de286553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c03f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c872a4882d21db2046a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265441d513a1294b8439276394945d94a589708e32a1cb30a8b07b391201385e0b92ecbb7b13d7a87284164018ace6ce58a82c5de321452461089cdd69259f5390f5f508646a524490583c30630bedb47e158ad41c0a653e86a4f4f255cd2a6e95f33b586823aef5564d9de1f5bdd8c80e193f0597b8003860302cd243c00bc5a82c52afb115d16258d507937966bb89409d6d47b8b652d0761d7c72875ae1efb9bc7c6807c2d783e31fd9cd7e84d3d50d8fc44ab8ac9ccd2c0d42e3bd4c029241320446bbf47e23d1320de30fbdf7ed13f80c28fb5c13fccc2e3f73509bdcddad8a2fe48cdd61f2f43611704af64eed8b0cbbd08754f93b8f3d6347aad5cde1ccc5cbd5eaa87e52cea257c856a4af5243eeb5e89f0000000000000000f420df5e4c6d856b3d55e455c08110b2ef4255a38f81555e8e1f22d59c0bc3c9013e66a1f5bda1b695e1602c0afb5c35b2f68f3b151b1e869f40ff4d1bef5e926e1ff95f6321131e4cb797f53455a093a95e67605222d6acc29c46e5db1ef3b8b07e2169fb24ced4b3ae87ebeca06df93212e465bbd1a7e41df2e1a0d508f86cfc7a469ac682685c44692877d03c34c23a65d2677acc73b5d276fdebd685c9b7a079eae228d8426188cb19b083548f5f29e493ab079f33d1965dcbb165015c46998ad410d60cc65fcfa73bd65a43fc024455c4bf530d663976cf71490577251780ab6b1cf8d397444b5be575229f687a3d95ea6b2aa62fce8acb3d4a6a130b4fefa55d0c1d6f3fa448ee24e588e2965c9a442f0baf90923dda91a6850fb7b9c7f432b63001423fedcf053fa28024cc9a178a07042dabc07176fc524032c2edb340c9c18a83565c431aeb0c869683507255254430f90f61e4eca9c8fa98c000b35fec357ee1ebd08439bd95c1ab0753dfd2603d1608bd8c589a1e160000a6ee0ad13346e08738c2d7b00b5d121d918f1dc8bceded939fa8605b54b37cdfcea0bf2bc63e655dc04a2e50212ff89d6587d49896ce18916cf3adc12839c345ca91bb232b891fae2fdd68aaa38281c0feb2c107af3e080d6cdd1c6646ec6804d7e9960c02aa0db9eda24bbcb287fd2a890fa7f9d6ae0c0b1f8dd1603c9ea2f66b572276f96a28b5b6dd9f9bf6ad4bdaa2139b90faf1f40b0f141258578bd825daaaf718d21b7ac05fe5d1b699e5422ca341fe1c944f68fe3a6d783dcf30b0e09d7688f696883b61cb64464b04d351a0a69b0733c348049b0430ed40e200f4ff0000000000000000000000996bcc1b721b152c892fab887e7d20466d90c049c0fdf51dcc16d226a2619c6f47bc25b7f5df5c09fed638922ed127ab36aa7b0c58a2ce5894b1b0f5375d340d96b69b966b05daaf585121a9c7605ed8e9964eef1f14b74cbb2ccdadc6d0b77cf0492b75e1cd11bfdcfddde91b20366715ba0cbe1041be2a65c25d7ca15ef8b71bd2ab9a4294899a1964b0152518fc2ac15a728bcb9e2bc4b551dfdf9011a2a607bc39ad2c4d7c64dcf967724e9b63c397d5265ad3f1da4395a5a800d8845257dcbf210d4f00fe0bd3deed05e506736e6bb6d40ee6cb960bcdb33633ee87f82beb665a9a4c2d4d2b06479ade3a4cd6bba765c9f52b52a0bdd0849ab92baae3775570accb5a57ee9f0035fc6d3df4eebec2e7eb4ff863d3979a20f4428ddca471037b49d4fd130743a97faa02c293b721e52bf53d64c6585e138162331ef98792e1e9b21a6a084fb7b42c64062ef1323a8a65a8ed6038f274f28ff4f78136a1ef108efbe8c4f4e347d50dcdbc33bf3ade4c3a39d316061930d7dd39b8acdecc3f27830e3eda40e648328d95a9aee65a9dd09fd4e96d5b852025dc53ec3f30cc753e6a796084b4e34f521dbb230ae0f3b79142073d437e1fd22d3b7503ffa95b1d5c7740b0ecbfd35dc0f8af895583dfcc2689f6e02c2dd4b57f3dcac54f40da013eb221fa3d65de760576031052c25a96ed4b20230b36d46d3d3fd6bb1d77cc8a48a6b10fa0149e55ccde4a2b26cca2d1ca9191c74ab006a602543fc24d1283e353cfb917620000000024bf3eed258c02a591ec4cd295212d9a98d38745f6f6c4530900000000000000f184f239098bf32551c7cf454e2865974f6520112743f73c619c3cab5609e00178f7393e53462f31559220c026bbde09837bf1b3ffe748a3247c9569f0c5e99f4494f93e0fa1badca90c888616eca97bddabd8003fc12a084d4b11d841979e161b998ddda92f194c4ec7947b7b303be11e0962d429a2c542a28c4932e14c123dfe2b8ec47a11cce134fd6e42a9f4e00ab6de6b45"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x57}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000001000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040022000000008500000082"], 0x0, 0x1000000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r3 = dup(r2) write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94) write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) creat(&(0x7f00000003c0)='./file0\x00', 0x36) 510.821482ms ago: executing program 1 (id=1457): r0 = openat$selinux_attr(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x1, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==") r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000400)={'erspan0\x00', &(0x7f0000000380)={'tunl0\x00', 0x0, 0x20, 0x7800, 0xc, 0x6, {{0x13, 0x4, 0x3, 0x20, 0x4c, 0x64, 0x0, 0x2, 0x2f, 0x0, @local, @private=0xa010101, {[@noop, @timestamp_addr={0x44, 0x34, 0x6, 0x1, 0x6, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x9}, {@broadcast, 0xffffff65}, {@private=0xa010102, 0x50000000}, {@rand_addr=0x64010100, 0xff}, {@empty, 0x7}, {@remote, 0xffff8000}]}]}}}}}) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'wg1\x00', 0x0}) setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000000)=0xf3e, 0x4) sendto$packet(r3, &(0x7f0000000240)='\x00', 0x1, 0x800, &(0x7f0000000080)={0x11, 0x0, r4, 0x1, 0x4, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xfc}}, 0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000e00)={'vxcan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000010c0)={'veth0_vlan\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000001100)={'wg1\x00', 0x0}) sendmmsg$inet(r0, &(0x7f00000015c0)=[{{&(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000200)="5b8d694fa603f131dfcdca8cd61edb815f3da2911e4f17496a853e507073", 0x1e}, {&(0x7f0000000240)="3d079e4e2cb3ee9a7b68680832bf281a880a728836dde697c04ea8f717cf0bc1b6f8f010a6df69e9103674cff34d8cdf0084b6f9783cafcc3b5467fc764b2f933ecb2ca6860c477cfdfab5117102be9a4740631fa02dbc347d83d1f86c0bc68f7f9ace08116889208b33f6003fe7bbbf387ac803af84ce62bfbd82af43cff593b4eb436a28393f9c6e7f4a6d4e84e38fa59033d64ad414e289fdf9ae74a4615e29bfc6294e7e970d2fb6b9071366eecda37e29a08916e2955748f3e3621eddd9c7d3e42738b8d1cc3609", 0xca}], 0x2, &(0x7f0000000440)=[@ip_tos_int={{0x14, 0x0, 0x1, 0xfffffff8}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @multicast2, @multicast1}}}, @ip_retopts={{0x8c, 0x0, 0x7, {[@ra={0x94, 0x4}, @noop, @cipso={0x86, 0x4c, 0x2, [{0x5, 0xe, "14736cf8460fa52c2568c5f7"}, {0x5, 0x7, "a57f80a715"}, {0x5, 0x5, "f237b1"}, {0x2, 0x12, "544cc71899c143e61cf7bb3168882fa8"}, {0x7, 0x9, "3270789a637203"}, {0x2, 0xe, "a0ab441d28972cc7a395b97c"}, {0x5, 0x3, '\t'}]}, @timestamp={0x44, 0x28, 0x33, 0x0, 0x9, [0x2, 0x0, 0xff, 0x0, 0x9b3, 0x2, 0x1, 0x6, 0x0]}]}}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@ra={0x94, 0x4, 0x1}, @end, @ra={0x94, 0x4}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x4}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xe40a}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @dev={0xac, 0x14, 0x14, 0x44}, @dev={0xac, 0x14, 0x14, 0x13}}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1ff}}], 0x150}}, {{&(0x7f00000005c0)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f0000000740)=[{&(0x7f0000000600)="0b3c03885ad77ac22f30fd80cc37387d34e92dd38ca5dca771bcb14f03590008b4697d8eff90dbcfc8726655cefc1efad131e7106ae75e", 0x37}, {&(0x7f0000000640)="c5b72c28d835fe857c791e5e7707453f447f83f2483200bb5cc4a8880c0dca6516c8cc0dc194a02b5db4aac42fca63e3c9325f0bf313fbda60a8d802ddf306f9581d570fe4adcb71152b0beb5c49beeb17feabdd903aab0ff3ecb31756bfe27442ba4f379f8943f3b4b6189bb4a5b08f234e32f03118fcb4462778e10adaeb35bfccb3570b9115c20b5f4f48ba460591b4feeeeab0dc753513de0022c175acb1c5cd13620c11d9775945908444846b58ab2ab4a68d9beaf573ef5a08e007715856c1d87fb011b9461e", 0xc9}, {&(0x7f0000000d00)="2565a4e5b372cefb4953f7cf93b1d6c7d993f0c888de7c1d75c31b2af320cb401732f6b114fb25fe609dd1e026c5d40a245aa09b252e270fc76187c79ed3533355d42b8fd46cd33fca3c8495da861d7fcf980a393877a30aaa490b01c90e0d2eef97c37232bb50992612faee705ef56e8a2988bd60c51a5f1288dac88970d874ac120d6ec31524152c6f63f857b9a3ddd32a7e504b5c955c35513cdd603c60a0f9bab85c512b6389fe3f26694eefeb18d1a4d42fc106a5a93f5b3038034eb6356a2ad61915a54e1ff02e", 0xca}], 0x3, &(0x7f0000000e40)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x2}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7}}, @ip_ttl={{0x14, 0x0, 0x2, 0x10001}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @remote, @multicast2}}}, @ip_retopts={{0x2c, 0x0, 0x7, {[@generic={0x83, 0x11, "5702cbf1bedcf3b78ca8276b43c3a2"}, @noop, @timestamp={0x44, 0x8, 0xd9, 0x0, 0x2, [0x9]}]}}}], 0x98}}, {{&(0x7f0000000f00)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000001080)=[{&(0x7f0000000f40)="1d04db41e6bb1acaa827755fba003870c4cc58cb19931afd19abc492b504ee1dd66240a403ee4b76d578881e355d9742fec808ba04aedc87df3239d556b3ead6615374c2351451a2db7c777c70eed03d529bef132ec13959e4b9c2d8f45837f03bdcd325f03efc4a2bf4df7276181be4186ac3cfce4fde8f350c98a109c56caec420cf241e38241d9f6a841ef8b41be234879d61201198bd3a3591e1db51932870232e376cb533ccbca0ba43e937d77e4da7e85679eb23de7f7d292fbc716775274da6721d94c885870c4b21938273c16afe6cb033799379be73b91b32", 0xdd}, {&(0x7f0000001040)="ee00b18a904ac21ebee976a212eb465ea55ca0aef1d3b7a24eee55138e67159d9239213dedfd1699de1567a4f6af58a04976", 0x32}], 0x2, &(0x7f0000001140)=[@ip_retopts={{0x8c, 0x0, 0x7, {[@cipso={0x86, 0x2d, 0xffffffffffffffff, [{0xe, 0x4, "51e7"}, {0x7, 0x5, "59a097"}, {0x6, 0x12, "3474ef74bca23d517a122adeedc11d3a"}, {0x0, 0xc, "2b28ad0b1bcbb03ff92f"}]}, @ssrr={0x89, 0xf, 0x1c, [@rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x11}, @local]}, @rr={0x7, 0x1b, 0x6c, [@private=0xa010101, @rand_addr=0x64010101, @private=0xa010100, @empty, @rand_addr=0x64010101, @rand_addr=0x64010100]}, @rr={0x7, 0x7, 0x9e, [@multicast2]}, @lsrr={0x83, 0xf, 0x95, [@loopback, @rand_addr=0x64010101, @broadcast]}, @generic={0x82, 0xd, "18969abf7256ddb8eeaaf7"}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @dev={0xac, 0x14, 0x14, 0x2b}, @multicast2}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @multicast2, @rand_addr=0x64010102}}}], 0xd0}}, {{&(0x7f0000001240)={0x2, 0x4e22, @multicast1}, 0x10, &(0x7f00000014c0)=[{&(0x7f0000001280)="29a857963210c5ac", 0x8}, {&(0x7f00000012c0)="16d12f416a96fa226cd46d1ff43f72beffba38d7f0e0a233518f1ee3bf87a1a0edf2be27c2ae026e526dbb74e921a8544f2b02fe1d17e91b5d3e89ead7f736b8dab1553ba246a53e0c991a45836e5c6fb42e44a5deb157df05c32737e67cf80da7e8505fd85ad30c2c5a990f1658e6f9879fc65a3bb38f0a4bd0e4a490e05a051525b6d908da5adbb45bf1403a820904d78258cc0d9710276d8c02ab236cbf6ec093ca655681b3fee72cfc0b2e42fea8bd0afac33172300e53ef298e889f34fcdf84ef9af3243bd85259648fb624373e810c0c7cf7917d19b1f9f5c5c8a91655a39a647327a201c0b21f8cbbd33ba8bc24122f6ec83c7a6b23d0", 0xfa}, {&(0x7f00000013c0)="c5575cabb1fbd00d7be2c389720943b3ace32a8a61934dff540d9c35571acbc551e021afd372db25de36b6c1b9a4bc75f9a8df8dea085705d715a66502c55bbe5fd1ae4adb74b9b3bcb24fd5201fc9ccf419505b73f581f20210ee938bc36e073f840ee2b366e21383bd92d502fa536aadcedf43ca0cef02e2812dadc325b6dc29c057e0bb14b6cff756cc5cc5e30f837ea2784052ae50bab332ef07dc08fd5c063349fd078b919bce6676b76374b69b760ff9e1998df2ff8d575aae1fe1007d6594891d756a31dbbf4e1222ba2d6efa7a8797795f", 0xd5}], 0x3, &(0x7f0000001500)=[@ip_ttl={{0x14, 0x0, 0x2, 0x10000}}, @ip_ttl={{0x14, 0x0, 0x2, 0x3}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x7}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x400}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x6}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x48}}], 0x90}}], 0x4, 0x40) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) connect$unix(0xffffffffffffffff, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e22}, 0x6e) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xa0) 506.725922ms ago: executing program 5 (id=1458): bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x5}, {0x0, [0x30, 0x5f, 0x71]}}, &(0x7f0000000900)=""/205, 0x1d, 0xcd, 0x1, 0xf8b, 0x10000}, 0x28) r0 = socket$nl_generic(0x10, 0x3, 0x10) close(r0) socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(0xffffffffffffffff, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc) writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000080)='~', 0x1}], 0x1) syz_emit_ethernet(0x52, &(0x7f0000000a00)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}, @multicast, @val={@val={0x88a8, 0x0, 0x1, 0x4}, {0x8100, 0x0, 0x0, 0x1}}, {@mpls_uc={0x8847, {[], @ipv6=@tcp={0x3, 0x6, "cb9bbd", 0x14, 0x6, 0xff, @private2, @empty, {[], {{0x4e24, 0x4e21, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x4, 0x2, 0x0, 0x9}}}}}}}}, 0x0) 394.694794ms ago: executing program 0 (id=1459): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x110, 0x4) sendmmsg$inet(r2, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002b00)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000002c00000018000180140002006e657464657673696d30"], 0x2c}}, 0x0) 351.010204ms ago: executing program 0 (id=1460): setuid(0x0) r0 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0xfffffe00, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r2}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x3c, r4, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private0}]}]}, 0x3c}}, 0x400c040) r5 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0x2e}, 0x48, 0xffffffffffffffff) r6 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc3}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x4, r6, r5, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r7, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000240)=ANY=[@ANYBLOB="d8010000", @ANYRES16=r8, @ANYBLOB="010000000000fbdbdf25010000000800050001000000060006004e220000140002007767320000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5427c0108800c"], 0x1d8}}, 0x0) keyctl$KEYCTL_MOVE(0x4, r0, r0, 0x0, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000030000000900010073797a30000000005c000000030a030000000000000000000300000009000b0073797a30000000000900010073797a3000000000140004800800024000000000080001"], 0xcc}}, 0x0) 236.820276ms ago: executing program 5 (id=1461): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x12, 0x0, &(0x7f0000000040)) r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x402) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006007c09e8fe55a10a0015400100142603600e120800060000000401a80016000900014003000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0xc854) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x0) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0x80, &(0x7f0000000240)={0x3, 0x0, 0xfffa, 0x4360}, 0x8, 0x6, 0x7d, 0x0, 0x1, 0x101, 0x0}) 43.677379ms ago: executing program 0 (id=1462): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4000850) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000008000000080009000200000008000b"], 0x24}}, 0x10) 28.819269ms ago: executing program 2 (id=1463): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000700)={0x1b, 0x0, 0x0, 0x7, 0x0, 0x0, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000140)={0x0, 0x0}, 0x8) bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r0}, 0x8) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x9c, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x800040, &(0x7f00000001c0), 0x1, 0x597, &(0x7f0000000b80)="$eJzs3U1sG2UaAOB3xvH2L9t0pV1pd9VDtYtUpKpO0h8onNorolKlHpC4lMhxoyhOHMUONFEO6b1C9IAA9VJucOAI4sABcUHiwpULiDNSRSOQmh7AyH9pm9jBKXWdxs8jjT3ffON5v2/G73hmNCMHMLCO1V7SiP9ExKUkYuShuqFoVh5rzLe+tpK/v7aST6JavfxzEklE3FtbybfmT5rvhyJiNSL+HRFfZSNOpFvjlpeWZyaKxcJCszxamZ0fLS8tn5yenZgqTBXmTr/40tlzZ86Onxrv3Pjszvp644ebb9/49pXbNz/+5Ohq/t2JJM7HcLPu4X48SY11ko3zm6af6UWwPkr63QAeS6aZ57VU+leMRKaZ9e1UR55q04Aeq+6LqO5Esrqj2YHdLNlZ/gN7Rus4oHb+2xoeOUDI9Pb4486FxglILe56c2jUDDWuTcT++rnJwV+SR85MauebR3rbNAbA6vWIGBsa2vr9T5rfv8c39iQaSE99eaGxobZu/3Rj/xNt9j/DrWunf1Fr/7e+Zf/3IH6mw/7vUpcxfnv9xw86xr8e8d+28ZON+Emb+GlEvNFl/FuvfX6uU131w4jj0T5+S7L99eHRq9PFwljjtW2ML44ffXm7/h/sEL9xzXZ//Wem3fqf77L/n3396f9Wt4n//P+33/7t1v+BiHiny/j/uPfRq53q7lxP7taOAna6/WvTbncZ/4Xzx77vUHWgy0UAAAAAAAAAAABtpPV72ZI0tzGeprlc4xnef8bBtFgqV05cLS3OTTbueTsS2bR1p9VIo5zUyuPN+3Fb5VObyqdb9xFnDtTLuXypONnnvgMAAAAAAAAAAAAAAAAAAMBucWjT8/+/ZurP/2/+u2pgr+r8l9/AXif/YXA9mv9JxL6+NQV4yvz+w8Cqyn8YXPIfBpf8h8El/2FwyX8YXPIfBpf8BwAAAAAAAAAAAAAAAAAAAAAAAACAnrh08WJtqN5fW8nXypNDS4szpTdPThbKM7nZxXwuX1qYz02VSlPFQi5fmv2z5RVLpfmxmFu8NloplCuj5aXlK7OlxbnKlenZianClUL2qfQKAAAAAAAAAAAAAAAAAAAAni3D9SFJcxGR1sfTNJeL+HtEHIlscnW6WBiLiMMR8V0mu69WHu93owEAAAAAAAAAAAAAAAAAAGCPKS8tz0wUi4WFARkZ2jLlm84zR8Tqk21GbYk7/lS2ua12yzp81kYObz9PJvrewt040ucdEwAAAAAAAAAAAAAAAAAADKAHD/12+4nfe9sgAAAAAAAAAAAAAAAAAAAAGEjpT0lE1IbjI88Nb679W7Keqb9HxFu3Lr93baJSWRivTb+7Mb3yfnP6qX60H+hWK09beQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8UF5anpkoFgsLPRzpdx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHscfAQAA//+aXtbd") r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x802, 