last executing test programs: 22.167494491s ago: executing program 4 (id=100): mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff5"], 0x15) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[], 0x15) r1 = dup(r0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r3}, 0x18) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 22.095469292s ago: executing program 4 (id=102): mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff5"], 0x15) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15) r2 = dup(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r4}, 0x18) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESHEX=r2]) 22.045988793s ago: executing program 4 (id=104): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x4f, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20) syz_clone3(&(0x7f0000000600)={0x80081080, 0x0, 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 1) 21.885469875s ago: executing program 4 (id=105): syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./bus\x00', 0x0, &(0x7f0000002480)=ANY=[], 0x1, 0x11f4, &(0x7f0000001280)="$eJzs3M+LG2UYB/DHbWvr1v2h1moL0he96GXo7sGLgiyyBWlAaRuhFYSpO9GQMQmZsBARV09e/TvEozdBvOllL/4N3vbisQdxxMTapsRDqXTa8Plc8pD3/cLzkjDwDvPO0ZvffNrrVFknH8fKE2/FyjAi3UqRYiVu+zJee+PnX166ev3G5Z1Wa/dKSpd2rm29nlJav/DjB59/9/JP49Pvf7/+w8k43Pzw6Pft3w7PHp47+vPaJ90qdavUH4xTnm4OBuP8ZlmkvW7Vy1J6ryzyqkjdflWM5sY75WA4nKS8v7e2OhwVVZXy/iT1ikkaD9J4NEn5x3m3n7IsS2urwYNof3urruuIuj4RT0Zd1/VTsRqn4+lYi/XYiM14Jp6N5+JMPB9n44V4Mc5NZzXdNwAAAAAAAAAAAAAAAAAAACyXBzr/f6Hh5gEAAAAAAAAAAAAAAAAAAGBJXL1+4/JOq7V7JaVTEeXX++399uxzNr7TiW6UUcTF2Ig/Ynr6f2ZWX3qntXsxTW3GV+XBP/mD/fax+fzW9HUCC/Nbs3yaz5+M1bvz27ERZxbntxfmT8Wrr9yVz2Ijfv0oBlHGXvydvZP/Yiult99t3ZM/P50HAAAAyyBL/1q4f8+y/xqf5e/j/sA9++vjcf54s2snopp81svLshg1XtzuaPbNQUQ8Io0tcXHi0Wjj/y2Ozf2Rmu/nMS2auybx8Nz50ZvuBAAAAAAAAAAAgPvxMB4nbHqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MUOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//86R81g") open(&(0x7f0000000040)='./file2\x00', 0x181042, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000000)={[{@minixdf}, {@grpquota}]}, 0x4, 0x4f2, &(0x7f0000000c80)="$eJzs3c9vVF0ZAOD3Tjttv34DBWWhRgURRUOY/gAaggthozGExEhcuYDaDk3TGabptEgri7J0byKJK/0T3LkwYeXCnTvducGFCSrRUBMXY+6dSzu0HVqk7dDO8yR37j3nXuY9Z4ZzztzDDCeAnnUuItYiYiAi7kfESJ6f5FvcbG3pda9fPZlef/VkOolm8+4/kux8mhdtfyb1af6cQxHxg+9G/DjZHrexsjo/Va1WFvP06FJtYbSxsnp5rpDnTEyOT45dv3JtYt/qerb2m5ffmbv9w9/99ksv/rj2zZ+mxSr97ER2rr0e+6lV9WKU2vL6I+L2QQTrkv787w9HT9raPhMR57P2PxJ92bsJABxnzeZINEfa0wDAcZfe/5ciKZTzuYBSFArlcmsO70wMF6r1xtKlkfryw5nI5rBORbHwYK5aGcvnCk9FMUnT49nxZnpiS/pKRJyOiJ8PfpKly9P16kw3P/gAQA/7dMv4/+/B1vgPABxzQ+95va8IAMDR977jPwBw9Bn/AaD3vMf4b+ofAI4J9/8A0HuM/wDQe3Yd/58eTjkAgEPx/Tt30q25nv//1zOPVpa/VXp0eabSmC/XlqfL0/XFhfJsvT5brZSnm83dnq9ary+MX91INlZW79Xqyw+X7s3VpmYr9yrFA64PALC702ef/zmJiLUbn2RbtK3lYKyG463Q7QIAXdPX7QIAXeP3PNC79nCPbxoAjrkdluh9S8evCD2z+CscVRc/b/4fepX5f+hd/9/8/7f3vRzA4TP/D72r2Uys+Q8APcYcP/BB//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPaqUbUmhnK0FvpY+FsrliBMRcSqKyYO5amUsIk5GxJ8Gi4NperzbhQYAPlDhb0m+/tfFkQulrWcHkv8MZvuI+Mkv7/7i8dTS0uJ4mv/PjfylZ3n+xEA3KgAAtLu5Pas1Tuf7thv516+eTL/ZDrOIL2+1FhdN467nW+tMf/Rn+6EoRsTwv5I83ZJ+Xunbh/hrTyPic5v1f9wWoZTNgbRWPt0aP4194gDib77+W+MX3opfyM6l+2L2Wnx2H8oCveb5rVY/mbe9tInl7a8Q57L9zu1/KOuhPtyb/m99W/9X2Oj/+rbFT7I2f24j/e6SvLz6++9ty2yOtM49jfhC/07xk434SYf+98Ie6/iXL375fKdzzV9FXIyd47fUsm52dKm2MNpYWb08V5uarcxWHk5MTI5Pjl2/cm1iNJujbj3+YacYf79x6WSn+Gn9hzvEH9ql/l/bY/1//d/7P/rKO+J/46s7v/9n3hE/HRO/vsf4U8M3Oy7fncaf6VD/3d7/S3uM/+KvqzN7vBQAOASNldX5qWq1srjLQfpZc7drHBzNg1iL+AiKkR8MxEdRjJ4/6HbPBBy0zUbf7ZIAAAAAAAAAAAAAAACdNFZW5wfjYH9O1O06AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHz9LwAA//9Jt84K") r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x45) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r3, 0x13) tkill(r3, 0x12) wait4(0x0, 0x0, 0x4000000a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a310000000020000480140003"], 0xe8}, 0x1, 0x0, 0x0, 0x40040000}, 0x40400c4) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18) mq_open(0x0, 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x140, 0x0, 0x0, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000380)={@in={{0x2, 0x4e23, @local}}, 0x0, 0x2, 0x48, 0x0, "0000160000000000000000000000000000000006000000000000d6d98457000000000000000000000000080000008000"}, 0xd8) bind$inet(r6, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r6, 0x0, 0x0, 0x200087fd, &(0x7f00000000c0)={0x2, 0x4e23, @loopback}, 0x10) close(r6) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1, 0x3, &(0x7f00000006c0)=ANY=[@ANYRES32=r5], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) pipe(&(0x7f00000001c0)) socket$inet6_tcp(0xa, 0x1, 0x0) 21.61718433s ago: executing program 4 (id=109): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014fa0000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x88002, 0x0) pwritev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)="de", 0x1}], 0x1, 0x0, 0x0) 21.405625483s ago: executing program 4 (id=112): mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff5"], 0x15) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[], 0x15) r1 = dup(r0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r3}, 0x18) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 21.373460173s ago: executing program 32 (id=112): mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff5"], 0x15) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[], 0x15) r1 = dup(r0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r3}, 0x18) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 4.707703358s ago: executing program 3 (id=268): r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000000)="3900000013000b4700bb65e1c3e4ffff010000003e000000560000022500000019000a001000000007fd17e5ffff080004fe0000000000000a", 0x39}], 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1) sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r4 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r4, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c) r5 = dup2(r4, r4) sendmmsg$unix(r5, &(0x7f0000008380), 0x400000000000174, 0x4008890) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000084ed13010000001903000000000000000000000000000000000000e73f4ac9b26e790a0900afd54b6a844d1a46c00603c1d4e851bf2cbf2d8264d49473480bbbb3d985918ac967f11b40191ccdf7ec387302471df93343c1fab17b5874d16fd0adde2638a9764cb5bca6eda61d2fd80fe1a304c2aaeb8abc313071da5e18d6ac12043b57f737ab14f0a7425b4eaeca"], 0x50) r7 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r8, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r5, 0xc0189373, &(0x7f0000000400)={{0x1, 0x1, 0x18, r5, {0x2}}, './file0\x00'}) r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="186000000fdf046c000000005ab000009500000000000000850000002a000000"], &(0x7f0000000040)='syzkaller\x00', 0x80, 0x82, &(0x7f0000000240)=""/130, 0x40f00, 0x0, '\x00', r8, 0x0, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000140)={0x2, 0x9, 0x2, 0x6}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000440)=[r6, r6, r3, r10, r6, r3], &(0x7f0000000540)=[{0x5, 0x1, 0xa, 0xc}], 0x10, 0x0, @void, @value}, 0x94) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000095000000000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='kfree\x00', r11, 0x0, 0x10000}, 0x18) r12 