last executing test programs: 41.57520623s ago: executing program 1 (id=40): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) write$char_usb(r0, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0xc8f54158396a1c8a}}, './file0\x00'}) ioctl$SNAPSHOT_FREE(r1, 0x3305) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000376def31aa4be6000"/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socket$inet6_udp(0xa, 0x2, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000008c0)={r1, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000600)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, &(0x7f0000000640)=[0x0, 0x0], &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x56, &(0x7f00000006c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000700), &(0x7f0000000740), 0x8, 0xd, 0x8, 0x8, &(0x7f0000000780)}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ac0)={0x6, 0x11, &(0x7f0000000900)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x5}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffb}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_fd={0x18, 0x1, 0x1, 0x0, r5}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x8}, @jmp={0x5, 0x1, 0x0, 0x4, 0x4, 0xffffffffffffff48, 0xffffffffffffffff}], &(0x7f00000009c0)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000a00)={0x1, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000a40)=[r5, r5, r1, r5, r5], &(0x7f0000000a80)=[{0x2, 0x4, 0xa, 0x2}], 0x10, 0x7c, @void, @value}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000c00)={{r1}, &(0x7f0000000b80), &(0x7f0000000bc0)='%pS \x00'}, 0x20) openat2(r1, &(0x7f0000000c40)='./file0\x00', &(0x7f0000000c80)={0x80000, 0x28, 0x2}, 0x18) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe98, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{}, 0x97, 0x0, [{}, {}]}, [{0x3, 0x0, 0x0, 0x0, 0xd}, {0x0, 0x0, 0x4000, 0x0, 0x692}, {}, {}, {}, {0x448eade7}, {0xfffffffd, 0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x7ff}, {}, {0x0, 0x0, 0xfffffffc}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {0x2}, {}, {0xfffffffc}, {0x0, 0xe}, {}, {}, {0x0, 0x4, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffe}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x10}, {}, {}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x3}, {0x2}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x800000, 0xfffffffb}, {0x0, 0x0, 0x0, 0x0, 0x6}, {}, {0xfffffffe, 0x0, 0x0, 0x0, 0x7f}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xe10}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xefa6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0xf55142a2a4f268c4}, {}, {}, {}, {}, {0x5}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x5}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0) 40.427813596s ago: executing program 1 (id=44): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000000000000000000fcff3f0000000000000000742ffb752ea89b8de5f866fa58000000000000be51c7cd", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r1}, 0x10) (async) r2 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r2, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) 40.342800565s ago: executing program 1 (id=45): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) unshare(0x64000600) (fail_nth: 3) 38.584574088s ago: executing program 1 (id=64): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) syz_mount_image$vfat(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="696f636861727365743d6d61636963656c616e642c696f636861727365743d757466382c666d61736b3d30303030303030303030303030303030303030303031302c6572726f72733d72656d6f756e742d726f2c636865636b3d7374726963742c757466383d302c756e695f786c6174653d312c757466383d302c73686f72746e616d653d6d697865642c756e695f786c6174653d302c757466383d312c00ec24d52cd656eadd39d406526adc61a7b193d91057769822e39d283530efe28116f0305d770fd70a3670", @ANYRESHEX, @ANYRES8, @ANYRESDEC, @ANYRES8, @ANYRES32], 0x1, 0x1a6, &(0x7f0000000880)="$eJzs281qE10YB/AnefvqtC6ShStxMeDGVWh6BQapIAYEJQsFQbENSEcCFgK6MN258Ca8EZeCW70Sl10IR5pJ+kUqVbAzNL/fJg855w/PSZiPMzDPb77e2RrtDp8Nv0bWaETzTuSx34h2NGNuLwCAy2Q/pfiRUkpX92L1U6SUqu4IAPjXXP8BYPk8fvL0Qa/f33yU51lE8WE8GA/Kz3K8N4xXUcR2rEcrfsbBDcJMWd+7399cz6fa8bGYzPKT8eC/k/lutKK9ON8t8/nJ/P+xdjy/Ea24vji/sTB/JW7fOpbvRCu+v4xRFLEVB9mj/Ptunt992D+VvzadBwAAAJdBJz+0cP/e6Zw1XuZ7jXM/Hzi1v16JGyvVrh0AltXu23c7L4pi+02tii+fD7/5tlY2Wo/GflfMf9K69PPnxWrUoo36FtnsL66sjVHzL1KTiDj35Gw+ebrQrJKTEnAhjo7+qjsBAAAAAAAAAAAAAADOchGvLlW9RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACWz68AAAD//7WMitc=") utimensat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_io_uring_setup(0x24fd, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f00000000c0)=ANY=[@ANYRES16=r4], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4458c}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_PID={0x8, 0x13, r5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4015}, 0x0) 38.487263608s ago: executing program 1 (id=69): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='mm_page_free\x00', r0, 0x0, 0x1000}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00') r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) close_range(r4, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6, 0x0, 0x9}, 0x18) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000008c0)={[{@bsdgroups}, {@bsdgroups}, {@noload}, {@grpjquota}, {@grpjquota}, {@orlov}, {@abort}, {@nombcache}, {@stripe={'stripe', 0x3d, 0x10}}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV") syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000740)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) 38.222632946s ago: executing program 1 (id=73): ioperm(0x1, 0x8, 0x8000000000000001) mlock2(&(0x7f000095a000/0x3000)=nil, 0x3000, 0x1) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x6, 0x1008, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) close(r2) 38.222467466s ago: executing program 32 (id=73): ioperm(0x1, 0x8, 0x8000000000000001) mlock2(&(0x7f000095a000/0x3000)=nil, 0x3000, 0x1) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x6, 0x1008, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) close(r2) 3.614372625s ago: executing program 4 (id=559): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='sched_switch\x00'}, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000048000000030a01010000000000000000020000000900010073797a30000000000900030073797a3200000000080007006e617400140004800800014000000001080002"], 0xa4}}, 0x0) sigaltstack(0x0, 0x0) dup(0xffffffffffffffff) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200010, &(0x7f0000000300)={[{@jqfmt_vfsold}]}, 0xfe, 0x55d, &(0x7f0000000980)="$eJzs3d9rW1UcAPDvTX/sp66DMdQHKezByVy6tv6Y4MN8FB0O9H2G9q6Mpsto0rHWgduDe9mLDEHEgfgH+O7j8B/wrxjoYMgo+uBL5aY3XbYmbZZlSzSfD9ztnPuj55yce07OyUm4AQytyeyfQsSrEfFNEnGo6dho5AcnN89bf3htLtuS2Nj47M8kknxf4/wk//9AHnklIn79OuJEYXu61dW1xVK5nC7n8ana0uWp6urayYtLpYV0Ib00Mzt7+p3Zmfffe7dnZX3z3N/ff3r3o9O3jq1/9/P9w7eTOBMH82PN5XgG15sjkzGZvyZjceaJE6d7kNggSfqdAboykrfzscj6gEMxkrd64P/vq4jYAIZUov3DkGqMAxpz+x7Ng/8zHny4OQHaXv7Rzc9GYm99brR/PXlsZpTNdyd6kH6Wxi9/3LmdbdG7zyEAdnX9RkScGh3d3v8lef/XvVMdnPNkGvo/eHHuZuOft1qNfwpb459oMf450KLtdmP39l+43+KypFefUmfjvw9ajn+3Fq0mRvLYS/Ux31hy4WI5zfq2lyPieIztyeI7reecXr+30e5Y8/gv27L0G2PBPB/3R/c8fs18qVZ6ljI3e3Aj4rWW499kq/6TFvWfvR7nOkzjaHrn9XbHdi//87XxU8QbLev/0YpWsvP65FT9fphq3BXb/XXz6G/t0u93+bP6379z+SeS5vXa6tOn8ePef9J2x7q9/8eTz+vh8Xzf1VKttjwdMZ58sn3/zKNrG/HG+Vn5jx/buf9rdf/vi4gvOiz/zSM32546CPU//1T1//SBex9/+UO79Dur/7froeP5nk76v04z+CyvHQAAAAAAAAyaQkQcjKRQ3AoXCsXi5vc7jsT+QrlSrZ24UFm5NB/138pOxFihsdJ9qOn7ENP592Eb8Zkn4rMRcTgivh3ZV48X5yrl+X4XHgAAAAAAAAAAAAAAAAAAAAbEgTa//8/8PtLykvEXm0PgufLIbxheu7b/XjzpCRhI3v9heHXV/vf1Ph/Ai+f9H4bUWL8zAPST938YXto/DC/tH4aX9g8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9de7s2WzbWH94bS6Lz19ZXVmsXDk5n1YXi0src8W5yvLl4kKlslBOi3OVpd3+XrlSuTw9EytXp2pptTZVXV07v1RZuVQ7f3GptJCeTz1tCAAAAAAAAAAAAAAAAAAAALarrq4tlsrldFlAoKvA6GBkQ6ApcKsHrbvPHRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANPk3AAD//0unNek=") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB], &(0x7f00000002c0)='GPL\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350870696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0xd, 0x0, 0x7fffffff}]}) write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800006, 0x11, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000340), 0x321082, 0x0) ioctl$TUNSETOFFLOAD(r5, 0xc004743e, 0x20001400) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x2, [@var={0x4, 0x0, 0x0, 0xe, 0x4}, @func_proto, @ptr, @volatile={0x0, 0x0, 0x0, 0xa, 0x1}]}}, 0x0, 0x4e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='mm_page_alloc\x00', r6}, 0x10) ioctl$TUNSETOFFLOAD(r5, 0x40047451, 0x2000000c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 2.874861402s ago: executing program 3 (id=567): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r0}, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r1, 0x5) r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) flock(r2, 0x2) 2.813709472s ago: executing program 4 (id=569): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mount(&(0x7f0000000640)=@filename='./file0\x00', 0x0, &(0x7f00000006c0)='devtmpfs\x00', 0x8, &(0x7f0000000700)='(!.-%\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r0}, 0x18) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) 2.581815541s ago: executing program 4 (id=572): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x3e, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(r1, &(0x7f0000000280)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00'}, 0x18) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000003d40)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, 0xee01}}, './file0\x00'}) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x0) 1.663116447s ago: executing program 0 (id=573): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet(0x2, 0x4000000000000001, 0x6) getsockopt$SO_TIMESTAMP(r1, 0x1, 0x23, 0x0, &(0x7f0000000080)=0x53) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd000002"], 0xfdef) 1.582662086s ago: executing program 3 (id=574): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/11, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000080000000000000000000000181100005b81d97ea4135a111856a5d0afcb6439e84613468b6f44a549fc8e01c169782513fb607e99ea2189e38699ba8a7b923ef85637c75d936b3f899305c4fbb03dc9d61a4bd2bb85aed55787625e680e62", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000de0400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xfffff64a, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000340)='vm_unmapped_area\x00', r3}, 0xffffffffffffff8c) r4 = socket$kcm(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r5}, 0x10) openat$selinux_create(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000011008188040f80ec59acbc0413a181003f000000000100000010001f0e0027000f00000000800200121f", 0x2e}], 0x1}, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = socket(0x840000000002, 0x3, 0xff) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x0, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x20000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'team_slave_0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 1.579233136s ago: executing program 4 (id=576): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b000000000000000000171bc9b800d60000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="181b00000000238b237f0000000000001811000061c0c45fa6827be5191aaba874c7dcc455b878f4fc82f0f0fcab8233c54443aa0c31d5e4301448ed89c0b254a42489f3e3eba09201606eff60e0d0717707fb147e56026b7022ac9d42c5302f65186a13267a0e312b4bd30f54346090b5159734a84b18d041", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$unix(0x1, 0x2, 0x0) bind$unix(r3, &(0x7f0000001540)=@file={0x1, './file0\x00'}, 0x6e) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000400180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r4}, 0x10) r5 = socket$unix(0x1, 0x5, 0x0) bind$unix(r5, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) socket$kcm(0x11, 0xa, 0x300) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffed7, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2688ca4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) cachestat(r0, &(0x7f0000000040)={0x3}, &(0x7f0000000080), 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x62000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xe40, 0x0, 0x0, 0x6, 0x3, 0x0, 0x4, 0x0, 0x5ec4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000000008001240"], 0x60}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$PIO_UNIMAP(r7, 0x4b67, &(0x7f0000000200)={0x0, 0x0}) 1.568277296s ago: executing program 2 (id=577): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='mm_page_free\x00', r0, 0x0, 0x1000}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00') r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) close_range(r4, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6, 0x0, 0x9}, 0x18) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000008c0)={[{@bsdgroups}, {@bsdgroups}, {@noload}, {@grpjquota}, {@grpjquota}, {@orlov}, {@abort}, {@nombcache}, {@stripe={'stripe', 0x3d, 0x10}}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV") syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000740)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) 1.481917006s ago: executing program 0 (id=579): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0xfff}, 0x18) open(0x0, 0x14507e, 0x0) quotactl$Q_GETINFO(0xffffffff80000500, &(0x7f00000003c0)=@filename='./bus\x00', 0x0, 0x0) 1.430114836s ago: executing program 3 (id=580): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0, 0x0, 0xfff}, 0x18) open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) quotactl$Q_GETINFO(0xffffffff80000500, &(0x7f00000003c0)=@filename='./bus\x00', 0x0, 0x0) 1.411926346s ago: executing program 0 (id=581): bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast2, 0x7ff}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 1.380567556s ago: executing program 3 (id=583): readlink(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)=""/49, 0x31) 1.369837615s ago: executing program 4 (id=584): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r0}, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r1, 0x5) r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) flock(r2, 0x2) 1.330629246s ago: executing program 0 (id=585): socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xb, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x11, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000003000000000000007b29000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000700bf090000000000005509010000000000950000000000000018150000", @ANYRES32, @ANYBLOB="0000000000000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x3, 0x1000, &(0x7f0000000b40)=""/4096, 0x41000, 0x48, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x2, 0x10, 0xd6ba, 0x4}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000280)=[0x1, 0x1, 0xffffffffffffffff], 0x0, 0x10, 0x4, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x24a}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETLOCK(r3, &(0x7f00000002c0)=ANY=[], 0x200002e6) fcntl$setpipe(r3, 0x407, 0x7000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x4}, 0x18) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r6}, 0x10) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025797a31000000000900010073797a3000000000080005400000001c"], 0xe8}}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r7}, 0x10) readlink(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)=""/49, 0x31) 1.329958126s ago: executing program 3 (id=586): r0 = socket(0x40000000015, 0x5, 0x2) r1 = socket(0x15, 0x5, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) pread64(r4, &(0x7f0000000300)=""/150, 0x96, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_RINGS_SET(r5, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="100029bd7000ffdbdf251000000008000800ffffff52fd0009fd0000008008000700af07d347f77606000000000008000700010000000800090006000000"], 0x44}, 0x1, 0x0, 0x0, 0x4004804}, 0x4090) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@delqdisc={0x14c, 0x25, 0x400, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xfff1, 0x1}, {0x5, 0x8}, {0x6, 0x3}}, [@TCA_STAB={0xb8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x3, 0x2243, 0x8, 0x0, 0x9, 0x9, 0x5}}, {0xe, 0x2, [0x0, 0x7, 0x0, 0x3, 0x7d]}}, {{0x1c, 0x1, {0xd2, 0x7, 0x9, 0x40000000, 0x0, 0x8000, 0x9a7, 0x9}}, {0x16, 0x2, [0x401, 0x7a5a, 0xf, 0x1ff, 0x3, 0x0, 0xd, 0x22, 0x10]}}, {{0x1c, 0x1, {0x0, 0x8, 0x3, 0xa, 0x2, 0x40, 0xffff0000, 0x2}}, {0x8, 0x2, [0x8, 0xffff]}}, {{0x1c, 0x1, {0x4, 0x8, 0x2, 0xffffffdd, 0x0, 0x9, 0x1, 0x7}}, {0x12, 0x2, [0x1000, 0x8, 0x4, 0x0, 0x400, 0x0, 0x0]}}]}, @TCA_STAB={0x30, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x4, 0xa, 0x1ff, 0x6, 0x0, 0x1, 0x7, 0x5}}, {0xe, 0x2, [0x9, 0x7, 0x2, 0x4f54, 0xf8e]}}]}, @TCA_RATE={0x6, 0x5, {0x10, 0x40}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x5}, @TCA_EGRESS_BLOCK={0x8}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x7}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x9}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x6}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x3}]}, 0x14c}}, 0x0) r6 = socket$qrtr(0x2a, 0x2, 0x0) sendmsg$qrtr(r6, &(0x7f0000000900)={&(0x7f00000001c0)={0x2a, 0x2, 0x6003}, 0xc, &(0x7f0000000880)=[{&(0x7f00000003c0)="2c2fe728ea245f32fae4595b650ee5daed4f7c85f6cf2594fbc0acbf2df72129413eb6fcde76cdf875632325a0d45ed33173", 0x32}, {&(0x7f00000006c0)="068352ea2633b9d1a47b4790cbd7d9227b7a5350c41388dd5991ac75805ed7276de3af038fd09bbaa3ceff6c0b9ad3d5bade6b113999acec419b0706c388c3e73cd33149474384d046c2d776e55113eacada026b875882f62d34a6acb7d4981598980dc99d913a4c045586b1238242977682b1b15feb6802c55f21a139473cc86659bf85caba0f99521c92ec4f120921cd452a41005c2a591c55e259fb779f475ab0ba49fc", 0xa5}, {0x0}, {&(0x7f0000000440)}], 0x4}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r2}, &(0x7f0000000080), &(0x7f0000000180)='%-010d \x00'}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10) symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') getsockopt(r0, 0x200000000114, 0x2715, 0x0, &(0x7f0000000240)) 1.135120955s ago: executing program 2 (id=587): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) 952.886694ms ago: executing program 2 (id=589): capset(&(0x7f0000000080)={0x20071026}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) 921.584594ms ago: executing program 2 (id=591): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0xfff}, 0x18) open(0x0, 0x14507e, 0x0) quotactl$Q_GETINFO(0xffffffff80000500, &(0x7f00000003c0)=@filename='./bus\x00', 0x0, 0x0) 896.293164ms ago: executing program 5 (id=592): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r1, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10) connect$llc(r1, &(0x7f0000000040)={0x1a, 0x30f, 0x0, 0x0, 0xe, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}}, 0x10) 895.876324ms ago: executing program 2 (id=593): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='mm_page_free\x00', r0, 0x0, 0x1000}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00') r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) close_range(r4, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6, 0x0, 0x9}, 0x18) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000008c0)={[{@bsdgroups}, {@bsdgroups}, {@noload}, {@grpjquota}, {@grpjquota}, {@orlov}, {@abort}, {@nombcache}, {@stripe={'stripe', 0x3d, 0x10}}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV") syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000740)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) 884.237084ms ago: executing program 5 (id=594): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0xfff1}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_FD={0x8}]}}]}, 0x44}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0xfffffff0) 813.754374ms ago: executing program 5 (id=595): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b000000000000000000171bc9b800d60000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="181b00000000238b237f0000000000001811000061c0c45fa6827be5191aaba874c7dcc455b878f4fc82f0f0fcab8233c54443aa0c31d5e4301448ed89c0b254a42489f3e3eba09201606eff60e0d0717707fb147e56026b7022ac9d42c5302f65186a13267a0e312b4bd30f54346090b5159734a84b18d041", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$unix(0x1, 0x2, 0x0) bind$unix(r3, &(0x7f0000001540)=@file={0x1, './file0\x00'}, 0x6e) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000400180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r4}, 0x10) r5 = socket$unix(0x1, 0x5, 0x0) bind$unix(r5, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) socket$kcm(0x11, 0xa, 0x300) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffed7, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2688ca4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) cachestat(r0, &(0x7f0000000040)={0x3}, &(0x7f0000000080), 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x62000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xe40, 0x0, 0x0, 0x6, 0x3, 0x0, 0x4, 0x0, 0x5ec4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000000008001240"], 0x60}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$PIO_UNIMAP(r7, 0x4b67, &(0x7f0000000200)={0x0, 0x0}) 695.317333ms ago: executing program 2 (id=596): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x3e, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(r1, &(0x7f0000000280)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00'}, 0x18) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'}) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x0) 684.920703ms ago: executing program 5 (id=597): sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40000f63c) r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfffffffe, "00207d2000000000201b14700c1e0ac74f000000001200000000000900"}) r1 = socket$packet(0x11, 0x2, 0x300) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) ioctl$EVIOCGID(r0, 0x80084502, 0x0) add_key$fscrypt_v1(&(0x7f0000000240), 0x0, &(0x7f0000000480)={0x0, "a4dc98257dd8cde07282b7fb204b669ea746e0b8f4c0ef71dd428e887c8bc1a018a0f30a596239e525e455505a020c7f036c9e7ba3e650d329dc6e5f256a5c78", 0x3e}, 0x48, 0xfffffffffffffff9) keyctl$setperm(0x5, 0x0, 0x30925) keyctl$KEYCTL_MOVE(0x3, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10}, 0x24) sendmmsg(r2, 0x0, 0x0, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port1\x00', 0x0, 0x80010, 0xf95d, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x5, 0xdf}) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000400)="89000000120081ae08060cdc03a6000000000002000000006ee2ffca1b1f0000000004c00e72f750375ed08a563319bf9ed720000000d6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100002400d0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) keyctl$get_security(0x11, 0x0, &(0x7f0000000180)=""/100, 0x64) r6 = dup(0xffffffffffffffff) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r7}, 0x10) ioctl$USBDEVFS_CONTROL(r6, 0xc0185500, &(0x7f0000000040)={0x20, 0xa, 0x12, 0x2, 0x0, 0x0, 0x0}) 595.639532ms ago: executing program 5 (id=598): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB="00000000000000c7aa00859d37040e1a8bd30000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/19], 0x48) sendmsg$ETHTOOL_MSG_PAUSE_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000010651fbe347b2c2b00000c00018008000100", @ANYRES8=r5], 0x20}}, 0x0) 571.616663ms ago: executing program 5 (id=599): r0 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000043, &(0x7f0000000000), 0xa, 0x502, &(0x7f0000000b00)="$eJzs3U9vG2kZAPBnnLhN0rDOLhyWldgtu12lCOokm/0TcVi2En9OKyGWexoSJ4rixFXitE1UQfoJQKgCJE6cuCDxAZBQPwJCqgQ3DpxAFaTtgQsyGnvcJo6dJtRrt87vJ03nnfet53mepB7POzOqAzizLkbEJxExFBHvRkQh689lS+w1lvTvPdy/vZguSdRqn/0riSTra93nhexlqR98L+JHydG4Wzu7awvlcmnzcPfuldX1hZXSSmljdnbmw7mP5j6Ymz5hJcnwcaOvRMTH3378i5/+9rsf//EbN/8+/8/LP85HxLVsvF0d3dAoPR8j55s9x6b50hnKKsr3OxEAAE7kUkS8FhFvR8TXohBDA3Z+CgAAAETUvjXevDNVAwAAAAZTLiLGI8kVs+d9xyOXKxYbz/B+KcZy5cpW9evLle2NpXQsYiLyueXVcmk6e1Z4IvJJuj1Tbz/dfq9lezYiXo2Iu4XRdLs+BgAAAPTGhZb5/+NCY/4PAAAADBg34wEAAGDwmf8DAADA4DP/BwAAgIH2/U8/TZfaw/3b9e8BWLqxs71WuXFlqbS1VlzfXiwuVjavF1cqlZVyqTj07P2VK5Xr78fG9q2p6vBWdWprZ3d+vbK9UZ2vf6/3fOm1HtQEAAAAHPbqW/f+mkTE3jdH60vqXDaW72tmwAskGW7puPbVPmUCdMUJLukfdnH780kE6LnWz3Tg7DDHB5LWjpYTg5FOpwp/On0s5xwAANAfk192/x/Oqly/EwD65mf9TgDoG9fi4ezKn/4JQGDAHLn/32Kk08Az7v8/vYZYq506KQAAoKvGG6u9yO4FjkcuVyw+uS2YLK+WS9MR8UpE/KWQP59uz/QxXwAAAAAAAAAAAAAAAAAAAAAAAAB4GdVqSdQAAACAgRaR+0eSff/XZOHSeOv1gXPJfwr1dUTc/PVnv7y1UK1uzqT9/37SX/1V1v9eP65gAAAAwFmUP3a0OU9vzuMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJse7t9ebC69jPvgaozGRLv4wzFSX49EPiLGHiUxfOB1SUQMdSH+3p2IeL1d/CRNKyayLMYenT/0ulxEjPY0/uH60/gXuhAfzrJ7VyPik3bvv1xcrK/bv/+Gs+V5Pbhaf5O3jd88/g11OP594YQx3rj/+6mO8e9EvDHc/vjTjJ90iP/OCeNf++Hubqex2m8iJtt+/iSHYk1V169Pbe3sXlldX1gprZQ2ZmdnPpz7aO6Duemp5dVyKfuzbYyff+UPe3c71p+rrw/Gb9Y50cjwJ53qv3TC+v97/9b+FxvN/NH4EZffaf/7f72+bv/zT/9NvJt9DqTjk832XqN90Ju/+/ObnXJL4y91+Pk3fv+FWqf6L5/rWHJyoH2kZgCgv7Z2dtcWyuXSZg8ab7/fvR0mPcr5ZWisjEX0POjIi1F7rxvfee79NE+Hn2c/f+taXemcof1Qnw9MAABA1z096e93JgAAAAAAAAAAAAAAAAAAAHB2/V//edhbp3tVa8y9/pQKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCs/wUAAP//dvnG0Q==") r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000780)='mm_page_free\x00', r3}, 0x18) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x1, 0x7, 0x2261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r4}, &(0x7f00000000c0), &(0x7f0000000180)='%ps \x00', 0xc00}, 0x20) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x1e0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r9}, 0x18) r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) r11 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r11, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="18000000", @ANYRES16=r10, @ANYBLOB="05f300000000000000002000000004000380"], 0x18}}, 0x0) sendmsg$rds(0xffffffffffffffff, &(0x7f0000003c80)={&(0x7f0000000280)={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000001300)=[{&(0x7f0000000580)=""/209, 0xd1}, {&(0x7f0000000480)=""/186, 0xba}, {&(0x7f00000006c0)=""/250, 0xfa}, {&(0x7f00000007c0)=""/48, 0x30}, {&(0x7f0000000800)=""/166, 0xa6}, {&(0x7f00000008c0)=""/63, 0x3f}, {&(0x7f0000001040)=""/218, 0xda}, {&(0x7f0000001140)=""/219, 0xdb}, {&(0x7f0000001240)=""/152, 0x98}], 0x9, &(0x7f0000003b00)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f00000013c0)=""/225, 0xe1}, &(0x7f0000000980), 0x18}}, @mask_fadd={0x58, 0x114, 0x8, {{0xfffffffb, 0x6}, &(0x7f0000000a00)=0x8000000000000001, &(0x7f0000000a40)=0x1, 0xff, 0x9dfc, 0x9, 0x7fff, 0x40, 0x39}}, @rdma_args={0x48, 0x114, 0x1, {{0x800000, 0xc4ed}, {&(0x7f0000000ac0)=""/22, 0x16}, &(0x7f00000038c0)=[{&(0x7f00000014c0)=""/178, 0xb2}, {&(0x7f0000001580)=""/208, 0xd0}, {&(0x7f0000001680)=""/195, 0xc3}, {&(0x7f0000001780)=""/27, 0x1b}, {&(0x7f00000017c0)}, {&(0x7f0000001800)=""/4096, 0x1000}, {&(0x7f0000002800)=""/185, 0xb9}, {&(0x7f00000028c0)=""/4096, 0x1000}], 0x8, 0x0, 0x7}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000003940)=""/206, 0xce}, &(0x7f0000003a40), 0x2}}, @cswp={0x58, 0x114, 0x7, {{0xf15, 0x7}, &(0x7f0000003a80)=0x40, &(0x7f0000003ac0)=0x1, 0x80000001, 0x1, 0x0, 0x701, 0x50, 0x1}}], 0x158, 0x8080}, 0x40) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b4050000000000006910840000000000bc001000000000009500000000000000ef4f7c81f5427c16bd2aacf32cdbb47063fd9a7bb1f3ad622c3261f324e081c0ea39bd16d9869302cc08fbd94867708cb208e22cc0ad536525e3b39869285c126353f6a49bc5abc6b9a4eab313655286ee33a56f03b665dd5f1739bda6accc3b9b0d26450d3161263aed01194269a5fba4553bb18fa1f37e2f68a8ef81f090829d0ee04b52611a41642b31a6fe2653171379cc327fc11e38418b589777f8c8ddcbf88df947a05937ea"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) sendmsg$tipc(r12, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x3}, 0x10, 0x0}, 0x0) fdatasync(r5) r13 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='timers\x00') msgctl$IPC_STAT(0x0, 0x2, &(0x7f0000000380)=""/208) utimensat(r13, 0x0, &(0x7f0000000300)={{0x0, 0xea60}}, 0x0) fsconfig$FSCONFIG_SET_PATH(r13, 0x3, &(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r0) 294.750311ms ago: executing program 4 (id=600): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) 278.619591ms ago: executing program 0 (id=601): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000700000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 41.51762ms ago: executing program 3 (id=602): socket$nl_rdma(0x10, 0x3, 0x14) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000000500)=ANY=[@ANYBLOB="cc020000210a0108fdffffff0000000000000000630003"], 0x2cc}}, 0x0) 0s ago: executing program 0 (id=603): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000100000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) (fail_nth: 3) kernel console output (not intermixed with test programs): ntext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 32.572611][ T3499] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 32.578242][ T3499] EXT4-fs error (device loop3): __ext4_remount:6749: comm syz.3.22: Abort forced by user [ 32.578534][ T3499] EXT4-fs (loop3): Remounting filesystem read-only [ 32.578549][ T3499] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 32.578578][ T3499] ext4 filesystem being remounted at /3/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 32.622427][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.686228][ T3506] Zero length message leads to an empty skb [ 32.695387][ T29] audit: type=1400 audit(1736177679.161:214): avc: denied { create } for pid=3512 comm="syz.3.23" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 32.764840][ T29] audit: type=1400 audit(1736177679.161:215): avc: denied { connect } for pid=3512 comm="syz.3.23" lport=256 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 32.825796][ T3375] IPVS: starting estimator thread 0... [ 32.866807][ T3516] netlink: 16 bytes leftover after parsing attributes in process `syz.3.23'. [ 32.875679][ T3516] netlink: 2 bytes leftover after parsing attributes in process `syz.3.23'. [ 32.915910][ T3519] IPVS: using max 2448 ests per chain, 122400 per kthread [ 32.931977][ T3522] netlink: 'syz.4.26': attribute type 39 has an invalid length. [ 32.967566][ T3515] capability: warning: `syz.2.24' uses deprecated v2 capabilities in a way that may be insecure [ 32.981511][ T3526] loop1: detected capacity change from 0 to 512 [ 32.990907][ T3527] xt_hashlimit: max too large, truncated to 1048576 [ 33.018547][ T3526] EXT4-fs: Ignoring removed orlov option [ 33.028360][ T3526] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 33.034844][ T3527] syz.4.26[3527] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.037617][ T3526] EXT4-fs (loop1): orphan cleanup on readonly fs [ 33.043400][ T3527] syz.4.26[3527] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.050730][ T3526] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.27: bg 0: block 248: padding at end of block bitmap is not set [ 33.082312][ T3526] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.27: Failed to acquire dquot type 1 [ 33.094159][ T3526] EXT4-fs (loop1): 1 truncate cleaned up [ 33.101561][ T3527] syz.4.26[3527] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.115819][ T3526] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 33.155886][ T3526] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 33.174214][ T3530] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 33.204188][ T3530] netlink: 12 bytes leftover after parsing attributes in process `syz.2.28'. [ 33.214828][ T3526] EXT4-fs error (device loop1): __ext4_remount:6749: comm syz.1.27: Abort forced by user [ 33.234567][ T3526] EXT4-fs (loop1): Remounting filesystem read-only [ 33.241339][ T3526] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 33.284761][ T3526] ext4 filesystem being remounted at /4/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 33.329551][ T3295] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.344542][ T3535] netlink: 64 bytes leftover after parsing attributes in process `syz.0.29'. [ 33.359252][ T3535] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.376368][ T3538] loop3: detected capacity change from 0 to 512 [ 33.383103][ T3538] EXT4-fs: Ignoring removed orlov option [ 33.395228][ T3538] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 33.409506][ T3538] EXT4-fs (loop3): orphan cleanup on readonly fs [ 33.409537][ T3535] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.420185][ T3538] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.30: bg 0: block 248: padding at end of block bitmap is not set [ 33.442953][ T3538] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.30: Failed to acquire dquot type 1 [ 33.454763][ T3538] EXT4-fs (loop3): 1 truncate cleaned up [ 33.462483][ T3538] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 33.482740][ T3538] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 33.495641][ T3535] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.508095][ T3538] EXT4-fs error (device loop3): __ext4_remount:6749: comm syz.3.30: Abort forced by user [ 33.519209][ T3538] EXT4-fs (loop3): Remounting filesystem read-only [ 33.525850][ T3538] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 33.537545][ T3538] ext4 filesystem being remounted at /5/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 33.559506][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.589933][ T3535] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.592611][ T3547] loop3: detected capacity change from 0 to 512 [ 33.609639][ T3547] EXT4-fs error (device loop3): ext4_get_journal_inode:5809: inode #32: comm syz.3.31: iget: special inode unallocated [ 33.630199][ T3547] EXT4-fs (loop3): Remounting filesystem read-only [ 33.636792][ T3547] EXT4-fs (loop3): no journal found [ 33.642005][ T3547] EXT4-fs (loop3): can't get journal size [ 33.649027][ T3547] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 33.660140][ T3547] EXT4-fs (loop3): failed to initialize system zone (-117) [ 33.663955][ T3535] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.667499][ T3547] EXT4-fs (loop3): mount failed [ 33.683755][ T3535] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.702839][ T3535] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.715085][ T3535] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.755817][ T3547] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 33.763588][ T3547] SELinux: failed to load policy [ 33.806881][ T3551] loop0: detected capacity change from 0 to 512 [ 33.847595][ T3553] loop3: detected capacity change from 0 to 512 [ 33.854575][ T3551] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.856168][ T3553] EXT4-fs error (device loop3): ext4_get_journal_inode:5809: inode #32: comm syz.3.33: iget: special inode unallocated [ 33.891270][ T3551] ext4 filesystem being mounted at /5/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 33.895631][ T3553] EXT4-fs (loop3): Remounting filesystem read-only [ 33.908097][ T3553] EXT4-fs (loop3): no journal found [ 33.913364][ T3553] EXT4-fs (loop3): can't get journal size [ 33.929755][ T3553] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 33.939457][ T3553] EXT4-fs (loop3): failed to initialize system zone (-117) [ 33.946899][ T3553] EXT4-fs (loop3): mount failed [ 33.959499][ T3553] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 33.967211][ T3553] SELinux: failed to load policy [ 34.030720][ T3376] IPVS: starting estimator thread 0... [ 34.093034][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.114302][ T3572] loop2: detected capacity change from 0 to 512 [ 34.125662][ T3569] IPVS: using max 2544 ests per chain, 127200 per kthread [ 34.134674][ T3572] EXT4-fs: Ignoring removed orlov option [ 34.147661][ T3575] FAULT_INJECTION: forcing a failure. [ 34.147661][ T3575] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 34.160852][ T3575] CPU: 0 UID: 0 PID: 3575 Comm: syz.0.41 Tainted: G W 6.13.0-rc6-syzkaller #0 [ 34.171181][ T3575] Tainted: [W]=WARN [ 34.174997][ T3575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 34.185114][ T3575] Call Trace: [ 34.188442][ T3575] [ 34.191452][ T3575] dump_stack_lvl+0xf2/0x150 [ 34.196084][ T3575] dump_stack+0x15/0x1a [ 34.200353][ T3575] should_fail_ex+0x223/0x230 [ 34.205133][ T3575] should_fail+0xb/0x10 [ 34.209331][ T3575] should_fail_usercopy+0x1a/0x20 [ 34.214442][ T3575] _copy_from_iter+0xd5/0xd00 [ 34.219187][ T3575] ? kmalloc_reserve+0x16e/0x190 [ 34.224183][ T3575] ? __build_skb_around+0x196/0x1f0 [ 34.229411][ T3575] ? __alloc_skb+0x21f/0x310 [ 34.234029][ T3575] ? __virt_addr_valid+0x1ed/0x250 [ 34.239188][ T3575] ? __check_object_size+0x364/0x520 [ 34.244499][ T3575] netlink_sendmsg+0x460/0x6e0 [ 34.249294][ T3575] ? __pfx_netlink_sendmsg+0x10/0x10 [ 34.254598][ T3575] __sock_sendmsg+0x140/0x180 [ 34.259375][ T3575] ____sys_sendmsg+0x312/0x410 [ 34.264162][ T3575] __sys_sendmsg+0x19d/0x230 [ 34.268790][ T3575] __x64_sys_sendmsg+0x46/0x50 [ 34.273577][ T3575] x64_sys_call+0x2734/0x2dc0 [ 34.278322][ T3575] do_syscall_64+0xc9/0x1c0 [ 34.282985][ T3575] ? clear_bhb_loop+0x55/0xb0 [ 34.287677][ T3575] ? clear_bhb_loop+0x55/0xb0 [ 34.292451][ T3575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 34.298375][ T3575] RIP: 0033:0x7fe39c6f5d29 [ 34.302862][ T3575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 34.322490][ T3575] RSP: 002b:00007fe39ad61038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 34.330937][ T3575] RAX: ffffffffffffffda RBX: 00007fe39c8e5fa0 RCX: 00007fe39c6f5d29 [ 34.339125][ T3575] RDX: 0000000010000000 RSI: 0000000020000080 RDI: 0000000000000006 [ 34.347116][ T3575] RBP: 00007fe39ad61090 R08: 0000000000000000 R09: 0000000000000000 [ 34.348596][ T3572] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 34.355084][ T3575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 34.355121][ T3575] R13: 0000000000000000 R14: 00007fe39c8e5fa0 R15: 00007ffd953505a8 [ 34.379476][ T3575] [ 34.384498][ T3572] EXT4-fs (loop2): orphan cleanup on readonly fs [ 34.395059][ T3572] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.39: bg 0: block 248: padding at end of block bitmap is not set [ 34.475584][ T3584] syz.3.43 uses obsolete (PF_INET,SOCK_PACKET) [ 34.484932][ T3572] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.39: Failed to acquire dquot type 1 [ 34.504544][ T3572] EXT4-fs (loop2): 1 truncate cleaned up [ 34.511292][ T3572] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 34.547810][ T3572] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 34.566220][ T3572] EXT4-fs error (device loop2): __ext4_remount:6749: comm syz.2.39: Abort forced by user [ 34.582958][ T3572] EXT4-fs (loop2): Remounting filesystem read-only [ 34.589624][ T3572] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 34.602022][ T3572] ext4 filesystem being remounted at /9/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 34.753923][ T3596] loop4: detected capacity change from 0 to 512 [ 34.766061][ T3596] EXT4-fs: Ignoring removed orlov option [ 34.791487][ T3598] FAULT_INJECTION: forcing a failure. [ 34.791487][ T3598] name failslab, interval 1, probability 0, space 0, times 0 [ 34.804200][ T3598] CPU: 1 UID: 0 PID: 3598 Comm: syz.1.45 Tainted: G W 6.13.0-rc6-syzkaller #0 [ 34.814531][ T3598] Tainted: [W]=WARN [ 34.818371][ T3598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 34.828433][ T3598] Call Trace: [ 34.831715][ T3598] [ 34.834767][ T3598] dump_stack_lvl+0xf2/0x150 [ 34.839515][ T3598] dump_stack+0x15/0x1a [ 34.843734][ T3598] should_fail_ex+0x223/0x230 [ 34.848428][ T3598] ? alloc_fdtable+0x74/0x1b0 [ 34.853128][ T3598] should_failslab+0x8f/0xb0 [ 34.857751][ T3598] __kmalloc_cache_noprof+0x4e/0x320 [ 34.863258][ T3598] alloc_fdtable+0x74/0x1b0 [ 34.867804][ T3598] dup_fd+0x60d/0x6a0 [ 34.871815][ T3598] ? _raw_spin_unlock+0x26/0x50 [ 34.876705][ T3598] ksys_unshare+0x33b/0x6e0 [ 34.881230][ T3598] __x64_sys_unshare+0x1f/0x30 [ 34.886029][ T3598] x64_sys_call+0x1a3e/0x2dc0 [ 34.890724][ T3598] do_syscall_64+0xc9/0x1c0 [ 34.895266][ T3598] ? clear_bhb_loop+0x55/0xb0 [ 34.899966][ T3598] ? clear_bhb_loop+0x55/0xb0 [ 34.904749][ T3598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 34.910735][ T3598] RIP: 0033:0x7f819e105d29 [ 34.915190][ T3598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 34.934889][ T3598] RSP: 002b:00007f819c72f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 34.943366][ T3598] RAX: ffffffffffffffda RBX: 00007f819e2f6160 RCX: 00007f819e105d29 [ 34.951350][ T3598] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000064000600 [ 34.959381][ T3598] RBP: 00007f819c72f090 R08: 0000000000000000 R09: 0000000000000000 [ 34.967362][ T3598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 34.975338][ T3598] R13: 0000000000000000 R14: 00007f819e2f6160 R15: 00007ffe7d222088 [ 34.983407][ T3598] [ 35.006167][ T3596] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 35.096683][ T3596] EXT4-fs (loop4): orphan cleanup on readonly fs [ 35.105749][ T3302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.118077][ T3596] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.46: bg 0: block 248: padding at end of block bitmap is not set [ 35.133289][ T3596] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.46: Failed to acquire dquot type 1 [ 35.147904][ T3596] EXT4-fs (loop4): 1 truncate cleaned up [ 35.155521][ T3596] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 35.181170][ T3596] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 35.226471][ T3596] EXT4-fs error (device loop4): __ext4_remount:6749: comm syz.4.46: Abort forced by user [ 35.264128][ T3596] EXT4-fs (loop4): Remounting filesystem read-only [ 35.270737][ T3596] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 35.317817][ T3596] ext4 filesystem being remounted at /8/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 35.364045][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.386205][ T3604] loop2: detected capacity change from 0 to 512 [ 35.414345][ T3604] EXT4-fs error (device loop2): ext4_get_journal_inode:5809: inode #32: comm syz.2.48: iget: special inode unallocated [ 35.434540][ T3604] EXT4-fs (loop2): Remounting filesystem read-only [ 35.441183][ T3604] EXT4-fs (loop2): no journal found [ 35.446465][ T3604] EXT4-fs (loop2): can't get journal size [ 35.452883][ T3604] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 35.463988][ T3604] EXT4-fs (loop2): failed to initialize system zone (-117) [ 35.485677][ T3604] EXT4-fs (loop2): mount failed [ 35.487501][ T3613] netlink: 12 bytes leftover after parsing attributes in process `syz.3.52'. [ 35.500333][ T3608] x_tables: duplicate underflow at hook 2 [ 35.517227][ T3372] IPVS: starting estimator thread 0... [ 35.543189][ T3604] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 35.557452][ T3616] netlink: 376 bytes leftover after parsing attributes in process `syz.3.53'. [ 35.571366][ T3604] SELinux: failed to load policy [ 35.615797][ T3614] IPVS: using max 2448 ests per chain, 122400 per kthread [ 35.683819][ T3627] netlink: 4 bytes leftover after parsing attributes in process `syz.0.55'. [ 35.772452][ T3628] 9pnet_fd: Insufficient options for proto=fd [ 35.828497][ T3624] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.835789][ T3624] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.966646][ T3624] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 35.991748][ T3624] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 36.058762][ T3624] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.067288][ T3624] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.075703][ T3624] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.084175][ T3624] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.104672][ T3633] netlink: 96 bytes leftover after parsing attributes in process `syz.3.59'. [ 36.184700][ T3635] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 36.344882][ T3641] loop0: detected capacity change from 0 to 1024 [ 36.391637][ T3645] loop1: detected capacity change from 0 to 128 [ 36.400321][ T3643] netlink: 48 bytes leftover after parsing attributes in process `syz.3.63'. [ 36.408562][ T3645] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 36.427075][ T3643] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 36.617494][ T3661] loop2: detected capacity change from 0 to 512 [ 36.638619][ T3661] EXT4-fs error (device loop2): ext4_get_journal_inode:5809: inode #32: comm syz.2.72: iget: special inode unallocated [ 36.662751][ T3661] EXT4-fs (loop2): Remounting filesystem read-only [ 36.669420][ T3661] EXT4-fs (loop2): no journal found [ 36.674686][ T3661] EXT4-fs (loop2): can't get journal size [ 36.682881][ T3661] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 36.705183][ T3661] EXT4-fs (loop2): failed to initialize system zone (-117) [ 36.730600][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.747309][ T3661] EXT4-fs (loop2): mount failed [ 36.771236][ T3661] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 36.795966][ T3661] SELinux: failed to load policy [ 36.803486][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.870748][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.910238][ T3375] IPVS: starting estimator thread 0... [ 36.960960][ T3683] loop3: detected capacity change from 0 to 512 [ 36.978762][ T3683] EXT4-fs (loop3): too many log groups per flexible block group [ 36.986579][ T3683] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 36.993775][ T3683] EXT4-fs (loop3): mount failed [ 36.994372][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 37.015851][ T3681] IPVS: using max 2064 ests per chain, 103200 per kthread [ 37.026860][ T29] kauditd_printk_skb: 205 callbacks suppressed [ 37.026883][ T29] audit: type=1326 audit(1736177683.511:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3684 comm="syz.2.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 37.056441][ T29] audit: type=1326 audit(1736177683.511:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3684 comm="syz.2.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 37.056510][ T29] audit: type=1326 audit(1736177683.511:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3684 comm="syz.2.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 37.056549][ T29] audit: type=1326 audit(1736177683.511:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3684 comm="syz.2.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 37.056587][ T29] audit: type=1326 audit(1736177683.511:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3684 comm="syz.2.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 37.056703][ T29] audit: type=1326 audit(1736177683.511:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3684 comm="syz.2.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 37.056741][ T29] audit: type=1326 audit(1736177683.511:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3684 comm="syz.2.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 37.056778][ T29] audit: type=1326 audit(1736177683.511:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3684 comm="syz.2.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 37.063151][ T29] audit: type=1326 audit(1736177683.541:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3684 comm="syz.2.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 37.115336][ T3691] loop4: detected capacity change from 0 to 512 [ 37.128521][ T29] audit: type=1326 audit(1736177683.541:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3684 comm="syz.2.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 37.268770][ T3691] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.299327][ T3691] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 37.331964][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.353927][ T3698] netlink: 133492 bytes leftover after parsing attributes in process `syz.0.81'. [ 37.388940][ T3666] chnl_net:caif_netlink_parms(): no params data found [ 37.443621][ T11] bridge_slave_1: left allmulticast mode [ 37.449394][ T11] bridge_slave_1: left promiscuous mode [ 37.455095][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.469733][ T3706] loop3: detected capacity change from 0 to 512 [ 37.510087][ T3706] EXT4-fs error (device loop3): ext4_get_journal_inode:5809: inode #32: comm syz.3.85: iget: special inode unallocated [ 37.525508][ T3706] EXT4-fs (loop3): Remounting filesystem read-only [ 37.532173][ T3706] EXT4-fs (loop3): no journal found [ 37.537657][ T3706] EXT4-fs (loop3): can't get journal size [ 37.557170][ T3706] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 37.566983][ T3706] EXT4-fs (loop3): failed to initialize system zone (-117) [ 37.571124][ T11] bridge_slave_0: left allmulticast mode [ 37.574554][ T3706] EXT4-fs (loop3): mount failed [ 37.579865][ T11] bridge_slave_0: left promiscuous mode [ 37.580044][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.613404][ T3706] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 37.621406][ T3706] SELinux: failed to load policy [ 37.679865][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 37.690168][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 37.701588][ T11] bond0 (unregistering): Released all slaves [ 37.715478][ T3719] loop3: detected capacity change from 0 to 8192 [ 37.751289][ T3719] loop3: p1 p2 p3 p4 [ 37.757130][ T3719] loop3: p1 start 51379968 is beyond EOD, truncated [ 37.764641][ T3666] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.771858][ T3666] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.779783][ T3666] bridge_slave_0: entered allmulticast mode [ 37.779944][ T3719] loop3: p3 size 100663552 extends beyond EOD, truncated [ 37.786237][ T3666] bridge_slave_0: entered promiscuous mode [ 37.799916][ T3666] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.807017][ T3666] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.814224][ T3666] bridge_slave_1: entered allmulticast mode [ 37.820490][ T3719] loop3: p4 size 81920 extends beyond EOD, truncated [ 37.821158][ T3666] bridge_slave_1: entered promiscuous mode [ 37.867144][ T11] hsr_slave_0: left promiscuous mode [ 37.898928][ T11] hsr_slave_1: left promiscuous mode [ 37.910068][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 37.917607][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 37.931255][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 37.938832][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 37.963921][ T11] veth1_macvtap: left promiscuous mode [ 37.969523][ T11] veth0_macvtap: left promiscuous mode [ 37.975111][ T11] veth1_vlan: left promiscuous mode [ 37.980498][ T11] veth0_vlan: left promiscuous mode [ 38.047099][ T11] team0 (unregistering): Port device team_slave_1 removed [ 38.057399][ T11] team0 (unregistering): Port device team_slave_0 removed [ 38.097690][ T3666] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.110007][ T3666] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.155847][ T3666] team0: Port device team_slave_0 added [ 38.165958][ T3666] team0: Port device team_slave_1 added [ 38.189789][ T3666] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.196859][ T3666] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.222943][ T3666] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.234458][ T3666] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.241519][ T3666] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.267534][ T3666] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.289006][ T3758] xt_CT: No such helper "snmp" [ 38.301167][ T3758] loop4: detected capacity change from 0 to 512 [ 38.444555][ T3666] hsr_slave_0: entered promiscuous mode [ 38.450714][ T3666] hsr_slave_1: entered promiscuous mode [ 38.457336][ T3666] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.464927][ T3666] Cannot create hsr debugfs directory [ 38.561761][ T3666] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 38.581870][ T3666] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 38.605316][ T3666] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 38.625138][ T3666] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 38.716650][ T3666] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.747170][ T3666] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.772843][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.780100][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.811385][ T3798] netlink: 4 bytes leftover after parsing attributes in process `syz.0.98'. [ 38.821273][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.828341][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.043627][ T3666] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.521133][ T3836] netlink: 4 bytes leftover after parsing attributes in process `syz.4.102'. [ 39.902859][ T3666] veth0_vlan: entered promiscuous mode [ 39.919151][ T3666] veth1_vlan: entered promiscuous mode [ 40.023423][ T3666] veth0_macvtap: entered promiscuous mode [ 40.036796][ T3666] veth1_macvtap: entered promiscuous mode [ 40.047436][ T3666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 40.057968][ T3666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 40.067840][ T3666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 40.078306][ T3666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 40.088943][ T3666] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.097860][ T3666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 40.108376][ T3666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 40.118217][ T3666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 40.118926][ T3858] FAULT_INJECTION: forcing a failure. [ 40.118926][ T3858] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 40.128708][ T3666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 40.129533][ T3666] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.141955][ T3858] CPU: 1 UID: 0 PID: 3858 Comm: syz.4.105 Tainted: G W 6.13.0-rc6-syzkaller #0 [ 40.169499][ T3858] Tainted: [W]=WARN [ 40.173319][ T3858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 40.183388][ T3858] Call Trace: [ 40.186672][ T3858] [ 40.189616][ T3858] dump_stack_lvl+0xf2/0x150 [ 40.194325][ T3858] dump_stack+0x15/0x1a [ 40.198510][ T3858] should_fail_ex+0x223/0x230 [ 40.203221][ T3858] should_fail_alloc_page+0xfd/0x110 [ 40.208565][ T3858] __alloc_pages_noprof+0x109/0x340 [ 40.213862][ T3858] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 40.219316][ T3858] alloc_pages_noprof+0xe1/0x100 [ 40.224266][ T3858] pte_alloc_one+0x31/0x110 [ 40.228794][ T3858] __pte_alloc+0x33/0x2a0 [ 40.233161][ T3858] handle_mm_fault+0x1b4a/0x2ac0 [ 40.238117][ T3858] ? __rcu_read_unlock+0x4e/0x70 [ 40.243138][ T3858] ? mt_find+0x72a/0x890 [ 40.247408][ T3858] __get_user_pages+0xf2c/0x2670 [ 40.252433][ T3858] __mm_populate+0x25b/0x3b0 [ 40.257132][ T3858] __se_sys_mlockall+0x2c5/0x370 [ 40.262088][ T3858] __x64_sys_mlockall+0x1f/0x30 [ 40.266973][ T3858] x64_sys_call+0x2bf8/0x2dc0 [ 40.271661][ T3858] do_syscall_64+0xc9/0x1c0 [ 40.276191][ T3858] ? clear_bhb_loop+0x55/0xb0 [ 40.280908][ T3858] ? clear_bhb_loop+0x55/0xb0 [ 40.285662][ T3858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 40.291712][ T3858] RIP: 0033:0x7fd4230e5d29 [ 40.296130][ T3858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 40.315840][ T3858] RSP: 002b:00007fd421757038 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 40.324301][ T3858] RAX: ffffffffffffffda RBX: 00007fd4232d5fa0 RCX: 00007fd4230e5d29 [ 40.332334][ T3858] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 40.340413][ T3858] RBP: 00007fd421757090 R08: 0000000000000000 R09: 0000000000000000 [ 40.348398][ T3858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 40.356386][ T3858] R13: 0000000000000001 R14: 00007fd4232d5fa0 R15: 00007ffcc589ade8 [ 40.364387][ T3858] [ 40.380957][ T3862] loop0: detected capacity change from 0 to 512 [ 40.387797][ T3862] EXT4-fs: Ignoring removed orlov option [ 40.397067][ T3862] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 40.430011][ T3862] EXT4-fs (loop0): orphan cleanup on readonly fs [ 40.439312][ T3666] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.448155][ T3666] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.456994][ T3666] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.465786][ T3666] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.516707][ T3862] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.104: bg 0: block 248: padding at end of block bitmap is not set [ 40.565683][ T3862] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.104: Failed to acquire dquot type 1 [ 40.586710][ T3862] EXT4-fs (loop0): 1 truncate cleaned up [ 40.606677][ T3862] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 40.626013][ T3862] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 40.649568][ T3862] EXT4-fs error (device loop0): __ext4_remount:6749: comm syz.0.104: Abort forced by user [ 40.676828][ T3862] EXT4-fs (loop0): Remounting filesystem read-only [ 40.676957][ T3871] 9pnet: Could not find request transport: f [ 40.683374][ T3862] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 40.725336][ T3862] ext4 filesystem being remounted at /24/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 40.778757][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.796007][ T35] IPVS: starting estimator thread 0... [ 40.885933][ T3887] IPVS: using max 2400 ests per chain, 120000 per kthread [ 41.066111][ T3910] Cannot find del_set index 0 as target [ 41.450870][ T3949] loop0: detected capacity change from 0 to 256 [ 41.528640][ T3954] loop2: detected capacity change from 0 to 512 [ 41.543609][ T3957] loop4: detected capacity change from 0 to 128 [ 41.570348][ T3954] EXT4-fs: Ignoring removed orlov option [ 41.605261][ T3954] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 41.646789][ T3954] EXT4-fs (loop2): orphan cleanup on readonly fs [ 41.696766][ T3954] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.120: bg 0: block 248: padding at end of block bitmap is not set [ 41.753933][ T3954] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.120: Failed to acquire dquot type 1 [ 41.769448][ T3954] EXT4-fs (loop2): 1 truncate cleaned up [ 41.776549][ T3954] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 41.792953][ T3954] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 41.901814][ T3954] EXT4-fs error (device loop2): __ext4_remount:6749: comm syz.2.120: Abort forced by user [ 41.929106][ T3954] EXT4-fs (loop2): Remounting filesystem read-only [ 41.935711][ T3954] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 41.946464][ T3954] ext4 filesystem being remounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 42.027555][ T3302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.124625][ T3991] loop3: detected capacity change from 0 to 512 [ 42.187505][ T3991] EXT4-fs: Ignoring removed orlov option [ 42.255049][ T3991] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 42.355703][ T3996] Illegal XDP return value 3682457646 on prog (id 138) dev N/A, expect packet loss! [ 42.377841][ T4000] loop0: detected capacity change from 0 to 128 [ 42.399607][ T3991] EXT4-fs (loop3): orphan cleanup on readonly fs [ 42.429564][ T3991] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.131: bg 0: block 248: padding at end of block bitmap is not set [ 42.447095][ T4006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.136'. [ 42.465882][ T4006] loop0: detected capacity change from 0 to 1024 [ 42.497657][ T4006] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.518064][ T4002] netlink: 4 bytes leftover after parsing attributes in process `syz.4.129'. [ 42.532843][ T4002] netlink: 17 bytes leftover after parsing attributes in process `syz.4.129'. [ 42.532923][ T3991] __quota_error: 173 callbacks suppressed [ 42.532939][ T3991] Quota error (device loop3): write_blk: dquota write failed [ 42.556688][ T3991] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 42.566652][ T3991] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.131: Failed to acquire dquot type 1 [ 42.625655][ T29] audit: type=1400 audit(1736177689.101:592): avc: denied { map } for pid=4005 comm="syz.0.136" path="/35/file1/blkio.bfq.avg_queue_size" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 42.634494][ T3991] EXT4-fs (loop3): 1 truncate cleaned up [ 42.679353][ T29] audit: type=1400 audit(1736177689.111:593): avc: denied { execute } for pid=4005 comm="syz.0.136" path="/35/file1/blkio.bfq.avg_queue_size" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 42.723928][ T3991] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 42.812513][ T3991] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 42.834883][ T4018] syz.2.140[4018] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 42.835037][ T4018] syz.2.140[4018] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 42.847893][ T4018] syz.2.140[4018] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 42.871452][ T4018] netlink: 24 bytes leftover after parsing attributes in process `syz.2.140'. [ 42.893003][ T3991] EXT4-fs error (device loop3): __ext4_remount:6749: comm syz.3.131: Abort forced by user [ 42.909907][ T4018] loop2: detected capacity change from 0 to 512 [ 42.917754][ T4018] ext4: Bad value for 'dax' [ 42.948216][ T3991] EXT4-fs (loop3): Remounting filesystem read-only [ 42.954837][ T3991] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 42.970111][ T29] audit: type=1326 audit(1736177689.451:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4023 comm="syz.5.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2227d5d29 code=0x7ffc0000 [ 42.976249][ T3991] ext4 filesystem being remounted at /27/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 42.993414][ T29] audit: type=1326 audit(1736177689.451:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4023 comm="syz.5.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2227d5d29 code=0x7ffc0000 [ 43.027252][ T29] audit: type=1326 audit(1736177689.451:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4023 comm="syz.5.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff2227d5d29 code=0x7ffc0000 [ 43.050559][ T29] audit: type=1326 audit(1736177689.451:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4023 comm="syz.5.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2227d5d29 code=0x7ffc0000 [ 43.073801][ T29] audit: type=1326 audit(1736177689.451:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4023 comm="syz.5.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff2227d5d29 code=0x7ffc0000 [ 43.097110][ T29] audit: type=1326 audit(1736177689.451:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4023 comm="syz.5.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2227d5d29 code=0x7ffc0000 [ 43.143629][ T4030] loop2: detected capacity change from 0 to 512 [ 43.166609][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.176099][ T4030] EXT4-fs error (device loop2): ext4_get_journal_inode:5809: inode #32: comm syz.2.143: iget: special inode unallocated [ 43.181006][ T4030] EXT4-fs (loop2): Remounting filesystem read-only [ 43.195301][ T4030] EXT4-fs (loop2): no journal found [ 43.200584][ T4030] EXT4-fs (loop2): can't get journal size [ 43.212624][ T4030] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 43.218909][ T4037] syz.5.147[4037] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 43.224474][ T4037] syz.5.147[4037] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 43.224968][ T4030] EXT4-fs (loop2): failed to initialize system zone (-117) [ 43.254422][ T4030] EXT4-fs (loop2): mount failed [ 43.258121][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.268367][ T4037] syz.5.147[4037] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 43.319156][ T4037] netlink: 24 bytes leftover after parsing attributes in process `syz.5.147'. [ 43.342621][ T4037] loop5: detected capacity change from 0 to 512 [ 43.349384][ T4037] ext4: Bad value for 'dax' [ 43.368990][ T4030] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 43.405272][ T4030] SELinux: failed to load policy [ 43.491618][ T4058] loop2: detected capacity change from 0 to 256 [ 43.619206][ T4071] FAULT_INJECTION: forcing a failure. [ 43.619206][ T4071] name failslab, interval 1, probability 0, space 0, times 0 [ 43.631938][ T4071] CPU: 1 UID: 0 PID: 4071 Comm: syz.2.158 Tainted: G W 6.13.0-rc6-syzkaller #0 [ 43.642293][ T4071] Tainted: [W]=WARN [ 43.646197][ T4071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 43.656270][ T4071] Call Trace: [ 43.659560][ T4071] [ 43.662499][ T4071] dump_stack_lvl+0xf2/0x150 [ 43.667132][ T4071] dump_stack+0x15/0x1a [ 43.671438][ T4071] should_fail_ex+0x223/0x230 [ 43.676192][ T4071] ? x509_cert_parse+0x3b/0x440 [ 43.681074][ T4071] should_failslab+0x8f/0xb0 [ 43.685811][ T4071] __kmalloc_cache_noprof+0x4e/0x320 [ 43.691194][ T4071] x509_cert_parse+0x3b/0x440 [ 43.695909][ T4071] x509_key_preparse+0x3c/0x400 [ 43.700854][ T4071] asymmetric_key_preparse+0x6b/0xc0 [ 43.706275][ T4071] __key_create_or_update+0x29f/0x750 [ 43.711784][ T4071] key_create_or_update+0x42/0x60 [ 43.716840][ T4071] __se_sys_add_key+0x280/0x320 [ 43.721726][ T4071] ? fput+0x1c4/0x200 [ 43.725816][ T4071] __x64_sys_add_key+0x67/0x80 [ 43.730674][ T4071] x64_sys_call+0x2964/0x2dc0 [ 43.735398][ T4071] do_syscall_64+0xc9/0x1c0 [ 43.739925][ T4071] ? clear_bhb_loop+0x55/0xb0 [ 43.744691][ T4071] ? clear_bhb_loop+0x55/0xb0 [ 43.749422][ T4071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 43.755353][ T4071] RIP: 0033:0x7ff6c65e5d29 [ 43.759781][ T4071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 43.779508][ T4071] RSP: 002b:00007ff6c4c51038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 43.787943][ T4071] RAX: ffffffffffffffda RBX: 00007ff6c67d5fa0 RCX: 00007ff6c65e5d29 [ 43.796083][ T4071] RDX: 0000000020000140 RSI: 0000000000000000 RDI: 0000000020000100 [ 43.804219][ T4071] RBP: 00007ff6c4c51090 R08: 0000000035ce061a R09: 0000000000000000 [ 43.812211][ T4071] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 43.820271][ T4071] R13: 0000000000000000 R14: 00007ff6c67d5fa0 R15: 00007ffd474059b8 [ 43.828265][ T4071] [ 43.843764][ T4073] syz.5.159[4073] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 43.843814][ T4073] syz.5.159[4073] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 43.847449][ T4075] loop4: detected capacity change from 0 to 512 [ 43.857771][ T4073] syz.5.159[4073] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 43.866716][ T4075] EXT4-fs: Ignoring removed orlov option [ 43.890047][ T4075] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 43.898457][ T4073] netlink: 24 bytes leftover after parsing attributes in process `syz.5.159'. [ 43.902548][ T4073] loop5: detected capacity change from 0 to 512 [ 43.926092][ T4073] ext4: Bad value for 'dax' [ 43.930952][ T4075] EXT4-fs (loop4): orphan cleanup on readonly fs [ 43.970493][ T4075] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.160: bg 0: block 248: padding at end of block bitmap is not set [ 44.002134][ T4075] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.160: Failed to acquire dquot type 1 [ 44.020566][ T4082] netlink: 184 bytes leftover after parsing attributes in process `syz.2.164'. [ 44.033946][ T4075] EXT4-fs (loop4): 1 truncate cleaned up [ 44.064869][ T4088] netlink: 4 bytes leftover after parsing attributes in process `syz.5.165'. [ 44.091299][ T4089] netlink: 4 bytes leftover after parsing attributes in process `syz.0.162'. [ 44.134275][ T4075] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 44.181523][ T4075] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 44.227338][ T4075] EXT4-fs error (device loop4): __ext4_remount:6749: comm syz.4.160: Abort forced by user [ 44.239639][ T4075] EXT4-fs (loop4): Remounting filesystem read-only [ 44.246271][ T4075] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 44.257219][ T4105] netlink: 4 bytes leftover after parsing attributes in process `syz.0.171'. [ 44.262210][ T4106] loop2: detected capacity change from 0 to 1024 [ 44.266148][ T4075] ext4 filesystem being remounted at /32/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 44.295142][ T4106] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.312419][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.354589][ T4111] loop5: detected capacity change from 0 to 1024 [ 44.450198][ T4111] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.627788][ T4130] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 44.635493][ T4130] SELinux: failed to load policy [ 44.687221][ T4133] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 44.694905][ T4133] SELinux: failed to load policy [ 44.770801][ T4140] loop0: detected capacity change from 0 to 512 [ 44.782896][ T4140] EXT4-fs: Ignoring removed orlov option [ 44.795980][ T4140] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 44.808481][ T4140] EXT4-fs (loop0): orphan cleanup on readonly fs [ 44.818456][ T4126] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.825749][ T4126] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.846313][ T4140] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.184: bg 0: block 248: padding at end of block bitmap is not set [ 44.870905][ T4140] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.184: Failed to acquire dquot type 1 [ 44.884618][ T4140] EXT4-fs (loop0): 1 truncate cleaned up [ 44.927113][ T4126] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 44.939888][ T4126] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 44.954601][ T4140] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 44.968812][ T4140] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 44.986229][ T4140] EXT4-fs error (device loop0): __ext4_remount:6749: comm syz.0.184: Abort forced by user [ 44.997572][ T4140] EXT4-fs (loop0): Remounting filesystem read-only [ 45.004186][ T4140] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 45.014992][ T4140] ext4 filesystem being remounted at /44/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.057089][ T4126] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.066091][ T4126] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.075019][ T4126] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.083962][ T4126] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.112688][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.304774][ T3302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.382327][ T3666] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.451284][ T4156] capability: warning: `syz.5.189' uses 32-bit capabilities (legacy support in use) [ 45.473649][ T4155] loop3: detected capacity change from 0 to 512 [ 45.481356][ T4155] EXT4-fs error (device loop3): ext4_get_journal_inode:5809: inode #32: comm syz.3.190: iget: special inode unallocated [ 45.494840][ T4155] EXT4-fs (loop3): Remounting filesystem read-only [ 45.501541][ T4155] EXT4-fs (loop3): no journal found [ 45.507041][ T4155] EXT4-fs (loop3): can't get journal size [ 45.523637][ T4155] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 45.533839][ T4155] EXT4-fs (loop3): failed to initialize system zone (-117) [ 45.552002][ T4155] EXT4-fs (loop3): mount failed [ 45.556665][ T4165] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 45.564622][ T4165] SELinux: failed to load policy [ 45.594208][ T4167] loop0: detected capacity change from 0 to 512 [ 45.610402][ T4167] EXT4-fs: Ignoring removed orlov option [ 45.618448][ T4171] loop5: detected capacity change from 0 to 128 [ 45.625364][ T4167] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 45.646256][ T4167] EXT4-fs (loop0): orphan cleanup on readonly fs [ 45.657431][ T4167] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.193: bg 0: block 248: padding at end of block bitmap is not set [ 45.677796][ T4167] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.193: Failed to acquire dquot type 1 [ 45.694050][ T4167] EXT4-fs (loop0): 1 truncate cleaned up [ 45.700952][ T4167] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 45.779045][ T4167] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 45.816302][ T4167] EXT4-fs error (device loop0): __ext4_remount:6749: comm syz.0.193: Abort forced by user [ 45.829558][ T4167] EXT4-fs (loop0): Remounting filesystem read-only [ 45.836130][ T4167] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 45.853109][ T4167] ext4 filesystem being remounted at /46/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.877046][ T4183] loop5: detected capacity change from 0 to 512 [ 45.883577][ T4183] EXT4-fs: Ignoring removed orlov option [ 45.901443][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.912250][ T4183] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 45.943725][ T4183] EXT4-fs (loop5): orphan cleanup on readonly fs [ 45.963092][ T4183] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.199: bg 0: block 248: padding at end of block bitmap is not set [ 45.985472][ T4192] loop3: detected capacity change from 0 to 512 [ 45.996052][ T4183] EXT4-fs