last executing test programs: 1.947783084s ago: executing program 0 (id=143): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 1.667288659s ago: executing program 0 (id=145): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0xfffffc01, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2809302060000ff41fd01020400000a00120002002800000019002d007fffffff0022de1330d54400009b84136ef75afb83de066a5900e1baac968300000000f2ff000001000000", 0x55}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0) 1.62871151s ago: executing program 0 (id=147): perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fe, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x5, 0x1, 0x8a, 0xe7c9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) 1.422172993s ago: executing program 2 (id=155): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a000000020000000900000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x18) r2 = timerfd_create(0x9, 0x80000) timerfd_gettime(r2, &(0x7f0000000040)) 1.396121344s ago: executing program 3 (id=156): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x10c42, &(0x7f0000000d80)=ANY=[@ANYBLOB="756e695f786c6174653d312c6e6f6e756d7461696c3d300000000000000008303030303030303030303034303030303030303030302c73686f72746e616d653d65722c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72f46e616d653d6d697865642c696f630100727365743d757466f69e75731725e72216799ebd57484a7e1948a8aa65667265652c757466383d312c6e66733d6e6f7374616c655f726f2c73686f72682e616d653d6d697865642c757466383d306d653d77696e6e742c007aea3388304ddedb3208ceb9b2c23924743277bd2c0d0019d44efede967f3df81cce421f7aafa8aa7c706311ab7a0ce39abf7858b6ba6ef5206da03692650000000000000001d0559b166f8c433d34c03a60999dea3bab649a260b216354ecc726cd1f6519546e8ef6ae17a0da1b9313ef4b5633c5f1bf756a7816d304d61c4d15539bae9f6e8dc91d178c85744c5cc226ca0568f9f6da8997bc10100b836488e47d0b7e6ccffaf123b1000000d6d876f2e37dde582f497ab6d4d11f7211b4aaf087f529ffc0000ee312a30cc69ae25ac6a986a76824020b12971980e00a27786eef1c2537fdcb1de9c4bed7175c6704f0c39d14da07a8edf97525a0c8138686d6e2b8d90102027245729e944719894ebe079bf1ab2b7002c54c5c714bff93d9475ff23f653874321e4ecc1ebd2baa44aea86a1617e53fcc5683e5c7b14e5158239aebf96ef3b73359414993575bf4e880ac24d7fee38c5a22f6fae6a22a2185cd5a25b7bc11062d649340f8220bfa18cae94fd73afbb38b2fc20a263e091c5eb14ce630628aaf65b7ccab9b4d3b2c220153cd28c86e6c8e58903c66698fd27f4f22a9fd1dd67d70de664e3b985f20ada8c0f531865a9093fe6d3cd52c721dcfe391a812583c4e745b824429ce98f2a7928d22c9b5302719058f593fddbbb60ca7f54653b33118a4e01fcfe3a2329576bf6a45353bf9f720cea11bf481ed7ed0979416e75e6fa5f6b699749e9d4446c849ed79650b35dd0bd6e1955fe9b0c09861cf61fd57be7ba905990ed7a4c5b3793959636630d74ecc23264ea54d4d2cc4f112f49319943f00"/797], 0x1, 0x27a, &(0x7f0000000540)="$eJzs3DFrE38cx/FP0/zbNKVNhr+CgvhFF12ONj4ACdKCGFBqI+ogXO1FQ85cyYVKRGw3FwcfR3F0E9Qn0MXN3a2L4FJQjCRNTdKmitr0onm/oHff5pdP8rvkEr53kNu6+fxBqRA6BbeqWMIUk9a1LaUbVctIax1r1mPqtK7zk5/en7p+6/aVbC43t2A2n128kDGz6dOvHz5+ceZtdfLGy+lX49pM39n6mPmweXzzxNbXxfvF0IqhlYOqubYUBFV3yfdsuRiWHLNrvueGnhXLoVfpGi/4wcpKzdzy8lRypeKFobnlmpW8mlUDq1Zq5t5zi2VzHMemksLP5DcWFtxs1LNA38Qbi0ol645Kmtg3nN+IYlIAACBanf2/Bq7/b3QtP+7/1+n//wD9/zBo9P/J1ue3G/0/AAAAAAAAAAAAAAAAAAAAAAB/g+16PVWv11O7692/cUkJSbv/Rz1P9Afv/3Dr+OFeQvKfruZX85I/0lg2ZAsqypenGaX0pbk/tOzU85dzczPWlNYbf62VX1vNj3bnZ5VSund+didv3fn/lOzMZ5TS/73zmZ75MZ0725F3lNK7uwrka7m5X7fzT2bNLl3N7clPNO8HAAAAAMC/wLHveh6/O85B4zv5Xzg/sOf4Oq6T8Wi3HQAAAACAYRHWHpVc3/cq0RSfWycLIp7GgBfHJP1W/GLHVV/bQ/F9txx28SwYlJduAIuEpEN9wAn1Y6oRfikBAAAA6It20x/1TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF5HccGzA546dsSbCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAETuWwAAAP//AmwlzQ==") creat(&(0x7f0000000400)='./bus\x00', 0x2c) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1054, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xbe, 0x10002, 0x0, 0x1, 0x11, 0x0, "ef359f413bb901527f00d1ce5d29c3ee5e5c9e000f7c41499dc2aac63a01000000004600004faa2ad9c084ba00100000000000000000000000000000000800", "036c47c6780820040000549ba197fc09000000000000000100002a00ffffffffffffffff0000ecffe8f2000000100000000000000000000000000000006e00", "b7fdbd7b0c00006b1700000000000000000000000001000000000000005200", [0x80000001, 0x9]}) 1.391449974s ago: executing program 2 (id=157): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) personality(0xf) 1.357856984s ago: executing program 2 (id=158): r0 = socket$netlink(0x10, 0x3, 0x8000000004) r1 = socket$unix(0x1, 0x1, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1) 1.338586975s ago: executing program 2 (id=159): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) 1.290611906s ago: executing program 3 (id=162): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x149442, 0x40) pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000240)=ANY=[@ANYBLOB="06000000000000000153d3000000000005"]) 1.235251437s ago: executing program 2 (id=163): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000005304"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x24000c90) 1.154641508s ago: executing program 2 (id=166): syz_usbip_server_init(0x4) syz_usbip_server_init(0x1) syz_usbip_server_init(0x2) syz_usbip_server_init(0x4) syz_usbip_server_init(0x4) 899.441783ms ago: executing program 0 (id=168): r0 = syz_clone(0x2180, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000040)='io\x00') pread64(r2, &(0x7f0000000140)=""/15, 0xf, 0x4) 806.080325ms ago: executing program 1 (id=171): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x22, 0x1, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x94}}, 0x0) 797.645816ms ago: executing program 3 (id=172): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) writev(r2, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1) 753.398196ms ago: executing program 1 (id=173): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), 0xffffffffffffffff) write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020086dd0300000000003000000060ec970012302c00fe8000000000000000000000000000aaff0200000000000000000000000000013a"], 0xfdef) 752.943236ms ago: executing program 0 (id=174): r0 = syz_io_uring_setup(0x110, &(0x7f0000000500)={0x0, 