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) syz_usb_connect$printer(0x3, 0x36, &(0x7f0000000080)=ANY=[], 0x0) close_range(r12, 0xffffffffffffffff, 0x0) 4.546817491s ago: executing program 2 (id=271): munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='xprt_retransmit\x00', r0, 0x0, 0x803ffffffffc}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0xffffffff, 0x2}, {0x8009, 0x56}], 0xee01}, 0x18, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) 4.463368832s ago: executing program 2 (id=274): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x1c}}, 0x40) 4.273483775s ago: executing program 2 (id=276): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) r1 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0xf, &(0x7f00000002c0), 0x161) r2 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r2, &(0x7f0000000200)={&(0x7f0000000000)={0x2, 0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000002100)="0800a9fc0da6b30a", 0x8}], 0x1, &(0x7f0000001d00)=ANY=[@ANYBLOB="18000000000000000000000007000000890704ac1414aa0011000000000000000000000001"], 0x30}, 0x0) sendmsg$inet(r1, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x31, &(0x7f0000000640), 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x204020, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000280)={'pim6reg1\x00', 0x2}) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) syz_emit_ethernet(0x7a, &(0x7f00000005c0)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa0086dd640de71a00442f01ff020000000000000000000000000001fe8000000000000000000000000000aa0c21be2a66077100000008000800090086dd080088be000000011806d70b0100000000000004080022eb000000012010e10d02000000000000040081100f080065"], 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10) sendmsg$can_bcm(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=r5, @ANYRES64=0x0, @ANYRES64=r6, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r7 = memfd_secret(0xde2f2a766b42f8fc) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b000000fc000000060000000900000008440000", @ANYRES32=r7, @ANYBLOB="0100008000"/20, @ANYRES32=r6, @ANYRES32, @ANYBLOB="03000000050000000295dede5d00000000000000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="d77252cfc361eb9433dd6236810d6793a5a3c738badc271e262db28bd2aab66083f6b996c69ae5dd5017136b4b32ba7567e745a3d067d6460b2f7755e1356caf1825d9b94d0084122f"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', r6, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r9}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r10}, 0x10) r11 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r12}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 3.988319789s ago: executing program 2 (id=277): syz_clone3(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_adj\x00') write$tcp_mem(r1, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map=0x1, 0x26, 0x1, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f00000001c0)=[0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000380), 0x18000, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f00000003c0)={0x8, 0x0}, 0x8) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000340)={@map=r3, r0, 0x14, 0x2023, r1, @void, @void, @value=r4, @void, r2}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x4}, 0x18) sigaltstack(&(0x7f0000000000)={0x0, 0x80000001, 0x54797c198fc260f8}, 0x0) 3.92095324s ago: executing program 2 (id=278): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x33, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa4265be00f2521c8a200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x0, &(0x7f00000002c0)={[{@data_ordered}, {@norecovery}, {@auto_da_alloc}, {@data_writeback}]}, 0x82, 0x485, &(0x7f0000001380)="$eJzs3MtvVNUfAPDvnT6AH/BrxScPtYrGxkehBZWFCzWauNDExA0ua1sIUsDQmgghisbg0pC4Ny5N/Atc6caoG03c6sqNISGGjaibMXfuvfNi7jCUKQPM55MMnDP33p7z7bln5jxmGsDQmkr/SSK2RMSvETGRZVtPmMr+u3zpzMLfl84sJFGtvvFnUjvvr0tnFopTi+s255npSkTl4yR2dih35dTpo/PLy0sn8/ye1WPv7Fk5dfqpI8fmDy8dXjo+d+DA/n2zzz4z93T9mg1XjWa89MgdaV13vH9i1/ZX3jz/2sLB82/98FVSxN8WR59MdTv4aLXa5+IGa2tTOhnt9arK+lSGno1ERNpcY7X+PxEj0Wi8iXj5o4FWDlhX1VzJ4bNV4DaWxKBrAAxG8Uafzn+LR8TGsuHCT7fbjO3iC9kEKI37cv7Ijoxms9OxbG60dZ3Kn4qIg2f/+Tx9xPqsQwAAtPgmHf882T7+i9ra/D1N5/0/3xuazPdStkXEnRFxV0TcHVE7996IuO8ay2/fJLly/FO5sKbAepSO/57L97Zax3/1ke7kSJ7bWsuMJYeOLC/tzX8n0zG2Ic3Pdinj25d++bTsWPP4L32k5RdjwbweF0bbNr4W51fnryfmZhc/jNgx2in+pL4TkETE9ojYscYyjjz+5a6yY+3xV5NuP+n51mzP+0zlql9EPJa1/9loi7+QdN+frI7E8tLePcVdcaUffz73epRMqq7e/i1Grj/iVmn7/6/j/V+PfzJp3q9dufYyzv32SemcZmZN93/jiWLH97351dWTsxHjyatZpZufn2tcW+SL89P4p3d37v/bovGb2BkR6U18f0Q8EBEP5m33UEQ8HBG7u8T//YuPvF127Brbv+/S+Bfb2n+y9ZRG+xd3cHYjnBovEsWtUZIYOfrd160/sZHs7fVvfy01nT+Tv/79vrlLXL3Ua213MwAAANx6KhGxJZLKTD1dqczM1D7DvyF9avnEyuoTh068e3wx+47AZIxVipWubD04Ww+dzaf1RX6uLb8vXzf+LDbWP3S4OOjgYchtLun/qT/6vtoM3HT6sI8G3KJGa9uYXVTLvyEE3Nq8/8Pw6tj/k/a/BALcjjr0/02DqAdw43V6//+gkaxO3MjKADdUW/+37QdDxPofDC/9H4ZXc/+35A9DY2VTXP1L8hISVySiclNUoz+JpHMv+LfapyK2DDrAnhPjRWLQr0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD98V8AAAD//1b77XU=") bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004000000e27f0000"], 0x48) mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0x0, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) pivot_root(&(0x7f0000000000)='.\x00', &(0x7f00000004c0)='./file1\x00') ioctl$BTRFS_IOC_DEFRAG(r1, 0x50009402, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = gettid() perf_event_open(&(0x7f0000000700)={0x2, 0x80, 0x68, 0x0, 0x0, 0x0, 0x0, 0x4, 0x502, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, @perf_bp={0x0, 0x3}, 0xb09, 0x1d6fd97e, 0x800000, 0x7, 0x1, 0x2, 0x4, 0x0, 0x2, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) timer_create(0x8, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) readv(r4, &(0x7f0000001140)=[{&(0x7f0000000700)=""/206, 0x18}], 0x1) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$rds(0x15, 0x5, 0x0) 3.855051831s ago: executing program 3 (id=282): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc3, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xa19a, 0x1000}, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000340)='cpu\t&0&&\t') timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) readv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f00000004c0)=""/205, 0xcd}], 0x1) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socket$inet_udp(0x2, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000001c0), &(0x7f0000000380)=0x14) 3.754738852s ago: executing program 3 (id=287): syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000240)='./bus\x00', 0x404, &(0x7f0000000200)={[{@data_err_ignore}, {@mb_optimize_scan}]}, 0x1, 