error (device loop5): ext4_acquire_dquot:6938: comm syz.5.199: Failed to acquire dquot type 1 [ 46.003604][ T4192] EXT4-fs: Ignoring removed orlov option [ 46.014959][ T4183] EXT4-fs (loop5): 1 truncate cleaned up [ 46.016732][ T4192] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 46.029668][ T4183] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 46.029835][ T4192] EXT4-fs (loop3): orphan cleanup on readonly fs [ 46.049601][ T4183] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 46.050203][ T4192] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.203: bg 0: block 248: padding at end of block bitmap is not set [ 46.074485][ T4192] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.203: Failed to acquire dquot type 1 [ 46.087790][ T4192] EXT4-fs (loop3): 1 truncate cleaned up [ 46.094269][ T4192] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 46.132599][ T4183] EXT4-fs error (device loop5): __ext4_remount:6749: comm syz.5.199: Abort forced by user [ 46.132693][ T4192] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 46.142950][ T4183] EXT4-fs (loop5): Remounting filesystem read-only [ 46.158738][ T4183] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 46.175214][ T4183] ext4 filesystem being remounted at /23/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 46.204188][ T4198] loop0: detected capacity change from 0 to 512 [ 46.215553][ T4192] EXT4-fs error (device loop3): __ext4_remount:6749: comm syz.3.203: Abort forced by user [ 46.215997][ T3666] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.236713][ T4192] EXT4-fs (loop3): Remounting filesystem read-only [ 46.238640][ T4198] EXT4-fs error (device loop0): ext4_get_journal_inode:5809: inode #32: comm syz.0.204: iget: special inode unallocated [ 46.243232][ T4192] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 46.257234][ T4198] EXT4-fs (loop0): Remounting filesystem read-only [ 46.272857][ T4198] EXT4-fs (loop0): no journal found [ 46.278193][ T4198] EXT4-fs (loop0): can't get journal size [ 46.281695][ T4192] ext4 filesystem being remounted at /41/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 46.305968][ T4198] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 46.321851][ T4198] EXT4-fs (loop0): failed to initialize system zone (-117) [ 46.329182][ T4198] EXT4-fs (loop0): mount failed [ 46.376787][ T4205] raw_sendmsg: syz.5.205 forgot to set AF_INET. Fix it! [ 46.385936][ T4207] loop0: detected capacity change from 0 to 128 [ 46.416021][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.482868][ T4211] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4) [ 46.486323][ T4209] FAULT_INJECTION: forcing a failure. [ 46.486323][ T4209] name failslab, interval 1, probability 0, space 0, times 0 [ 46.489428][ T4211] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 46.502123][ T4209] CPU: 1 UID: 0 PID: 4209 Comm: syz.2.209 Tainted: G W 6.13.0-rc6-syzkaller #0 [ 46.509791][ T4211] vhci_hcd vhci_hcd.0: Device attached [ 46.519987][ T4209] Tainted: [W]=WARN [ 46.519998][ T4209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 46.520012][ T4209] Call Trace: [ 46.520021][ T4209] [ 46.545779][ T4209] dump_stack_lvl+0xf2/0x150 [ 46.550410][ T4209] dump_stack+0x15/0x1a [ 46.554593][ T4209] should_fail_ex+0x223/0x230 [ 46.559294][ T4209] should_failslab+0x8f/0xb0 [ 46.563950][ T4209] kmem_cache_alloc_node_noprof+0x59/0x320 [ 46.569854][ T4209] ? __alloc_skb+0x10b/0x310 [ 46.574458][ T4209] __alloc_skb+0x10b/0x310 [ 46.578912][ T4209] ? audit_log_start+0x34c/0x6b0 [ 46.583867][ T4209] audit_log_start+0x368/0x6b0 [ 46.588690][ T4209] audit_seccomp+0x4b/0x130 [ 46.593254][ T4209] __seccomp_filter+0x6fa/0x1180 [ 46.598215][ T4209] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 46.603890][ T4209] ? vfs_write+0x596/0x920 [ 46.608326][ T4209] __secure_computing+0x9f/0x1c0 [ 46.613296][ T4209] syscall_trace_enter+0xd1/0x1f0 [ 46.618476][ T4209] ? fpregs_assert_state_consistent+0x83/0xa0 [ 46.624569][ T4209] do_syscall_64+0xaa/0x1c0 [ 46.629101][ T4209] ? clear_bhb_loop+0x55/0xb0 [ 46.633784][ T4209] ? clear_bhb_loop+0x55/0xb0 [ 46.638490][ T4209] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 46.646778][ T4209] RIP: 0033:0x7ff6c65e5d29 [ 46.651213][ T4209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 46.670841][ T4209] RSP: 002b:00007ff6c4c51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 46.679304][ T4209] RAX: ffffffffffffffda RBX: 00007ff6c67d5fa0 RCX: 00007ff6c65e5d29 [ 46.687296][ T4209] RDX: 0000000020000140 RSI: 0000000020000040 RDI: ffffffffffffffff [ 46.695363][ T4209] RBP: 00007ff6c4c51090 R08: 0000000000000000 R09: 0000000000000000 [ 46.703414][ T4209] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001 [ 46.711392][ T4209] R13: 0000000000000000 R14: 00007ff6c67d5fa0 R15: 00007ffd474059b8 [ 46.719380][ T4209] [ 47.216082][ T9] usb 12-1: SetAddress Request (2) to port 0 [ 47.223518][ T9] usb 12-1: new SuperSpeed USB device number 2 using vhci_hcd [ 47.333181][ T4212] vhci_hcd: connection reset by peer [ 47.341728][ T3417] vhci_hcd: stop threads [ 47.346061][ T3417] vhci_hcd: release socket [ 47.350484][ T3417] vhci_hcd: disconnect device [ 47.519677][ T4243] loop2: detected capacity change from 0 to 512 [ 47.527630][ T4243] EXT4-fs: Ignoring removed orlov option [ 47.535402][ T4243] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 47.544490][ T4243] EXT4-fs (loop2): orphan cleanup on readonly fs [ 47.551712][ T4243] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.219: bg 0: block 248: padding at end of block bitmap is not set [ 47.567783][ T4243] __quota_error: 175 callbacks suppressed [ 47.567800][ T4243] Quota error (device loop2): write_blk: dquota write failed [ 47.581107][ T4243] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 47.591075][ T4243] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.219: Failed to acquire dquot type 1 [ 47.666643][ T4243] EXT4-fs (loop2): 1 truncate cleaned up [ 47.733477][ T29] audit: type=1400 audit(1736177694.211:763): avc: denied { bind } for pid=4249 comm="syz.3.220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.814445][ T29] audit: type=1400 audit(1736177694.241:764): avc: denied { setopt } for pid=4249 comm="syz.3.220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.850572][ T4252] loop3: detected capacity change from 0 to 128 [ 47.937277][ T4254] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 47.980437][ T4254] SELinux: failed to load policy [ 48.034733][ T4243] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 48.055848][ T4243] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 48.066651][ T4243] EXT4-fs error (device loop2): __ext4_remount:6749: comm syz.2.219: Abort forced by user [ 48.082972][ T4243] EXT4-fs (loop2): Remounting filesystem read-only [ 48.089662][ T4243] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 48.112990][ T4243] ext4 filesystem being remounted at /46/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 48.149487][ T4267] loop5: detected capacity change from 0 to 512 [ 48.157147][ T3302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.167701][ T4267] EXT4-fs: Ignoring removed orlov option [ 48.174333][ T4267] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 48.199148][ T29] audit: type=1400 audit(1736177694.671:765): avc: denied { ioctl } for pid=4269 comm="syz.2.227" path="socket:[6894]" dev="sockfs" ino=6894 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 48.227649][ T4267] EXT4-fs (loop5): orphan cleanup on readonly fs [ 48.262565][ T4267] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.226: bg 0: block 248: padding at end of block bitmap is not set [ 48.277303][ T29] audit: type=1326 audit(1736177694.741:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4271 comm="syz.3.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc6445d29 code=0x7ffc0000 [ 48.300785][ T29] audit: type=1326 audit(1736177694.741:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4271 comm="syz.3.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8dc6445d29 code=0x7ffc0000 [ 48.324366][ T29] audit: type=1326 audit(1736177694.741:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4271 comm="syz.3.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc6445d29 code=0x7ffc0000 [ 48.347648][ T29] audit: type=1326 audit(1736177694.741:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4271 comm="syz.3.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8dc6445d29 code=0x7ffc0000 [ 48.371264][ T29] audit: type=1326 audit(1736177694.741:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4271 comm="syz.3.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc6445d29 code=0x7ffc0000 [ 48.425955][ T4267] EXT4-fs error (device loop5): ext4_acquire_dquot:6938: comm syz.5.226: Failed to acquire dquot type 1 [ 48.443214][ T4267] EXT4-fs (loop5): 1 truncate cleaned up [ 48.450128][ T4267] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 48.598600][ T4289] __nla_validate_parse: 7 callbacks suppressed [ 48.598621][ T4289] netlink: 4 bytes leftover after parsing attributes in process `syz.0.230'. [ 48.722240][ T4294] netlink: 'syz.3.231': attribute type 1 has an invalid length. [ 48.819275][ T4267] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 48.839562][ T4293] netlink: 4 bytes leftover after parsing attributes in process `syz.4.233'. [ 48.877341][ T4267] EXT4-fs error (device loop5): __ext4_remount:6749: comm syz.5.226: Abort forced by user [ 48.895867][ T4267] EXT4-fs (loop5): Remounting filesystem read-only [ 48.902438][ T4267] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 48.925668][ T4267] ext4 filesystem being remounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 49.211245][ T3666] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.317362][ T4305] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 49.326292][ T4305] SELinux: failed to load policy [ 49.423703][ T4314] loop4: detected capacity change from 0 to 1024 [ 49.455246][ T4314] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.483700][ T4324] netlink: 12 bytes leftover after parsing attributes in process `syz.3.243'. [ 49.649666][ T4334] loop5: detected capacity change from 0 to 128 [ 49.693304][ T4338] loop2: detected capacity change from 0 to 512 [ 49.700083][ T4338] EXT4-fs: Ignoring removed orlov option [ 49.710974][ T4338] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 49.733425][ T4338] EXT4-fs (loop2): orphan cleanup on readonly fs [ 49.744747][ T4338] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.247: bg 0: block 248: padding at end of block bitmap is not set [ 49.772285][ T4338] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.247: Failed to acquire dquot type 1 [ 49.784515][ T4338] EXT4-fs (loop2): 1 truncate cleaned up [ 49.787574][ T4342] loop0: detected capacity change from 0 to 512 [ 49.791557][ T4338] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 49.811301][ T4338] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 49.813729][ T4342] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #2: comm syz.0.249: corrupted xattr block 255: invalid header [ 49.834168][ T4342] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 49.835511][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.843041][ T4342] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.864096][ T4338] EXT4-fs error (device loop2): __ext4_remount:6749: comm syz.2.247: Abort forced by user [ 49.864299][ T4342] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #2: comm syz.0.249: corrupted xattr block 255: invalid header [ 49.875443][ T4338] EXT4-fs (loop2): Remounting filesystem read-only [ 49.889336][ T4342] SELinux: (dev loop0, type ext4) getxattr errno 117 [ 49.893688][ T4338] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 49.894048][ T4338] ext4 filesystem being remounted at /52/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 49.902490][ T4342] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.944962][ T3302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.007569][ T4355] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 50.015198][ T4355] SELinux: failed to load policy [ 50.168202][ T4369] loop3: detected capacity change from 0 to 128 [ 50.207135][ T4371] loop2: detected capacity change from 0 to 1024 [ 50.249128][ T4371] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.319740][ T4381] syz.3.264[4381] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.319889][ T4381] syz.3.264[4381] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.332138][ T4381] syz.3.264[4381] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.358672][ T4381] netlink: 24 bytes leftover after parsing attributes in process `syz.3.264'. [ 50.382337][ T4381] loop3: detected capacity change from 0 to 512 [ 50.392987][ T4381] ext4: Bad value for 'dax' [ 50.669562][ T3302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.681203][ T4387] xt_CT: No such helper "netbios-ns" [ 50.835616][ T4394] netlink: 12 bytes leftover after parsing attributes in process `syz.2.267'. [ 50.860508][ T4400] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 50.868289][ T4400] SELinux: failed to load policy [ 50.914275][ T4404] loop5: detected capacity change from 0 to 512 [ 50.921140][ T4404] EXT4-fs: Ignoring removed orlov option [ 50.928529][ T4404] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 50.948502][ T4404] EXT4-fs (loop5): orphan cleanup on readonly fs [ 50.956904][ T4404] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.270: bg 0: block 248: padding at end of block bitmap is not set [ 50.971580][ T4404] EXT4-fs error (device loop5): ext4_acquire_dquot:6938: comm syz.5.270: Failed to acquire dquot type 1 [ 50.984346][ T4404] EXT4-fs (loop5): 1 truncate cleaned up [ 50.990868][ T4404] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 51.005827][ T4404] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 51.037082][ T4404] EXT4-fs error (device loop5): __ext4_remount:6749: comm syz.5.270: Abort forced by user [ 51.039202][ T4412] loop3: detected capacity change from 0 to 128 [ 51.047487][ T4404] EXT4-fs (loop5): Remounting filesystem read-only [ 51.059926][ T4404] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 51.071711][ T4404] ext4 filesystem being remounted at /36/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 51.107993][ T4415] loop3: detected capacity change from 0 to 512 [ 51.116302][ T4415] EXT4-fs: Ignoring removed orlov option [ 51.125472][ T4415] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 51.138789][ T4415] EXT4-fs (loop3): orphan cleanup on readonly fs [ 51.146341][ T4415] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.275: bg 0: block 248: padding at end of block bitmap is not set [ 51.157820][ T4419] syz.0.276[4419] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.160710][ T4419] syz.0.276[4419] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.172607][ T4419] syz.0.276[4419] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.184097][ T4415] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.275: Failed to acquire dquot type 1 [ 51.188775][ T3666] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.220393][ T4415] EXT4-fs (loop3): 1 truncate cleaned up [ 51.226711][ T4415] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 51.229393][ T4419] loop0: detected capacity change from 0 to 512 [ 51.249098][ T4415] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 51.251605][ T4419] ext4: Bad value for 'dax' [ 51.281052][ T4426] loop5: detected capacity change from 0 to 1024 [ 51.299499][ T4426] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.314877][ T4415] EXT4-fs error (device loop3): __ext4_remount:6749: comm syz.3.275: Abort forced by user [ 51.328861][ T4415] EXT4-fs (loop3): Remounting filesystem read-only [ 51.335463][ T4415] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 51.348165][ T4415] ext4 filesystem being remounted at /59/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 51.395283][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.576409][ T4449] loop4: detected capacity change from 0 to 128 [ 51.778774][ T3666] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.041391][ T4464] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.048719][ T4464] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.234547][ T4464] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 52.252038][ T4464] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 52.277768][ T4491] loop5: detected capacity change from 0 to 512 [ 52.284456][ T4491] EXT4-fs: Ignoring removed orlov option [ 52.296246][ T9] usb 12-1: device descriptor read/8, error -110 [ 52.299029][ T4491] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 52.312537][ T4491] EXT4-fs (loop5): orphan cleanup on readonly fs [ 52.319765][ T4491] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.294: bg 0: block 248: padding at end of block bitmap is not set [ 52.334406][ T4491] EXT4-fs error (device loop5): ext4_acquire_dquot:6938: comm syz.5.294: Failed to acquire dquot type 1 [ 52.346184][ T4491] EXT4-fs (loop5): 1 truncate cleaned up [ 52.352707][ T4491] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 52.366379][ T4464] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.375310][ T4464] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.384451][ T4464] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.393422][ T4464] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.403267][ T4491] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 52.412806][ T9] usb 12-1: new SuperSpeed USB device number 2 using vhci_hcd [ 52.424057][ T4488] netlink: 12 bytes leftover after parsing attributes in process `syz.0.293'. [ 52.427468][ T4491] EXT4-fs error (device loop5): __ext4_remount:6749: comm syz.5.294: Abort forced by user [ 52.443736][ T4491] EXT4-fs (loop5): Remounting filesystem read-only [ 52.445662][ T9] usb 12-1: enqueue for inactive port 0 [ 52.450444][ T4491] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 52.462179][ T9] usb 12-1: enqueue for inactive port 0 [ 52.466308][ T4491] ext4 filesystem being remounted at /39/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 52.485540][ T9] usb 12-1: enqueue for inactive port 0 [ 52.502494][ T3666] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.600284][ T4513] loop2: detected capacity change from 0 to 128 [ 52.674844][ T29] kauditd_printk_skb: 68 callbacks suppressed [ 52.674860][ T29] audit: type=1326 audit(1736177700.149:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4521 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 52.709752][ T29] audit: type=1326 audit(1736177700.189:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4521 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 52.722989][ T4519] loop4: detected capacity change from 0 to 8192 [ 52.741754][ T29] audit: type=1326 audit(1736177700.189:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4521 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 52.765093][ T29] audit: type=1326 audit(1736177700.189:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4521 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 52.788624][ T29] audit: type=1326 audit(1736177700.189:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4521 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 52.849978][ T29] audit: type=1400 audit(1736177700.299:834): avc: denied { egress } for pid=23 comm="ksoftirqd/1" saddr=fe80::1b daddr=ff02::2 netif=gretap0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1 [ 52.873600][ T29] audit: type=1400 audit(1736177700.299:835): avc: denied { sendto } for pid=23 comm="ksoftirqd/1" saddr=fe80::1b daddr=ff02::2 netif=gretap0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1 [ 52.941756][ T4528] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 52.950718][ T4528] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 52.959548][ T4528] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 52.968459][ T4528] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 53.001233][ T4528] vxlan0: entered promiscuous mode [ 53.006448][ T4528] vxlan0: entered allmulticast mode [ 53.029595][ T29] audit: type=1326 audit(1736177700.509:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4542 comm="syz.2.