0xa2) pwrite64(r4, &(0x7f0000000180)="f7", 0x1, 0x200980) ioctl$FIBMAP(r4, 0x1, &(0x7f0000000000)=0x4) 5.584729ms ago: executing program 1 (id=1464): r0 = syz_io_uring_setup(0x27b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x3, 0x313}, &(0x7f0000000240)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2}, 0x0, 0x40000103}) io_uring_enter(r0, 0x46f3, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=1465): mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) ioctl$SG_IO(r1, 0x2285, 0x0) writev(r1, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd24", 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2) kernel console output (not intermixed with test programs): 4][ T7138] RSP: 002b:00007fb6eee17030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 141.853117][ T7138] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ad33c [ 141.853133][ T7138] RDX: 000000000000000f RSI: 00007fb6eee170a0 RDI: 0000000000000005 [ 141.853148][ T7138] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000 [ 141.853164][ T7138] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001 [ 141.853179][ T7138] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268 [ 141.853263][ T7138] [ 142.066192][ T7074] can0 (unregistered): slcan off ttyS3. [ 142.076268][ T7141] loop4: detected capacity change from 0 to 1024 [ 142.179493][ T7141] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.203038][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.234616][ T7156] lo speed is unknown, defaulting to 1000 [ 142.272573][ T7141] ext4 filesystem being mounted at /211/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.299989][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.355829][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.616151][ T7178] lo speed is unknown, defaulting to 1000 [ 142.616639][ T7172] __nla_validate_parse: 4 callbacks suppressed [ 142.616657][ T7172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1089'. [ 142.632423][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.637339][ T7172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1089'. [ 142.718429][ T7182] syzkaller1: entered promiscuous mode [ 142.724159][ T7182] syzkaller1: entered allmulticast mode [ 142.905498][ T7185] loop3: detected capacity change from 0 to 128 [ 143.131163][ T7189] loop0: detected capacity change from 0 to 1024 [ 143.161539][ T7189] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.189381][ T7189] ext4 filesystem being mounted at /215/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.202735][ T7189] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1095: bg 0: block 393: padding at end of block bitmap is not set [ 143.218923][ T7189] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28 [ 143.231492][ T7189] EXT4-fs (loop0): This should not happen!! Data will be lost [ 143.231492][ T7189] [ 143.241214][ T7189] EXT4-fs (loop0): Total free blocks count 0 [ 143.247236][ T7189] EXT4-fs (loop0): Free/Dirty block details [ 143.253285][ T7189] EXT4-fs (loop0): free_blocks=0 [ 143.258248][ T7189] EXT4-fs (loop0): dirty_blocks=16 [ 143.263420][ T7189] EXT4-fs (loop0): Block reservation details [ 143.269427][ T7189] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 143.324524][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.379065][ T7200] loop2: detected capacity change from 0 to 1024 [ 143.385641][ T7201] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1096'. [ 143.395503][ T7201] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1096'. [ 143.484369][ T7200] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.515145][ T7200] ext4 filesystem being mounted at /221/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.562282][ T7200] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1097: bg 0: block 393: padding at end of block bitmap is not set [ 143.562710][ T7200] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28 [ 143.562734][ T7200] EXT4-fs (loop2): This should not happen!! Data will be lost [ 143.562734][ T7200] [ 143.562751][ T7200] EXT4-fs (loop2): Total free blocks count 0 [ 143.562805][ T7200] EXT4-fs (loop2): Free/Dirty block details [ 143.562818][ T7200] EXT4-fs (loop2): free_blocks=0 [ 143.562831][ T7200] EXT4-fs (loop2): dirty_blocks=16 [ 143.562846][ T7200] EXT4-fs (loop2): Block reservation details [ 143.562859][ T7200] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 143.645093][ T7213] loop4: detected capacity change from 0 to 128 [ 143.673574][ T7211] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1101'. [ 143.683118][ T7211] loop1: detected capacity change from 0 to 512 [ 143.735814][ T7211] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 143.745853][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.783781][ T1390] bio_check_eod: 206 callbacks suppressed [ 143.783798][ T1390] kworker/u8:6: attempt to access beyond end of device [ 143.783798][ T1390] loop3: rw=1, sector=153, nr_sectors = 8 limit=128 [ 143.804197][ T1390] kworker/u8:6: attempt to access beyond end of device [ 143.804197][ T1390] loop3: rw=1, sector=169, nr_sectors = 8 limit=128 [ 143.804238][ T1390] kworker/u8:6: attempt to access beyond end of device [ 143.804238][ T1390] loop3: rw=1, sector=185, nr_sectors = 8 limit=128 [ 143.804321][ T1390] kworker/u8:6: attempt to access beyond end of device [ 143.804321][ T1390] loop3: rw=1, sector=201, nr_sectors = 8 limit=128 [ 143.804361][ T1390] kworker/u8:6: attempt to access beyond end of device [ 143.804361][ T1390] loop3: rw=1, sector=217, nr_sectors = 8 limit=128 [ 143.804395][ T1390] kworker/u8:6: attempt to access beyond end of device [ 143.804395][ T1390] loop3: rw=1, sector=233, nr_sectors = 8 limit=128 [ 143.845589][ T7217] 9pnet_fd: Insufficient options for proto=fd [ 143.871532][ T7211] EXT4-fs (loop1): 1 truncate cleaned up [ 143.877900][ T1390] kworker/u8:6: attempt to access beyond end of device [ 143.877900][ T1390] loop3: rw=1, sector=249, nr_sectors = 8 limit=128 [ 143.894124][ T7211] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.944189][ T1390] kworker/u8:6: attempt to access beyond end of device [ 143.944189][ T1390] loop3: rw=1, sector=265, nr_sectors = 8 limit=128 [ 143.977082][ T7224] loop2: detected capacity change from 0 to 1024 [ 143.981926][ T7223] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1107'. [ 143.984607][ T1390] kworker/u8:6: attempt to access beyond end of device [ 143.984607][ T1390] loop3: rw=1, sector=281, nr_sectors = 8 limit=128 [ 143.992480][ T7223] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1107'. [ 144.008726][ T7224] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.028699][ T1390] kworker/u8:6: attempt to access beyond end of device [ 144.028699][ T1390] loop3: rw=1, sector=297, nr_sectors = 8 limit=128 [ 144.040898][ T7224] ext4 filesystem being mounted at /223/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.075268][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.085158][ T7224] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1106: bg 0: block 393: padding at end of block bitmap is not set [ 144.112237][ T7224] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28 [ 144.125644][ T7224] EXT4-fs (loop2): This should not happen!! Data will be lost [ 144.125644][ T7224] [ 144.127296][ T7235] loop1: detected capacity change from 0 to 2048 [ 144.135341][ T7224] EXT4-fs (loop2): Total free blocks count 0 [ 144.135361][ T7224] EXT4-fs (loop2): Free/Dirty block details [ 144.154663][ T7224] EXT4-fs (loop2): free_blocks=0 [ 144.159694][ T7224] EXT4-fs (loop2): dirty_blocks=16 [ 144.164888][ T7224] EXT4-fs (loop2): Block reservation details [ 144.170924][ T7224] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 144.178141][ T7235] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.193359][ T7235] EXT4-fs (loop1): shut down requested (0) [ 144.214758][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.225692][ T7238] lo speed is unknown, defaulting to 1000 [ 144.226740][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.319254][ T7243] loop3: detected capacity change from 0 to 2048 [ 144.329269][ T7236] lo speed is unknown, defaulting to 1000 [ 144.371588][ T7243] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.386623][ T7243] EXT4-fs (loop3): shut down requested (0) [ 144.429468][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.457820][ T7261] lo speed is unknown, defaulting to 1000 [ 144.476031][ T7258] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1119'. [ 144.492251][ T7263] xt_hashlimit: size too large, truncated to 1048576 [ 144.539975][ T7267] loop4: detected capacity change from 0 to 512 [ 144.549671][ T7272] –: renamed from vxcan1 (while UP) [ 144.560307][ T7267] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 144.606210][ T7267] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.622077][ T7267] ext4 filesystem being mounted at /219/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.658877][ T7267] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1120: corrupted xattr block 19: overlapping e_value [ 144.684861][ T7283] FAULT_INJECTION: forcing a failure. [ 144.684861][ T7283] name failslab, interval 1, probability 0, space 0, times 0 [ 144.698405][ T7283] CPU: 1 UID: 0 PID: 7283 Comm: syz.1.1124 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 144.698446][ T7283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 144.698463][ T7283] Call Trace: [ 144.698472][ T7283] [ 144.698483][ T7283] __dump_stack+0x1d/0x30 [ 144.698511][ T7283] dump_stack_lvl+0xe8/0x140 [ 144.698617][ T7283] dump_stack+0x15/0x1b [ 144.698663][ T7283] should_fail_ex+0x265/0x280 [ 144.698721][ T7283] should_failslab+0x8c/0xb0 [ 144.698753][ T7283] kmem_cache_alloc_lru_noprof+0x55/0x310 [ 144.698867][ T7283] ? __d_alloc+0x3d/0x350 [ 144.698900][ T7283] __d_alloc+0x3d/0x350 [ 144.698952][ T7283] d_alloc+0x2e/0x100 [ 144.698982][ T7283] vfs_tmpfile+0xe8/0x4d0 [ 144.699025][ T7283] ? path_lookupat+0x1fc/0x2a0 [ 144.699059][ T7283] do_tmpfile+0xa8/0x190 [ 144.699100][ T7283] path_openat+0x1dd7/0x2170 [ 144.699137][ T7283] ? _parse_integer_limit+0x170/0x190 [ 144.699207][ T7283] ? _parse_integer+0x27/0x40 [ 144.699242][ T7283] ? kstrtoull+0x111/0x140 [ 144.699325][ T7283] ? kstrtouint+0x76/0xc0 [ 144.699362][ T7283] do_filp_open+0x109/0x230 [ 144.699414][ T7283] do_sys_openat2+0xa6/0x110 [ 144.699449][ T7283] __x64_sys_open+0xe6/0x110 [ 144.699517][ T7283] x64_sys_call+0x14d4/0x2fb0 [ 144.699543][ T7283] do_syscall_64+0xd2/0x200 [ 144.699565][ T7283] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 144.699665][ T7283] ? clear_bhb_loop+0x40/0x90 [ 144.699692][ T7283] ? clear_bhb_loop+0x40/0x90 [ 144.699795][ T7283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.699815][ T7283] RIP: 0033:0x7fb6f07ae929 [ 144.699829][ T7283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.699856][ T7283] RSP: 002b:00007fb6eee17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 144.699877][ T7283] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ae929 [ 144.699891][ T7283] RDX: 000000000000050f RSI: 0000000000591002 RDI: 0000200000000100 [ 144.699905][ T7283] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000 [ 144.699939][ T7283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.699954][ T7283] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268 [ 144.699978][ T7283] [ 144.708100][ T7267] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 144.740137][ T7281] loop0: detected capacity change from 0 to 2048 [ 144.775077][ T7267] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1120: corrupted xattr block 19: overlapping e_value [ 144.888078][ T7281] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.914988][ T7267] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 144.929270][ T7281] EXT4-fs (loop0): shut down requested (0) [ 144.948226][ T7267] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1120: corrupted xattr block 19: overlapping e_value [ 145.006866][ T7292] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 145.006866][ T7292] program syz.1.1126 not setting count and/or reply_len properly [ 145.041012][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.051132][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.094963][ T7296] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1130'. [ 145.104056][ T7296] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1130'. [ 145.178031][ T7306] loop4: detected capacity change from 0 to 512 [ 145.194531][ T7301] loop3: detected capacity change from 0 to 512 [ 145.203116][ T7306] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 145.208458][ T7307] lo speed is unknown, defaulting to 1000 [ 145.236748][ T7301] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 145.254722][ T7306] EXT4-fs (loop4): 1 truncate cleaned up [ 145.263907][ T7309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 145.281347][ T7306] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 145.300724][ T7301] EXT4-fs (loop3): 1 truncate cleaned up [ 145.302497][ T7309] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 145.314260][ T7301] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 145.348295][ T7320] loop2: detected capacity change from 0 to 512 [ 145.357744][ T7320] EXT4-fs error (device loop2): ext4_iget_extra_inode:5035: inode #15: comm syz.2.1135: corrupted in-inode xattr: invalid ea_ino [ 145.371517][ T7320] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.1135: couldn't read orphan inode 15 (err -117) [ 145.384627][ T7320] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.412834][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.471818][ T7327] loop2: detected capacity change from 0 to 512 [ 145.478983][ T7327] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 145.489985][ T7327] EXT4-fs (loop2): 1 truncate cleaned up [ 145.496423][ T7327] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 145.523366][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.738667][ T7341] loop2: detected capacity change from 0 to 512 [ 145.745478][ T7341] EXT4-fs: Ignoring removed bh option [ 145.752648][ T7341] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 145.762094][ T7341] EXT4-fs (loop2): 1 truncate cleaned up [ 145.768021][ T7341] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 145.997112][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.278541][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.289098][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.346729][ T7354] loop4: detected capacity change from 0 to 128 [ 146.388108][ T29] kauditd_printk_skb: 296 callbacks suppressed [ 146.388123][ T29] audit: type=1400 audit(1752304182.065:2158): avc: denied { write } for pid=7356 comm="syz.2.1150" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 146.540187][ T29] audit: type=1400 audit(1752304182.215:2159): avc: denied { validate_trans } for pid=7364 comm="syz.2.1153" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 146.570076][ T29] audit: type=1400 audit(1752304182.235:2160): avc: denied { append } for pid=7367 comm="syz.1.1152" name="loop0" dev="devtmpfs" ino=1519 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 146.607855][ T7366] loop3: detected capacity change from 0 to 4096 [ 146.635642][ T29] audit: type=1400 audit(1752304182.315:2161): avc: denied { create } for pid=7367 comm="syz.1.1152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 146.660314][ T7366] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.668294][ T29] audit: type=1400 audit(1752304182.325:2162): avc: denied { connect } for pid=7367 comm="syz.1.1152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 146.711749][ T29] audit: type=1400 audit(1752304182.395:2163): avc: denied { create } for pid=7369 comm="syz.2.1154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 146.737358][ T7375] loop2: detected capacity change from 0 to 2048 [ 146.742227][ T29] audit: type=1400 audit(1752304182.405:2164): avc: denied { setopt } for pid=7369 comm="syz.2.1154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 146.800561][ T7375] loop2: p1 < > p4 [ 146.811118][ T7375] loop2: p4 size 8388608 extends beyond EOD, truncated [ 146.843747][ T29] audit: type=1400 audit(1752304182.525:2165): avc: denied { mounton } for pid=7362 comm="syz.3.1151" path="/230/file0/file0" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 146.867845][ T29] audit: type=1400 audit(1752304182.525:2166): avc: denied { mount } for pid=7362 comm="syz.3.1151" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 146.898611][ T29] audit: type=1400 audit(1752304182.525:2167): avc: denied { mounton } for pid=7362 comm="syz.3.1151" path="/230/file0/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 146.922478][ T7377] loop1: detected capacity change from 0 to 512 [ 146.961971][ T2996] loop2: p1 < > p4 [ 146.968356][ T2996] loop2: p4 size 8388608 extends beyond EOD, truncated [ 146.978605][ T7377] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.1155: corrupted in-inode xattr: invalid ea_ino [ 147.024610][ T7375] SELinux: ebitmap: truncated map [ 147.030395][ T7375] SELinux: failed to load policy [ 147.048900][ T7377] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.1155: couldn't read orphan inode 15 (err -117) [ 147.114810][ T7377] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.175057][ T7377] FAULT_INJECTION: forcing a failure. [ 147.175057][ T7377] name failslab, interval 1, probability 0, space 0, times 0 [ 147.187892][ T7377] CPU: 0 UID: 0 PID: 7377 Comm: syz.1.1155 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 147.187920][ T7377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 147.187935][ T7377] Call Trace: [ 147.187944][ T7377] [ 147.187954][ T7377] __dump_stack+0x1d/0x30 [ 147.188009][ T7377] dump_stack_lvl+0xe8/0x140 [ 147.188028][ T7377] dump_stack+0x15/0x1b [ 147.188043][ T7377] should_fail_ex+0x265/0x280 [ 147.188074][ T7377] should_failslab+0x8c/0xb0 [ 147.188132][ T7377] kmem_cache_alloc_lru_noprof+0x55/0x310 [ 147.188157][ T7377] ? __d_alloc+0x3d/0x350 [ 147.188233][ T7377] __d_alloc+0x3d/0x350 [ 147.188302][ T7377] d_alloc_parallel+0x53/0xc40 [ 147.188332][ T7377] ? __rcu_read_unlock+0x4f/0x70 [ 147.188386][ T7377] ? __d_lookup+0x316/0x340 [ 147.188408][ T7377] ? try_to_unlazy+0x25e/0x3a0 [ 147.188480][ T7377] path_openat+0x6b5/0x2170 [ 147.188524][ T7377] do_filp_open+0x109/0x230 [ 147.188558][ T7377] do_sys_openat2+0xa6/0x110 [ 147.188611][ T7377] __x64_sys_openat+0xf2/0x120 [ 147.188637][ T7377] x64_sys_call+0x1af/0x2fb0 [ 147.188657][ T7377] do_syscall_64+0xd2/0x200 [ 147.188674][ T7377] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 147.188700][ T7377] ? clear_bhb_loop+0x40/0x90 [ 147.188719][ T7377] ? clear_bhb_loop+0x40/0x90 [ 147.188742][ T7377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.188823][ T7377] RIP: 0033:0x7fb6f07ae929 [ 147.188837][ T7377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.188868][ T7377] RSP: 002b:00007fb6eee17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 147.188894][ T7377] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ae929 [ 147.188911][ T7377] RDX: 000000000000275a RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 147.188927][ T7377] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000 [ 147.188942][ T7377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 147.188957][ T7377] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268 [ 147.188981][ T7377] [ 147.451685][ T2996] loop2: p1 < > p4 [ 147.456402][ T2996] loop2: p4 size 8388608 extends beyond EOD, truncated [ 147.475410][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.513241][ T7383] loop2: detected capacity change from 0 to 2048 [ 147.599251][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 147.610598][ T3544] udevd[3544]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 147.629168][ T7392] loop4: detected capacity change from 0 to 512 [ 147.680843][ T7392] journal_path: Lookup failure for './file0/../file0' [ 147.687715][ T7392] EXT4-fs: error: could not find journal device path [ 147.719706][ T7383] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.770635][ T7392] siw: device registration error -23 [ 147.905021][ T3307] EXT4-fs error (device loop3): ext4_lookup:1787: inode #14: comm syz-executor: invalid fast symlink length 131109 [ 147.926911][ T3307] EXT4-fs error (device loop3): ext4_lookup:1787: inode #14: comm syz-executor: invalid fast symlink length 131109 [ 147.951879][ T7397] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7397 comm=syz.4.1162 [ 147.977628][ T7395] lo speed is unknown, defaulting to 1000 [ 147.998884][ T7390] can0: slcan on ttyS3. [ 148.008027][ T7390] loop1: detected capacity change from 0 to 1024 [ 148.060616][ T7390] EXT4-fs: Ignoring removed nobh option [ 148.066250][ T7390] EXT4-fs: inline encryption not supported [ 148.093414][ T7390] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 148.164295][ T296] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.183310][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.198627][ T7390] loop1: detected capacity change from 0 to 512 [ 148.244364][ T7402] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 148.244364][ T7402] program syz.0.1164 not setting count and/or reply_len properly [ 148.276763][ T7390] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.305794][ T7390] ext4 filesystem being mounted at /233/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 148.317085][ T296] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.361170][ T7411] loop0: detected capacity change from 0 to 1024 [ 148.363503][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.387431][ T296] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.417153][ T7411] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.430350][ T7389] can0 (unregistered): slcan off ttyS3. [ 148.481606][ T296] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.575815][ T7411] ÿ: renamed from bond_slave_0 (while UP) [ 148.589786][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.640511][ T7411] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.659656][ T7411] bond0: (slave ip6tnl0): The slave device specified does not support setting the MAC address [ 148.686001][ T7435] loop2: detected capacity change from 0 to 512 [ 148.692439][ T7438] loop4: detected capacity change from 0 to 512 [ 148.711246][ T7411] bond0: (slave ip6tnl0): Error -95 calling set_mac_address [ 148.718735][ T7438] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 148.736507][ T7435] journal_path: Lookup failure for './file0/../file0' [ 148.744119][ T7435] EXT4-fs: error: could not find journal device path [ 148.751863][ T296] bridge_slave_1: left allmulticast mode [ 148.757608][ T296] bridge_slave_1: left promiscuous mode [ 148.763367][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.794631][ T7438] EXT4-fs (loop4): 1 truncate cleaned up [ 148.818860][ T7438] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.839757][ T7451] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 148.839757][ T7451] program syz.1.1171 not setting count and/or reply_len properly [ 148.858687][ T7435] siw: device registration error -23 [ 148.864985][ T296] bridge_slave_0: left allmulticast mode [ 148.871384][ T296] bridge_slave_0: left promiscuous mode [ 148.877076][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.946320][ T3372] IPv4: Oversized IP packet from 127.0.0.1 [ 148.952373][ C1] IPv4: Oversized IP packet from 127.0.0.1 [ 148.958310][ C1] IPv4: Oversized IP packet from 127.0.0.1 [ 148.973267][ T3372] IPv4: Oversized IP packet from 127.0.0.1 [ 148.979258][ C1] IPv4: Oversized IP packet from 127.0.0.1 [ 148.985159][ C1] IPv4: Oversized IP packet from 127.0.0.1 [ 149.082739][ T296] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 149.101437][ T296] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 149.111261][ T296] bond0 (unregistering): Released all slaves [ 149.139789][ T7466] __nla_validate_parse: 7 callbacks suppressed [ 149.146074][ T7466] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1174'. [ 149.155129][ T7466] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1174'. [ 149.168042][ T7468] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1175'. [ 149.177087][ T7468] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1175'. [ 149.218679][ T7475] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 149.227857][ T296] hsr_slave_0: left promiscuous mode [ 149.241842][ T296] hsr_slave_1: left promiscuous mode [ 149.257089][ T296] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 149.264604][ T296] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 149.279473][ T296] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 149.287703][ T296] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 149.312278][ T7479] random: crng reseeded on system resumption [ 149.312871][ T296] veth1_macvtap: left promiscuous mode [ 149.336328][ T7481] loop0: detected capacity change from 0 to 512 [ 149.340109][ T296] veth0_macvtap: left promiscuous mode [ 149.348183][ T296] veth1_vlan: left promiscuous mode [ 149.356841][ T296] veth0_vlan: left promiscuous mode [ 149.375958][ T7481] ext4 filesystem being mounted at /233/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 149.390660][ T7483] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1179'. [ 149.444845][ T7486] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1179'. [ 149.467573][ T296] team0 (unregistering): Port device team_slave_1 removed [ 149.480087][ T296] team0 (unregistering): Port device team_slave_0 removed [ 149.541322][ T7481] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 149.555229][ T7491] loop2: detected capacity change from 0 to 256 [ 149.569898][ T3574] infiniband syz1: ib_query_port failed (-19) [ 149.576126][ T3372] lo speed is unknown, defaulting to 1000 [ 149.582539][ T3372] syz0: Port: 1 Link DOWN [ 149.588062][ T7481] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 149.599707][ T7490] loop4: detected capacity change from 0 to 2048 [ 149.605975][ T7491] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 149.626481][ T7493] loop1: detected capacity change from 0 to 512 [ 149.634819][ T7493] EXT4-fs (loop1): bad block size 65536 [ 149.654494][ T7490] EXT4-fs (loop4): shut down requested (0) [ 149.769354][ T7504] hsr0: entered promiscuous mode [ 149.782953][ T7505] FAULT_INJECTION: forcing a failure. [ 149.782953][ T7505] name failslab, interval 1, probability 0, space 0, times 0 [ 149.795631][ T7505] CPU: 0 UID: 0 PID: 7505 Comm: syz.1.1182 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 149.795739][ T7505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 149.795755][ T7505] Call Trace: [ 149.795764][ T7505] [ 149.795774][ T7505] __dump_stack+0x1d/0x30 [ 149.795866][ T7505] dump_stack_lvl+0xe8/0x140 [ 149.795891][ T7505] dump_stack+0x15/0x1b [ 149.795912][ T7505] should_fail_ex+0x265/0x280 [ 149.795945][ T7505] should_failslab+0x8c/0xb0 [ 149.795966][ T7505] kmem_cache_alloc_node_noprof+0x57/0x320 [ 149.796026][ T7505] ? __alloc_skb+0x101/0x320 [ 149.796063][ T7505] __alloc_skb+0x101/0x320 [ 149.796112][ T7505] alloc_uevent_skb+0x5c/0x120 [ 149.796141][ T7505] kobject_uevent_net_broadcast+0x23c/0x410 [ 149.796169][ T7505] kobject_uevent_env+0x43d/0x570 [ 149.796221][ T7505] kobject_uevent+0x1d/0x30 [ 149.796253][ T7505] device_del+0x710/0x790 [ 149.796276][ T7505] ? __try_to_del_timer_sync+0x152/0x170 [ 149.796336][ T7505] device_unregister+0x15/0x40 [ 149.796363][ T7505] wakeup_source_sysfs_remove+0x25/0x30 [ 149.796394][ T7505] wakeup_source_unregister+0xf0/0x330 [ 149.796414][ T7505] ep_destroy_wakeup_source+0x3a/0x50 [ 149.796503][ T7505] ep_modify+0xb3/0x490 [ 149.796529][ T7505] do_epoll_ctl+0x62c/0x8c0 [ 149.796555][ T7505] __x64_sys_epoll_ctl+0xcb/0x100 [ 149.796580][ T7505] x64_sys_call+0x26ef/0x2fb0 [ 149.796607][ T7505] do_syscall_64+0xd2/0x200 [ 149.796636][ T7505] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 149.796667][ T7505] ? clear_bhb_loop+0x40/0x90 [ 149.796686][ T7505] ? clear_bhb_loop+0x40/0x90 [ 149.796707][ T7505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.796730][ T7505] RIP: 0033:0x7fb6f07ae929 [ 149.796790][ T7505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.796807][ T7505] RSP: 002b:00007fb6eee17038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 149.796825][ T7505] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ae929 [ 149.796840][ T7505] RDX: 0000000000000007 RSI: 0000000000000003 RDI: 0000000000000006 [ 149.796855][ T7505] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000 [ 149.796870][ T7505] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001 [ 149.796905][ T7505] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268 [ 149.796968][ T7505] [ 149.810196][ T7503] hsr0: left promiscuous mode [ 149.964780][ T7513] loop2: detected capacity change from 0 to 512 [ 150.066602][ T7510] loop1: detected capacity change from 0 to 256 [ 150.108939][ T7510] FAT-fs (loop1): Directory bread(block 64) failed [ 150.128735][ T7425] chnl_net:caif_netlink_parms(): no params data found [ 150.141744][ T7513] EXT4-fs error (device loop2): ext4_orphan_get:1419: comm syz.2.1184: bad orphan inode 15 [ 150.153986][ T7510] FAT-fs (loop1): Directory bread(block 65) failed [ 150.154220][ T7513] ext4_test_bit(bit=14, block=5) = 0 [ 150.191286][ T7510] FAT-fs (loop1): Directory bread(block 66) failed [ 150.198095][ T7510] FAT-fs (loop1): Directory bread(block 67) failed [ 150.205199][ T7510] FAT-fs (loop1): Directory bread(block 68) failed [ 150.212568][ T7510] FAT-fs (loop1): Directory bread(block 69) failed [ 150.219152][ T7510] FAT-fs (loop1): Directory bread(block 70) failed [ 150.225860][ T7510] FAT-fs (loop1): Directory bread(block 71) failed [ 150.232506][ T7510] FAT-fs (loop1): Directory bread(block 72) failed [ 150.242626][ T7510] FAT-fs (loop1): Directory bread(block 73) failed [ 150.251073][ T7513] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 150.295104][ T7510] bio_check_eod: 214 callbacks suppressed [ 150.295118][ T7510] syz.1.1185: attempt to access beyond end of device [ 150.295118][ T7510] loop1: rw=524288, sector=1160, nr_sectors = 4 limit=256 [ 150.315336][ T7510] syz.1.1185: attempt to access beyond end of device [ 150.315336][ T7510] loop1: rw=0, sector=1160, nr_sectors = 4 limit=256 [ 150.353908][ T7527] loop4: detected capacity change from 0 to 1024 [ 150.367287][ T7527] EXT4-fs: Ignoring removed orlov option [ 150.399153][ T7527] serio: Serial port ptm0 [ 150.447126][ T7425] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.454301][ T7425] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.622675][ T7425] bridge_slave_0: entered allmulticast mode [ 150.627014][ T7549] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.630722][ T7425] bridge_slave_0: entered promiscuous mode [ 150.641666][ T7549] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.665908][ T7425] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.673131][ T7425] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.782604][ T7425] bridge_slave_1: entered allmulticast mode [ 150.804055][ T7552] loop1: detected capacity change from 0 to 2048 [ 150.828933][ T7425] bridge_slave_1: entered promiscuous mode [ 151.066023][ T7425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 151.184276][ T7425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 151.267146][ T7425] team0: Port device team_slave_0 added [ 151.284427][ T7425] team0: Port device team_slave_1 added [ 151.399763][ T7569] 9pnet_fd: Insufficient options for proto=fd [ 151.420399][ T7425] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 151.427502][ T7425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.453536][ T7425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 151.475111][ T7425] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 151.482212][ T7425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.508215][ T7425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 151.524975][ T7569] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1194'. [ 151.534032][ T7569] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1194'. [ 151.639977][ T7425] hsr_slave_0: entered promiscuous mode [ 151.655822][ T7586] loop2: detected capacity