0x5e6, &(0x7f0000001200)="$eJzs3c1vFVUbAPBnbj9oKe/bQt68igtpYgwkSksLGGJcwNaQBj/ixo2VFkQKNLRGiyaUBDcmxo0xJq5ciP+FEtmy0pULN64MCVHD0sRr5nam9LZzW3r7MZX5/ZJLZ+bc4TzT26fn3NNz5gZQWYPpP7WI/RExnUT0J/OLZZ2RFQ4uPO/Bnx+dTR9J1Ouv/Z5Ekh3Ln59kX/uyk3si4scfktjXsbLemblrF8enpiavZvvDs5emh2fmrh2+cGn8/OT5ycujL4yeOH7s+ImRI21d1/WCY6dvvvt+/ydjb37z1V/JyLe/jCVxMl7Onrj0OjbLYAw2vifJyqK+E5tdWUk6sp+TpS9x0lliQKxL/vp1RcQT0R8d8fDF64+PXyk1OGBL1ZOIOlBRifyHisr7Afl7++Xvg2ul9EqA7XD/1MIAwMr871wYG4yextjA7gdJLB3WSSKivZG5Znsi4u6dsZvn7ozdjC0ahwOKzd+IiCeL8j9p5P9A9MRAI/9rTfmf9gvOZF/T46+2Wf/yoWL5D9tnIf97Vs3/aJH/by3J/7fbrH/w4eY7vU3539vuJQEAAAAAAEBl3T4VEc8X/f2/tjj/Jwrm//RFxMlNqH9w2f7Kv//X7m1CNUCB+6ciXiqc/1vLZ/8OdGRb/2nMB+hKzl2YmjwSEf+NiEPRtSvdH1mljsOf7vuyVdlgNv8vf6T1383mAmZx3Ovc1XzOxPjs+EavG4i4fyPiqcL5v8li+58UtP/p74PpR6xj37O3zrQqWzv/ga1S/zriYGH7//CuFcnq9+cYbvQHhvNewUpPf/jZd63qbzf/3WICNi5t/3evnv8DydL79cysv46jc531VmXt9v+7k9cbt5zpzo59MD47e3Ukojs53ZEebTo+uv6Y4XGU50OeL2n+H3pm9fG/ov5/b0TML/u/kz+a1xTn/v9336+t4tH/h/Kk+T+xrvZ//Rujtwa+b1X/o7X/xxpt/aHsiPE/WPBFnqbdzccL0rGzqGi74wUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAx0EtIvZEUhta3K7VhoYi+iLif7G7NnVlZva5c1feuzyRljU+/7+Wf9Jv/8J+kn/+/8CS/dFl+0cjYm9EfN7R29gfOntlaqLsiwcAAAAAAAAAAAAAAAAAAIAdoq/F+v/Ubx1lRwdsuc6yAwBKU5D/P5URB7D9tP9QXfIfqkv+Q3XJf6gu+Q/VJf+huuQ/VNc68z/JHgAAAAAAwM6098Dtn5OImH+xt/FIdWdlXaVGBmy1WtkBAKVxix+oLlP/oLrW+x7/5BbFAZRnrfm8PS1P2shM4OmzGzgZAAAAAAAAAAAAACrn4H7r/6GqrP+H6rL+H6orX/9/oOQ4gO3nPT4Qa6zkL1z/v+ZZAAAAAAAAAAAAAMBmmpm7dnF8amryqo03dkYY27lRr9evpz8FOyWef/lGPhV+p8SzbCNf6/doZ5X3OwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGj2TwAAAP//030lBw==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) syz_io_uring_setup(0x10c, &(0x7f00000000c0)={0x0, 0xb1b0, 0x400, 0x40000, 0x105}, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa004}, 0x4) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="0800080000000f000000000000004500ffb1"], 0xffbf) r4 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r4, &(0x7f0000004200)='t', 0x1) sendfile(r4, r0, 0x0, 0x3ffff) write$binfmt_aout(r4, &(0x7f0000000600)=ANY=[], 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18) prctl$PR_SET_NAME(0xf, &(0x7f00000002c0)='+}[@\x00G5\v\x89n\xb2\x0e\xb7\xb4\x9a\xb3\xb9\xe1\xff@`\x87\xefy\xb7\xe0\xe6c\x91\x81ND\t3\xc4\xca\xf0\xd0Zp\xadbdY\xdcz\xc6lo\xd0\xc7\'CT') socket(0x10, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000500)={'#! ', './file0'}, 0xb) sendfile(r4, r0, 0x0, 0x7ffff000) 3.085214923s ago: executing program 2 (id=297): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000740)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@auto_da_alloc}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZrk6Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtK03U227TabZn8/OJlzzszs/5wNMztnZpgJYGC9FxHXIuJxmqbnI2Isq89lKbZbqbHco4d35xopiTS98c8kkqxu57OSbHoqW+1kRHztyxHfTJ6PW9vcWp6tVMrrWblUX1kr1Ta3LiytzC6WF8ur09NTl2euzFyamexJP09HxNUv/vUH3/3Zl67+6jO3/3Tz7+e+1WjWaDZ/bz9eUH6/ma2uF5rfxd4V1l8y2FGUb/YwM9xuiaHnau695jYBANBe4xj/gxHxyYg4H2MxtP/hLAAAAPAGSj8/Gv9LItL2TnSoBwAAAN4gueY9sEmuGBEjzXwuVyy27uH9cIzkKtVa/dML1Y3V+da9suNRyC0sVcqT2b3C41FIGuWpZv5J+eIz5emIeDsivj823CwX56qV+X6f/AAAAIABcWrP+D8XEf8Za43/AQAAgGNmvN8NAAAAAF47438AAAA4/oz/AQAA4Fj7yvXrjZTuvP96/tbmxnL11oX5cm25uLIxV5yrrq8VF6vVxeYz+1YO+rxKtbr22VjduFOql2v1Um1z6+ZKdWO1fnPpqVdgAwAAAIfo7Y/f/0MSEdufG26mhhPdrdrlYsBRld/NJdm0zWb9x7da078cUqOAQzHU7wYAfZPvdwOAvin0uwFA3yUHzO94885vs+knetseAACg9yY+2vn6f27fNbf3nw0ceTZiGFyu/8Pgal7/7/ZOXgcLcKwUHAHAwHvl6/8HStMXahAAANBzo82U5IrZ6b3RyOWKxYjTzdcCFJKFpUp5MiLeiojfjxU+0ChPNddMDhwzAAAAAAAAAAAAAAAAAAAAAAAAAAAtaZpECgAAABxrEbm/Jb9uPct/Yuzs6LPnB04k/x2L7BWht39844d3Zuv19alG/b926+s/yuov9uMMBgAAAAyEF3qB/844fWccDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99Ojh3bmddJhx//GFiBhvFz8fJ5vTk1GIiJF/J5Hfs14SEUM9iD/c+PORdvGTRrN2Q7aLP9yD+Nv39o0f49m30C7+qR7Eh0F2v7H/udZu+8vFe81p++0vH/FU+WV13v/F7v5vqMP2f7rLGO88+EWpY/x7Ee/k2+9/duInHeKf6TL+N76+tdVpXvqTiIm2vz/JU7FK9ZW1Um1z68LSyuxiebG8Oj09dXnmysylmcnSwlKlnP1tG+N7H/vl4/36P9Ih/vgB/T/bZf///+DOww+1soV28c+daRP/Nz/Nlng+fi777ftUlm/Mn9jJb7fye73789+9u1//5zv0/6D//7ku+3/+q9/5c5eLAgCHoLa5tTxbqZTXj22mMUo/As2QOYKZb/f0A9M0TRvb1Ct8ThJH4WtpZvq9ZwIAAHrtyUF/v1sCAAAAAAAAAAAAAAAAAAAAg+swHif2bMzt3VzSi0doAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0xPsBAAD//wdy2V0=") 2.717246398s ago: executing program 3 (id=301): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX]) 2.566808271s ago: executing program 3 (id=302): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x10000000000, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000002}, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x2, 0x4, 0x3}]}]}, 0xfc}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in=@local, @in=@loopback, @in=@multicast2, @in6=@local, 0x3c, 0x4, 0x0, 0x2, 0xa, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in=@local, @in=@loopback, @in=@multicast2, @in6=@local, 0x3c, 0x4, 0x0, 0x2, 0xa, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x52, &(0x7f0000000040)=0x2, 0x4) recvmmsg(r2, &(0x7f0000001e40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=""/1, 0x1}, 0x4309}], 0x1, 0x22, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x44000, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 2.358688544s ago: executing program 5 (id=305): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r1}, 0x18) creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) sendmsg$NFC_CMD_DEACTIVATE_TARGET(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000780)={&(0x7f0000000800)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0003493cddcffbdbdf251e00000008000400ffffffff08000400ffffffffcda559f31327819ac3550e352afd9c50b6fde9f98dd31bc7c81c012cd8c16c31b7e6b94571e61b2fac138043fc6f7ae9516f5bf2d52e91b642b99a4066d2bdd574629c3bfc9632a3bf9e3dde116b03d63b8416ceba81a9d3cece7dd30cf5165c63b2cfdaa220fe435c22a5290e8f85f60339c09d6d6f9586f1941dafe6afd3ab1746e09da87f15dbf1786f75a980ef974cc5afe002875dc1249b3f6938d68d0c0f35e072e3299d625e6b8f4fa92f1639565f16a3d31f096791ab3b13d1ea483cc9bbd6b0943064"], 0x24}, 0x1, 0x0, 0x0, 0x184}, 0x4010) r4 = dup(r3) write$P9_RLERRORu(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) r5 = socket(0x2, 0x3, 0x10) setsockopt$sock_int(r5, 0xffff, 0x1001, &(0x7f0000000100)=0x20000, 0x4) syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[@ANYBLOB="ff02"], 0x0) r6 = socket$kcm(0xa, 0x922000000003, 0x11) r7 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)="c99fd01c34dedad78f4f245f88eb908f0a015b4ac35dc65778", 0x19}, 0x1, 0x0, 0x0, 0x4}, 0x8004) setsockopt$sock_attach_bpf(r6, 0x29, 0x7, &(0x7f0000000000), 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) connect$unix(r5, &(0x7f0000000000), 0x10) write(r5, &(0x7f0000000080)="04bdfa5d1d2873c63e3534825ba166e2fea9aec43050006123339a346f731573d8d508753f95b7688ad48b8cf6bbca325cebc37fc4e1dd543dbe2da6dd", 0x20000) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) socket$inet_tcp(0x2, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x1b, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$binfmt_elf64(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) creat(&(0x7f00000003c0)='./file0\x00', 0x36) 2.232157346s ago: executing program 5 (id=309): syz_clone3(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_adj\x00') write$tcp_mem(r1, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map=0x1, 0x26, 0x1, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f00000001c0)=[0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000380), 0x18000, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f00000003c0)={0x8, 0x0}, 0x8) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000340)={@map=r3, r0, 0x14, 0x2023, r1, @void, @void, @value=r4, @void, r2}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x1, 0x0, 0x7ffc0002}]}) sigaltstack(&(0x7f0000000000)={0x0, 0x80000001, 0x54797c198fc260f8}, 0x0) 2.210506116s ago: executing program 5 (id=311): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x4) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = syz_io_uring_setup(0xb4e, &(0x7f0000000240)={0x0, 