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 53.053031][ T29] audit: type=1326 audit(1736177700.509:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4542 comm="syz.2.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 53.076363][ T29] audit: type=1326 audit(1736177700.509:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4542 comm="syz.2.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6c65e5d29 code=0x7ffc0000 [ 53.178980][ T4552] netem: change failed [ 53.349623][ T4563] loop2: detected capacity change from 0 to 128 [ 53.536359][ T9] usb usb12-port1: attempt power cycle [ 53.747830][ T4573] loop2: detected capacity change from 0 to 512 [ 53.774427][ T4573] EXT4-fs error (device loop2): ext4_get_journal_inode:5809: inode #32: comm syz.2.310: iget: special inode unallocated [ 53.818283][ T4573] EXT4-fs (loop2): Remounting filesystem read-only [ 53.824945][ T4573] EXT4-fs (loop2): no journal found [ 53.830263][ T4573] EXT4-fs (loop2): can't get journal size [ 53.841527][ T4573] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 53.873033][ T4573] EXT4-fs (loop2): failed to initialize system zone (-117) [ 53.885752][ T4573] EXT4-fs (loop2): mount failed [ 53.895386][ T4584] loop0: detected capacity change from 0 to 1024 [ 53.920295][ T4584] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.972311][ T4590] loop4: detected capacity change from 0 to 1024 [ 53.988313][ T4590] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.304156][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.343532][ T4624] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 54.373871][ T4628] loop2: detected capacity change from 0 to 512 [ 54.394358][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.406402][ T4628] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 54.431983][ T4624] SELinux: failed to load policy [ 54.476670][ T4628] EXT4-fs error (device loop2): ext4_orphan_get:1389: inode #17: comm syz.2.323: iget: bad i_size value: -6917529027641081756 [ 54.535845][ T4628] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.323: couldn't read orphan inode 17 (err -117) [ 54.682791][ T4628] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.799317][ T3302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.136561][ T4671] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave [ 55.146207][ T4671] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1) [ 55.209767][ T4677] netlink: 12 bytes leftover after parsing attributes in process `syz.4.330'. [ 55.283058][ T4691] loop3: detected capacity change from 0 to 1024 [ 55.308971][ T4691] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.515965][ T9] usb usb12-port1: unable to enumerate USB device [ 55.537517][ T4712] FAULT_INJECTION: forcing a failure. [ 55.537517][ T4712] name failslab, interval 1, probability 0, space 0, times 0 [ 55.550258][ T4712] CPU: 0 UID: 0 PID: 4712 Comm: syz.5.334 Tainted: G W 6.13.0-rc6-syzkaller #0 [ 55.560622][ T4712] Tainted: [W]=WARN [ 55.564471][ T4712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 55.574562][ T4712] Call Trace: [ 55.577855][ T4712] [ 55.580816][ T4712] dump_stack_lvl+0xf2/0x150 [ 55.585504][ T4712] dump_stack+0x15/0x1a [ 55.589759][ T4712] should_fail_ex+0x223/0x230 [ 55.594602][ T4712] should_failslab+0x8f/0xb0 [ 55.599277][ T4712] kmem_cache_alloc_noprof+0x52/0x320 [ 55.604684][ T4712] ? getname_flags+0x81/0x3b0 [ 55.609467][ T4712] getname_flags+0x81/0x3b0 [ 55.614005][ T4712] user_path_at+0x26/0x120 [ 55.618470][ T4712] __se_sys_quotactl+0xb2/0x660 [ 55.623434][ T4712] ? fput+0x1c4/0x200 [ 55.627436][ T4712] __x64_sys_quotactl+0x55/0x70 [ 55.632302][ T4712] x64_sys_call+0x826/0x2dc0 [ 55.636964][ T4712] do_syscall_64+0xc9/0x1c0 [ 55.641547][ T4712] ? clear_bhb_loop+0x55/0xb0 [ 55.646239][ T4712] ? clear_bhb_loop+0x55/0xb0 [ 55.650978][ T4712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.657046][ T4712] RIP: 0033:0x7ff2227d5d29 [ 55.661583][ T4712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.681308][ T4712] RSP: 002b:00007ff220e41038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3 [ 55.689814][ T4712] RAX: ffffffffffffffda RBX: 00007ff2229c5fa0 RCX: 00007ff2227d5d29 [ 55.697899][ T4712] RDX: 0000000000000000 RSI: 0000000020000900 RDI: ffffffff80000202 [ 55.705995][ T4712] RBP: 00007ff220e41090 R08: 0000000000000000 R09: 0000000000000000 [ 55.714063][ T4712] R10: 0000000020000940 R11: 0000000000000246 R12: 0000000000000001 [ 55.722189][ T4712] R13: 0000000000000000 R14: 00007ff2229c5fa0 R15: 00007ffcf5c6be18 [ 55.730260][ T4712] [ 55.760148][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.829545][ T4722] loop5: detected capacity change from 0 to 512 [ 55.836195][ T4722] EXT4-fs: Ignoring removed orlov option [ 55.844442][ T4722] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 55.855326][ T4722] EXT4-fs (loop5): orphan cleanup on readonly fs [ 55.867531][ T4722] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.339: bg 0: block 248: padding at end of block bitmap is not set [ 55.925403][ T4722] EXT4-fs error (device loop5): ext4_acquire_dquot:6938: comm syz.5.339: Failed to acquire dquot type 1 [ 55.969753][ T4722] EXT4-fs (loop5): 1 truncate cleaned up [ 55.982060][ T4722] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 56.023894][ T4722] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 56.116208][ T4722] EXT4-fs error (device loop5): __ext4_remount:6749: comm syz.5.339: Abort forced by user [ 56.136545][ T4722] EXT4-fs (loop5): Remounting filesystem read-only [ 56.143138][ T4722] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 56.162959][ T4722] ext4 filesystem being remounted at /50/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 56.166950][ T4733] loop4: detected capacity change from 0 to 1024 [ 56.201774][ T4733] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 56.211435][ T3666] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.212741][ T4733] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869) [ 56.231470][ T4733] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 56.269007][ T4733] EXT4-fs (loop4): invalid journal inode [ 56.274802][ T4733] EXT4-fs (loop4): can't get journal size [ 56.305964][ T4733] EXT4-fs error (device loop4): ext4_protect_reserved_inode:182: inode #3: comm syz.4.341: blocks 2-2 from inode overlap system zone [ 56.327014][ T4733] EXT4-fs (loop4): failed to initialize system zone (-117) [ 56.337422][ T4745] loop5: detected capacity change from 0 to 1024 [ 56.344846][ T4733] EXT4-fs (loop4): mount failed [ 56.378441][ T4745] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.441131][ T4752] netlink: 12 bytes leftover after parsing attributes in process `syz.2.347'. [ 56.606222][ T3666] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.630797][ T4764] netlink: 8 bytes leftover after parsing attributes in process `syz.5.351'. [ 56.667275][ T4767] loop0: detected capacity change from 0 to 512 [ 56.676126][ T4767] EXT4-fs: Ignoring removed orlov option [ 56.690620][ T4767] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 56.700825][ T4767] EXT4-fs (loop0): orphan cleanup on readonly fs [ 56.709090][ T4767] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.352: bg 0: block 248: padding at end of block bitmap is not set [ 56.723977][ T4767] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.352: Failed to acquire dquot type 1 [ 56.736233][ T4767] EXT4-fs (loop0): 1 truncate cleaned up [ 56.800815][ T4767] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 56.821618][ T4775] loop5: detected capacity change from 0 to 1024 [ 56.829560][ T4767] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 56.846263][ T4767] EXT4-fs error (device loop0): __ext4_remount:6749: comm syz.0.352: Abort forced by user [ 56.848222][ T4775] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.856677][ T4767] EXT4-fs (loop0): Remounting filesystem read-only [ 56.874862][ T4767] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 56.887142][ T4767] ext4 filesystem being remounted at /76/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 56.922097][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.092558][ T4790] loop2: detected capacity change from 0 to 128 [ 57.129956][ T4792] loop2: detected capacity change from 0 to 512 [ 57.142889][ T4792] EXT4-fs error (device loop2): ext4_get_journal_inode:5809: inode #32: comm syz.2.360: iget: special inode unallocated [ 57.155764][ T4794] loop0: detected capacity change from 0 to 1024 [ 57.167512][ T4792] EXT4-fs (loop2): Remounting filesystem read-only [ 57.168029][ T3666] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.174085][ T4792] EXT4-fs (loop2): no journal found [ 57.188313][ T4792] EXT4-fs (loop2): can't get journal size [ 57.188543][ T4794] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 57.199642][ T4792] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 57.215980][ T4792] EXT4-fs (loop2): failed to initialize system zone (-117) [ 57.223406][ T4792] EXT4-fs (loop2): mount failed [ 57.269867][ T4792] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 57.277581][ T4792] SELinux: failed to load policy [ 57.286399][ T4799] vhci_hcd: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub [ 57.303846][ T4799] loop5: detected capacity change from 0 to 512 [ 57.319198][ T4799] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 57.339321][ T4799] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.370523][ T4799] EXT4-fs error (device loop5): ext4_do_update_inode:5153: inode #2: comm syz.5.362: corrupted inode contents [ 57.396826][ T4799] EXT4-fs error (device loop5): ext4_dirty_inode:6041: inode #2: comm syz.5.362: mark_inode_dirty error [ 57.408781][ T4799] EXT4-fs error (device loop5): ext4_do_update_inode:5153: inode #2: comm syz.5.362: corrupted inode contents [ 57.448529][ T3666] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.508265][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.519790][ T4815] netlink: 12 bytes leftover after parsing attributes in process `syz.2.367'. [ 57.571395][ T4821] netlink: 8 bytes leftover after parsing attributes in process `syz.0.368'. [ 57.683383][ T29] kauditd_printk_skb: 292 callbacks suppressed [ 57.683401][ T29] audit: type=1326 audit(1736177705.159:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4805 comm="syz.4.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd4230dcce7 code=0x7ffc0000 [ 57.721863][ T29] audit: type=1326 audit(1736177705.159:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4805 comm="syz.4.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd423081f29 code=0x7ffc0000 [ 57.745341][ T29] audit: type=1326 audit(1736177705.159:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4805 comm="syz.4.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7fd4230e5d29 code=0x7ffc0000 [ 57.768854][ T29] audit: type=1326 audit(1736177705.169:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4805 comm="syz.4.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd4230dcce7 code=0x7ffc0000 [ 57.792191][ T29] audit: type=1326 audit(1736177705.169:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4805 comm="syz.4.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd423081f29 code=0x7ffc0000 [ 57.815525][ T29] audit: type=1326 audit(1736177705.169:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4805 comm="syz.4.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7fd4230e5d29 code=0x7ffc0000 [ 57.839100][ T29] audit: type=1326 audit(1736177705.169:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4805 comm="syz.4.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd4230dcce7 code=0x7ffc0000 [ 57.863105][ T29] audit: type=1326 audit(1736177705.169:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4805 comm="syz.4.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd423081f29 code=0x7ffc0000 [ 57.886480][ T29] audit: type=1326 audit(1736177705.169:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4805 comm="syz.4.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7fd4230e5d29 code=0x7ffc0000 [ 57.910305][ T29] audit: type=1326 audit(1736177705.199:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4805 comm="syz.4.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd4230dcce7 code=0x7ffc0000 [ 57.974071][ T4834] bridge_slave_0: left allmulticast mode [ 57.979780][ T4834] bridge_slave_0: left promiscuous mode [ 57.985567][ T4834] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.034460][ T4834] bridge_slave_1: left allmulticast mode [ 58.037796][ T4838] loop3: detected capacity change from 0 to 512 [ 58.040358][ T4834] bridge_slave_1: left promiscuous mode [ 58.047354][ T4838] EXT4-fs: Ignoring removed orlov option [ 58.052360][ T4834] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.066009][ T4838] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 58.076391][ T4838] EXT4-fs (loop3): orphan cleanup on readonly fs [ 58.083464][ T4838] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.375: bg 0: block 248: padding at end of block bitmap is not set [ 58.098458][ T4838] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.375: Failed to acquire dquot type 1 [ 58.110660][ T4838] EXT4-fs (loop3): 1 truncate cleaned up [ 58.111763][ T4834] bond0: (slave bond_slave_0): Releasing backup interface [ 58.125126][ T4834] bond0: (slave bond_slave_1): Releasing backup interface [ 58.133633][ T4838] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 58.143983][ T4834] team0: Port device team_slave_0 removed [ 58.151664][ T4834] team0: Port device team_slave_1 removed [ 58.157641][ T4838] EXT4-fs error (device loop3): __ext4_remount:6749: comm syz.3.375: Abort forced by user [ 58.158159][ T4834] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 58.168284][ T4838] EXT4-fs (loop3): Remounting filesystem read-only [ 58.181329][ T4838] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 58.192702][ T4834] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 58.193518][ T4838] ext4 filesystem being remounted at /76/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 59.458604][ T4854] loop2: detected capacity change from 0 to 1024 [ 59.572821][ T4856] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 59.599760][ T4856] SELinux: failed to load policy [ 59.783999][ T4867] loop3: detected capacity change from 0 to 512 [ 59.790690][ T4867] EXT4-fs: Ignoring removed orlov option [ 59.802971][ T4867] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 59.821975][ T4867] EXT4-fs (loop3): orphan cleanup on readonly fs [ 59.851333][ T4867] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.384: bg 0: block 248: padding at end of block bitmap is not set [ 59.870320][ T4876] loop4: detected capacity change from 0 to 512 [ 59.871071][ T4867] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.384: Failed to acquire dquot type 1 [ 59.877001][ T4876] EXT4-fs: Ignoring removed orlov option [ 59.890022][ T4867] EXT4-fs (loop3): 1 truncate cleaned up [ 59.906796][ T4876] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 59.944845][ T4867] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 60.017925][ T4876] EXT4-fs (loop4): orphan cleanup on readonly fs [ 60.024577][ T4867] EXT4-fs error (device loop3): __ext4_remount:6749: comm syz.3.384: Abort forced by user [ 60.025185][ T4876] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.388: bg 0: block 248: padding at end of block bitmap is not set [ 60.046459][ T4867] EXT4-fs (loop3): Remounting filesystem read-only [ 60.049125][ T4876] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.388: Failed to acquire dquot type 1 [ 60.055791][ T4867] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 60.077577][ T4867] ext4 filesystem being remounted at /80/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 60.116845][ T4876] EXT4-fs (loop4): 1 truncate cleaned up [ 60.317648][ T4876] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 60.347476][ T4891] loop3: detected capacity change from 0 to 1024 [ 60.362898][ T4876] EXT4-fs error (device loop4): __ext4_remount:6749: comm syz.4.388: Abort forced by user [ 60.379974][ T4876] EXT4-fs (loop4): Remounting filesystem read-only [ 60.386617][ T4876] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 