0x6d89, 0x0, 0x40000, 0x116}, &(0x7f0000000400)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_CONNECT={0x10, 0x1d, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x8aa, 0x0, 0x41, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, {0xfffffffffffffffc, 0x10000000000004}, 0x89}, 0x1) 518.982741ms ago: executing program 3 (id=176): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080002"], 0x10c}}, 0x0) 500.246221ms ago: executing program 0 (id=177): prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r0}, &(0x7f0000000600), &(0x7f0000000800)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) brk(0x200000001000) 486.417621ms ago: executing program 1 (id=178): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x11, 0x3, 0x4000000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000880)={'ip6gretap0\x00', 0x0}) bind$packet(r1, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0xe9, 0x4) sendmsg$netlink(r1, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="3f011400e0dc14"], 0xdd12}], 0x1}, 0x20040051) 471.461211ms ago: executing program 4 (id=179): sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x4, 0x8, 0x401, 0x0, 0x0, {0x3, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x8040}, 0x4000) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000a00)={r0, 0x0, 0x0}, 0x20) 438.474542ms ago: executing program 3 (id=180): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000004000), &(0x7f0000004040)}, 0x20) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) fdatasync(r2) 434.786882ms ago: executing program 4 (id=181): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) 423.961572ms ago: executing program 1 (id=182): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) recvmmsg(0xffffffffffffffff, &(0x7f0000006940)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000003c0)=""/6, 0x6}], 0x1}, 0x3}], 0x1, 0x40, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$sock(r1, &(0x7f00000044c0), 0x4000000000001c0, 0x0) recvfrom(r2, &(0x7f0000000040)=""/60, 0x3c, 0x40, 0x0, 0x0) 385.701493ms ago: executing program 4 (id=183): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r1}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SCAN(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0) 323.541505ms ago: executing program 3 (id=184): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0, 0x0, 0xf904}, 0x18) syz_clone(0x44066000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) 278.153525ms ago: executing program 4 (id=185): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000040)=@mangle={'mangle\x00', 0x64, 0x6, 0x500, 0x300, 0x300, 0x0, 0x300, 0x1a0, 0x578, 0x578, 0x578, 0x578, 0x578, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [], [], 'veth1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x300}}, {{@ipv6={@private0, @remote, [], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x1, 0x3, 0x44}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x560) r0 = socket$inet(0x2, 0x5, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000000100), 0x16, 0x0, 0x0) ppoll(&(0x7f0000000040)=[{r0}], 0x1, 0x0, 0x0, 0x0) 273.374385ms ago: executing program 1 (id=186): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_script(r0, &(0x7f00000010c0)={'#! ', './file0', [{0x20, ',\x04T\x0fB\xddN\xeb\x9a\x8e\xf5\xf22\xcc\x8b\x9ezU\x86m\xb9q\xa7\x8b\xc6*\x11\xf8\xc1\x83I\xc7#\x94\x8b\xa2\x1a$,\xe3T\x01\xaf\t\xa0m\xb8\x9e\xc3\xff\xd4\xe9i\xe6Y\xbb\x8b\xd3\xeb\x05\f\xe6\x81\xe3\x82:\xc6\xd8\xd90w\x96\xc4)\xa8\x97\xb9\xf6,\x17\xd3\'t/\xbeU\'\r\xa2v}\xdc\xbd\xdbe+\xc0.\x80 6G0\x18\'\xc7\x8e\xb1\xb0tJK\xd7V\xd7l4x@ 2p\xfd\x1e\xe9\x95\xd6G\xc8\xd97,\x9dy\x8b\xd3p\x98\xee\xd8\xa8\xd5\xe8e\t1\x82\xa5\xfc\x1e,\xbb\xa4\x80m\xd0\xf9\xcdi\xc4te$]\xb1\x19\xa2\xdf\x00P\xdc_\x9b\xbe\xeb\x14\x01\x89\xe5U\xb3\xb7\xfc\xce7\x99\xbb\xe5%\xd1c\xbeX\xeb<\xa9X4\xbc3\x98<\x10S\x81\xe8'}]}, 0xda) close(r0) execve(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000002200)={[&(0x7f0000000340)='^-%-\\x\\$})\'!&}*', &(0x7f0000000440)='syz0']}, 0x0) 220.943026ms ago: executing program 4 (id=187): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x10e, &(0x7f0000000280)={[{@init_itable_val={'init_itable', 0x3d, 0x957}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2a}}, {@stripe={'stripe', 0x3d, 0x8}}, {@orlov}, {@errors_remount}]}, 0x4, 0x46b, &(0x7f00000009c0)="$eJzs289vFFUcAPDvTFt+IxXxBz/UKhobf2yhgHLwotHEgyYmXvBY20KQhRpaEyFE0Rg8GhITj8ajiX+BJ70Y9WTiVe+GhBguoqcxsztDd9fttsC2A93PJ9nueztv9r3vvHm7b+Z1AxhYY/mfJGJbRPweETua2fYCY82n69cuTP9z7cJ0Eln21l9Jo9zf1y5Ml0XL/bYWmfE0Iv00ib1d6p0/d/7UVL0+e7bITyycfm9i/tz5506enjoxe2L2zOTRo4cPHXzh+ckjfYnz3rytez6c27f7tbcvvzF97PI7P3+blPF3xNEnY702Ppllfa6uWttb0snwCnYYWsXGsGJ5N+TdNdIY/ztiKBY7b0e8+kmljQNWVVZYYvPFDFjHkqi6BUA1yi/6/Pq3fKzd7KN6V19qXgDlcV8vHs0tw5EWZUY6rm/7aSwijl3896v8EatzHwIAoM33+fzn2W7zvzQeaCl3T2xsrA2NFmspOyPivojYFRH3RzTKPhgRD3WrpMeCQOciyf/nP+mVW49uefn878Vibat9/lfO/mJ0qMhtb8R/JI2ozx5oHJOI8RjZePxkffZgjzp+eOW3z5fa1jr/yx95/eVcsGjHleGN7fvMTC1M3U7Mra5+HLFnuFv8yY2VgCQidkfEnlus4+TT3+xbatvy8fewknWmZWRfRzzV7P+L0RF/Kem9PjmxKT8fJvKz4EDXOn759dKbS9V/W/H3Qd7/W7qe/zfiH01a12vnb+bdm6P70h+fLXlNU7ul83/xhQ3F8wdTCwtnD0ZsSF5vNrr19cnFfct8WT6Pf3x/9/G/MxaPxN6IyE/ihyPikYh4tIjusYh4PCL29zgKP738xLu9jlD3+Df1eMf+yeOf6ej/0fYiHf2/mNgQna90Twyd+vG79ndcSfylvP8PN1LjxSuNz78ve8e1knbd7NkMAAAAd6s0IrZFktZupNO0Vmv+D/+u2JLW5+YXnjk+9/6ZmeZvBEZjJC3vdDXvB48k5f3P0Zb8ZEf+UHHf+IuhzY18bXquPlN18DDgtraO//KWb6359KffaMD614d1NOAuZfzD4DL+YXAZ/zC4uoz/zVW0A1h73b7/P6qgHcDa6xj/lv1ggLj+h8E1HFlSdRuAarR+//sggIExvzmW/5H8ekhkWZbdAc1YP4lI74hm9CeRrPIo2FZ1gDefqPqTCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoD/+CwAA//9lEuuH") r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8f70000000000ff000044850000000e000000650000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) getdents(r0, &(0x7f0000000000)=""/27, 0x1b) 184.066757ms ago: executing program 1 (id=188): r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79ae, 0x3180, 0x7ffe, 0x40024e}, &(0x7f0000000300)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40018}) io_uring_register$IORING_UNREGISTER_EVENTFD(r0, 