0xf92c, 0x10100, 0x12000000}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000002c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r6}, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10) mq_unlink(0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x36e10853185f3b19}) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r2, 0x2d3e, 0x0, 0x0, 0x0, 0x0) r7 = perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0xe8ad906f575dcf7b, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r8}, &(0x7f0000000180), &(0x7f00000001c0)=r7}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, r9, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r10}, 0x10) syz_clone(0x42004000, 0x0, 0x0, 0x0, 0x0, 0x0) 2.106784917s ago: executing program 1 (id=312): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc3, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xa19a, 0x1000}, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000340)='cpu\t&0&&\t') timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) readv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f00000004c0)=""/205, 0xcd}], 0x1) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socket$inet_udp(0x2, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0}) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000001c0), &(0x7f0000000380)=0x14) 2.003846859s ago: executing program 1 (id=313): r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000000)="3900000013000b4700bb65e1c3e4ffff010000003e000000560000022500000019000a001000000007fd17e5ffff080004fe0000000000000a", 0x39}], 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1) sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r4 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r4, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c) r5 = dup2(r4, r4) sendmmsg$unix(r5, &(0x7f0000008380), 0x400000000000174, 0x4008890) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000084ed13010000001903000000000000000000000000000000000000e73f4ac9b26e790a0900afd54b6a844d1a46c00603c1d4e851bf2cbf2d8264d49473480bbbb3d985918ac967f11b40191ccdf7ec387302471df93343c1fab17b5874d16fd0adde2638a9764cb5bca6eda61d2fd80fe1a304c2aaeb8abc313071da5e18d6ac12043b57f737ab14f0a7425b4eaeca"], 0x50) r7 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r8, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r5, 0xc0189373, &(0x7f0000000400)={{0x1, 0x1, 0x18, r5, {0x2}}, './file0\x00'}) r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="186000000fdf046c000000005ab000009500000000000000850000002a000000"], &(0x7f0000000040)='syzkaller\x00', 0x80, 0x82, &(0x7f0000000240)=""/130, 0x40f00, 0x0, '\x00', r8, 0x0, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000140)={0x2, 0x9, 0x2, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000440)=[r10, r6, r6, r3, r11, r6, r3], 0x0, 0x10, 0x0, @void, @value}, 0x94) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000095000000000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='kfree\x00', r12, 0x0, 0x10000}, 0x18) r13 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) syz_usb_connect$printer(0x3, 0x36, &(0x7f0000000080)=ANY=[], 0x0) close_range(r13, 0xffffffffffffffff, 0x0) 1.893514831s ago: executing program 5 (id=314): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r0) setxattr$trusted_overlay_upper(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), &(0x7f00000000c0)={0x0, 0xfb, 0x3c, 0x4, 0xc, "7a1d19436baa19c0f8a2e9aa5f6c7ec2", "eab87092b90682961184a0fa429ce7594d18791bf4eed134a2ea16cba237516d4bf0b1bee8c5a7"}, 0x3c, 0x1) setxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=@random={'security.', '{})\\)\x00'}, &(0x7f0000000180)=']-&\'[:\\\\.^!@\x00', 0xd, 0x1) sendmsg$NL802154_CMD_SET_LBT_MODE(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, r1, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) r2 = socket$nl_rdma(0x10, 0x3, 0x14) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'}) mq_unlink(&(0x7f0000000300)=']-&\'[:\\\\.^!@\x00') r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000340), 0x4802, 0x0) ioctl$IOC_PR_RELEASE(r3, 0x401070ca, &(0x7f0000000380)={0xc6dc, 0x5, 0x1}) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000400), r0) ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000440)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000480)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000004c0)=0x0) sendmsg$NFC_CMD_GET_DEVICE(r0, &(0x7f0000000580)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x34, r4, 0x639, 0x70bd25, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000800}, 0x400c805) ioctl$HIDIOCGUSAGE(r3, 0xc018480b, &(0x7f00000005c0)={0x2, 0x1, 0x3, 0x5, 0x6, 0x3}) sendmsg$NL802154_CMD_SET_CCA_MODE(r0, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x1c, r1, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_CCA_OPT={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0xc5) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x9, 0x8010, r3, 0x8000000) syz_io_uring_setup(0x7097, &(0x7f0000000700)={0x0, 0x5306, 0x20, 0x0, 0x31f, 0x0, r3}, &(0x7f0000000780), &(0x7f00000007c0)=0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000800)=@IORING_OP_FADVISE={0x18, 0x8, 0x0, @fd=r2, 0x8, 0x0, 0x8}) mkdirat(r3, &(0x7f0000000840)='./file0\x00', 0x100) r10 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000880), 0x2401, 0x0) r11 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0xd, 0x7759, 0x5, 0x7f, 0x50000, r3, 0xffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x4, 0x0, @void, @value, @value=r3}, 0x50) ioctl$AUTOFS_DEV_IOCTL_READY(r10, 0xc0189376, &(0x7f0000000940)={{0x1, 0x1, 0x18, r11, {0x600000}}, './file0\x00'}) listen(r2, 0x81e0) prctl$PR_SET_NAME(0xf, &(0x7f0000000980)=',[:\x00') epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r11, &(0x7f00000009c0)={0x10}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000a00), 0x40000) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r12, 0xc058534f, &(0x7f0000000a40)={{0x43, 0x1}, 0x0, 0x4, 0xfffffc00, {0xe, 0x6}, 0x7, 0x5}) sendmsg$IEEE802154_SCAN_REQ(r0, &(0x7f0000000b80)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x34, 0x0, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@IEEE802154_ATTR_CHANNELS={0x8, 0x14, 0x5}, @IEEE802154_ATTR_CHANNELS={0x8, 0x14, 0x19}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x1}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x11}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x8000) 1.875240301s ago: executing program 5 (id=315): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x0) 1.587204396s ago: executing program 3 (id=316): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x7, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) syz_init_net_socket$x25(0x9, 0x5, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000040)='./bus\x00', 0x2029c1b, 0x0, 0x1, 0x0, &(0x7f0000000080)) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x2) llistxattr(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x4000800) r3 = gettid() r4 = getpid() rt_tgsigqueueinfo(r4, r3, 0x36, &(0x7f0000000000)={0x12, 0xffff, 0x4}) r5 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffffe]}, 0x8) read(r5, &(0x7f0000000740)=""/384, 