60.410886][ T4876] ext4 filesystem being remounted at /65/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 60.438097][ T4901] loop0: detected capacity change from 0 to 512 [ 60.447144][ T4901] EXT4-fs error (device loop0): ext4_get_journal_inode:5809: inode #32: comm syz.0.396: iget: special inode unallocated [ 60.475686][ T4901] EXT4-fs (loop0): Remounting filesystem read-only [ 60.482266][ T4901] EXT4-fs (loop0): no journal found [ 60.487569][ T4901] EXT4-fs (loop0): can't get journal size [ 60.504158][ T4901] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 60.526047][ T4901] EXT4-fs (loop0): failed to initialize system zone (-117) [ 60.533448][ T4901] EXT4-fs (loop0): mount failed [ 60.995759][ T4927] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 61.004700][ T4927] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 61.013713][ T4927] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 61.022625][ T4927] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 61.193847][ T4936] loop5: detected capacity change from 0 to 512 [ 61.207775][ T4936] EXT4-fs error (device loop5): ext4_get_journal_inode:5809: inode #32: comm syz.5.411: iget: special inode unallocated [ 61.232165][ T4936] EXT4-fs (loop5): Remounting filesystem read-only [ 61.239066][ T4936] EXT4-fs (loop5): no journal found [ 61.244394][ T4936] EXT4-fs (loop5): can't get journal size [ 61.345085][ T4937] netlink: 4 bytes leftover after parsing attributes in process `syz.3.408'. [ 61.492784][ T4936] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 61.677344][ T4936] EXT4-fs (loop5): failed to initialize system zone (-117) [ 61.687611][ T4936] EXT4-fs (loop5): mount failed [ 62.418572][ T4977] netlink: 4 bytes leftover after parsing attributes in process `syz.0.422'. [ 62.960999][ T4995] 9pnet_fd: Insufficient options for proto=fd [ 63.082352][ T5007] loop5: detected capacity change from 0 to 512 [ 63.093231][ T5007] EXT4-fs: Ignoring removed orlov option [ 63.099690][ T5007] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 63.110924][ T5007] EXT4-fs (loop5): orphan cleanup on readonly fs [ 63.119059][ T5007] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.438: bg 0: block 248: padding at end of block bitmap is not set [ 63.135331][ T5007] __quota_error: 124 callbacks suppressed [ 63.135348][ T5007] Quota error (device loop5): write_blk: dquota write failed [ 63.148552][ T5007] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 63.158524][ T5007] EXT4-fs error (device loop5): ext4_acquire_dquot:6938: comm syz.5.438: Failed to acquire dquot type 1 [ 63.176753][ T5007] EXT4-fs (loop5): 1 truncate cleaned up [ 63.862430][ T5015] netlink: 4 bytes leftover after parsing attributes in process `syz.4.439'. [ 64.330477][ T5007] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 64.356717][ T29] audit: type=1400 audit(1736177711.819:1255): avc: denied { read write } for pid=5024 comm="syz.4.443" name="ppp" dev="devtmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 64.379936][ T29] audit: type=1400 audit(1736177711.819:1256): avc: denied { open } for pid=5024 comm="syz.4.443" path="/dev/ppp" dev="devtmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 64.463993][ T5007] EXT4-fs error (device loop5): __ext4_remount:6749: comm syz.5.438: Abort forced by user [ 64.576234][ T5007] EXT4-fs (loop5): Remounting filesystem read-only [ 64.583102][ T5007] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 64.596138][ T5007] ext4 filesystem being remounted at /68/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 64.659589][ T29] audit: type=1400 audit(1736177712.139:1257): avc: denied { ioctl } for pid=5024 comm="syz.4.443" path="/dev/ppp" dev="devtmpfs" ino=139 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 65.383630][ T5057] netlink: 'syz.0.454': attribute type 39 has an invalid length. [ 65.444575][ T5057] xt_hashlimit: max too large, truncated to 1048576 [ 65.450858][ T5061] loop2: detected capacity change from 0 to 512 [ 65.459116][ T5061] EXT4-fs: Ignoring removed orlov option [ 65.472878][ T5061] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 65.482993][ T5061] EXT4-fs (loop2): orphan cleanup on readonly fs [ 65.492014][ T5061] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.456: bg 0: block 248: padding at end of block bitmap is not set [ 65.495974][ T5064] loop0: detected capacity change from 0 to 1024 [ 65.508718][ T5061] Quota error (device loop2): write_blk: dquota write failed [ 65.520111][ T5061] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 65.530072][ T5061] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.456: Failed to acquire dquot type 1 [ 65.544022][ T5061] EXT4-fs (loop2): 1 truncate cleaned up [ 65.558522][ T5061] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 65.587122][ T5061] EXT4-fs error (device loop2): __ext4_remount:6749: comm syz.2.456: Abort forced by user [ 65.640837][ T5061] EXT4-fs (loop2): Remounting filesystem read-only [ 65.647413][ T5061] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 65.670929][ T5061] ext4 filesystem being remounted at /95/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 65.891331][ T5084] loop2: detected capacity change from 0 to 128 [ 66.018656][ T5092] loop2: detected capacity change from 0 to 512 [ 66.034136][ T5092] EXT4-fs: Ignoring removed orlov option [ 66.125770][ T5092] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 66.141154][ T5092] EXT4-fs (loop2): orphan cleanup on readonly fs [ 66.154749][ T5092] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.468: bg 0: block 248: padding at end of block bitmap is not set [ 66.169846][ T5092] Quota error (device loop2): write_blk: dquota write failed [ 66.170461][ T29] audit: type=1400 audit(1736177713.649:1258): avc: denied { unlink } for pid=2981 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 66.177356][ T5092] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 66.209870][ T5092] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.468: Failed to acquire dquot type 1 [ 66.233721][ T5092] EXT4-fs (loop2): 1 truncate cleaned up [ 66.258360][ T5108] syz.3.473[5108] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 66.258429][ T5108] syz.3.473[5108] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 66.270163][ T5108] syz.3.473[5108] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 66.281705][ T5092] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 66.295415][ T5108] loop3: detected capacity change from 0 to 512 [ 66.309715][ T5108] ext4: Bad value for 'dax' [ 66.333416][ T5092] EXT4-fs error (device loop2): __ext4_remount:6749: comm syz.2.468: Abort forced by user [ 66.344362][ T5092] EXT4-fs (loop2): Remounting filesystem read-only [ 66.350976][ T5092] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 66.363233][ T5092] ext4 filesystem being remounted at /99/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 66.462511][ T5119] SELinux: Context system_u:object_r:mouse_device_t:s0 is not valid (left unmapped). [ 66.529637][ T5128] loop2: detected capacity change from 0 to 128 [ 66.580566][ T5131] loop5: detected capacity change from 0 to 1024 [ 66.697104][ T5137] loop3: detected capacity change from 0 to 128 [ 67.029322][ T5147] syz.3.484[5147] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.030095][ T5147] syz.3.484[5147] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.112059][ T5147] syz.3.484[5147] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.133747][ T5147] loop3: detected capacity change from 0 to 512 [ 67.151679][ T5147] ext4: Bad value for 'dax' [ 67.180127][ T5155] random: crng reseeded on system resumption [ 67.188048][ T5151] netlink: 12 bytes leftover after parsing attributes in process `syz.0.487'. [ 67.272997][ T3666] EXT4-fs unmount: 19 callbacks suppressed [ 67.273015][ T3666] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.319057][ T5160] xt_hashlimit: max too large, truncated to 1048576 [ 67.344757][ T5165] SELinux: policydb version 0 does not match my version range 15-33 [ 67.355058][ T5165] SELinux: failed to load policy [ 67.545694][ T5181] netlink: 4 bytes leftover after parsing attributes in process `syz.2.497'. [ 67.554577][ T5181] bridge_slave_1: left allmulticast mode [ 67.560358][ T5181] bridge_slave_1: left promiscuous mode [ 67.566089][ T5181] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.573707][ T5181] bridge_slave_0: left allmulticast mode [ 67.579413][ T5181] bridge_slave_0: left promiscuous mode [ 67.585182][ T5181] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.705719][ T5187] netlink: zone id is out of range [ 67.711004][ T5187] netlink: get zone limit has 4 unknown bytes [ 67.734099][ T5189] syz.2.500[5189] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.734279][ T5189] syz.2.500[5189] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.745811][ T5189] syz.2.500[5189] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.766206][ T5189] loop2: detected capacity change from 0 to 512 [ 67.784557][ T5189] ext4: Bad value for 'dax' [ 67.817603][ T5192] loop0: detected capacity change from 0 to 512 [ 67.833253][ T5192] EXT4-fs: Ignoring removed orlov option [ 67.842087][ T5192] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 67.851397][ T5192] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.858668][ T5192] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.501: bg 0: block 248: padding at end of block bitmap is not set [ 67.878366][ T5192] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.501: Failed to acquire dquot type 1 [ 67.896368][ T5192] EXT4-fs (loop0): 1 truncate cleaned up [ 67.907092][ T5192] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 67.925374][ T5197] Cannot find del_set index 0 as target [ 67.932744][ T5192] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 67.956854][ T5192] EXT4-fs error (device loop0): __ext4_remount:6749: comm syz.0.501: Abort forced by user [ 67.974481][ T5192] EXT4-fs (loop0): Remounting filesystem read-only [ 67.981125][ T5192] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 68.003323][ T5192] ext4 filesystem being remounted at /107/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 68.034614][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.171588][ T5203] SELinux: policydb version 0 does not match my version range 15-33 [ 68.181054][ T5203] SELinux: failed to load policy [ 68.286873][ T5209] loop2: detected capacity change from 0 to 128 [ 68.310020][ T29] kauditd_printk_skb: 39 callbacks suppressed [ 68.310037][ T29] audit: type=1326 audit(1736177715.789:1296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5211 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39c6f5d29 code=0x7ffc0000 [ 68.365708][ T29] audit: type=1326 audit(1736177715.789:1297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5211 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe39c6f5d29 code=0x7ffc0000 [ 68.389222][ T29] audit: type=1326 audit(1736177715.789:1298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5211 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39c6f5d29 code=0x7ffc0000 [ 68.412644][ T29] audit: type=1326 audit(1736177715.799:1299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5211 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fe39c6f5d29 code=0x7ffc0000 [ 68.436067][ T29] audit: type=1326 audit(1736177715.799:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5211 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39c6f5d29 code=0x7ffc0000 [ 68.459427][ T29] audit: type=1326 audit(1736177715.799:1301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5211 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fe39c6f5d29 code=0x7ffc0000 [ 68.482817][ T29] audit: type=1326 audit(1736177715.799:1302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5211 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39c6f5d29 code=0x7ffc0000 [ 68.504496][ T5226] syz.3.512[5226] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 68.506449][ T29] audit: type=1326 audit(1736177715.799:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5211 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe39c6f5d29 code=0x7ffc0000 [ 68.519235][ T5225] FAULT_INJECTION: forcing a failure. [ 68.519235][ T5225] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 68.541353][ T29] audit: type=1326 audit(1736177715.799:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5211 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39c6f5d29 code=0x7ffc0000 [ 68.554376][ T5225] CPU: 0 UID: 0 PID: 5225 Comm: syz.2.511 Tainted: G W 6.13.0-rc6-syzkaller #0 [ 68.577768][ T29] audit: type=1326 audit(1736177715.799:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5211 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39c6f5d29 code=0x7ffc0000 [ 68.587935][ T5225] Tainted: [W]=WARN [ 68.587962][ T5225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 68.587977][ T5225] Call Trace: [ 68.587985][ T5225] [ 68.587995][ T5225] dump_stack_lvl+0xf2/0x150 [ 68.588044][ T5225] dump_stack+0x15/0x1a [ 68.640321][ T5225] should_fail_ex+0x223/0x230 [ 68.645028][ T5225] should_fail+0xb/0x10 [ 68.649194][ T5225] should_fail_usercopy+0x1a/0x20 [ 68.654260][ T5225] _copy_from_iter+0xd5/0xd00 [ 68.658977][ T5225] ? kmalloc_reserve+0x16e/0x190 [ 68.663925][ T5225] ? __build_skb_around+0x196/0x1f0 [ 68.669128][ T5225] ? __alloc_skb+0x21f/0x310 [ 68.673723][ T5225] ? __virt_addr_valid+0x1ed/0x250 [ 68.678872][ T5225] ? __check_object_size+0x364/0x520 [ 68.684170][ T5225] netlink_sendmsg+0x460/0x6e0 [ 68.688954][ T5225] ? __pfx_netlink_sendmsg+0x10/0x10 [ 68.694297][ T5225] __sock_sendmsg+0x140/0x180 [ 68.699206][ T5225] ____sys_sendmsg+0x312/0x410 [ 68.703997][ T5225] __sys_sendmmsg+0x227/0x4b0 [ 68.708829][ T5225] __x64_sys_sendmmsg+0x57/0x70 [ 68.713873][ T5225] x64_sys_call+0x29aa/0x2dc0 [ 68.718742][ T5225] do_syscall_64+0xc9/0x1c0 [ 68.723362][ T5225] ? clear_bhb_loop+0x55/0xb0 [ 68.728133][ T5225] ? clear_bhb_loop+0x55/0xb0 [ 68.732873][ T5225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.738933][ T5225] RIP: 0033:0x7ff6c65e5d29 [ 68.743407][ T5225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.763108][ T5225] RSP: 002b:00007ff6c4c51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 68.771526][ T5225] RAX: ffffffffffffffda RBX: 00007ff6c67d5fa0 RCX: 00007ff6c65e5d29 [ 68.779566][ T5225] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 68.787609][ T5225] RBP: 00007ff6c4c51090 R08: 0000000000000000 R09: 0000000000000000 [ 68.795667][ T5225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 68.803656][ T5225] R13: 0000000000000000 R14: 00007ff6c67d5fa0 R15: 00007ffd474059b8 [ 68.811670][ T5225] [ 68.818818][ T5221] netlink: 16 bytes leftover after parsing attributes in process `syz.5.506'. [ 68.861587][ T5226] loop3: detected capacity change from 0 to 512 [ 68.865238][ T5230] loop2: detected capacity change from 0 to 1024 [ 68.874577][ T5226] ext4: Bad value for 'dax' [ 68.922417][ T5230] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 69.087674][ T5249] loop5: detected capacity change from 0 to 512 [ 69.104743][ T5249] EXT4-fs error (device loop5): ext4_get_journal_inode:5809: inode #32: comm syz.5.520: iget: special inode unallocated [ 69.119128][ T5249] EXT4-fs (loop5): Remounting filesystem read-only [ 69.125813][ T5249] EXT4-fs (loop5): no journal found [ 69.131183][ T5249] EXT4-fs (loop5): can't get journal size [ 69.149717][ T5249] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 69.161906][ T3302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.163750][ T5249] EXT4-fs (loop5): failed to initialize system zone (-117) [ 69.178902][ T5249] EXT4-fs (loop5): mount failed [ 69.219109][ T5249] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 69.227041][ T5249] SELinux: failed to load policy [ 69.293222][ T5258] loop4: detected capacity change from 0 to 512 [ 69.313857][ T5259] loop2: detected capacity change from 0 to 512 [ 69.322084][ T5259] EXT4-fs: Ignoring removed orlov option [ 69.339152][ T5260] loop5: detected capacity change from 0 to 128 [ 69.348993][ T5258] EXT4-fs error (device loop4): ext4_get_journal_inode:5809: inode #32: comm syz.4.523: iget: special inode unallocated [ 69.367142][ T5259] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 69.400119][ T5258] EXT4-fs (loop4): Remounting filesystem read-only [ 69.406730][ T5258] EXT4-fs (loop4): no journal found [ 69.411956][ T5258] EXT4-fs (loop4): can't get journal size [ 69.426199][ T5259] EXT4-fs (loop2): orphan cleanup on readonly fs [ 69.445990][ T5259] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.531: bg 0: block 248: padding at end of block bitmap is not set [ 69.461875][ T5263] loop5: detected capacity change from 0 to 512 [ 69.470159][ T5258] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 69.480432][ T5263] EXT4-fs: Ignoring removed orlov option [ 69.500246][ T5259] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.531: Failed to acquire dquot type 1 [ 69.513720][ T5263] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 69.522884][ T5258] EXT4-fs (loop4): failed to initialize system zone (-117) [ 69.532012][ T5259] EXT4-fs (loop2): 1 truncate cleaned up [ 69.538237][ T5258] EXT4-fs (loop4): mount failed [ 69.543881][ T5263] EXT4-fs (loop5): orphan cleanup on readonly fs [ 69.554398][ T5259] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 69.576514][ T5263] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.524: bg 0: block 248: padding at end of block bitmap is not set [ 69.611596][ T5259] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 69.622675][ T5263] EXT4-fs error (device loop5): ext4_acquire_dquot:6938: comm syz.5.524: Failed to acquire dquot type 1 [ 69.639663][ T5263] EXT4-fs (loop5): 1 truncate cleaned up [ 69.649408][ T5263] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 69.664824][ T5259] EXT4-fs error (device loop2): __ext4_remount:6749: comm syz.2.531: Abort forced by user [ 69.677847][ T5259] EXT4-fs (loop2): Remounting filesystem read-only [ 69.684457][ T5259] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 69.685720][ T5267] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 69.695380][ T5259] ext4 filesystem being remounted at /112/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 69.718143][ T5263] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 69.737448][ T5263] EXT4-fs error (device loop5): __ext4_remount:6749: comm syz.5.524: Abort forced by user [ 69.751321][ T5263] EXT4-fs (loop5): Remounting filesystem read-only [ 69.757903][ T5263] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 69.772281][ T3302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.781544][ T5263] ext4 filesystem being remounted at /80/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 69.787611][ T5276] loop4: detected capacity change from 0 to 512 [ 69.800170][ T5276] ext4: Bad value for 'dax' [ 69.848886][ T3666] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.885064][ T5279] netlink: 8 bytes leftover after parsing attributes in process `syz.2.527'. [ 70.170402][ T5306] loop0: detected capacity change from 0 to 512 [ 70.174158][ T5306] ext4: Bad value for 'dax' [ 70.198449][ T5302] wireguard0: entered promiscuous mode [ 70.198531][ T5302] wireguard0: entered allmulticast mode [ 70.232082][ T5312] loop0: detected capacity change from 0 to 512 [ 70.232746][ T5312] EXT4-fs: Ignoring removed orlov option [ 70.288135][ T5312] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 70.299042][ T5312] EXT4-fs (loop0): orphan cleanup on readonly fs [ 70.306320][ T5312] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.540: bg 0: block 248: padding at end of block bitmap is not set [ 70.323266][ T5312] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.540: Failed to acquire dquot type 1 [ 70.342027][ T5312] EXT4-fs (loop0): 1 truncate cleaned up [ 70.375221][ T5312] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 70.393618][ T5312] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 70.407207][ T5312] EXT4-fs error (device loop0): __ext4_remount:6749: comm syz.0.540: Abort forced by user [ 70.421721][ T5312] EXT4-fs (loop0): Remounting filesystem read-only [ 70.428377][ T5312] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 70.438885][ T5312] ext4 filesystem being remounted at /115/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 70.460130][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.051045][ T5348] FAULT_INJECTION: forcing a failure. [ 71.051045][ T5348] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 71.064325][ T5348] CPU: 0 UID: 0 PID: 5348 Comm: syz.4.554 Tainted: G W 6.13.0-rc6-syzkaller #0 [ 71.074730][ T5348] Tainted: [W]=WARN [ 71.078529][ T5348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 71.088641][ T5348] Call Trace: [ 71.091917][ T5348] [ 71.094857][ T5348] dump_stack_lvl+0xf2/0x150 [ 71.099499][ T5348] dump_stack+0x15/0x1a [ 71.103668][ T5348] should_fail_ex+0x223/0x230 [ 71.108407][ T5348] should_fail+0xb/0x10 [ 71.112589][ T5348] should_fail_usercopy+0x1a/0x20 [ 71.117652][ T5348] _copy_to_user+0x20/0xa0 [ 71.122078][ T5348] simple_read_from_buffer+0xa0/0x110 [ 71.127462][ T5348] proc_fail_nth_read+0xf9/0x140 [ 71.132437][ T5348] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 71.138044][ T5348] vfs_read+0x1a2/0x700 [ 71.142257][ T5348] ? __rcu_read_unlock+0x4e/0x70 [ 71.147286][ T5348] ? __fget_files+0x17c/0x1c0 [ 71.152075][ T5348] ksys_read+0xe8/0x1b0 [ 71.156281][ T5348] __x64_sys_read+0x42/0x50 [ 71.160828][ T5348] x64_sys_call+0x2874/0x2dc0 [ 71.165552][ T5348] do_syscall_64+0xc9/0x1c0 [ 71.170079][ T5348] ? clear_bhb_loop+0x55/0xb0 [ 71.174777][ T5348] ? clear_bhb_loop+0x55/0xb0 [ 71.179472][ T5348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.185458][ T5348] RIP: 0033:0x7fd4230e473c [ 71.189894][ T5348] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 71.209509][ T5348] RSP: 002b:00007fd421757030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 71.218026][ T5348] RAX: ffffffffffffffda RBX: 00007fd4232d5fa0 RCX: 00007fd4230e473c [ 71.226040][ T5348] RDX: 000000000000000f RSI: 00007fd4217570a0 RDI: 0000000000000005 [ 71.234030][ T5348] RBP: 00007fd421757090 R08: 0000000000000000 R09: 0000000000000000 [ 71.242001][ T5348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 71.250234][ T5348] R13: 0000000000000000 R14: 00007fd4232d5fa0 R15: 00007ffcc589ade8 [ 71.258284][ T5348] [ 71.373180][ T5358] loop4: detected capacity change from 0 to 1024 [ 71.381206][ T5357] loop3: detected capacity change from 0 to 1024 [ 71.405098][ T5352] loop5: detected capacity change from 0 to 512 [ 71.559313][ T5352] EXT4-fs error (device loop5): ext4_get_journal_inode:5809: inode #32: comm syz.5.555: iget: special inode unallocated [ 71.575973][ T5358] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 71.601678][ T5357] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 71.655876][ T5352] EXT4-fs (loop5): Remounting filesystem read-only [ 71.662550][ T5352] EXT4-fs (loop5): no journal found [ 71.667927][ T5352] EXT4-fs (loop5): can't get journal size [ 71.801816][ T5352] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 71.838950][ T5374] netlink: 'syz.0.562': attribute type 39 has an invalid length. [ 71.845685][ T5352] EXT4-fs (loop5): failed to initialize system zone (-117) [ 71.854296][ T5352] EXT4-fs (loop5): mount failed [ 72.047799][ T5387] netlink: 8 bytes leftover after parsing attributes in process `syz.2.566'. [ 72.082869][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.141245][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.949812][ T5410] netlink: 4 bytes leftover after parsing attributes in process `syz.4.572'. [ 73.387022][ T5417] netlink: 'syz.3.574': attribute type 39 has an invalid length. [ 73.408797][ T5421] loop2: detected capacity change from 0 to 512 [ 73.415527][ T5421] EXT4-fs: Ignoring removed orlov option [ 73.442328][ T5421] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.458752][ T5417] xt_hashlimit: max too large, truncated to 1048576 [ 73.479136][ T5421] EXT4-fs (loop2): orphan cleanup on readonly fs [ 73.527250][ T5421] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.577: bg 0: block 248: padding at end of block bitmap is not set [ 73.588449][ T5421] __quota_error: 321 callbacks suppressed [ 73.588469][ T5421] Quota error (device loop2): write_blk: dquota write failed [ 73.601636][ T5421] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 73.611690][ T5421] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.577: Failed to acquire dquot type 1 [ 73.635555][ T5436] loop5: detected capacity change from 0 to 1024 [ 73.647721][ T5421] EXT4-fs (loop2): 1 truncate cleaned up [ 73.659801][ T5421] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 73.672686][ T5436] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.689613][ T5421] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 73.706700][ T5421] EXT4-fs error (device loop2): __ext4_remount:6749: comm syz.2.577: Abort forced by user [ 73.728128][ T5421] EXT4-fs (loop2): Remounting filesystem read-only [ 73.734734][ T5421] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 73.755476][ T5421] ext4 filesystem being remounted at /125/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 73.819169][ T3302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.943481][ T5451] netlink: 16 bytes leftover after parsing attributes in process `syz.0.585'. [ 73.965990][ T3666] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.081855][ T5467] loop2: detected capacity change from 0 to 512 [ 74.090700][ T5467] EXT4-fs: Ignoring removed orlov option [ 74.098974][ T5467] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 74.110355][ T5467] EXT4-fs (loop2): orphan cleanup on readonly fs [ 74.118873][ T5467] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.593: bg 0: block 248: padding at end of block bitmap is not set [ 74.133418][ T5467] Quota error (device loop2): write_blk: dquota write failed [ 74.140947][ T5467] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 74.150954][ T5467] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.593: Failed to acquire dquot type 1 [ 74.165055][ T5467] EXT4-fs (loop2): 1 truncate cleaned up [ 74.171459][ T5467] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 74.189787][ T5467] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 74.206040][ T5467] EXT4-fs error (device loop2): __ext4_remount:6749: comm syz.2.593: Abort forced by user [ 74.216334][ T5467] EXT4-fs (loop2): Remounting filesystem read-only [ 74.223012][ T5467] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 74.233717][ T5467] ext4 filesystem being remounted at /129/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 74.258215][ T3302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.399349][ T5483] loop5: detected capacity change from 0 to 512 [ 74.406694][ T5483] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 74.427236][ T5483] EXT4-fs (loop5): orphan cleanup on readonly fs [ 74.433632][ T5483] EXT4-fs error (device loop5): ext4_ext_check_inode:524: inode #3: comm syz.5.599: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 74.594695][ T5485] netlink: 4 bytes leftover after parsing attributes in process `syz.2.596'. [ 74.706187][ T5483] EXT4-fs error (device loop5): ext4_quota_enable:7115: comm syz.5.599: Bad quota inode: 3, type: 0 [ 74.924040][ T2999] ================================================================== [ 74.931850][ T5492] netlink: 596 bytes leftover after parsing attributes in process `syz.3.602'. [ 74.932157][ T2999] BUG: KCSAN: data-race in atime_needs_update / inode_set_ctime_current [ 74.949403][ T2999] [ 74.951744][ T2999] write to 0xffff8881203a7250 of 8 bytes by task 3279 on cpu 0: [ 74.955634][ T5483] EXT4-fs warning (device loop5): ext4_enable_quotas:7156: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 74.959375][ T2999] inode_set_ctime_current+0x4ea/0x7a0 [ 74.973998][ T5483] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 74.979425][ T2999] shmem_unlink+0x114/0x170 [ 74.979461][ T2999] vfs_unlink+0x275/0x430 [ 74.979492][ T2999] do_unlinkat+0x237/0x4d0 [ 74.979521][ T2999] __x64_sys_unlink+0x2e/0x40 [ 74.979553][ T2999] x64_sys_call+0x2329/0x2dc0 [ 74.979575][ T2999] do_syscall_64+0xc9/0x1c0 [ 75.013372][ T2999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.019301][ T2999] [ 75.021640][ T2999] read to 0xffff8881203a7250 of 8 bytes by task 2999 on cpu 1: [ 75.029251][ T2999] atime_needs_update+0x2ed/0x3e0 [ 75.034303][ T2999] touch_atime+0x4a/0x350 [ 75.038665][ T2999] do_readlinkat+0x12b/0x210 [ 75.043291][ T2999] __x64_sys_readlink+0x47/0x60 [ 75.048153][ T2999] x64_sys_call+0x28ba/0x2dc0 [ 75.052840][ T2999] do_syscall_64+0xc9/0x1c0 [ 75.057369][ T2999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.063314][ T2999] [ 75.065643][ T2999] value changed: 0x00000000677bf839 -> 0x00000000677bf83a [ 75.072766][ T2999] [ 75.075097][ T2999] Reported by Kernel Concurrency Sanitizer on: [ 75.081262][ T2999] CPU: 1 UID: 0 PID: 2999 Comm: udevd Tainted: G W 6.13.0-rc6-syzkaller #0 [ 75.091270][ T2999] Tainted: [W]=WARN [ 75.095199][ T2999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 75.105275][ T2999] ================================================================== [ 75.114207][ T5483] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 75.129468][ T5497] FAULT_INJECTION: forcing a failure. [ 75.129468][ T5497] name failslab, interval 1, probability 0, space 0, times 0 [ 75.142139][ T5497] CPU: 0 UID: 0 PID: 5497 Comm: syz.0.603 Tainted: G W 6.13.0-rc6-syzkaller #0 [ 75.152533][ T5497] Tainted: [W]=WARN [ 75.156358][ T5497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 75.166437][ T5497] Call Trace: [ 75.169722][ T5497] [ 75.172660][ T5497] dump_stack_lvl+0xf2/0x150 [ 75.177337][ T5497] dump_stack+0x15/0x1a [ 75.181512][ T5497] should_fail_ex+0x223/0x230 [ 75.186258][ T5497] should_failslab+0x8f/0xb0 [ 75.191068][ T5497] kmem_cache_alloc_noprof+0x52/0x320 [ 75.196524][ T5497] ? alloc_empty_file+0xd0/0x200 [ 75.201546][ T5497] alloc_empty_file+0xd0/0x200 [ 75.206321][ T5497] path_openat+0x6a/0x1fa0 [ 75.210772][ T5497] ? _parse_integer_limit+0x167/0x180 [ 75.216156][ T5497] ? _parse_integer+0x27/0x30 [ 75.220840][ T5497] ? kstrtoull+0x110/0x140 [ 75.225262][ T5497] ? kstrtouint+0x77/0xc0 [ 75.229605][ T5497] ? kstrtouint_from_user+0xb0/0xe0 [ 75.234895][ T5497] do_filp_open+0x107/0x230 [ 75.239581][ T5497] do_sys_openat2+0xab/0x120 [ 75.244247][ T5497] __x64_sys_openat+0xf3/0x120 [ 75.249024][ T5497] x64_sys_call+0x2b30/0x2dc0 [ 75.253788][ T5497] do_syscall_64+0xc9/0x1c0 [ 75.258382][ T5497] ? clear_bhb_loop+0x55/0xb0 [ 75.263069][ T5497] ? clear_bhb_loop+0x55/0xb0 [ 75.267755][ T5497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.273735][ T5497] RIP: 0033:0x7fe39c6f5d29 [ 75.278272][ T5497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.297893][ T5497] RSP: 002b:00007fe39ad61038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 75.306407][ T5497] RAX: ffffffffffffffda RBX: 00007fe39c8e5fa0 RCX: 00007fe39c6f5d29 [ 75.314393][ T5497] RDX: 0000000000000002 RSI: 0000000020000200 RDI: ffffffffffffff9c [ 75.322402][ T5497] RBP: 00007fe39ad61090 R08: 0000000000000000 R09: 0000000000000000 [ 75.330378][ T5497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 75.338355][ T5497] R13: 0000000000000000 R14: 00007fe39c8e5fa0 R15: 00007ffd953505a8 [ 75.346343][ T5497] SYZFAIL: failed to send rpc fd=3 want=29336 sent=0 n=-1 (errno 32: Broken pipe) [ 75.415671][ T29] audit: type=1400 audit(1736177722.879:1621): avc: denied { write } for pid=3283 comm="syz-executor" path="pipe:[852]" dev="pipefs" ino=852 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 75.438903][ T29] audit: type=1400 audit(1736177722.879:1622): avc: denied { recv } for pid=3283 comm="syz-executor" saddr=10.128.0.163 src=49598 daddr=10.128.1.115 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 75.884785][ T5483] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.515115][ T56] bridge_slave_1: left allmulticast mode [ 76.520850][ T56] bridge_slave_1: left promiscuous mode [ 76.526603][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.536342][ T56] bridge_slave_0: left allmulticast mode [ 76.542078][ T56] bridge_slave_0: left promiscuous mode [ 76.547808][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.557461][ T56] bridge_slave_1: left allmulticast mode [ 76.563128][ T56] bridge_slave_1: left promiscuous mode [ 76.568926][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.578330][ T56] bridge_slave_0: left allmulticast mode [ 76.584034][ T56] bridge_slave_0: left promiscuous mode [ 76.589740][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.787734][ T56] bond0 (unregistering): Released all slaves [ 76.796289][ T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 76.805639][ T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 76.814593][ T56] bond0 (unregistering): Released all slaves [ 76.822936][ T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 76.832160][ T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 76.841711][ T56] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 76.850254][ T56] bond0 (unregistering): Released all slaves [ 76.858544][ T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 76.867755][ T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 76.876874][ T56] bond0 (unregistering): Released all slaves [ 76.960403][ T56] hsr_slave_0: left promiscuous mode [ 76.967476][ T56] hsr_slave_1: left promiscuous mode [ 76.973515][ T56] hsr_slave_0: left promiscuous mode [ 76.979567][ T56] hsr_slave_1: left promiscuous mode [ 76.985267][ T56] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 76.994819][ T56] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.002923][ T56] hsr_slave_0: left promiscuous mode [ 77.008645][ T56] hsr_slave_1: left promiscuous mode [ 77.014305][ T56] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.022189][ T56] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.030168][ T56] hsr_slave_0: left promiscuous mode [ 77.036384][ T56] hsr_slave_1: left promiscuous mode [ 77.042038][ T56] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.049645][ T56] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.105202][ T56] team0 (unregistering): Port device team_slave_1 removed [ 77.114546][ T56] team0 (unregistering): Port device team_slave_0 removed [ 77.159864][ T56] team0 (unregistering): Port device team_slave_1 removed [ 77.169410][ T56] team0 (unregistering): Port device team_slave_0 removed [ 77.211955][ T56] team0 (unregistering): Port device team_slave_1 removed [ 77.221309][ T56] team0 (unregistering): Port device team_slave_0 removed [ 77.942168][ T56] IPVS: stop unused estimator thread 0... [ 77.948240][ T56] IPVS: stop unused estimator thread 0... [ 77.954523][ T56] IPVS: stop unused estimator thread 0... [ 77.961003][ T56] IPVS: stop unused estimator thread 0... [ 78.000766][ T56] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.048274][ T56] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.118084][ T56] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.188253][ T56] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.247502][ T56] bridge_slave_1: left allmulticast mode [ 78.253196][ T56] bridge_slave_1: left promiscuous mode [ 78.258986][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.268627][ T56] bridge_slave_0: left allmulticast mode [ 78.274301][ T56] bridge_slave_0: left promiscuous mode [ 78.279966][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.347649][ T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 78.357485][ T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 78.367205][ T56] bond0 (unregistering): Released all slaves [ 78.408898][ T56] hsr_slave_0: left promiscuous mode [ 78.414961][ T56] hsr_slave_1: left promiscuous mode [ 78.420833][ T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 78.428385][ T56] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 78.435936][ T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 78.443331][ T56] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 78.453326][ T56] veth1_macvtap: left promiscuous mode [ 78.458970][ T56] veth0_macvtap: left promiscuous mode [ 78.511365][ T56] team0 (unregistering): Port device team_slave_1 removed [ 78.520430][ T56] team0 (unregistering): Port device team_slave_0 removed [ 78.883971][ T56] IPVS: stop unused estimator thread 0...