0x5, 0x0, 0x0) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0xfc) 0s ago: executing program 4 (id=189): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, 0x0, &(0x7f00000001c0)}, 0x20) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x80000, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x1018}, './file0\x00'}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.50' (ED25519) to the list of known hosts. [ 25.759561][ T29] audit: type=1400 audit(1750424163.978:62): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.760409][ T3296] cgroup: Unknown subsys name 'net' [ 25.782277][ T29] audit: type=1400 audit(1750424163.978:63): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.809619][ T29] audit: type=1400 audit(1750424164.008:64): avc: denied { unmount } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.938323][ T3296] cgroup: Unknown subsys name 'cpuset' [ 25.944338][ T3296] cgroup: Unknown subsys name 'rlimit' [ 26.073082][ T29] audit: type=1400 audit(1750424164.288:65): avc: denied { setattr } for pid=3296 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 26.098382][ T29] audit: type=1400 audit(1750424164.288:66): avc: denied { create } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.118835][ T29] audit: type=1400 audit(1750424164.288:67): avc: denied { write } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.125094][ T3298] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 26.139192][ T29] audit: type=1400 audit(1750424164.288:68): avc: denied { read } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 26.167977][ T29] audit: type=1400 audit(1750424164.298:69): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 26.178989][ T3296] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.192738][ T29] audit: type=1400 audit(1750424164.298:70): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 26.192768][ T29] audit: type=1400 audit(1750424164.358:71): avc: denied { relabelto } for pid=3298 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.215683][ T3306] chnl_net:caif_netlink_parms(): no params data found [ 28.282157][ T3306] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.289282][ T3306] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.296372][ T3306] bridge_slave_0: entered allmulticast mode [ 28.302908][ T3306] bridge_slave_0: entered promiscuous mode [ 28.311366][ T3306] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.318437][ T3306] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.325544][ T3306] bridge_slave_1: entered allmulticast mode [ 28.332263][ T3306] bridge_slave_1: entered promiscuous mode [ 28.352628][ T3306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.366934][ T3306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.403127][ T3312] chnl_net:caif_netlink_parms(): no params data found [ 28.432133][ T3306] team0: Port device team_slave_0 added [ 28.440742][ T3306] team0: Port device team_slave_1 added [ 28.453825][ T3305] chnl_net:caif_netlink_parms(): no params data found [ 28.475363][ T3314] chnl_net:caif_netlink_parms(): no params data found [ 28.506553][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.513516][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.539523][ T3306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.550550][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.557495][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.583505][ T3306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.613240][ T3311] chnl_net:caif_netlink_parms(): no params data found [ 28.633147][ T3312] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.640232][ T3312] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.647449][ T3312] bridge_slave_0: entered allmulticast mode [ 28.653901][ T3312] bridge_slave_0: entered promiscuous mode [ 28.662627][ T3312] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.669798][ T3312] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.677108][ T3312] bridge_slave_1: entered allmulticast mode [ 28.683449][ T3312] bridge_slave_1: entered promiscuous mode [ 28.718695][ T3306] hsr_slave_0: entered promiscuous mode [ 28.724718][ T3306] hsr_slave_1: entered promiscuous mode [ 28.741588][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.751781][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.785712][ T3305] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.792794][ T3305] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.799953][ T3305] bridge_slave_0: entered allmulticast mode [ 28.806264][ T3305] bridge_slave_0: entered promiscuous mode [ 28.812575][ T3314] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.819694][ T3314] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.826800][ T3314] bridge_slave_0: entered allmulticast mode [ 28.833112][ T3314] bridge_slave_0: entered promiscuous mode [ 28.842483][ T3312] team0: Port device team_slave_0 added [ 28.848297][ T3305] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.855401][ T3305] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.862583][ T3305] bridge_slave_1: entered allmulticast mode [ 28.868882][ T3305] bridge_slave_1: entered promiscuous mode [ 28.875029][ T3314] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.882160][ T3314] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.889485][ T3314] bridge_slave_1: entered allmulticast mode [ 28.895822][ T3314] bridge_slave_1: entered promiscuous mode [ 28.902694][ T3312] team0: Port device team_slave_1 added [ 28.939424][ T3311] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.946456][ T3311] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.953602][ T3311] bridge_slave_0: entered allmulticast mode [ 28.959925][ T3311] bridge_slave_0: entered promiscuous mode [ 28.975791][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.982768][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.008690][ T3312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.021779][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.028764][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.054677][ T3312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.065738][ T3311] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.072798][ T3311] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.079903][ T3311] bridge_slave_1: entered allmulticast mode [ 29.086304][ T3311] bridge_slave_1: entered promiscuous mode [ 29.093629][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.103779][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.113866][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.143853][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.162679][ T3305] team0: Port device team_slave_0 added [ 29.182497][ T3311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.196817][ T3305] team0: Port device team_slave_1 added [ 29.219398][ T3312] hsr_slave_0: entered promiscuous mode [ 29.225575][ T3312] hsr_slave_1: entered promiscuous mode [ 29.232229][ T3312] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 29.239797][ T3312] Cannot create hsr debugfs directory [ 29.246132][ T3311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.259959][ T3314] team0: Port device team_slave_0 added [ 29.283071][ T3314] team0: Port device team_slave_1 added [ 29.289053][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.295996][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.321997][ T3305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.335037][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.342000][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.367936][ T3305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.379697][ T3311] team0: Port device team_slave_0 added [ 29.400944][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.407907][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.433921][ T3314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.447227][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.454195][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.480190][ T3314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.491306][ T3311] team0: Port device team_slave_1 added [ 29.518039][ T3311] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.524997][ T3311] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.550930][ T3311] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.570419][ T3311] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.577365][ T3311] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.603523][ T3311] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.622969][ T3305] hsr_slave_0: entered promiscuous mode [ 29.628962][ T3305] hsr_slave_1: entered promiscuous mode [ 29.634831][ T3305] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 29.642396][ T3305] Cannot create hsr debugfs directory [ 29.668387][ T3314] hsr_slave_0: entered promiscuous mode [ 29.674323][ T3314] hsr_slave_1: entered promiscuous mode [ 29.680096][ T3314] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 29.687643][ T3314] Cannot create hsr debugfs directory [ 29.695224][ T3306] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 29.704088][ T3306] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 29.712704][ T3306] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 29.723403][ T3306] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 29.766857][ T3311] hsr_slave_0: entered promiscuous mode [ 29.772915][ T3311] hsr_slave_1: entered promiscuous mode [ 29.778864][ T3311] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 29.786394][ T3311] Cannot create hsr debugfs directory [ 29.909623][ T3312] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 29.921578][ T3312] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 29.930219][ T3312] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 29.939399][ T3312] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 29.965374][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.982850][ T3306] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.995842][ T3305] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 30.004754][ T3305] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 30.014795][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.021912][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.031023][ T3305] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 30.041776][ T3305] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 30.061765][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.068851][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.097406][ T3314] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 30.107368][ T3314] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 30.123588][ T3314] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 30.133979][ T3314] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 30.157622][ T3311] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 30.166817][ T3311] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 30.181835][ T3311] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 30.190246][ T3311] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 30.206255][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.240734][ T3312] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.260795][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.267904][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.277357][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.293366][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.300493][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.315414][ T3306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.332938][ T3305] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.344579][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.358399][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.365497][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.389245][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.396312][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.414688][ T3311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.426566][ T3314] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.443160][ T110] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.450272][ T110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.470930][ T3311] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.485363][ T110] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.492514][ T110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.502307][ T110] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.509364][ T110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.524329][ T110] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.531393][ T110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.550194][ T3312] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.558655][ T3305] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.584185][ T3306] veth0_vlan: entered promiscuous mode [ 30.620497][ T3306] veth1_vlan: entered promiscuous mode [ 30.647221][ T3306] veth0_macvtap: entered promiscuous mode [ 30.665001][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.672809][ T3306] veth1_macvtap: entered promiscuous mode [ 30.707115][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.723706][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.736111][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.752430][ T3311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.773054][ T3306] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.781815][ T3306] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.790555][ T3306] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.799274][ T3306] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.838990][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 30.839004][ T29] audit: type=1400 audit(1750424169.058:81): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/root/syzkaller.Rek9tp/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 30.842718][ T3312] veth0_vlan: entered promiscuous mode [ 30.845094][ T29] audit: type=1400 audit(1750424169.058:82): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 30.876466][ T3312] veth1_vlan: entered promiscuous mode [ 30.896587][ T29] audit: type=1400 audit(1750424169.058:83): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/root/syzkaller.Rek9tp/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 30.927333][ T29] audit: type=1400 audit(1750424169.058:84): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 30.949114][ T29] audit: type=1400 audit(1750424169.058:85): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/root/syzkaller.Rek9tp/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 30.955930][ T3312] veth0_macvtap: entered promiscuous mode [ 30.975675][ T29] audit: type=1400 audit(1750424169.058:86): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/root/syzkaller.Rek9tp/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3910 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 31.008748][ T29] audit: type=1400 audit(1750424169.058:87): avc: denied { unmount } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 31.026897][ T3311] veth0_vlan: entered promiscuous mode [ 31.038833][ T29] audit: type=1400 audit(1750424169.148:88): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 31.046269][ T3311] veth1_vlan: entered promiscuous mode [ 31.061551][ T29] audit: type=1400 audit(1750424169.148:89): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="gadgetfs" ino=3917 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 31.074540][ T3311] veth0_macvtap: entered promiscuous mode [ 31.106918][ T3312] veth1_macvtap: entered promiscuous mode [ 31.115691][ T3306] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 31.124370][ T3311] veth1_macvtap: entered promiscuous mode [ 31.143886][ T3305] veth0_vlan: entered promiscuous mode [ 31.159833][ T29] audit: type=1400 audit(1750424169.378:90): avc: denied { read write } for pid=3306 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 31.185038][ T3305] veth1_vlan: entered promiscuous mode [ 31.197286][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.206552][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.220437][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.231028][ T3312] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.239762][ T3312] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.248589][ T3312] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.257282][ T3312] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.271433][ T3314] veth0_vlan: entered promiscuous mode [ 31.279202][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.289078][ T3311] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.297882][ T3311] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.306660][ T3311] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.315490][ T3311] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.328826][ T3314] veth1_vlan: entered promiscuous mode [ 31.343392][ T3305] veth0_macvtap: entered promiscuous mode [ 31.365746][ T3314] veth0_macvtap: entered promiscuous mode [ 31.392899][ T3305] veth1_macvtap: entered promiscuous mode [ 31.409472][ T3314] veth1_macvtap: entered promiscuous mode [ 31.419788][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.429271][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.437970][ T3314] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.446726][ T3314] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.455518][ T3314] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.464302][ T3314] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.501037][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.523667][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.543873][ T3305] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.552659][ T3305] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.561402][ T3305] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.570144][ T3305] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.701913][ T3490] TCP: TCP_TX_DELAY enabled [ 31.715869][ T3493] syz.2.9 uses obsolete (PF_INET,SOCK_PACKET) [ 32.275886][ T3533] SELinux: ebitmap: truncated