0x200008c0) r6 = io_uring_setup(0x4d3f, &(0x7f0000000240)={0x0, 0xca6a, 0x40, 0x1, 0x6}) io_uring_register$IORING_REGISTER_RESTRICTIONS(r6, 0xb, &(0x7f0000000480), 0x66) 1.210924031s ago: executing program 0 (id=317): munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='xprt_retransmit\x00', r1, 0x0, 0x803ffffffffc}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0xffffffff, 0x2}, {0x8009, 0x56}], 0xee01}, 0x18, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x39) syz_read_part_table(0x104f, &(0x7f0000001dc0)="$eJzsz7sNwkAQBNA5/JEJ6IGm6AcHtEJACyR0RAcYnX0BDSCE9F6wq52b5MJP3fd1dkmpe0qGJY9Sr/6jdaitea1k17JlyJCpP16nrp6v7TVl3Paz1VqceZ3nfrx0pYUlp9u3/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/+AdAAD//zvjCaY=") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x0, 0x0, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="20000000020101"], 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x8050) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f00000007c0)=@newtaction={0x44, 0x30, 0x9, 0x0, 0x25dfdbff, {}, [{0x30, 0x1, [@m_bpf={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x44}}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x18) r5 = socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$inet(r5, &(0x7f0000000b40)={&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000800)="e9", 0x9500}, {&(0x7f00000017c0)="ea0189bdebb0c16d420ee9b95082abd6431cc7afc22c4a6b8adecef68f76bd81a86e89f9c80e5c868a12b09e80ba8c01eb3f4b7be71f9fc2355c336cedc15eb778e3a3b35c3f72629ea4d9ae42cf4c17255815fb8a47aafd8b8ff0c202b4e09f7c42811261b5e113fcce27b4329ccb792df14b7d6dcfaf2cf8dbb51946e89c862e9252731f680ec50326fc16386aeefe654bac24", 0x94}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xd}, @loopback}}}], 0x20}, 0xe900) 1.123353993s ago: executing program 1 (id=318): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000008000000000", @ANYRES32, @ANYBLOB="0006080000415e85ed1d108cc82780323e1ebef1da1e101e6b0000000000800000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0b0040e278414eb6993e01000900009d600b9ec89ab709649383c8a238face2e8a1cc031aaf2f427934bd7e1262edaf028f90a7a919031002bb6df8ade8d885d9885173d985b06559b8c245c1e3e0f656c8ba35f40131332a803620b996a90a291d49a0431db818944ee1106415436e46b2c96e5d97ecd5196f92b2882867c91f496640ac124f829050bae390a6572b27ae543b4a49d088e9195212d3dac2247c3516e2b56a9ce8a349925f4cd98cd5cda25315c97e54018d2"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000300)=""/180}, 0x20) r1 = memfd_secret(0x0) fcntl$setlease(r1, 0x400, 0x0) fsetxattr$security_ima(r1, &(0x7f0000000000), 0x0, 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="100026bd7000ffdbdf2501000000000000000b000000001400146272676164636173742d6c696e6b000090a66961c0d18a254e9ec4960295cb630892caff363c5f519bf82a9840440401957c5d1685e9d4458e915d59eb9ca93865311a5e0a2a17311cc2a42eeb9212f4"], 0x30}, 0x1, 0x0, 0x0, 0x4040}, 0x4001) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x12fc9f9e285d3b09, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$inet6(0x10, 0x3, 0x0) semctl$SEM_INFO(0x0, 0x2, 0x13, &(0x7f0000000780)=""/110) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000080008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000400000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r4}, 0x53) unshare(0x2a020400) r5 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r5, 0x65, 0x1, &(0x7f0000000140)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}, {{0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000800)='ext4_free_blocks\x00', r6}, 0x18) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x2) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x25dfdbfe, {}, [{0x50, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x30000001, 0x2}, 0x3}}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x15}, 0x80) ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000003c0)=0x3) ioctl$TIOCVHANGUP(r7, 0x5437, 0x2) 1.054140344s ago: executing program 0 (id=319): creat(&(0x7f0000000340)='./file0\x00', 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000040), &(0x7f0000000200)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000) 974.465535ms ago: executing program 5 (id=320): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x280000, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r5, 0x1, 0x2e, &(0x7f0000000000)=r5, 0x4) recvmsg(r5, &(0x7f0000000f40)={0x0, 0x0, 0x0}, 0x40012100) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x428a4}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x8000) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000080)='\xec}$*^\xd9+},-\x00') r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_emit_ethernet(0xbe, &(0x7f00000003c0)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x24, 0x0, {0x25, 0x4, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @local, {[@cipso={0x86, 0x2a, 0x0, [{0x0, 0xd, "5e000000ff000000000000"}, {0x5, 0x5, "4eb8a6"}, {0x0, 0x12, "9606053d0006ff00800000b61af93a93"}]}, @lsrr={0x83, 0x13, 0x0, [@dev, @loopback, @loopback, @multicast2]}, @cipso={0x86, 0x34, 0x0, [{0x0, 0x7, "4b6cefc500"}, {0x0, 0xc, "df61168c24ac88ad078c"}, {0x0, 0xa, "2189ea43a2149b84"}, {0x0, 0xf, "f7d11634eea239467089c40ced"}, {0x0, 0x2}]}, @timestamp={0x44, 0xc, 0x56, 0x0, 0x0, [0x0, 0x0]}]}}}}}}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) 973.467475ms ago: executing program 1 (id=330): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x0) 923.239726ms ago: executing program 0 (id=321): munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='xprt_retransmit\x00', r0, 0x0, 0x803ffffffffc}, 0x18) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0xffffffff, 0x2}, {0x8009, 0x56}], 0xee01}, 0x18, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) 861.312787ms ago: executing program 0 (id=322): syz_clone3(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_adj\x00') write$tcp_mem(r1, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map=0x1, 0x26, 0x1, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f00000001c0)=[0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000380), 0x18000, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f00000003c0)={0x8, 0x0}, 0x8) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000340)={@map=r3, r0, 0x14, 0x2023, r1, @void, @void, @value=r4, @void, r2}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x1, 0x0, 0x7ffc0002}]}) sigaltstack(&(0x7f0000000000)={0x0, 0x80000001, 0x54797c198fc260f8}, 0x0) 820.011498ms ago: executing program 0 (id=323): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc3, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xa19a, 0x1000}, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000340)='cpu\t&0&&\t') timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) readv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f00000004c0)=""/205, 0xcd}], 0x1) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socket$inet_udp(0x2, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0}) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000001c0), &(0x7f0000000380)=0x14) 513.621892ms ago: executing program 0 (id=324): syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000240)='./bus\x00', 0x404, &(0x7f0000000200)={[{@data_err_ignore}, {@mb_optimize_scan}]}, 0x1, 