change from 0 to 764 [ 151.660654][ T7425] hsr_slave_1: entered promiscuous mode [ 151.680140][ T7425] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 151.688370][ T7586] rock: directory entry would overflow storage [ 151.694767][ T7586] rock: sig=0x4654, size=5, remaining=4 [ 151.699104][ T7425] Cannot create hsr debugfs directory [ 151.716525][ T7588] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 151.716525][ T7588] program syz.0.1198 not setting count and/or reply_len properly [ 151.721696][ T29] kauditd_printk_skb: 187 callbacks suppressed [ 151.721715][ T29] audit: type=1400 audit(1752304187.395:2355): avc: denied { mount } for pid=7585 comm="syz.2.1197" name="/" dev="loop2" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 151.791455][ T29] audit: type=1400 audit(1752304187.465:2356): avc: denied { read } for pid=7585 comm="syz.2.1197" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 151.814693][ T29] audit: type=1400 audit(1752304187.465:2357): avc: denied { open } for pid=7585 comm="syz.2.1197" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 151.839438][ T29] audit: type=1400 audit(1752304187.475:2358): avc: denied { ioctl } for pid=7585 comm="syz.2.1197" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 151.899556][ T29] audit: type=1400 audit(1752304187.555:2359): avc: denied { unmount } for pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 151.992253][ T7595] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 151.992253][ T7595] program syz.2.1199 not setting count and/or reply_len properly [ 151.994249][ T7600] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1201'. [ 152.113969][ T7611] loop2: detected capacity change from 0 to 512 [ 152.120967][ T7611] EXT4-fs: Ignoring removed bh option [ 152.129049][ T7425] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 152.146135][ T7611] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 152.164211][ T7425] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 152.226664][ T7425] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 152.247755][ T7611] EXT4-fs (loop2): 1 truncate cleaned up [ 152.362512][ T7425] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 152.387499][ T29] audit: type=1400 audit(1752304188.065:2360): avc: denied { write } for pid=7624 comm="syz.4.1205" path="" dev="sockfs" ino=16982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 152.745670][ T7425] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.837007][ T7425] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.909573][ T1390] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.916716][ T1390] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.951750][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.959010][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.135605][ T7651] netlink: 'syz.0.1211': attribute type 11 has an invalid length. [ 153.143609][ T7651] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1211'. [ 153.159686][ T7651] loop0: detected capacity change from 0 to 128 [ 153.167448][ T7651] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 153.235492][ T3297] udevd[3297]: incorrect ext4 checksum on /dev/loop0 [ 153.350167][ T3297] udevd[3297]: incorrect ext4 checksum on /dev/loop0 [ 153.520335][ T29] audit: type=1400 audit(1752304189.195:2361): avc: denied { write } for pid=7662 comm="syz.1.1209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 153.551495][ T29] audit: type=1400 audit(1752304189.235:2362): avc: denied { read } for pid=7662 comm="syz.1.1209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 153.572261][ T29] audit: type=1400 audit(1752304189.235:2363): avc: denied { bind } for pid=7662 comm="syz.1.1209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 153.597100][ T7425] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.662356][ T7672] loop4: detected capacity change from 0 to 1024 [ 153.697465][ T7677] IPv6: Can't replace route, no match found [ 153.703942][ T7677] netlink: 'syz.2.1213': attribute type 13 has an invalid length. [ 153.762768][ T7677] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 153.805983][ T29] audit: type=1400 audit(1752304189.475:2364): avc: denied { bind } for pid=7675 comm="syz.2.1213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 153.826671][ T7685] loop1: detected capacity change from 0 to 512 [ 153.900279][ T7685] EXT4-fs: Ignoring removed bh option [ 153.970331][ T7685] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 154.074204][ T7685] EXT4-fs (loop1): 1 truncate cleaned up [ 154.132064][ T7425] veth0_vlan: entered promiscuous mode [ 154.256730][ T7425] veth1_vlan: entered promiscuous mode [ 154.286934][ T7425] veth0_macvtap: entered promiscuous mode [ 154.294942][ T7425] veth1_macvtap: entered promiscuous mode [ 154.314608][ T7425] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 154.496196][ T7425] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 154.589121][ T7425] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.598017][ T7425] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.606770][ T7425] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.616299][ T7425] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.856782][ T7694] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1216'. [ 154.866540][ T7694] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1216'. [ 154.875655][ T7694] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1216'. [ 154.895314][ T7694] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1216'. [ 154.904377][ T7694] netlink: 'syz.2.1216': attribute type 6 has an invalid length. [ 155.061103][ T7759] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1225'. [ 155.070145][ T7759] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1225'. [ 155.138667][ T7767] loop5: detected capacity change from 0 to 128 [ 155.149298][ T7756] loop0: detected capacity change from 0 to 2048 [ 155.199736][ T7767] $Hÿ: renamed from bond0 (while UP) [ 155.207199][ T7767] $Hÿ: entered promiscuous mode [ 155.212356][ T7767] bond_slave_0: entered promiscuous mode [ 155.218200][ T7767] bond_slave_1: entered promiscuous mode [ 156.489078][ T7831] loop2: detected capacity change from 0 to 8192 [ 156.512482][ T7841] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.559357][ T3312] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1) [ 156.567270][ T3312] FAT-fs (loop2): Filesystem has been set read-only [ 156.645395][ T7859] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1244'. [ 156.687812][ T7859] loop2: detected capacity change from 0 to 128 [ 156.698246][ T7854] loop4: detected capacity change from 0 to 8192 [ 156.709062][ T7859] vfat: Unknown parameter '0xffffffffffffffff' [ 156.726469][ T7857] loop1: detected capacity change from 0 to 512 [ 156.755833][ T7857] EXT4-fs (loop1): can't read group descriptor 0 [ 156.819290][ T7868] loop4: detected capacity change from 0 to 512 [ 156.832619][ T7857] loop1: detected capacity change from 0 to 2048 [ 156.853535][ T7868] journal_path: Lookup failure for './file0/../file0' [ 156.860392][ T7868] EXT4-fs: error: could not find journal device path [ 156.883473][ T7857] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1245'. [ 156.922563][ T7868] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 156.949208][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 156.949227][ T29] audit: type=1400 audit(1752304192.625:2379): avc: denied { read write } for pid=7878 comm="syz.2.1248" name="uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 156.978898][ T29] audit: type=1400 audit(1752304192.625:2380): avc: denied { open } for pid=7878 comm="syz.2.1248" path="/dev/uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 157.003268][ T9] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 157.015832][ T7879] loop2: detected capacity change from 0 to 1024 [ 157.033395][ T9] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 157.044599][ T7879] EXT4-fs: Ignoring removed oldalloc option [ 157.056235][ T7879] EXT4-fs: Ignoring removed nomblk_io_submit option [ 157.068636][ T29] audit: type=1400 audit(1752304192.755:2381): avc: denied { append } for pid=7882 comm="syz.1.1249" name="ptp0" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 157.091893][ T29] audit: type=1326 audit(1752304192.755:2382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 157.115335][ T29] audit: type=1326 audit(1752304192.755:2383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 157.138867][ T29] audit: type=1326 audit(1752304192.755:2384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 157.153257][ T7879] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 157.162457][ T29] audit: type=1326 audit(1752304192.755:2385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 157.162497][ T29] audit: type=1326 audit(1752304192.755:2386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 157.162591][ T29] audit: type=1326 audit(1752304192.755:2387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 157.162627][ T29] audit: type=1326 audit(1752304192.755:2388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 157.292175][ T7889] can0: slcan on ttyS3. [ 157.328787][ T7849] loop0: detected capacity change from 0 to 1024 [ 157.348233][ T7849] EXT4-fs: Ignoring removed nobh option [ 157.354047][ T7849] EXT4-fs: inline encryption not supported [ 157.448778][ T7849] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 157.504276][ T7900] loop4: detected capacity change from 0 to 2048 [ 157.514289][ T7888] 8021q: VLANs not supported on ip6_vti0 [ 157.610716][ T7847] can0 (unregistered): slcan off ttyS3. [ 158.071327][ T7943] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1253'. [ 158.080507][ T7943] FAULT_INJECTION: forcing a failure. [ 158.080507][ T7943] name failslab, interval 1, probability 0, space 0, times 0 [ 158.098947][ T7943] CPU: 0 UID: 0 PID: 7943 Comm: syz.2.1253 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 158.098983][ T7943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 158.099006][ T7943] Call Trace: [ 158.099014][ T7943] [ 158.099023][ T7943] __dump_stack+0x1d/0x30 [ 158.099049][ T7943] dump_stack_lvl+0xe8/0x140 [ 158.099084][ T7943] dump_stack+0x15/0x1b [ 158.099102][ T7943] should_fail_ex+0x265/0x280 [ 158.099136][ T7943] should_failslab+0x8c/0xb0 [ 158.099157][ T7943] kmem_cache_alloc_noprof+0x50/0x310 [ 158.099201][ T7943] ? security_file_alloc+0x32/0x100 [ 158.099246][ T7943] security_file_alloc+0x32/0x100 [ 158.099338][ T7943] init_file+0x5c/0x1d0 [ 158.099365][ T7943] alloc_empty_file+0x8b/0x200 [ 158.099455][ T7943] alloc_file_pseudo+0xc6/0x160 [ 158.099519][ T7943] __shmem_file_setup+0x1de/0x210 [ 158.099557][ T7943] shmem_file_setup+0x3b/0x50 [ 158.099586][ T7943] __se_sys_memfd_create+0x2c3/0x590 [ 158.099661][ T7943] __x64_sys_memfd_create+0x31/0x40 [ 158.099698][ T7943] x64_sys_call+0x122f/0x2fb0 [ 158.099726][ T7943] do_syscall_64+0xd2/0x200 [ 158.099760][ T7943] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 158.099792][ T7943] ? clear_bhb_loop+0x40/0x90 [ 158.099812][ T7943] ? clear_bhb_loop+0x40/0x90 [ 158.099839][ T7943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.099869][ T7943] RIP: 0033:0x7f6b82cfe929 [ 158.099887][ T7943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.099911][ T7943] RSP: 002b:00007f6b81345e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 158.099931][ T7943] RAX: ffffffffffffffda RBX: 0000000000000269 RCX: 00007f6b82cfe929 [ 158.099945][ T7943] RDX: 00007f6b81345ef0 RSI: 0000000000000000 RDI: 00007f6b82d814cc [ 158.100011][ T7943] RBP: 0000200000000a00 R08: 00007f6b81345bb7 R09: 00007f6b81345e40 [ 158.100074][ T7943] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000740 [ 158.100089][ T7943] R13: 00007f6b81345ef0 R14: 00007f6b81345eb0 R15: 0000200000000380 [ 158.100119][ T7943] [ 158.528667][ T7946] loop0: detected capacity change from 0 to 8192 [ 158.605846][ T7948] 9pnet_fd: Insufficient options for proto=fd [ 158.615161][ T7841] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.669998][ T7946] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 158.678693][ T7946] FAT-fs (loop0): Filesystem has been set read-only [ 158.772820][ T7957] loop1: detected capacity change from 0 to 512 [ 158.791916][ T7957] EXT4-fs: Ignoring removed mblk_io_submit option [ 158.798461][ T7957] EXT4-fs: Ignoring removed nobh option [ 158.804165][ T7957] EXT4-fs: Ignoring removed oldalloc option [ 158.901534][ T7959] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 159.032902][ T7841] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.272568][ T7841] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.383355][ T7841] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.395377][ T7972] FAULT_INJECTION: forcing a failure. [ 159.395377][ T7972] name failslab, interval 1, probability 0, space 0, times 0 [ 159.408856][ T7972] CPU: 1 UID: 0 PID: 7972 Comm: syz.4.1260 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 159.408959][ T7972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 159.409022][ T7972] Call Trace: [ 159.409029][ T7972] [ 159.409039][ T7972] __dump_stack+0x1d/0x30 [ 159.409065][ T7972] dump_stack_lvl+0xe8/0x140 [ 159.409090][ T7972] dump_stack+0x15/0x1b [ 159.409112][ T7972] should_fail_ex+0x265/0x280 [ 159.409314][ T7972] should_failslab+0x8c/0xb0 [ 159.409342][ T7972] __kvmalloc_node_noprof+0x123/0x4e0 [ 159.409373][ T7972] ? file_tty_write+0x1a8/0x670 [ 159.409401][ T7972] file_tty_write+0x1a8/0x670 [ 159.409488][ T7972] ? __pfx_tty_write+0x10/0x10 [ 159.409514][ T7972] tty_write+0x25/0x30 [ 159.409545][ T7972] vfs_write+0x4a0/0x8e0 [ 159.409605][ T7972] ksys_write+0xda/0x1a0 [ 159.409638][ T7972] __x64_sys_write+0x40/0x50 [ 159.409673][ T7972] x64_sys_call+0x2cdd/0x2fb0 [ 159.409699][ T7972] do_syscall_64+0xd2/0x200 [ 159.409716][ T7972] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 159.409741][ T7972] ? clear_bhb_loop+0x40/0x90 [ 159.409761][ T7972] ? clear_bhb_loop+0x40/0x90 [ 159.409874][ T7972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.409962][ T7972] RIP: 0033:0x7fcf9c67e929 [ 159.409979][ T7972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.410030][ T7972] RSP: 002b:00007fcf9ace7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 159.410054][ T7972] RAX: ffffffffffffffda RBX: 00007fcf9c8a5fa0 RCX: 00007fcf9c67e929 [ 159.410114][ T7972] RDX: 0000000000001006 RSI: 00002000000010c0 RDI: 0000000000000004 [ 159.410137][ T7972] RBP: 00007fcf9ace7090 R08: 0000000000000000 R09: 0000000000000000 [ 159.410149][ T7972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.410160][ T7972] R13: 0000000000000000 R14: 00007fcf9c8a5fa0 R15: 00007ffcc3d60e58 [ 159.410178][ T7972] [ 159.607519][ T7841] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.625983][ T7841] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.658156][ T7976] SELinux: policydb version 1869407660 does not match my version range 15-34 [ 159.670938][ T7841] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.691517][ T7976] SELinux: failed to load policy [ 159.866954][ T7994] FAULT_INJECTION: forcing a failure. [ 159.866954][ T7994] name failslab, interval 1, probability 0, space 0, times 0 [ 159.879865][ T7994] CPU: 0 UID: 0 PID: 7994 Comm: syz.1.1266 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 159.879900][ T7994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 159.879991][ T7994] Call Trace: [ 159.879998][ T7994] [ 159.880007][ T7994] __dump_stack+0x1d/0x30 [ 159.880030][ T7994] dump_stack_lvl+0xe8/0x140 [ 159.880054][ T7994] dump_stack+0x15/0x1b [ 159.880075][ T7994] should_fail_ex+0x265/0x280 [ 159.880152][ T7994] should_failslab+0x8c/0xb0 [ 159.880256][ T7994] kmem_cache_alloc_node_noprof+0x57/0x320 [ 159.880308][ T7994] ? dup_task_struct+0x70/0x6a0 [ 159.880340][ T7994] dup_task_struct+0x70/0x6a0 [ 159.880370][ T7994] ? _parse_integer+0x27/0x40 [ 159.880403][ T7994] copy_process+0x399/0x1f90 [ 159.880497][ T7994] ? kstrtouint+0x76/0xc0 [ 159.880527][ T7994] ? kstrtouint_from_user+0x9f/0xf0 [ 159.880559][ T7994] ? __rcu_read_unlock+0x4f/0x70 [ 159.880595][ T7994] kernel_clone+0x16c/0x5b0 [ 159.880707][ T7994] ? vfs_write+0x75e/0x8e0 [ 159.880741][ T7994] __x64_sys_clone+0xe6/0x120 [ 159.880791][ T7994] x64_sys_call+0x2c59/0x2fb0 [ 159.880816][ T7994] do_syscall_64+0xd2/0x200 [ 159.880838][ T7994] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 159.880911][ T7994] ? clear_bhb_loop+0x40/0x90 [ 159.880931][ T7994] ? clear_bhb_loop+0x40/0x90 [ 159.881008][ T7994] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.881029][ T7994] RIP: 0033:0x7fb6f07ae929 [ 159.881043][ T7994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.881086][ T7994] RSP: 002b:00007fb6eee16fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 159.881109][ T7994] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ae929 [ 159.881125][ T7994] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000042000000 [ 159.881143][ T7994] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000 [ 159.881157][ T7994] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 159.881237][ T7994] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268 [ 159.881380][ T7994] [ 160.142108][ T7992] loop2: detected capacity change from 0 to 8192 [ 160.161923][ T7992] FAULT_INJECTION: forcing a failure. [ 160.161923][ T7992] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 160.175297][ T7992] CPU: 0 UID: 0 PID: 7992 Comm: syz.2.1267 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 160.175328][ T7992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 160.175340][ T7992] Call Trace: [ 160.175346][ T7992] [ 160.175353][ T7992] __dump_stack+0x1d/0x30 [ 160.175394][ T7992] dump_stack_lvl+0xe8/0x140 [ 160.175418][ T7992] dump_stack+0x15/0x1b [ 160.175439][ T7992] should_fail_ex+0x265/0x280 [ 160.175528][ T7992] should_fail_alloc_page+0xf2/0x100 [ 160.175580][ T7992] __alloc_frozen_pages_noprof+0xff/0x360 [ 160.175615][ T7992] alloc_pages_mpol+0xb3/0x250 [ 160.175646][ T7992] folio_alloc_noprof+0x97/0x150 [ 160.175710][ T7992] filemap_alloc_folio_noprof+0x66/0x210 [ 160.175750][ T7992] __filemap_get_folio+0x28f/0x6b0 [ 160.175786][ T7992] ? avc_has_perm+0xd3/0x150 [ 160.175816][ T7992] cont_write_begin+0x5c8/0x970 [ 160.175865][ T7992] fat_write_begin+0x4f/0xe0 [ 160.175899][ T7992] ? __pfx_fat_get_block+0x10/0x10 [ 160.175977][ T7992] cont_write_begin+0x1ad/0x970 [ 160.176082][ T7992] ? path_openat+0x1bf8/0x2170 [ 160.176111][ T7992] fat_write_begin+0x4f/0xe0 [ 160.176135][ T7992] ? __pfx_fat_get_block+0x10/0x10 [ 160.176173][ T7992] generic_cont_expand_simple+0xb0/0x150 [ 160.176233][ T7992] fat_cont_expand+0x3e/0x170 [ 160.176283][ T7992] fat_setattr+0x2a5/0x8a0 [ 160.176305][ T7992] ? __pfx_fat_setattr+0x10/0x10 [ 160.176333][ T7992] notify_change+0x806/0x890 [ 160.176372][ T7992] do_ftruncate+0x34b/0x450 [ 160.176397][ T7992] __x64_sys_ftruncate+0x68/0xc0 [ 160.176425][ T7992] x64_sys_call+0xd65/0x2fb0 [ 160.176451][ T7992] do_syscall_64+0xd2/0x200 [ 160.176504][ T7992] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 160.176532][ T7992] ? clear_bhb_loop+0x40/0x90 [ 160.176552][ T7992] ? clear_bhb_loop+0x40/0x90 [ 160.176580][ T7992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.176607][ T7992] RIP: 0033:0x7f6b82cfe929 [ 160.176625][ T7992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.176646][ T7992] RSP: 002b:00007f6b81367038 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 160.176752][ T7992] RAX: ffffffffffffffda RBX: 00007f6b82f25fa0 RCX: 00007f6b82cfe929 [ 160.176768][ T7992] RDX: 0000000000000000 RSI: 0000000002000009 RDI: 0000000000000004 [ 160.176783][ T7992] RBP: 00007f6b81367090 R08: 0000000000000000 R09: 0000000000000000 [ 160.176794][ T7992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 160.176860][ T7992] R13: 0000000000000000 R14: 00007f6b82f25fa0 R15: 00007fff5b7e8a78 [ 160.176883][ T7992] [ 160.588671][ T8007] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1272'. [ 160.618324][ T8007] netlink: 38916 bytes leftover after parsing attributes in process `syz.1.1272'. [ 160.657617][ T8011] loop2: detected capacity change from 0 to 256 [ 160.715743][ T8019] loop1: detected capacity change from 0 to 512 [ 160.721942][ T8011] FAT-fs (loop2): IO charset cp860 not found [ 160.729084][ T8020] loop5: detected capacity change from 0 to 512 [ 160.738010][ T8019] EXT4-fs: Ignoring removed nomblk_io_submit option [ 160.758142][ T8011] netlink: 'syz.2.1270': attribute type 7 has an invalid length. [ 160.766269][ T8019] ext4: Unknown parameter 'mask' [ 160.796092][ T8020] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2 [ 160.804800][ T8029] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1279'. [ 160.805008][ T8020] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #13: comm syz.5.1277: invalid indirect mapped block 2683928664 (level 1) [ 160.828126][ T8020] EXT4-fs (loop5): Remounting filesystem read-only [ 160.834881][ T8020] EXT4-fs (loop5): 1 truncate cleaned up [ 160.860283][ T8026] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 160.860283][ T8026] program syz.1.1278 not setting count and/or reply_len properly [ 160.877695][ T8015] loop4: detected capacity change from 0 to 4096 [ 160.925629][ T8015] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1275'. [ 160.973081][ T8033] FAULT_INJECTION: forcing a failure. [ 160.973081][ T8033] name failslab, interval 1, probability 0, space 0, times 0 [ 160.985797][ T8033] CPU: 0 UID: 0 PID: 8033 Comm: syz.2.1281 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 160.985908][ T8033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 160.985924][ T8033] Call Trace: [ 160.985932][ T8033] [ 160.985941][ T8033] __dump_stack+0x1d/0x30 [ 160.985967][ T8033] dump_stack_lvl+0xe8/0x140 [ 160.986051][ T8033] dump_stack+0x15/0x1b [ 160.986067][ T8033] should_fail_ex+0x265/0x280 [ 160.986150][ T8033] should_failslab+0x8c/0xb0 [ 160.986178][ T8033] __kmalloc_node_track_caller_noprof+0xa4/0x410 [ 160.986214][ T8033] ? rds_rm_size+0x2bd/0x490 [ 160.986239][ T8033] krealloc_noprof+0xb9/0x2d0 [ 160.986335][ T8033] rds_rm_size+0x2bd/0x490 [ 160.986362][ T8033] rds_sendmsg+0x842/0x14a0 [ 160.986398][ T8033] ? __pfx_rds_sendmsg+0x10/0x10 [ 160.986505][ T8033] __sock_sendmsg+0x145/0x180 [ 160.986536][ T8033] ____sys_sendmsg+0x31e/0x4e0 [ 160.986572][ T8033] ___sys_sendmsg+0x17b/0x1d0 [ 160.986629][ T8033] __x64_sys_sendmsg+0xd4/0x160 [ 160.986676][ T8033] x64_sys_call+0x2999/0x2fb0 [ 160.986703][ T8033] do_syscall_64+0xd2/0x200 [ 160.986720][ T8033] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 160.986788][ T8033] ? clear_bhb_loop+0x40/0x90 [ 160.986815][ T8033] ? clear_bhb_loop+0x40/0x90 [ 160.986906][ T8033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.986933][ T8033] RIP: 0033:0x7f6b82cfe929 [ 160.986951][ T8033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.986974][ T8033] RSP: 002b:00007f6b81367038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 160.986997][ T8033] RAX: ffffffffffffffda RBX: 00007f6b82f25fa0 RCX: 00007f6b82cfe929 [ 160.987010][ T8033] RDX: 0000000000000040 RSI: 0000200000001600 RDI: 0000000000000003 [ 160.987047][ T8033] RBP: 00007f6b81367090 R08: 0000000000000000 R09: 0000000000000000 [ 160.987062][ T8033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 160.987073][ T8033] R13: 0000000000000000 R14: 00007f6b82f25fa0 R15: 00007fff5b7e8a78 [ 160.987092][ T8033] [ 161.333716][ T3574] kernel write not supported for file /708/clear_refs (pid: 3574 comm: kworker/1:5) [ 161.445055][ T8052] FAULT_INJECTION: forcing a failure. [ 161.445055][ T8052] name failslab, interval 1, probability 0, space 0, times 0 [ 161.457749][ T8052] CPU: 0 UID: 0 PID: 8052 Comm: syz.1.1289 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 161.457779][ T8052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 161.457808][ T8052] Call Trace: [ 161.457814][ T8052] [ 161.457822][ T8052] __dump_stack+0x1d/0x30 [ 161.457844][ T8052] dump_stack_lvl+0xe8/0x140 [ 161.457864][ T8052] dump_stack+0x15/0x1b [ 161.457882][ T8052] should_fail_ex+0x265/0x280 [ 161.457913][ T8052] should_failslab+0x8c/0xb0 [ 161.457989][ T8052] kmem_cache_alloc_noprof+0x50/0x310 [ 161.458016][ T8052] ? security_file_alloc+0x32/0x100 [ 161.458129][ T8052] security_file_alloc+0x32/0x100 [ 161.458163][ T8052] init_file+0x5c/0x1d0 [ 161.458188][ T8052] alloc_empty_file+0x8b/0x200 [ 161.458246][ T8052] alloc_file_pseudo+0xc6/0x160 [ 161.458274][ T8052] sock_alloc_file+0x9c/0x1e0 [ 161.458299][ T8052] do_accept+0x1e4/0x3a0 [ 161.458334][ T8052] __sys_accept4+0xbf/0x140 [ 161.458499][ T8052] __x64_sys_accept+0x42/0x50 [ 161.458532][ T8052] x64_sys_call+0x2f50/0x2fb0 [ 161.458575][ T8052] do_syscall_64+0xd2/0x200 [ 161.458623][ T8052] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 161.458656][ T8052] ? clear_bhb_loop+0x40/0x90 [ 161.458720][ T8052] ? clear_bhb_loop+0x40/0x90 [ 161.458747][ T8052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.458803][ T8052] RIP: 0033:0x7fb6f07ae929 [ 161.458821][ T8052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.458842][ T8052] RSP: 002b:00007fb6eee17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 161.458902][ T8052] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ae929 [ 161.458917][ T8052] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 161.458975][ T8052] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000 [ 161.458989][ T8052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.459004][ T8052] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268 [ 161.459028][ T8052] [ 161.699212][ T8056] loop5: detected capacity change from 0 to 2048 [ 161.729064][ T8056] EXT4-fs: quotafile must be on filesystem root [ 161.765601][ T8060] SELinux: failed to load policy [ 161.770553][ T8062] loop2: detected capacity change from 0 to 512 [ 161.771249][ T8062] journal_path: Lookup failure for './file0/../file0' [ 161.771336][ T8062] EXT4-fs: error: could not find journal device path [ 161.774044][ T8062] siw: device registration error -23 [ 161.869188][ T8065] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1291'. [ 161.933964][ T8075] netlink: 664 bytes leftover after parsing attributes in process `syz.2.1298'. [ 161.950986][ T29] kauditd_printk_skb: 233 callbacks suppressed [ 161.951002][ T29] audit: type=1326 audit(1752304197.635:2622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8055 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad0c2e929 code=0x7ffc0000 [ 161.987214][ T29] audit: type=1326 audit(1752304197.665:2623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8055 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad0c2e929 code=0x7ffc0000 [ 162.008378][ T8075] loop2: detected capacity change from 0 to 256 [ 162.031198][ T8077] loop0: detected capacity change from 0 to 2048 [ 162.046522][ T29] audit: type=1326 audit(1752304197.705:2624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8078 comm="syz.4.1300" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcf9c67e929 code=0x0 [ 162.080880][ T8075] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 198) [ 162.089014][ T8075] FAT-fs (loop2): Filesystem has been set read-only [ 162.099715][ T8081] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1300'. [ 162.112792][ T8075] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 198) [ 162.122510][ T8077] EXT4-fs mount: 28 callbacks suppressed [ 162.122528][ T8077] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 162.150946][ T8075] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 198) [ 162.160358][ T8075] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 198) [ 162.172043][ T8075] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 198) [ 162.191261][ T8075] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 198) [ 162.262038][ T8090] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1301'. [ 162.271203][ T8090] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1301'. [ 162.347121][ T29] audit: type=1400 audit(1752304198.025:2625): avc: denied { listen } for pid=8092 comm="syz.2.1302" lport=40589 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 162.379709][ T8093] sctp: [Deprecated]: syz.2.1302 (pid 8093) Use of int in max_burst socket option. [ 162.379709][ T8093] Use struct sctp_assoc_value instead [ 162.385389][ T8093] loop2: detected capacity change from 0 to 736 [ 162.402498][ T29] audit: type=1400 audit(1752304198.055:2626): avc: denied { accept } for pid=8092 comm="syz.2.1302" lport=40589 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 162.402547][ T29] audit: type=1400 audit(1752304198.065:2627): avc: denied { getopt } for pid=8092 comm="syz.2.1302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 162.548834][ T8101] loop2: detected capacity change from 0 to 2048 [ 162.613768][ T3297] Alternate GPT is invalid, using primary GPT. [ 162.620179][ T3297] loop2: p2 p3 p7 [ 162.677187][ T8101] Alternate GPT is invalid, using primary GPT. [ 162.677441][ T8101] loop2: p2 p3 p7 [ 162.773993][ T8107] loop1: detected capacity change from 0 to 1024 [ 162.801469][ T29] audit: type=1400 audit(1752304198.485:2628): avc: denied { read write } for pid=8097 comm="syz.2.1303" name="loop2p3" dev="devtmpfs" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 162.824906][ T29] audit: type=1400 audit(1752304198.485:2629): avc: denied { open } for pid=8097 comm="syz.2.1303" path="/dev/loop2p3" dev="devtmpfs" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 162.826639][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.893772][ T8109] openvswitch: netlink: Message has 6 unknown bytes. [ 162.902164][ T8107] loop1: detected capacity change from 0 to 1024 [ 162.909436][ T29] audit: type=1400 audit(1752304198.555:2630): avc: denied { ioctl } for pid=8097 comm="syz.2.1303" path="/dev/loop2p3" dev="devtmpfs" ino=1792 ioctlcmd=0x54da scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 162.935037][ T29] audit: type=1400 audit(1752304198.585:2631): avc: denied { bind } for pid=8108 comm="syz.2.1307" lport=32 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 162.991237][ T3544] udevd[3544]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 162.998601][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 163.014579][ T3484] udevd[3484]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory [ 163.031583][ T8107] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.080712][ T3484] udevd[3484]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory [ 163.092964][ T7773] udevd[7773]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 163.104338][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 163.124834][ T8119] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1310'. [ 163.137551][ T8107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.143613][ T3544] udevd[3544]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 163.147303][ T7773] udevd[7773]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory [ 163.166507][ T8107] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.167753][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 163.187654][ T8107] SELinux: Context system_u:object_r:agp_device_t:s0 is not valid (left unmapped). [ 163.225705][ T8107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.234093][ T8124] loop0: detected capacity change from 0 to 512 [ 163.237174][ T8107] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.291806][ T8129] FAULT_INJECTION: forcing a failure. [ 163.291806][ T8129] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 163.304939][ T8129] CPU: 0 UID: 0 PID: 8129 Comm: syz.4.1313 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 163.304966][ T8129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.305034][ T8129] Call Trace: [ 163.305042][ T8129] [ 163.305079][ T8129] __dump_stack+0x1d/0x30 [ 163.305101][ T8129] dump_stack_lvl+0xe8/0x140 [ 163.305126][ T8129] dump_stack+0x15/0x1b [ 163.305150][ T8129] should_fail_ex+0x265/0x280 [ 163.305185][ T8129] should_fail+0xb/0x20 [ 163.305241][ T8129] should_fail_usercopy+0x1a/0x20 [ 163.305291][ T8129] _copy_to_iter+0xcf/0xe30 [ 163.305390][ T8129] ? chacha_block_generic+0x218/0x240 [ 163.305433][ T8129] get_random_bytes_user+0x12d/0x290 [ 163.305459][ T8129] ? import_ubuf+0xe8/0x120 [ 163.305478][ T8129] __x64_sys_getrandom+0xcf/0x1a0 [ 163.305502][ T8129] x64_sys_call+0x2bb4/0x2fb0 [ 163.305540][ T8129] do_syscall_64+0xd2/0x200 [ 163.305562][ T8129] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 163.305626][ T8129] ? clear_bhb_loop+0x40/0x90 [ 163.305650][ T8129] ? clear_bhb_loop+0x40/0x90 [ 163.305677][ T8129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.305703][ T8129] RIP: 0033:0x7fcf9c67e929 [ 163.305741][ T8129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.305763][ T8129] RSP: 002b:00007fcf9ace7038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 163.305862][ T8129] RAX: ffffffffffffffda RBX: 00007fcf9c8a5fa0 RCX: 00007fcf9c67e929 [ 163.305873][ T8129] RDX: 0000000000000000 RSI: 00000000ffffff9a RDI: 0000200000000240 [ 163.305885][ T8129] RBP: 00007fcf9ace7090 R08: 0000000000000000 R09: 0000000000000000 [ 163.305896][ T8129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 163.305910][ T8129] R13: 0000000000000000 R14: 00007fcf9c8a5fa0 R15: 00007ffcc3d60e58 [ 163.305931][ T8129] [ 163.571904][ T8124] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1311: bg 0: block 248: padding at end of block bitmap is not set [ 163.608309][ T8124] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.1311: Failed to acquire dquot type 1 [ 163.622649][ T8124] EXT4-fs (loop0): 1 truncate cleaned up [ 163.629005][ T8124] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 163.656870][ T8144] loop2: detected capacity change from 0 to 512 [ 163.677453][ T8142] loop4: detected capacity change from 0 to 8192 [ 163.697427][ T8124] ext4 filesystem being mounted at /263/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 163.717436][ T8144] EXT4-fs (loop2): 1 orphan inode deleted [ 163.728945][ T8144] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 163.758444][ T8142] FAULT_INJECTION: forcing a failure. [ 163.758444][ T8142] name failslab, interval 1, probability 0, space 0, times 0 [ 163.771181][ T8142] CPU: 0 UID: 0 PID: 8142 Comm: syz.4.1317 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 163.771210][ T8142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.771222][ T8142] Call Trace: [ 163.771228][ T8142] [ 163.771236][ T8142] __dump_stack+0x1d/0x30 [ 163.771257][ T8142] dump_stack_lvl+0xe8/0x140 [ 163.771275][ T8142] dump_stack+0x15/0x1b [ 163.771316][ T8142] should_fail_ex+0x265/0x280 [ 163.771347][ T8142] should_failslab+0x8c/0xb0 [ 163.771381][ T8142] __kmalloc_node_track_caller_noprof+0xa4/0x410 [ 163.771433][ T8142] ? sidtab_sid2str_get+0xa0/0x130 [ 163.771464][ T8142] kmemdup_noprof+0x2b/0x70 [ 163.771493][ T8142] sidtab_sid2str_get+0xa0/0x130 [ 163.771572][ T8142] security_sid_to_context_core+0x1eb/0x2e0 [ 163.771599][ T8142] security_sid_to_context+0x27/0x40 [ 163.771619][ T8142] selinux_lsmprop_to_secctx+0x67/0xf0 [ 163.771640][ T8142] security_lsmprop_to_secctx+0x43/0x80 [ 163.771737][ T8142] audit_log_task_context+0x77/0x190 [ 163.771773][ T8142] audit_log_task+0xf4/0x250 [ 163.771862][ T8142] audit_seccomp+0x61/0x100 [ 163.771894][ T8142] ? __seccomp_filter+0x68c/0x10d0 [ 163.771921][ T8142] __seccomp_filter+0x69d/0x10d0 [ 163.771946][ T8142] ? errseq_sample+0x2f/0x40 [ 163.771965][ T8142] ? file_init_path+0x278/0x2a0 [ 163.772053][ T8142] ? alloc_file_pseudo+0x129/0x160 [ 163.772084][ T8142] __secure_computing+0x82/0x150 [ 163.772127][ T8142] syscall_trace_enter+0xcf/0x1e0 [ 163.772157][ T8142] do_syscall_64+0xac/0x200 [ 163.772180][ T8142] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 163.772247][ T8142] ? clear_bhb_loop+0x40/0x90 [ 163.772268][ T8142] ? clear_bhb_loop+0x40/0x90 [ 163.772330][ T8142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.772357][ T8142] RIP: 0033:0x7fcf9c67d33c [ 163.772383][ T8142] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 163.772403][ T8142] RSP: 002b:00007fcf9ace7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 163.772421][ T8142] RAX: ffffffffffffffda RBX: 00007fcf9c8a5fa0 RCX: 00007fcf9c67d33c [ 163.772432][ T8142] RDX: 000000000000000f RSI: 00007fcf9ace70a0 RDI: 0000000000000006 [ 163.772445][ T8142] RBP: 00007fcf9ace7090 R08: 0000000000000000 R09: 0000000000000000 [ 163.772460][ T8142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 163.772608][ T8142] R13: 0000000000000000 R14: 00007fcf9c8a5fa0 R15: 00007ffcc3d60e58 [ 163.772632][ T8142] [ 163.773580][ T1083] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:5: Failed to release dquot type 1 [ 163.895261][ T8144] ext4 filesystem being mounted at /281/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 164.067013][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.143084][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.210187][ T8160] loop0: detected capacity change from 0 to 512 [ 164.222429][ T8160] ext3: Unknown parameter 'uid<00000000000000000000' [ 164.443947][ T8165] pim6reg: entered allmulticast mode [ 165.924609][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.037217][ T8186] __nla_validate_parse: 5 callbacks suppressed [ 166.037237][ T8186] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1327'. [ 166.052513][ T8186] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1327'. [ 166.105537][ T8190] loop0: detected capacity change from 0 to 512 [ 166.130486][ T8198] netlink: 'syz.1.1334': attribute type 3 has an invalid length. [ 166.196733][ T8190] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.1331: Failed to acquire dquot type 1 [ 166.211787][ T8190] EXT4-fs (loop0): 1 truncate cleaned up [ 166.218039][ T8190] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.247861][ T8208] 9pnet_fd: Insufficient options for proto=fd [ 166.263209][ T8190] ext4 filesystem being mounted at /267/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.302225][ T8196] veth1_macvtap: left promiscuous mode [ 166.302251][ T8196] macsec0: entered allmulticast mode [ 166.337479][ T8210] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1337'. [ 166.346533][ T8210] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1337'. [ 166.357424][ T8190] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.442429][ T8215] loop1: detected capacity change from 0 to 1024 [ 166.480830][ T8215] EXT4-fs: Ignoring removed orlov option [ 166.491522][ T8215] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.889172][ T8222] loop2: detected capacity change from 0 to 512 [ 166.891493][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.916504][ T8222] journal_path: Lookup failure for './file0/../file0' [ 166.923427][ T8222] EXT4-fs: error: could not find journal device path [ 166.977997][ T8222] siw: device registration error -23 [ 167.053708][ T8228] FAULT_INJECTION: forcing a failure. [ 167.053708][ T8228] name failslab, interval 1, probability 0, space 0, times 0 [ 167.066404][ T8228] CPU: 0 UID: 0 PID: 8228 Comm: syz.5.1342 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 167.066434][ T8228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.066448][ T8228] Call Trace: [ 167.066454][ T8228] [ 167.066462][ T8228] __dump_stack+0x1d/0x30 [ 167.066486][ T8228] dump_stack_lvl+0xe8/0x140 [ 167.066509][ T8228] dump_stack+0x15/0x1b [ 167.066529][ T8228] should_fail_ex+0x265/0x280 [ 167.066565][ T8228] should_failslab+0x8c/0xb0 [ 167.066591][ T8228] kmem_cache_alloc_noprof+0x50/0x310 [ 167.066619][ T8228] ? mas_alloc_nodes+0x265/0x520 [ 167.066643][ T8228] mas_alloc_nodes+0x265/0x520 [ 167.066667][ T8228] mas_preallocate+0x33e/0x520 [ 167.066712][ T8228] mmap_region+0xb7e/0x1580 [ 167.066770][ T8228] do_mmap+0x9b3/0xbe0 [ 167.066807][ T8228] vm_mmap_pgoff+0x17a/0x2e0 [ 167.066835][ T8228] ksys_mmap_pgoff+0xc2/0x310 [ 167.066869][ T8228] ? __x64_sys_mmap+0x49/0x70 [ 167.066898][ T8228] x64_sys_call+0x1602/0x2fb0 [ 167.066922][ T8228] do_syscall_64+0xd2/0x200 [ 167.066938][ T8228] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 167.066962][ T8228] ? clear_bhb_loop+0x40/0x90 [ 167.066982][ T8228] ? clear_bhb_loop+0x40/0x90 [ 167.067006][ T8228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.067031][ T8228] RIP: 0033:0x7fbad0c2e963 [ 167.067049][ T8228] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7 [ 167.067071][ T8228] RSP: 002b:00007fbacf296e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 167.067093][ T8228] RAX: ffffffffffffffda RBX: 0000000000000435 RCX: 00007fbad0c2e963 [ 167.067108][ T8228] RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000 [ 167.067130][ T8228] RBP: 0000200000000d82 R08: 00000000ffffffff R09: 0000000000000000 [ 167.067144][ T8228] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000006 [ 167.067159][ T8228] R13: 00007fbacf296ef0 R14: 00007fbacf296eb0 R15: 00002000000011c0 [ 167.067182][ T8228] [ 167.461481][ T8235] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1345'. [ 167.470513][ T8235] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1345'. [ 167.571823][ T29] kauditd_printk_skb: 119 callbacks suppressed [ 167.571858][ T29] audit: type=1400 audit(1752304203.255:2745): avc: denied { setopt } for pid=8238 comm="syz.5.1347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 167.576217][ T8240] lo speed is unknown, defaulting to 1000 [ 167.606933][ T8240] lo speed is unknown, defaulting to 1000 [ 167.650349][ T8240] lo speed is unknown, defaulting to 1000 [ 167.682532][ T8240] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 167.693173][ T8240] lo speed is unknown, defaulting to 1000 [ 167.699654][ T8240] lo speed is unknown, defaulting to 1000 [ 167.710519][ T8240] lo speed is unknown, defaulting to 1000 [ 167.731003][ T8240] lo speed is unknown, defaulting to 1000 [ 167.740431][ T8246] loop1: detected capacity change from 0 to 2048 [ 167.748688][ T8240] lo speed is unknown, defaulting to 1000 [ 167.925487][ T8246] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 167.982454][ T29] audit: type=1400 audit(1752304203.665:2746): avc: denied { ioctl } for pid=8245 comm="syz.1.1349" path="/277/file1/file1" dev="loop1" ino=15 ioctlcmd=0xf504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 168.101009][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.179927][ T8270] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1350'. [ 168.214050][ T8270] lo speed is unknown, defaulting to 1000 [ 168.468640][ T29] audit: type=1326 audit(1752304204.125:2747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 168.492890][ T29] audit: type=1326 audit(1752304204.125:2748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 168.516364][ T29] audit: type=1326 audit(1752304204.125:2749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 168.540594][ T29] audit: type=1326 audit(1752304204.125:2750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 168.564125][ T29] audit: type=1326 audit(1752304204.125:2751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 168.587648][ T29] audit: type=1326 audit(1752304204.145:2752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=154 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 168.611808][ T29] audit: type=1326 audit(1752304204.145:2753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 168.635469][ T29] audit: type=1326 audit(1752304204.145:2754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000 [ 168.848754][ T8291] Unsupported ieee802154 address type: 0 [ 168.860454][ T8288] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 168.860454][ T8288] program syz.0.1354 not setting count and/or reply_len properly [ 168.890050][ T8293] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1356'. [ 168.924439][ T8288] loop0: detected capacity change from 0 to 1024 [ 168.992347][ T8288] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 169.006567][ T8288] ext4 filesystem being mounted at /270/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 169.028086][ T8288] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1354: bg 0: block 393: padding at end of block bitmap is not set [ 169.074664][ T8313] FAULT_INJECTION: forcing a failure. [ 169.074664][ T8313] name failslab, interval 1, probability 0, space 0, times 0 [ 169.087425][ T8313] CPU: 0 UID: 0 PID: 8313 Comm: syz.1.1361 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 169.087512][ T8313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 169.087527][ T8313] Call Trace: [ 169.087535][ T8313] [ 169.087544][ T8313] __dump_stack+0x1d/0x30 [ 169.087569][ T8313] dump_stack_lvl+0xe8/0x140 [ 169.087588][ T8313] dump_stack+0x15/0x1b [ 169.087605][ T8313] should_fail_ex+0x265/0x280 [ 169.087671][ T8313] should_failslab+0x8c/0xb0 [ 169.087693][ T8313] kmem_cache_alloc_noprof+0x50/0x310 [ 169.087719][ T8313] ? security_inode_alloc+0x37/0x100 [ 169.087783][ T8313] security_inode_alloc+0x37/0x100 [ 169.087819][ T8313] inode_init_always_gfp+0x4b7/0x500 [ 169.087883][ T8313] ? __pfx_proc_alloc_inode+0x10/0x10 [ 169.087905][ T8313] alloc_inode+0x58/0x170 [ 169.087939][ T8313] new_inode+0x1d/0xe0 [ 169.087956][ T8313] proc_pid_make_inode+0x1f/0xd0 [ 169.088118][ T8313] proc_map_files_instantiate+0x81/0x130 [ 169.088140][ T8313] proc_fill_cache+0x1c4/0x240 [ 169.088233][ T8313] ? __pfx_proc_map_files_instantiate+0x10/0x10 [ 169.088301][ T8313] proc_map_files_readdir+0x500/0x680 [ 169.088333][ T8313] iterate_dir+0x111/0x330 [ 169.088360][ T8313] ? mutex_lock+0xd/0x30 [ 169.088388][ T8313] __se_sys_getdents64+0x88/0x1b0 [ 169.088417][ T8313] ? __pfx_filldir64+0x10/0x10 [ 169.088488][ T8313] __x64_sys_getdents64+0x43/0x50 [ 169.088518][ T8313] x64_sys_call+0x1302/0x2fb0 [ 169.088539][ T8313] do_syscall_64+0xd2/0x200 [ 169.088557][ T8313] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 169.088705][ T8313] ? clear_bhb_loop+0x40/0x90 [ 169.088727][ T8313] ? clear_bhb_loop+0x40/0x90 [ 169.088774][ T8313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.088795][ T8313] RIP: 0033:0x7fb6f07ae929 [ 169.088811][ T8313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.088830][ T8313] RSP: 002b:00007fb6eee17038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 169.088848][ T8313] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ae929 [ 169.088908][ T8313] RDX: 0000000000001002 RSI: 0000200000002f40 RDI: 0000000000000003 [ 169.088958][ T8313] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000 [ 169.088970][ T8313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 169.088982][ T8313] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268 [ 169.089009][ T8313] [ 169.347960][ T8288] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28 [ 169.361089][ T8288] EXT4-fs (loop0): This should not happen!! Data will be lost [ 169.361089][ T8288] [ 169.371494][ T8288] EXT4-fs (loop0): Total free blocks count 0 [ 169.377546][ T8288] EXT4-fs (loop0): Free/Dirty block details [ 169.383527][ T8288] EXT4-fs (loop0): free_blocks=0 [ 169.388545][ T8288] EXT4-fs (loop0): dirty_blocks=16 [ 169.393734][ T8288] EXT4-fs (loop0): Block reservation details [ 169.399748][ T8288] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 169.416839][ T8317] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 169.416839][ T8317] program syz.2.1360 not setting count and/or reply_len properly [ 169.462873][ T8320] $Hÿ: renamed from bond0 (while UP) [ 169.491186][ T8320] $Hÿ: entered promiscuous mode [ 169.496272][ T8320] bond_slave_0: entered promiscuous mode [ 169.497584][ T8317] loop2: detected capacity change from 0 to 1024 [ 169.502150][ T8320] bond_slave_1: entered promiscuous mode [ 169.530053][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.593726][ T8317] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 169.626249][ T8317] ext4 filesystem being mounted at /286/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 169.658938][ T8340] Unsupported ieee802154 address type: 0 [ 169.667266][ T8342] FAULT_INJECTION: forcing a failure. [ 169.667266][ T8342] name failslab, interval 1, probability 0, space 0, times 0 [ 169.679992][ T8342] CPU: 1 UID: 0 PID: 8342 Comm: syz.5.1366 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 169.680028][ T8342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 169.680053][ T8342] Call Trace: [ 169.680083][ T8342] [ 169.680091][ T8342] __dump_stack+0x1d/0x30 [ 169.680111][ T8342] dump_stack_lvl+0xe8/0x140 [ 169.680136][ T8342] dump_stack+0x15/0x1b [ 169.680157][ T8342] should_fail_ex+0x265/0x280 [ 169.680249][ T8342] should_failslab+0x8c/0xb0 [ 169.680274][ T8342] kmem_cache_alloc_noprof+0x50/0x310 [ 169.680299][ T8342] ? skb_clone+0x151/0x1f0 [ 169.680358][ T8342] skb_clone+0x151/0x1f0 [ 169.680380][ T8342] __netlink_deliver_tap+0x2c9/0x500 [ 169.680427][ T8342] netlink_unicast+0x653/0x680 [ 169.680468][ T8342] netlink_sendmsg+0x58b/0x6b0 [ 169.680527][ T8342] ? __pfx_netlink_sendmsg+0x10/0x10 [ 169.680546][ T8342] __sock_sendmsg+0x145/0x180 [ 169.680605][ T8342] ____sys_sendmsg+0x31e/0x4e0 [ 169.680647][ T8342] ___sys_sendmsg+0x17b/0x1d0 [ 169.680693][ T8342] __x64_sys_sendmsg+0xd4/0x160 [ 169.680779][ T8342] x64_sys_call+0x2999/0x2fb0 [ 169.680801][ T8342] do_syscall_64+0xd2/0x200 [ 169.680820][ T8342] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 169.680860][ T8342] ? clear_bhb_loop+0x40/0x90 [ 169.680943][ T8342] ? clear_bhb_loop+0x40/0x90 [ 169.680972][ T8342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.680999][ T8342] RIP: 0033:0x7fbad0c2e929 [ 169.681019][ T8342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.681114][ T8342] RSP: 002b:00007fbacf297038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 169.681137][ T8342] RAX: ffffffffffffffda RBX: 00007fbad0e55fa0 RCX: 00007fbad0c2e929 [ 169.681175][ T8342] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 169.681187][ T8342] RBP: 00007fbacf297090 R08: 0000000000000000 R09: 0000000000000000 [ 169.681202][ T8342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 169.681218][ T8342] R13: 0000000000000000 R14: 00007fbad0e55fa0 R15: 00007ffec9666608 [ 169.681242][ T8342] [ 169.903175][ T8342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1366'. [ 169.903828][ T8331] SELinux: policydb magic number 0x303 does not match expected magic number 0xf97cff8c [ 169.922077][ T8331] SELinux: failed to load policy [ 169.933594][ T8317] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1360: bg 0: block 393: padding at end of block bitmap is not set [ 169.968223][ T8317] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28 [ 169.980778][ T8317] EXT4-fs (loop2): This should not happen!! Data will be lost [ 169.980778][ T8317] [ 169.986835][ T8345] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20001 - 0 [ 169.991347][ T8317] EXT4-fs (loop2): Total free blocks count 0 [ 169.999495][ T8345] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20001 - 0 [ 170.005403][ T8317] EXT4-fs (loop2): Free/Dirty block details [ 170.014174][ T8345] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20001 - 0 [ 170.020927][ T8317] EXT4-fs (loop2): free_blocks=0 [ 170.028839][ T8345] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20001 - 0 [ 170.033860][ T8317] EXT4-fs (loop2): dirty_blocks=16 [ 170.047949][ T8317] EXT4-fs (loop2): Block reservation details [ 170.054670][ T8317] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 170.145810][ T8354] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1370'. [ 170.201281][ T8363] loop5: detected capacity change from 0 to 128 [ 170.210599][ T8366] FAULT_INJECTION: forcing a failure. [ 170.210599][ T8366] name failslab, interval 1, probability 0, space 0, times 0 [ 170.223974][ T8366] CPU: 1 UID: 0 PID: 8366 Comm: syz.0.1371 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 170.224046][ T8366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.224061][ T8366] Call Trace: [ 170.224068][ T8366] [ 170.224077][ T8366] __dump_stack+0x1d/0x30 [ 170.224100][ T8366] dump_stack_lvl+0xe8/0x140 [ 170.224165][ T8366] dump_stack+0x15/0x1b [ 170.224185][ T8366] should_fail_ex+0x265/0x280 [ 170.224220][ T8366] should_failslab+0x8c/0xb0 [ 170.224297][ T8366] kmem_cache_alloc_node_noprof+0x57/0x320 [ 170.224353][ T8366] ? __alloc_skb+0x101/0x320 [ 170.224385][ T8366] __alloc_skb+0x101/0x320 [ 170.224415][ T8366] ? audit_log_start+0x365/0x6c0 [ 170.224450][ T8366] audit_log_start+0x380/0x6c0 [ 170.224553][ T8366] audit_log+0x5e/0xd0 [ 170.224596][ T8366] sel_write_enforce+0x260/0x2d0 [ 170.224632][ T8366] vfs_writev+0x403/0x8b0 [ 170.224695][ T8366] ? __pfx_sel_write_enforce+0x10/0x10 [ 170.224763][ T8366] ? mutex_lock+0xd/0x30 [ 170.224809][ T8366] do_writev+0xe7/0x210 [ 170.224838][ T8366] __x64_sys_writev+0x45/0x50 [ 170.224861][ T8366] x64_sys_call+0x2006/0x2fb0 [ 170.224888][ T8366] do_syscall_64+0xd2/0x200 [ 170.224924][ T8366] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 170.224955][ T8366] ? clear_bhb_loop+0x40/0x90 [ 170.224978][ T8366] ? clear_bhb_loop+0x40/0x90 [ 170.225074][ T8366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.225101][ T8366] RIP: 0033:0x7f4e065be929 [ 170.225120][ T8366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.225153][ T8366] RSP: 002b:00007f4e04c27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 170.225176][ T8366] RAX: ffffffffffffffda RBX: 00007f4e067e5fa0 RCX: 00007f4e065be929 [ 170.225191][ T8366] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000003 [ 170.225206][ T8366] RBP: 00007f4e04c27090 R08: 0000000000000000 R09: 0000000000000000 [ 170.225221][ T8366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.225299][ T8366] R13: 0000000000000000 R14: 00007f4e067e5fa0 R15: 00007fff937727c8 [ 170.225317][ T8366] [ 170.537115][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.637817][ T8390] xt_hashlimit: max too large, truncated to 1048576 [ 170.714414][ T8396] FAULT_INJECTION: forcing a failure. [ 170.714414][ T8396] name failslab, interval 1, probability 0, space 0, times 0 [ 170.727902][ T8396] CPU: 1 UID: 0 PID: 8396 Comm: syz.2.1378 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 170.727937][ T8396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.728007][ T8396] Call Trace: [ 170.728013][ T8396] [ 170.728020][ T8396] __dump_stack+0x1d/0x30 [ 170.728044][ T8396] dump_stack_lvl+0xe8/0x140 [ 170.728110][ T8396] dump_stack+0x15/0x1b [ 170.728126][ T8396] should_fail_ex+0x265/0x280 [ 170.728227][ T8396] should_failslab+0x8c/0xb0 [ 170.728255][ T8396] kmem_cache_alloc_noprof+0x50/0x310 [ 170.728281][ T8396] ? skb_clone+0x151/0x1f0 [ 170.728305][ T8396] skb_clone+0x151/0x1f0 [ 170.728325][ T8396] __netlink_deliver_tap+0x2c9/0x500 [ 170.728382][ T8396] netlink_unicast+0x653/0x680 [ 170.728419][ T8396] netlink_sendmsg+0x58b/0x6b0 [ 170.728481][ T8396] ? __pfx_netlink_sendmsg+0x10/0x10 [ 170.728505][ T8396] __sock_sendmsg+0x145/0x180 [ 170.728593][ T8396] ____sys_sendmsg+0x31e/0x4e0 [ 170.728682][ T8396] ___sys_sendmsg+0x17b/0x1d0 [ 170.728731][ T8396] __x64_sys_sendmsg+0xd4/0x160 [ 170.728776][ T8396] x64_sys_call+0x2999/0x2fb0 [ 170.728856][ T8396] do_syscall_64+0xd2/0x200 [ 170.728878][ T8396] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 170.728979][ T8396] ? clear_bhb_loop+0x40/0x90 [ 170.729006][ T8396] ? clear_bhb_loop+0x40/0x90 [ 170.729034][ T8396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.729060][ T8396] RIP: 0033:0x7f6b82cfe929 [ 170.729076][ T8396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.729100][ T8396] RSP: 002b:00007f6b81367038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 170.729118][ T8396] RAX: ffffffffffffffda RBX: 00007f6b82f25fa0 RCX: 00007f6b82cfe929 [ 170.729172][ T8396] RDX: 0000000000008000 RSI: 0000200000000100 RDI: 0000000000000003 [ 170.729187][ T8396] RBP: 00007f6b81367090 R08: 0000000000000000 R09: 0000000000000000 [ 170.729202][ T8396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.729218][ T8396] R13: 0000000000000000 R14: 00007f6b82f25fa0 R15: 00007fff5b7e8a78 [ 170.729255][ T8396] [ 170.789997][ T8396] netlink: 'syz.2.1378': attribute type 1 has an invalid length. [ 170.986843][ T8410] loop1: detected capacity change from 0 to 128 [ 171.021872][ T8410] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 171.077976][ T8419] __nla_validate_parse: 7 callbacks suppressed [ 171.077997][ T8419] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1383'. [ 171.086174][ T8410] ext4 filesystem being mounted at /287/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 171.093220][ T8419] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1383'. [ 171.138903][ T8426] loop4: detected capacity change from 0 to 128 [ 171.332750][ T3316] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 171.451447][ T8458] FAULT_INJECTION: forcing a failure. [ 171.451447][ T8458] name failslab, interval 1, probability 0, space 0, times 0 [ 171.464151][ T8458] CPU: 0 UID: 0 PID: 8458 Comm: syz.1.1389 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 171.464179][ T8458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 171.464192][ T8458] Call Trace: [ 171.464198][ T8458] [ 171.464262][ T8458] __dump_stack+0x1d/0x30 [ 171.464286][ T8458] dump_stack_lvl+0xe8/0x140 [ 171.464304][ T8458] dump_stack+0x15/0x1b [ 171.464319][ T8458] should_fail_ex+0x265/0x280 [ 171.464393][ T8458] should_failslab+0x8c/0xb0 [ 171.464415][ T8458] __kmalloc_noprof+0xa5/0x3e0 [ 171.464451][ T8458] ? rds_message_alloc+0x45/0x120 [ 171.464478][ T8458] rds_message_alloc+0x45/0x120 [ 171.464503][ T8458] rds_sendmsg+0x860/0x14a0 [ 171.464538][ T8458] ? __pfx_rds_sendmsg+0x10/0x10 [ 171.464616][ T8458] __sock_sendmsg+0x145/0x180 [ 171.464646][ T8458] ____sys_sendmsg+0x31e/0x4e0 [ 171.464752][ T8458] ___sys_sendmsg+0x17b/0x1d0 [ 171.464837][ T8458] __x64_sys_sendmsg+0xd4/0x160 [ 171.464880][ T8458] x64_sys_call+0x2999/0x2fb0 [ 171.464906][ T8458] do_syscall_64+0xd2/0x200 [ 171.464987][ T8458] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 171.465019][ T8458] ? clear_bhb_loop+0x40/0x90 [ 171.465045][ T8458] ? clear_bhb_loop+0x40/0x90 [ 171.465071][ T8458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.465178][ T8458] RIP: 0033:0x7fb6f07ae929 [ 171.465195][ T8458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.465217][ T8458] RSP: 002b:00007fb6eee17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 171.465240][ T8458] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ae929 [ 171.465255][ T8458] RDX: 0000000000000000 RSI: 0000200000001600 RDI: 0000000000000003 [ 171.465270][ T8458] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000 [ 171.465284][ T8458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 171.465353][ T8458] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268 [ 171.465384][ T8458] [ 171.545000][ T8465] loop1: detected capacity change from 0 to 512 [ 171.605169][ T8472] loop2: detected capacity change from 0 to 512 [ 171.715189][ T8465] journal_path: Lookup failure for './file0/../file0' [ 171.742629][ T8465] EXT4-fs: error: could not find journal device path [ 171.794690][ T8476] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1392'. [ 171.794713][ T8476] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1392'. [ 171.837480][ T8472] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 171.855029][ T8480] xt_hashlimit: size too large, truncated to 1048576 [ 171.937520][ T8465] siw: device registration error -23 [ 171.988223][ T8472] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.988310][ T8472] ext4 filesystem being mounted at /293/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 172.111669][ T8496] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1395'. [ 172.132285][ T8502] netlink: 'syz.1.1396': attribute type 21 has an invalid length. [ 172.140206][ T8502] IPv6: NLM_F_CREATE should be specified when creating new route [ 172.169154][ T8502] rdma_op ffff88811b19f180 conn xmit_rdma 0000000000000000 [ 172.177709][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.193412][ T8502] batadv_slave_1: entered promiscuous mode [ 172.204859][ T8501] batadv_slave_1: left promiscuous mode [ 172.297224][ T8511] loop5: detected capacity change from 0 to 1024 [ 172.309180][ T8515] netlink: 'syz.2.1401': attribute type 29 has an invalid length. [ 172.331843][ T8511] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.367705][ T8511] ext4 filesystem being mounted at /25/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 172.402257][ T5453] kworker/u8:8: attempt to access beyond end of device [ 172.402257][ T5453] loop4: rw=1, sector=153, nr_sectors = 8 limit=128 [ 172.432651][ T5453] kworker/u8:8: attempt to access beyond end of device [ 172.432651][ T5453] loop4: rw=1, sector=169, nr_sectors = 8 limit=128 [ 172.433268][ T8511] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1399: bg 0: block 393: padding at end of block bitmap is not set [ 172.446283][ T5453] kworker/u8:8: attempt to access beyond end of device [ 172.446283][ T5453] loop4: rw=1, sector=185, nr_sectors = 8 limit=128 [ 172.473836][ T5453] kworker/u8:8: attempt to access beyond end of device [ 172.473836][ T5453] loop4: rw=1, sector=201, nr_sectors = 8 limit=128 [ 172.485092][ T8511] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28 [ 172.496599][ T5453] kworker/u8:8: attempt to access beyond end of device [ 172.496599][ T5453] loop4: rw=1, sector=217, nr_sectors = 8 limit=128 [ 172.500472][ T8511] EXT4-fs (loop5): This should not happen!! Data will be lost [ 172.500472][ T8511] [ 172.515230][ T5453] kworker/u8:8: attempt to access beyond end of device [ 172.515230][ T5453] loop4: rw=1, sector=233, nr_sectors = 8 limit=128 [ 172.523353][ T8511] EXT4-fs (loop5): Total free blocks count 0 [ 172.540207][ T8524] lo speed is unknown, defaulting to 1000 [ 172.541917][ T8511] EXT4-fs (loop5): Free/Dirty block details [ 172.555657][ T8511] EXT4-fs (loop5): free_blocks=0 [ 172.560871][ T8511] EXT4-fs (loop5): dirty_blocks=16 [ 172.566078][ T8511] EXT4-fs (loop5): Block reservation details [ 172.572194][ T8511] EXT4-fs (loop5): i_reserved_data_blocks=1 [ 172.572580][ T5453] kworker/u8:8: attempt to access beyond end of device [ 172.572580][ T5453] loop4: rw=1, sector=249, nr_sectors = 8 limit=128 [ 172.599703][ T5453] kworker/u8:8: attempt to access beyond end of device [ 172.599703][ T5453] loop4: rw=1, sector=265, nr_sectors = 8 limit=128 [ 172.625462][ T7425] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.634597][ T5453] kworker/u8:8: attempt to access beyond end of device [ 172.634597][ T5453] loop4: rw=1, sector=281, nr_sectors = 8 limit=128 [ 172.634710][ T5453] kworker/u8:8: attempt to access beyond end of device [ 172.634710][ T5453] loop4: rw=1, sector=297, nr_sectors = 8 limit=128 [ 172.673244][ T8534] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1407'. [ 172.682265][ T8534] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1407'. [ 172.702652][ T29] kauditd_printk_skb: 294 callbacks suppressed [ 172.702669][ T29] audit: type=1400 audit(1752304208.385:3047): avc: denied { create } for pid=8536 comm="syz.5.1408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 172.754539][ T29] audit: type=1400 audit(1752304208.425:3048): avc: denied { create } for pid=8535 comm="syz.4.1404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 172.782614][ T29] audit: type=1400 audit(1752304208.465:3049): avc: denied { ioctl } for pid=8541 comm="syz.2.1410" path="socket:[20290]" dev="sockfs" ino=20290 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 172.810843][ T8538] loop4: detected capacity change from 0 to 128 [ 172.829002][ T8545] loop1: detected capacity change from 0 to 256 [ 172.844291][ T8549] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1410'. [ 172.855403][ T8548] FAULT_INJECTION: forcing a failure. [ 172.855403][ T8548] name failslab, interval 1, probability 0, space 0, times 0 [ 172.865701][ T29] audit: type=1400 audit(1752304208.485:3050): avc: denied { write } for pid=8535 comm="syz.4.1404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 172.868108][ T8548] CPU: 1 UID: 0 PID: 8548 Comm: syz.5.1412 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 172.868149][ T8548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 172.868166][ T8548] Call Trace: [ 172.868174][ T8548] [ 172.868247][ T8548] __dump_stack+0x1d/0x30 [ 172.868276][ T8548] dump_stack_lvl+0xe8/0x140 [ 172.868303][ T8548] dump_stack+0x15/0x1b [ 172.868370][ T8548] should_fail_ex+0x265/0x280 [ 172.868412][ T8548] should_failslab+0x8c/0xb0 [ 172.868442][ T8548] kmem_cache_alloc_noprof+0x50/0x310 [ 172.868510][ T8548] ? alloc_empty_file+0x76/0x200 [ 172.868544][ T8548] alloc_empty_file+0x76/0x200 [ 172.868575][ T8548] dentry_open+0x2d/0x90 [ 172.868649][ T8548] do_mq_open+0x3c7/0x4f0 [ 172.868687][ T8548] __x64_sys_mq_open+0xcb/0x100 [ 172.868721][ T8548] x64_sys_call+0x27d6/0x2fb0 [ 172.868784][ T8548] do_syscall_64+0xd2/0x200 [ 172.868807][ T8548] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 172.868843][ T8548] ? clear_bhb_loop+0x40/0x90 [ 172.868927][ T8548] ? clear_bhb_loop+0x40/0x90 [ 172.868956][ T8548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.868985][ T8548] RIP: 0033:0x7fbad0c2e929 [ 172.869006][ T8548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.869031][ T8548] RSP: 002b:00007fbacf297038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0 [ 172.869101][ T8548] RAX: ffffffffffffffda RBX: 00007fbad0e55fa0 RCX: 00007fbad0c2e929 [ 172.869135][ T8548] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000b40 [ 172.869153][ T8548] RBP: 00007fbacf297090 R08: 0000000000000000 R09: 0000000000000000 [ 172.869170][ T8548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 172.869187][ T8548] R13: 0000000000000000 R14: 00007fbad0e55fa0 R15: 00007ffec9666608 [ 172.869221][ T8548] [ 172.892425][ T8545] FAT-fs (loop1): Directory bread(block 1285) failed [ 173.031913][ T8556] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1414'. [ 173.036123][ T29] audit: type=1400 audit(1752304208.585:3051): avc: denied { append } for pid=8541 comm="syz.2.1410" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 173.085082][ T8556] FAULT_INJECTION: forcing a failure. [ 173.085082][ T8556] name failslab, interval 1, probability 0, space 0, times 0 [ 173.093699][ T29] audit: type=1400 audit(1752304208.585:3052): avc: denied { create } for pid=8541 comm="syz.2.1410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 173.093728][ T29] audit: type=1400 audit(1752304208.585:3053): avc: denied { setopt } for pid=8541 comm="syz.2.1410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 173.117411][ T8556] CPU: 0 UID: 0 PID: 8556 Comm: syz.5.1414 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 173.117493][ T8556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 173.117509][ T8556] Call Trace: [ 173.117518][ T8556] [ 173.117528][ T8556] __dump_stack+0x1d/0x30 [ 173.117553][ T8556] dump_stack_lvl+0xe8/0x140 [ 173.117575][ T8556] dump_stack+0x15/0x1b [ 173.117595][ T8556] should_fail_ex+0x265/0x280 [ 173.117687][ T8556] should_failslab+0x8c/0xb0 [ 173.117712][ T8556] kmem_cache_alloc_node_noprof+0x57/0x320 [ 173.117786][ T8556] ? __alloc_skb+0x101/0x320 [ 173.117861][ T8556] __alloc_skb+0x101/0x320 [ 173.117898][ T8556] netlink_ack+0xfd/0x500 [ 173.117935][ T8556] netlink_rcv_skb+0x192/0x220 [ 173.118001][ T8556] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 173.118032][ T8556] rtnetlink_rcv+0x1c/0x30 [ 173.118071][ T8556] netlink_unicast+0x5a8/0x680 [ 173.118108][ T8556] netlink_sendmsg+0x58b/0x6b0 [ 173.118131][ T8556] ? __pfx_netlink_sendmsg+0x10/0x10 [ 173.118214][ T8556] __sock_sendmsg+0x145/0x180 [ 173.118249][ T8556] ____sys_sendmsg+0x31e/0x4e0 [ 173.118299][ T8556] ___sys_sendmsg+0x17b/0x1d0 [ 173.118409][ T8556] __x64_sys_sendmsg+0xd4/0x160 [ 173.118444][ T8556] x64_sys_call+0x2999/0x2fb0 [ 173.118515][ T8556] do_syscall_64+0xd2/0x200 [ 173.118539][ T8556] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 173.118577][ T8556] ? clear_bhb_loop+0x40/0x90 [ 173.118606][ T8556] ? clear_bhb_loop+0x40/0x90 [ 173.118693][ T8556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.118722][ T8556] RIP: 0033:0x7fbad0c2e929 [ 173.118744][ T8556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.118770][ T8556] RSP: 002b:00007fbacf276038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 173.118794][ T8556] RAX: ffffffffffffffda RBX: 00007fbad0e56080 RCX: 00007fbad0c2e929 [ 173.118812][ T8556] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 173.118869][ T8556] RBP: 00007fbacf276090 R08: 0000000000000000 R09: 0000000000000000 [ 173.118886][ T8556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 173.118903][ T8556] R13: 0000000000000000 R14: 00007fbad0e56080 R15: 00007ffec9666608 [ 173.118928][ T8556] [ 173.162417][ T8545] FAT-fs (loop1): Directory bread(block 1285) failed [ 173.170602][ T29] audit: type=1400 audit(1752304208.585:3054): avc: denied { write } for pid=8541 comm="syz.2.1410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 173.184623][ T8545] FAT-fs (loop1): Directory bread(block 1285) failed [ 173.197377][ T8560] bridge: RTM_NEWNEIGH with invalid state 0x31 [ 173.265331][ T29] audit: type=1400 audit(1752304208.835:3055): avc: denied { create } for pid=8558 comm="syz.2.1417" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 173.269296][ T8545] FAT-fs (loop1): Directory bread(block 1285) failed [ 173.272913][ T29] audit: type=1400 audit(1752304208.885:3056): avc: denied { getopt } for pid=8557 comm="syz.0.1416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 173.544086][ T8579] loop1: detected capacity change from 0 to 512 [ 173.552722][ T8579] EXT4-fs: Ignoring removed nomblk_io_submit option [ 173.583455][ T8579] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 173.591483][ T8579] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102] [ 173.603932][ T8579] EXT4-fs (loop1): couldn't mount RDWR because of unsupported optional features (80) [ 173.613613][ T8579] EXT4-fs (loop1): Skipping orphan cleanup due to unknown ROCOMPAT features [ 173.626564][ T8586] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1423'. [ 173.635242][ T8579] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 173.684306][ T8584] loop2: detected capacity change from 0 to 2048 [ 173.724013][ T8584] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 173.781047][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.913568][ T8602] lo speed is unknown, defaulting to 1000 [ 173.995029][ T8599] loop0: detected capacity change from 0 to 512 [ 174.026566][ T8599] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 174.026739][ T8599] EXT4-fs (loop0): orphan cleanup on readonly fs [ 174.035545][ T8599] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #16: comm syz.0.1424: corrupted inode contents [ 174.035780][ T8599] EXT4-fs (loop0): Remounting filesystem read-only [ 174.035894][ T8599] EXT4-fs (loop0): 1 truncate cleaned up [ 174.036061][ T5453] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 174.036083][ T5453] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 174.036220][ T5453] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 174.050128][ T8599] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 174.343382][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.420452][ T8614] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 174.420452][ T8614] program syz.0.1429 not setting count and/or reply_len properly [ 174.484570][ T8615] loop5: detected capacity change from 0 to 512 [ 174.593528][ T8615] EXT4-fs (loop5): can't read group descriptor 0 [ 174.739180][ T8617] loop4: detected capacity change from 0 to 128 [ 174.788016][ T8617] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 174.788203][ T8617] ext4 filesystem being mounted at /274/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 174.799735][ T8617] lo speed is unknown, defaulting to 1000 [ 174.832734][ T8627] netlink: 'syz.1.1433': attribute type 5 has an invalid length. [ 174.878921][ T8629] loop5: detected capacity change from 0 to 256 [ 174.882901][ T8629] vfat: Unknown parameter 'ÿÿ' [ 174.887061][ T8629] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 174.887178][ T8629] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 174.951432][ T3310] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 176.252488][ T8641] loop0: detected capacity change from 0 to 512 [ 176.599048][ T8661] loop5: detected capacity change from 0 to 512 [ 176.600555][ T8661] EXT4-fs: Ignoring removed mblk_io_submit option [ 176.600589][ T8661] EXT4-fs: Ignoring removed bh option [ 176.657289][ T8664] __nla_validate_parse: 6 callbacks suppressed [ 176.657378][ T8664] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1445'. [ 176.657400][ T8664] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1445'. [ 177.117296][ T8661] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 177.125874][ T8661] EXT4-fs (loop5): 1 truncate cleaned up [ 177.126302][ T8661] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.144853][ T8660] loop1: detected capacity change from 0 to 512 [ 177.145153][ T8660] EXT4-fs: Ignoring removed mblk_io_submit option [ 177.145250][ T8660] EXT4-fs: Ignoring removed bh option [ 177.156205][ T8660] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 177.168600][ T8660] EXT4-fs (loop1): 1 truncate cleaned up [ 177.169083][ T8660] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.209307][ T8641] EXT4-fs (loop0): can't read group descriptor 0 [ 177.349075][ T7425] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.444569][ T8670] loop0: detected capacity change from 0 to 2048 [ 177.460245][ T8670] EXT4-fs: Ignoring removed nobh option [ 177.488846][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.501048][ T8670] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.574447][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.604315][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.647664][ T8682] lo speed is unknown, defaulting to 1000 [ 177.724662][ T29] kauditd_printk_skb: 41 callbacks suppressed [ 177.724680][ T29] audit: type=1400 audit(1752304213.405:3092): avc: denied { mounton } for pid=8687 comm="kfree" path="/38/file0" dev="tmpfs" ino=223 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 177.789775][ T29] audit: type=1400 audit(1752304213.445:3093): avc: denied { mount } for pid=8687 comm="kfree" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 177.812096][ T29] audit: type=1400 audit(1752304213.445:3094): avc: denied { write } for pid=8687 comm="kfree" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 177.832591][ T29] audit: type=1400 audit(1752304213.445:3095): avc: denied { open } for pid=8687 comm="kfree" path="/38/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 177.855055][ T29] audit: type=1400 audit(1752304213.465:3096): avc: denied { unmount } for pid=7425 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 177.935531][ T8692] loop1: detected capacity change from 0 to 512 [ 177.970201][ T8692] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.001459][ T8700] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 178.001459][ T8700] program syz.2.1451 not setting count and/or reply_len properly [ 178.019937][ T8703] netlink: 'syz.0.1460': attribute type 11 has an invalid length. [ 178.027835][ T8703] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1460'. [ 178.040281][ T8692] ext4 filesystem being mounted at /310/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 178.058682][ T8706] netlink: 'syz.5.1461': attribute type 21 has an invalid length. [ 178.068013][ T29] audit: type=1400 audit(1752304213.735:3097): avc: denied { append } for pid=8705 comm="syz.5.1461" name="001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 178.104143][ T8692] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1457: corrupted inode contents [ 178.117913][ T8692] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.1457: mark_inode_dirty error [ 178.129987][ T29] audit: type=1400 audit(1752304213.785:3098): avc: denied { write } for pid=8691 comm="syz.1.1457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 178.149645][ T29] audit: type=1400 audit(1752304213.785:3099): avc: denied { create } for pid=8691 comm="syz.1.1457" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 178.174485][ T29] audit: type=1400 audit(1752304213.815:3100): avc: denied { map } for pid=8705 comm="syz.5.1461" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 178.183671][ T8707] vhci_hcd: invalid port number 96 [ 178.199126][ T8692] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1457: corrupted inode contents [ 178.204002][ T8707] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 178.227431][ T8692] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.1457: mark_inode_dirty error [ 178.240655][ T8706] netlink: 152 bytes leftover after parsing attributes in process `syz.5.1461'. [ 178.301242][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.316658][ T8711] loop2: detected capacity change from 0 to 1024 [ 178.332058][ T2996] ================================================================== [ 178.340205][ T2996] BUG: KCSAN: data-race in set_nlink / set_nlink [ 178.346583][ T2996] [ 178.348920][ T2996] read to 0xffff888106735120 of 4 bytes by task 3297 on cpu 0: [ 178.356487][ T2996] set_nlink+0x29/0xb0 [ 178.360604][ T2996] kernfs_iop_permission+0x1e2/0x220 [ 178.365914][ T2996] inode_permission+0x1c7/0x310 [ 178.370788][ T2996] link_path_walk+0x162/0x900 [ 178.375482][ T2996] path_openat+0x1de/0x2170 [ 178.380019][ T2996] do_filp_open+0x109/0x230 [ 178.384559][ T2996] do_sys_openat2+0xa6/0x110 [ 178.389175][ T2996] __x64_sys_openat+0xf2/0x120 [ 178.393975][ T2996] x64_sys_call+0x1af/0x2fb0 [ 178.398598][ T2996] do_syscall_64+0xd2/0x200 [ 178.403135][ T2996] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.409067][ T2996] [ 178.411410][ T2996] write to 0xffff888106735120 of 4 bytes by task 2996 on cpu 1: [ 178.419160][ T2996] set_nlink+0x99/0xb0 [ 178.423269][ T2996] kernfs_iop_permission+0x1e2/0x220 [ 178.428585][ T2996] inode_permission+0x1c7/0x310 [ 178.433462][ T2996] link_path_walk+0x162/0x900 [ 178.438166][ T2996] path_lookupat+0x63/0x2a0 [ 178.442795][ T2996] filename_lookup+0x147/0x340 [ 178.447583][ T2996] vfs_statx+0x9d/0x390 [ 178.451765][ T2996] vfs_fstatat+0x115/0x170 [ 178.456204][ T2996] __se_sys_newfstatat+0x55/0x260 [ 178.461263][ T2996] __x64_sys_newfstatat+0x55/0x70 [ 178.466319][ T2996] x64_sys_call+0x2c22/0x2fb0 [ 178.471028][ T2996] do_syscall_64+0xd2/0x200 [ 178.475547][ T2996] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.481456][ T2996] [ 178.483880][ T2996] value changed: 0x00000008 -> 0x00000009 [ 178.489613][ T2996] [ 178.491954][ T2996] Reported by Kernel Concurrency Sanitizer on: [ 178.498122][ T2996] CPU: 1 UID: 0 PID: 2996 Comm: udevd Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) [ 178.510111][ T2996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 178.520177][ T2996] ================================================================== [ 178.532913][ T8714] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 178.532913][ T8714] program syz.0.1465 not setting count and/or reply_len properly [ 178.553009][ T8715] loop5: detected capacity change from 0 to 1024 [ 178.596854][ T8715] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 178.612569][ T8711] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 178.663539][ T8715] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.675082][ T8711] ext4 filesystem being mounted at /302/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.688870][ T8711] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1463: bg 0: block 393: padding at end of block bitmap is not set [ 178.704907][ T8715] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1466: bg 0: block 393: padding at end of block bitmap is not set [ 178.720817][ T8711] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28 [ 178.733398][ T8711] EXT4-fs (loop2): This should not happen!! Data will be lost [ 178.733398][ T8711] [ 178.743199][ T8711] EXT4-fs (loop2): Total free blocks count 0 [ 178.749206][ T8711] EXT4-fs (loop2): Free/Dirty block details [ 178.755228][ T8711] EXT4-fs (loop2): free_blocks=0 [ 178.760195][ T8711] EXT4-fs (loop2): dirty_blocks=16 [ 178.765410][ T8711] EXT4-fs (loop2): Block reservation details [ 178.771432][ T8711] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 178.780633][ T8715] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28 [ 178.793185][ T8715] EXT4-fs (loop5): This should not happen!! Data will be lost [ 178.793185][ T8715] [ 178.802869][ T8715] EXT4-fs (loop5): Total free blocks count 0 [ 178.808981][ T8715] EXT4-fs (loop5): Free/Dirty block details [ 178.814925][ T8715] EXT4-fs (loop5): free_blocks=0 [ 178.819935][ T8715] EXT4-fs (loop5): dirty_blocks=16 [ 178.825067][ T8715] EXT4-fs (loop5): Block reservation details [ 178.831097][ T8715] EXT4-fs (loop5): i_reserved_data_blocks=1 [ 178.838275][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.862703][ T7425] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.