map [ 32.285978][ T3533] SELinux: failed to load policy [ 32.296913][ T3541] netlink: 8 bytes leftover after parsing attributes in process `syz.3.29'. [ 32.360196][ T3543] loop2: detected capacity change from 0 to 2048 [ 32.506260][ T3543] loop2: p1 < > p4 [ 32.513074][ T3543] loop2: p4 size 8388608 extends beyond EOD, truncated [ 32.520678][ T3550] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 32.552838][ T2996] loop2: p1 < > p4 [ 32.566142][ T2996] loop2: p4 size 8388608 extends beyond EOD, truncated [ 32.661950][ T3564] netlink: 'syz.4.32': attribute type 1 has an invalid length. [ 32.669654][ T3564] netlink: 224 bytes leftover after parsing attributes in process `syz.4.32'. [ 32.701181][ T3299] udevd[3299]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 32.719237][ T3292] udevd[3292]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 32.738109][ T3299] udevd[3299]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 32.749214][ T3292] udevd[3292]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 32.869740][ T3591] loop0: detected capacity change from 0 to 4096 [ 32.901733][ T3601] netlink: 32 bytes leftover after parsing attributes in process `syz.4.46'. [ 32.919336][ T3591] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.940551][ T3591] EXT4-fs error (device loop0): ext4_empty_dir:3093: inode #12: block 80: comm syz.0.44: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 32.965185][ T3606] 9pnet: p9_errstr2errno: server reported unknown error @hQIte} [ 32.978663][ T3591] EXT4-fs warning (device loop0): ext4_empty_dir:3095: inode #12: comm syz.0.44: directory missing '..' [ 33.018460][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.048687][ T3609] vhci_hcd: invalid port number 96 [ 33.053864][ T3609] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 33.118559][ T3620] ======================================================= [ 33.118559][ T3620] WARNING: The mand mount option has been deprecated and [ 33.118559][ T3620] and is ignored by this kernel. Remove the mand [ 33.118559][ T3620] option from the mount to silence this warning. [ 33.118559][ T3620] ======================================================= [ 33.172654][ T3622] openvswitch: netlink: Message has 6 unknown bytes. [ 33.315170][ T3639] loop1: detected capacity change from 0 to 512 [ 33.339955][ T3639] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.355607][ T3639] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.374312][ T3644] loop3: detected capacity change from 0 to 1024 [ 33.399755][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.434908][ T3644] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.448042][ T3644] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.529075][ T41] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 1: comm kworker/u8:2: lblock 1 mapped to illegal pblock 1 (length 8) [ 33.549767][ T41] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 8 with error 117 [ 33.552146][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.562043][ T41] EXT4-fs (loop3): This should not happen!! Data will be lost [ 33.562043][ T41] [ 33.579233][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.582564][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.586652][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.603130][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.610643][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.618109][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.625496][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.632970][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.640424][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.647867][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.655255][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.662656][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.670116][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.677535][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.684922][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.692320][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.699739][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.707103][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.714528][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.721916][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.729328][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.736695][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.744227][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.751688][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.759173][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.766600][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.773982][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.781386][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.788777][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.796201][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.803649][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.811115][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.818507][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.825950][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.833537][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.840939][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.848323][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.855706][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.863094][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.870529][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.878043][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.885463][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.892914][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.900343][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.907721][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.915190][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.922585][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.930070][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.937586][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.945000][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.952500][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.959921][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.967298][ T3665] hid-generic 0008:0006:0007.0001: unknown main item tag 0x0 [ 33.974806][ T3672] Zero length message leads to an empty skb [ 33.976336][ T3665] hid-generic 0008:0006:0007.0001: hidraw0: HID v0.0b Device [syz1] on syz1 [ 34.035514][ T3676] fido_id[3676]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 34.095288][ T3688] unsupported nla_type 52263 [ 34.227084][ T3710] netlink: 8 bytes leftover after parsing attributes in process `syz.1.94'. [ 34.240830][ T3710] netlink: 312 bytes leftover after parsing attributes in process `syz.1.94'. [ 34.249743][ T3710] netlink: 8 bytes leftover after parsing attributes in process `syz.1.94'. [ 34.262461][ T3713] rdma_op ffff888119781d80 conn xmit_rdma 0000000000000000 [ 34.274163][ T3660] syz.2.69 (3660) used greatest stack depth: 10392 bytes left [ 34.398329][ T3732] netlink: 76 bytes leftover after parsing attributes in process `syz.3.103'. [ 34.472167][ T3736] SELinux: failed to load policy [ 34.480819][ T3742] sd 0:0:1:0: device reset [ 34.561538][ T3753] loop2: detected capacity change from 0 to 512 [ 34.593967][ T3753] EXT4-fs (loop2): too many log groups per flexible block group [ 34.601692][ T3753] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 34.623849][ T3753] EXT4-fs (loop2): mount failed [ 34.766799][ T3780] netlink: 8 bytes leftover after parsing attributes in process `syz.4.125'. [ 34.785017][ T3780] IPVS: Error joining to the multicast group [ 34.803532][ T3785] SELinux: failed to load policy [ 35.034325][ T3814] loop1: detected capacity change from 0 to 256 [ 35.046196][ T3814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 35.055674][ T3814] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 35.070034][ T3817] GUP no longer grows the stack in syz.4.142 (3817): 200000004000-20000000a000 (200000002000) [ 35.080353][ T3817] CPU: 0 UID: 0 PID: 3817 Comm: syz.4.142 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(voluntary) [ 35.080380][ T3817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 35.080394][ T3817] Call Trace: [ 35.080401][ T3817] [ 35.080408][ T3817] __dump_stack+0x1d/0x30 [ 35.080434][ T3817] dump_stack_lvl+0xe8/0x140 [ 35.080454][ T3817] dump_stack+0x15/0x1b [ 35.080501][ T3817] __get_user_pages+0x199d/0x1fb0 [ 35.080527][ T3817] ? __rcu_read_unlock+0x4f/0x70 [ 35.080615][ T3817] get_user_pages_remote+0x1dc/0x7a0 [ 35.080642][ T3817] __access_remote_vm+0x156/0x560 [ 35.080664][ T3817] access_remote_vm+0x32/0x40 [ 35.080683][ T3817] proc_pid_cmdline_read+0x30f/0x6a0 [ 35.080834][ T3817] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 35.080867][ T3817] vfs_readv+0x3fb/0x690 [ 35.080908][ T3817] __x64_sys_preadv+0xfd/0x1c0 [ 35.080926][ T3817] x64_sys_call+0x1503/0x2fb0 [ 35.080944][ T3817] do_syscall_64+0xd2/0x200 [ 35.080960][ T3817] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 35.081013][ T3817] ? clear_bhb_loop+0x40/0x90 [ 35.081036][ T3817] ? clear_bhb_loop+0x40/0x90 [ 35.081060][ T3817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 35.081099][ T3817] RIP: 0033:0x7fd03088e929 [ 35.081115][ T3817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 35.081200][ T3817] RSP: 002b:00007fd02eef7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 35.081220][ T3817] RAX: ffffffffffffffda RBX: 00007fd030ab5fa0 RCX: 00007fd03088e929 [ 35.081233][ T3817] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 35.081247][ T3817] RBP: 00007fd030910b39 R08: 0000000000000000 R09: 0000000000000000 [ 35.081340][ T3817] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 35.081350][ T3817] R13: 0000000000000000 R14: 00007fd030ab5fa0 R15: 00007ffd19cb3308 [ 35.081365][ T3817] [ 35.374471][ C1] hrtimer: interrupt took 31364 ns [ 35.594095][ T3848] loop3: detected capacity change from 0 to 128 [ 35.640949][ T3848] support for the xor transformation has been removed. [ 35.694511][ T3860] loop3: detected capacity change from 0 to 128 [ 35.731863][ T3861] rdma_op ffff888119783d80 conn xmit_rdma 0000000000000000 [ 35.743174][ T3860] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 35.828389][ T3860] ext4 filesystem being mounted at /35/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 35.869447][ T29] kauditd_printk_skb: 308 callbacks suppressed [ 35.869459][ T29] audit: type=1400 audit(1750424174.088:399): avc: denied { create } for pid=3859 comm="syz.3.162" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 35.872371][ T3874] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 35.876597][ T29] audit: type=1400 audit(1750424174.088:400): avc: denied { read append open } for pid=3859 comm="syz.3.162" path="/35/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 35.895654][ T3874] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 35.954893][ T3874] vhci_hcd vhci_hcd.0: Device attached [ 35.977759][ T3880] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(6) [ 35.984285][ T3880] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 35.992138][ T3880] vhci_hcd vhci_hcd.0: Device attached [ 36.004578][ T29] audit: type=1400 audit(1750424174.178:401): avc: denied { write } for pid=3859 comm="syz.3.162" name="file1" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 36.026250][ T29] audit: type=1400 audit(1750424174.178:402): avc: denied { ioctl } for pid=3859 comm="syz.3.162" path="/35/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop3" ino=12 ioctlcmd=0x660b scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 36.117128][ T3874] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(5) [ 36.123676][ T3874] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 36.131333][ T3874] vhci_hcd vhci_hcd.0: Device attached [ 36.142614][ T29] audit: type=1400 audit(1750424174.348:403): avc: denied { mounton } for pid=3887 comm="syz.0.168" path="/proc/57/task" dev="proc" ino=4911 