0x5e6, &(0x7f0000001200)="$eJzs3c1vFVUbAPBnbj9oKe/bQt68igtpYgwkSksLGGJcwNaQBj/ixo2VFkQKNLRGiyaUBDcmxo0xJq5ciP+FEtmy0pULN64MCVHD0sRr5nam9LZzW3r7MZX5/ZJLZ+bc4TzT26fn3NNz5gZQWYPpP7WI/RExnUT0J/OLZZ2RFQ4uPO/Bnx+dTR9J1Ouv/Z5Ekh3Ln59kX/uyk3si4scfktjXsbLemblrF8enpiavZvvDs5emh2fmrh2+cGn8/OT5ycujL4yeOH7s+ImRI21d1/WCY6dvvvt+/ydjb37z1V/JyLe/jCVxMl7Onrj0OjbLYAw2vifJyqK+E5tdWUk6sp+TpS9x0lliQKxL/vp1RcQT0R8d8fDF64+PXyk1OGBL1ZOIOlBRifyHisr7Afl7++Xvg2ul9EqA7XD/1MIAwMr871wYG4yextjA7gdJLB3WSSKivZG5Znsi4u6dsZvn7ozdjC0ahwOKzd+IiCeL8j9p5P9A9MRAI/9rTfmf9gvOZF/T46+2Wf/yoWL5D9tnIf97Vs3/aJH/by3J/7fbrH/w4eY7vU3539vuJQEAAAAAAEBl3T4VEc8X/f2/tjj/Jwrm//RFxMlNqH9w2f7Kv//X7m1CNUCB+6ciXiqc/1vLZ/8OdGRb/2nMB+hKzl2YmjwSEf+NiEPRtSvdH1mljsOf7vuyVdlgNv8vf6T1383mAmZx3Ovc1XzOxPjs+EavG4i4fyPiqcL5v8li+58UtP/p74PpR6xj37O3zrQqWzv/ga1S/zriYGH7//CuFcnq9+cYbvQHhvNewUpPf/jZd63qbzf/3WICNi5t/3evnv8DydL79cysv46jc531VmXt9v+7k9cbt5zpzo59MD47e3Ukojs53ZEebTo+uv6Y4XGU50OeL2n+H3pm9fG/ov5/b0TML/u/kz+a1xTn/v9336+t4tH/h/Kk+T+xrvZ//Rujtwa+b1X/o7X/xxpt/aHsiPE/WPBFnqbdzccL0rGzqGi74wUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAx0EtIvZEUhta3K7VhoYi+iLif7G7NnVlZva5c1feuzyRljU+/7+Wf9Jv/8J+kn/+/8CS/dFl+0cjYm9EfN7R29gfOntlaqLsiwcAAAAAAAAAAAAAAAAAAIAdoq/F+v/Ubx1lRwdsuc6yAwBKU5D/P5URB7D9tP9QXfIfqkv+Q3XJf6gu+Q/VJf+huuQ/VNc68z/JHgAAAAAAwM6098Dtn5OImH+xt/FIdWdlXaVGBmy1WtkBAKVxix+oLlP/oLrW+x7/5BbFAZRnrfm8PS1P2shM4OmzGzgZAAAAAAAAAAAAACrn4H7r/6GqrP+H6rL+H6orX/9/oOQ4gO3nPT4Qa6zkL1z/v+ZZAAAAAAAAAAAAAMBmmpm7dnF8amryqo03dkYY27lRr9evpz8FOyWef/lGPhV+p8SzbCNf6/doZ5X3OwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGj2TwAAAP//030lBw==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) syz_io_uring_setup(0x10c, &(0x7f00000000c0)={0x0, 0xb1b0, 0x400, 0x40000, 0x105}, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa004}, 0x4) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="0800080000000f000000000000004500ffb1"], 0xffbf) r4 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r4, &(0x7f0000004200)='t', 0x1) sendfile(r4, r0, 0x0, 0x3ffff) write$binfmt_aout(r4, &(0x7f0000000600)=ANY=[], 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) prctl$PR_SET_NAME(0xf, 0x0) socket(0x10, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000500)={'#! ', './file0'}, 0xb) sendfile(r4, r0, 0x0, 0x7ffff000) 54.622889ms ago: executing program 1 (id=325): mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r1}, 0x18) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[]) 0s ago: executing program 1 (id=326): socket$kcm(0x10, 0x2, 0x0) socket$inet(0x2, 0xa, 0x262) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) socket$nl_audit(0x10, 0x3, 0x9) shutdown(0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000000000002, 0x8}, 0x1175a0, 0x0, 0x23e3000, 0x6, 0x0, 0x3, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000740), r4) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="8b330000ffffffff000005"], 0x38}}, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r6, 0x0, 0x400000000}, 0x18) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001ec0)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@func_proto, @func_proto, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x3, 0x20000000}}]}}, &(0x7f0000001f00)=""/4096, 0x4a, 0x1000, 0x3, 0x0, 0x0, @void, @value}, 0x28) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r3, 0x0, 0xfff, 0x97, &(0x7f0000000a00)="a624bbef9c5c98c2699d211deda242cd4ccc3b3aebd7346d23413132d975798fbfe8b17e75736bbb47a6019e4d4600a316a16ec3caf4c0a8695c27e609d1228783721a15701a5d0b6e96f94ca05e9ef0bff894128c7298e0c44614ae5e56959548af21fa5297a6e78ba7945faecb0fad922b3bda8ed46ea20930980b1943914623b9e16e670d19fe8096d721ee2661c646a905bd18f8b75c6727cb16bcb8f3218cfeec7139511912b46fd4179dba56d457935a89ddfb3a2734b4f0be142991b0f464b612f9bed0925a76a97876fc41dd833fbbebe39f8d6d71b347583e9f60421a5731e3283ea7e27eb1e0f4bebced4caf54dd19cc1ff4a2ea61d6bc43f385dcac15b2a57e969a6ce57b87dc90ffae82933334265ec42d4a873a83910755d754bfeb1529993e87d2927e056555fedb47e801c428358658ca6f573517340f9aee096d62f5b143b669bace546c51dd41045a8711fd018b1a7d2fa9342a36e2737797d9621b540b0ec1db988ea9f8d19e94e5bcb640238f59c3c050959f58696f2d6b8c4fbaf7213663ab806c67ba5832b0edb3caf190e2ae4f65d8ee71868de87cdec3aa2f94363880dba8ed9345188e7dfc4cbd7f4aaafd1a1881bcfd5ca6e263bc8fd40351cc46f371f2d59f0285b4b480c04c7da8f074c3ce978409a63e06d5a822f8d8c1e881b5db01c6a7ade52db4fd4dd49b91ed2b69393fb4af543d202dadbb24fb0108af93a0311c6fc7ccb3fe4bf469fdb7403e33268e83eba0585453182837f46cc84fbfe46dcac4dbcda760cd59afde25220e8a2a4984fcd861bd720b7d80e5e102750eb9cbfa778c457c03be544fc78c17131bdfe6f4d6489985e7281677ae5a994d841b51c621cc78afc044d3134ef3897931030dcb681e71605d7c963a2bb38f4ba169c1eee2e5590d86ceda4f19afb8ca9fbfd3677638dddfb52307c93a0beeee1ce65f248fd0257da77573d637a12c17fdc6ef574ceadaadd62c1e471017f19288c2ace06bc96b53758ef86962d8c06f502309fdefe293ccd76d622fb38ac1eef459a6b8733007044d7faee011d17945e9dda7188260a107b9b3eabf0eecaaffe0d90d575169aa1178c1084401f73b30e44891ef3099587da762020663bb88d299a9cf07f9e8e135d793d4131a94fa35c0732bc608643b0fc1b7fe3cd71dcd048c3c0b3d42b9c6ae6cc7e8974c04d6a460708f873d6a1222281870f9ce5d2784f99667c284d6f61b191a5d3dd57287e3d4bf9ee2cd76a3cd6fac5afcad8c7b5b0cb009732166fab9485f41be70b20c59baf89fd923f2804716f331cf015c6521846e133fb85379e23a3d3505cac5266c1ec51a8a5a71449c1581d88f2a43afeef39655984f1d886e9392e35f6b9f71b452d8574c39d43999be02deb261840e231bd19070b8471544b98b3753c096391154cc48183e011884e3102add74470af92091cb3a5d9aef1f0406716a09b9eac51861950bb3f74c0ecd07950c96ce3e2ea1d61e30f1b54d0dfd68af7fae532f4ba0302ed9ae38efb7defa8cadd50315b011c23ad374ee91f00d0f8b9acdc548373dccf0ba917fd9f35c28ebe49854b46944918cff4f0a1e106e1c826eb10e9b5aaa88195363dd2a4a33415252a99ec247c8428963be9a1d039ac85b3822cf9b06865534054b82246cc4c6df26a072281a1286f31666696e83056a43f85c197080016b62e98851d9600a51b4e3606412aa876f8c3c57d32104e1e8952683b3bce1f10062bdb7c17ee6eb29cd0f12faea121e14c7393292e2bf679852f761194eade2ef3806a99527ca68c154715eae8455f8b3f1d8e8637ec0f957e6617ea15e07c010e918243848c64c224d8182fa4b7287c44201d41f4bc29cc571f8e4573e8e52abd30d128581247a5f97620a704124a546e8a209b63d3c378cda9d7e4e48ff8db8dabc3315f54aa3f7ce9a8778c528104b2342243c9052b4646ceddbd48498b2d581bc98a887c5737022e62a39e03404798f133b451301de07546de6a4d483bbf40992c7f9aadfbb99043355f0d32842929376be11309134ad5e2c2b7717888ba20d3181798b969c76641156839d6a17682ee7bf7f6cf27b688e8a56e847e76a255259b2faa090b13be442b2fe0fc991fa738323b17bc6452ce83ec11f54a40bbdedea2bb3daf8b299685354c63bd31cf62ff05a237862079dc71f37841ba21b123e4b492d009341d1e611a42e90519d15a93935aca7db592f81b820f3af9e4bde117bd60db80ac47a78d37df27b595fe21c8b5427c93bb0b1b258f8438196f1ee5e27a3223a204d61694fe58847699159f338562334f9501462d853713ddd8aa657d73a704a5e594a7103bc1902266ed0067272e5b5842e22efd1395a84816532533e4c2afcf1fb6ab42970fb54e545f5c77d8158e9b8ee4634d2f99e2811f4334c25f698058cb91f91f780dfe15c1a17a15d3b9f8afab31fe41520f2dd47f231bc91c4e9caa034cdba382818300f2af48910f4d0fe3a580d7407124d04961fc500be05481d408d255389b0e93a672bfed454539a36df63f591c56dc5473c3e7edfb841338382b3bc812883492fa211a74f951f6b32e27cd7f869c4610f8251ffd260fab4929304263e94b30b05cdb31218430eb8cc20a31772daedcba05d4997e8c5217cf232fd052310067d997a49e2c6478b22e3347734c3e8f0439008797a7118709fe9811c9e95e4d39ee4c5a2cca72bf78533e624cb43555bfaa854d142dd18f7f40a30e4c685fa427b7e2ac74dd55cf48967347dd6083378b9fbe29e1fb2fb9276a38db0bde1bb4bbec7395d1876706187ebb9f1260d6dcb057893329bd43a06c265fe6ad6050f4e0027e1c18244f7d6d8eba8a7883aa0dcfc9bec043386500a9fafbad45d40caf7e6754728b23cbfd036d951edec517e00c872c509393056cddf30d356c707e7480a2f5ea56d669f37ae26ffea4246d711cb3199c864010190bffbe31d611aab68d32aa17cc483f611757bd8c0ed6500b407af108ba0fc44f6e8b07fb90c6bc7a0289fbc54788842e899defacfc5255a952120b48d882e10748cb525065e45671681952e1d23b3a7c4187a42b09e57b6d7823d30a4b4487d39b090f8619d9ec048d6540737edce3240c130bae1961e7e3dc4116f182674797f2fa9b496e625edbcc0228c3b9258091ec770f4a11295342d889c52dfb4f0b0e1abe645046229c987ce2be764380d471fbb47932159a83f69d3828c1415c09022d3c9e7135cb2aa9c31e2e0e2cbb107a9f4589e0108303a6820f86a7b74d73358d5c392717fe3d25ee1248cdcab966cf657d9e4f33bdd27da2652218f61fe2b88024e5acca57a6eef41db5c8d5174f6d28ffa54f091682cf96c6949677d83893e2fb508fd137615eaee6edb0f5ff550df2dc814744bd1d88ce865de3b3331ca766c1c92b650eda8a4c4c4325bdc1d4d7ba66e32fcfec709c82603e72eef83ae5b57ab7f69ef330ac1dc4ff042bdf7563606d0330fd4778b8ce8349d9f20b2efae33f32ec005a725fbd63e5b51df6eff9b636321e859ce16314dc89c07adaac9a807488d9337f668d3124e3e1e87e0e73615920a1047b885c32f23fc294151053b2aeb2c5aa653eabae7fe49d9ea72b51a8a0846bd1b902a649713810094c7437e4d81085be2c37bf830595583f1e539ba438fb4b87eecafd8d6755628b1e59c2f5b5543baf84a2c28010814a4d459d50374aaf6e30645576b8b2ddf8f14a17e958249ceb2315b60136fb492fba33c54bf1881a3f44f9276de5db378143fb6c22f0f011edb7b331ae3bb460a4ba2d268789d6b07d4fc28ff74d65d8c965cdead0d778a8b9316a92fddf3c77facb1e69524d6306b6ccef0e71171edda913f01ee3ee7858a3f7a9b18b32ba5881628639b898d2ec3f3e5603d471c8bcbe37fefe28b51886a7f2dc1e597c67be5bfbb546fe12349f92beaedceea1042f2f267041998c60df3a7ae07005b17375beaf77491c66ce5cdc2782591aecc5716704d63f1e5c33f9e2de2084ceb86234f13599de50bef41231bf016f1049482380973a1c6e4a0889317e247737e03bdd98f35f8055876ef769d6237b3ffaa8d1d2964657ca8cc5bbe5395b1e1884e6c10aa401c4b72ee204ad7e26bc4800bd92f06d3d7952982aaf322d822f15802ea9024aaabac1a08f4f459b8a30d4035ddd56c4ace5b6bc7f838ac4e6b17404f32ebde0a52b03c07cc7a1cfb43a39c473c2efd2f3a25c4dadf2e7fe2e4dad57f4cfc3a868fe01c06fbfad5115227001909e1bb47f2da08a61fe414e18e05010b4ee6a701cd6a89f983856847378a0b9aaea9d54369afc78da2b3e95ef4aeab3a0185afeabd3b1f68fa1cc81e3994e88fb5d67b9de723c5ba9aa5d36a9d2168ed28a9f6de4dff5448e527f8fcf83999b3232bfcbd2246ed547cd55a1159e90452d3a1bfe95ad8db76ab98dacf670ba2a100e71be03b342f44a2491df14df29bfef466079b1a7f06b01318d9e3c015789ccf6da472849a98f4f67b2c9b5e64f5da605c21ec0c91d8b83763710e87fac7ce5912410a47da076f4baeeda4e5cb0e494a81aac61fd1d015bedb3ef2a6d6a36e2ec2008089e83286d67eac785c561251d938d23a84fa3d467dd37d1159c23889f8603bf049bef01e25d675082b35e3462355848eb06b7774aef3e13ce102db5f98e44385aedae21385169c1277147dd2195a5bbcd88d86f7f80e81d9460520981592c5b1d9fb22a4f33a976337edbf8e17cbfede3871b0f37e8e8b33a8e43df3b80c28e5c1d850ddb26455bae18f001599e2e6512d0469374da7bf47e044fa4645c608c403f29fe96a5347e2cfc322d9fceadf907202a0151165c14282fbbff21564b46b8dff43454f41fbe12fac9c9cebe2c642579089da17116c438c62f977126ad0c3b2f132614b4e46b98205fd85a8e8483a0fa051f7e6e8112558e4759c6673e60f42c89e2bd41171f0d32e240f7ed9031ccbfcd653d0ad61183ddd61eb80e00ca9cfad7ce8399fac9f03b2c4221a1c0be79d63c7e5137f8f19156c6bc11c909f52ea1b326fac5b424d5421510e4b76ef9636ebe1ae8ea212dfb5135bba01178a96e19d68652578f165b41b856c944f195592f6021d9ec84bea8a3706c96fd313f1b84118d0d892701939a9f08bda600df5504ad2d3631bac8c44ed29aebf6e254f01f4910bea3706b3f68b7efbccf4b1c5ff225b990633728176b852d8b07787c7b437bd3bbae5d05f63ebe8e79b0b42016ae248286d483df31bc95fbfc7e8a0e98845e405af7123c62c90b5cc19d2542b9b8e68defa261daec424a7fe6dc4c9836e3fe4f44003d95e18f4e369026e0f008f4979b144adf432054ccaf47d234b87b664f0cdcffd48bf7c32b7c148a1cc193ba865b44cabae3399cb811e345c2652c2a5d31394002374e424b5b542c656bf23ba31f04aeb4de924f79080d04bf7787f6972b82d3a1a6e35c76535f2d3510e901ee3e539a38a4b27eca57dccd0406214831427f414d076206e7d2a1ef462c45c2fb5c6c4bace511b150988701de6bcd0325d57eaff2e23a1c1bf43091a2afedd87eb891a6b104cb81623938e91a58ac122c74ed39d96a96f364669a4af56c038642b3bca45197844a0dea1f3c4f003dabac0fb8cc3021f831bdef8a1ae3acdedf17c32ad6eb9040a27d7fa932197571d3a77d3314108ed71e7fea4e84c553b850e54f65a02455c5ad7e6f8ceb7da9c00d28fc9f23f8f24dea1e8b6d64365a318403f08df3b40d52275aac92c18647f0a6d0ab10292", &(0x7f0000000000)=""/151, 0x3, 0x0, 0xd4, 0x3, &(0x7f0000000340)="139cb9fba5267b595ac01c2929d69988c2e60501bcdb201749070f59d367c37555bc42658e53574b97b3e515fe7c21bc0d071d85e5438dfeec0ebf9ad8b7dec5db6828a6842de6e38b2f9ababe464cdf8e9f6121070723736d2354ff60b41ca7b2e1ecf9fcdee437fd7bc15b94b00b9c46ec11010cd0c4683e83b8e3a7e73780c43f66171e8821e076ffb63db7a00e01513503ce3b5e5222342cb90101ba414eac8e23163850460cadca9e67c7fe3bc17efc6769b422b08f8922a4ef44e7967a79d37d06a3c37ea5c4bfaf1c70140973434a0fdb", &(0x7f00000002c0)="016d66", 0x7, 0x0, 0x9}, 0x50) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) sendmsg$SMC_PNETID_DEL(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x34, 0x0, 0x10, 0x70bd2c, 0x25dfdbff, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'macvlan1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x48081) r9 = socket$inet(0x2, 0x2, 0x1) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64=r9, @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x74, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r10}, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r12 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r12, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r11, {0x10, 0x4}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) pause() kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.72' (ED25519) to the list of known hosts. [ 57.066000][ T3305] cgroup: Unknown subsys name 'net' [ 57.072132][ T29] audit: type=1400 audit(1749488760.023:62): avc: denied { mounton } for pid=3305 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 57.097174][ T29] audit: type=1400 audit(1749488760.023:63): avc: denied { mount } for pid=3305 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 57.121246][ T29] audit: type=1400 audit(1749488760.023:64): avc: denied { unmount } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 57.264184][ T3305] cgroup: Unknown subsys name 'cpuset' [ 57.270591][ T3305] cgroup: Unknown subsys name 'rlimit' [ 57.423161][ T29] audit: type=1400 audit(1749488760.373:65): avc: denied { setattr } for pid=3305 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 57.451567][ T29] audit: type=1400 audit(1749488760.383:66): avc: denied { create } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 57.473812][ T29] audit: type=1400 audit(1749488760.383:67): avc: denied { write } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 57.495205][ T29] audit: type=1400 audit(1749488760.383:68): avc: denied { read } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 57.518396][ T29] audit: type=1400 audit(1749488760.383:69): avc: denied { mounton } for pid=3305 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 57.528284][ T3308] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 57.547673][ T29] audit: type=1400 audit(1749488760.383:70): avc: denied { mount } for pid=3305 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 57.584000][ T29] audit: type=1400 audit(1749488760.523:71): avc: denied { relabelto } for