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 36.165339][ T1103] vhci_hcd: vhci_device speed not set [ 36.184780][ T3306] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 36.204762][ T3896] xt_hashlimit: max too large, truncated to 1048576 [ 36.227362][ T29] audit: type=1400 audit(1750424174.418:404): avc: denied { add_name } for pid=3862 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 36.249822][ T29] audit: type=1400 audit(1750424174.418:405): avc: denied { create } for pid=3862 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 36.272066][ T29] audit: type=1400 audit(1750424174.418:406): avc: denied { write } for pid=3862 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.sl0.link" dev="tmpfs" ino=1294 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 36.298013][ T29] audit: type=1400 audit(1750424174.418:407): avc: denied { append } for pid=3862 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" dev="tmpfs" ino=1294 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 36.327840][ T1103] usb 5-1: new full-speed USB device number 2 using vhci_hcd [ 36.357598][ T3874] vhci_hcd vhci_hcd.0: pdev(2) rhport(4) sockfd(12) [ 36.360568][ T29] audit: type=1400 audit(1750424174.488:408): avc: denied { remove_name } for pid=3905 comm="rm" name="resolv.conf.sl0.link" dev="tmpfs" ino=1294 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 36.364210][ T3874] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 36.364344][ T3874] vhci_hcd vhci_hcd.0: Device attached [ 36.430896][ T3880] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(9) [ 36.437559][ T3880] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 36.444994][ T3880] vhci_hcd vhci_hcd.0: Device attached [ 36.570642][ T3911] vhci_hcd: connection closed [ 36.570746][ T51] vhci_hcd: stop threads [ 36.579853][ T51] vhci_hcd: release socket [ 36.584276][ T51] vhci_hcd: disconnect device [ 36.598167][ T3894] vhci_hcd: connection closed [ 36.598312][ T3908] vhci_hcd: connection closed [ 36.603070][ T3881] vhci_hcd: connection closed [ 36.609414][ T3875] vhci_hcd: connection reset by peer [ 36.637947][ T51] vhci_hcd: stop threads [ 36.642206][ T51] vhci_hcd: release socket [ 36.646717][ T51] vhci_hcd: disconnect device [ 36.678130][ T3948] netlink: 'syz.4.183': attribute type 3 has an invalid length. [ 36.697980][ T51] vhci_hcd: stop threads [ 36.702417][ T51] vhci_hcd: release socket [ 36.707035][ T51] vhci_hcd: disconnect device [ 36.721113][ T51] vhci_hcd: stop threads [ 36.725378][ T51] vhci_hcd: release socket [ 36.729877][ T51] vhci_hcd: disconnect device [ 36.741409][ T51] vhci_hcd: stop threads [ 36.745663][ T51] vhci_hcd: release socket [ 36.750202][ T51] vhci_hcd: disconnect device [ 36.773319][ T3958] loop4: detected capacity change from 0 to 512 [ 36.797519][ T3958] EXT4-fs: Ignoring removed orlov option [ 36.811880][ T3958] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 36.824987][ T3958] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 36.863740][ T3958] EXT4-fs (loop4): 1 orphan inode deleted [ 36.869892][ T3958] EXT4-fs (loop4): 1 truncate cleaned up [ 36.878715][ T3958] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.906652][ T3958] EXT4-fs error (device loop4): ext4_inlinedir_to_tree:1340: inode #12: block 7: comm syz.4.187: path /44/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=20, inode=13, rec_len=16, size=60 fake=0 [ 36.936702][ T3958] EXT4-fs (loop4): Remounting filesystem read-only [ 36.976351][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.019438][ T3312] ================================================================== [ 37.027549][ T3312] BUG: KCSAN: data-race in __lru_add_drain_all / folios_put_refs [ 37.035297][ T3312] [ 37.037612][ T3312] write to 0xffff888237c25e68 of 1 bytes by task 3927 on cpu 0: [ 37.045232][ T3312] folios_put_refs+0x285/0x2d0 [ 37.050012][ T3312] folio_batch_move_lru+0x1fd/0x230 [ 37.055217][ T3312] folio_add_lru+0x14a/0x1f0 [ 37.059812][ T3312] shmem_get_folio_gfp+0x7ab/0xd60 [ 37.064933][ T3312] shmem_write_begin+0xa8/0x190 [ 37.069796][ T3312] generic_perform_write+0x184/0x490 [ 37.075092][ T3312] shmem_file_write_iter+0xc5/0xf0 [ 37.080191][ T3312] __kernel_write_iter+0x256/0x4c0 [ 37.085297][ T3312] dump_user_range+0x407/0x8c0 [ 37.090059][ T3312] elf_core_dump+0x1dc2/0x1f80 [ 37.094807][ T3312] do_coredump+0x1dfa/0x27b0 [ 37.099393][ T3312] get_signal+0xd85/0xf70 [ 37.103715][ T3312] arch_do_signal_or_restart+0x96/0x480 [ 37.109246][ T3312] irqentry_exit_to_user_mode+0x5e/0xa0 [ 37.114785][ T3312] irqentry_exit+0x12/0x50 [ 37.119193][ T3312] asm_exc_page_fault+0x26/0x30 [ 37.124030][ T3312] [ 37.126340][ T3312] read to 0xffff888237c25e68 of 1 bytes by task 3312 on cpu 1: [ 37.133870][ T3312] __lru_add_drain_all+0x12b/0x3f0 [ 37.138988][ T3312] lru_add_drain_all+0x10/0x20 [ 37.143752][ T3312] invalidate_bdev+0x47/0x70 [ 37.148331][ T3312] ext4_put_super+0x624/0x7d0 [ 37.153005][ T3312] generic_shutdown_super+0xe6/0x210 [ 37.158283][ T3312] kill_block_super+0x2a/0x70 [ 37.162956][ T3312] ext4_kill_sb+0x42/0x80 [ 37.167277][ T3312] deactivate_locked_super+0x72/0x1c0 [ 37.172643][ T3312] deactivate_super+0x97/0xa0 [ 37.177314][ T3312] cleanup_mnt+0x269/0x2e0 [ 37.181722][ T3312] __cleanup_mnt+0x19/0x20 [ 37.186129][ T3312] task_work_run+0x12e/0x1a0 [ 37.190710][ T3312] exit_to_user_mode_loop+0xe4/0x100 [ 37.195987][ T3312] do_syscall_64+0x1d6/0x200 [ 37.200564][ T3312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 37.206450][ T3312] [ 37.208759][ T3312] value changed: 0x1f -> 0x05 [ 37.213421][ T3312] [ 37.215726][ T3312] Reported by Kernel Concurrency Sanitizer on: [ 37.221860][ T3312] CPU: 1 UID: 0 PID: 3312 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(voluntary) [ 37.234435][ T3312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.244476][ T3312] ================================================================== [ 41.347850][ T1103] usb 5-1: enqueue for inactive port 0 [ 41.353349][ T1103] usb 5-1: enqueue for inactive port 0 [ 41.437828][ T1103] vhci_hcd: vhci_device speed not set