pid=3308 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 57.623484][ T3305] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 58.846592][ T3317] chnl_net:caif_netlink_parms(): no params data found [ 58.914426][ T3315] chnl_net:caif_netlink_parms(): no params data found [ 58.949685][ T3326] chnl_net:caif_netlink_parms(): no params data found [ 58.982767][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.990148][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.997427][ T3317] bridge_slave_0: entered allmulticast mode [ 59.004168][ T3317] bridge_slave_0: entered promiscuous mode [ 59.025011][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.032169][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.039744][ T3317] bridge_slave_1: entered allmulticast mode [ 59.046305][ T3317] bridge_slave_1: entered promiscuous mode [ 59.068583][ T3315] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.075913][ T3315] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.083407][ T3315] bridge_slave_0: entered allmulticast mode [ 59.090287][ T3315] bridge_slave_0: entered promiscuous mode [ 59.109703][ T3315] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.117208][ T3315] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.125005][ T3315] bridge_slave_1: entered allmulticast mode [ 59.132008][ T3315] bridge_slave_1: entered promiscuous mode [ 59.148462][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.161593][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.183519][ T3319] chnl_net:caif_netlink_parms(): no params data found [ 59.210525][ T3326] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.218928][ T3326] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.227156][ T3326] bridge_slave_0: entered allmulticast mode [ 59.234265][ T3326] bridge_slave_0: entered promiscuous mode [ 59.258669][ T3317] team0: Port device team_slave_0 added [ 59.264779][ T3326] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.272226][ T3326] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.279908][ T3326] bridge_slave_1: entered allmulticast mode [ 59.286672][ T3326] bridge_slave_1: entered promiscuous mode [ 59.293998][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.304565][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.324132][ T3317] team0: Port device team_slave_1 added [ 59.367633][ T3325] chnl_net:caif_netlink_parms(): no params data found [ 59.379190][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.386698][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.414132][ T3317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.427556][ T3326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.437970][ T3315] team0: Port device team_slave_0 added [ 59.444998][ T3315] team0: Port device team_slave_1 added [ 59.460489][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.467557][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.494297][ T3317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.508616][ T3326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.531906][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.539134][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.565362][ T3315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.598896][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.606024][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.634493][ T3315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.648680][ T3319] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.656647][ T3319] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.664557][ T3319] bridge_slave_0: entered allmulticast mode [ 59.671647][ T3319] bridge_slave_0: entered promiscuous mode [ 59.689513][ T3326] team0: Port device team_slave_0 added [ 59.705523][ T3319] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.713504][ T3319] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.720937][ T3319] bridge_slave_1: entered allmulticast mode [ 59.728368][ T3319] bridge_slave_1: entered promiscuous mode [ 59.737300][ T3317] hsr_slave_0: entered promiscuous mode [ 59.743871][ T3317] hsr_slave_1: entered promiscuous mode [ 59.750664][ T3326] team0: Port device team_slave_1 added [ 59.765795][ T3315] hsr_slave_0: entered promiscuous mode [ 59.771960][ T3315] hsr_slave_1: entered promiscuous mode [ 59.778002][ T3315] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.785625][ T3315] Cannot create hsr debugfs directory [ 59.825321][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.836053][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.851175][ T3326] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.858201][ T3326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.884992][ T3326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.896043][ T3325] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.903335][ T3325] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.910529][ T3325] bridge_slave_0: entered allmulticast mode [ 59.917279][ T3325] bridge_slave_0: entered promiscuous mode [ 59.948440][ T3326] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.955841][ T3326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.982536][ T3326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.993776][ T3325] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.001035][ T3325] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.008995][ T3325] bridge_slave_1: entered allmulticast mode [ 60.015822][ T3325] bridge_slave_1: entered promiscuous mode [ 60.023204][ T3319] team0: Port device team_slave_0 added [ 60.048080][ T3319] team0: Port device team_slave_1 added [ 60.077220][ T3325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.094466][ T3319] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.102535][ T3319] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.130971][ T3319] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.146818][ T3325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.171959][ T3319] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.179311][ T3319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.208604][ T3319] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.233308][ T3326] hsr_slave_0: entered promiscuous mode [ 60.239624][ T3326] hsr_slave_1: entered promiscuous mode [ 60.245909][ T3326] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.253937][ T3326] Cannot create hsr debugfs directory [ 60.296130][ T3325] team0: Port device team_slave_0 added [ 60.323010][ T3319] hsr_slave_0: entered promiscuous mode [ 60.329802][ T3319] hsr_slave_1: entered promiscuous mode [ 60.336021][ T3319] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.344157][ T3319] Cannot create hsr debugfs directory [ 60.350686][ T3325] team0: Port device team_slave_1 added [ 60.395323][ T3325] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.402406][ T3325] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.429543][ T3325] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.446828][ T3325] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.454429][ T3325] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.482854][ T3325] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.564910][ T3325] hsr_slave_0: entered promiscuous mode [ 60.571026][ T3325] hsr_slave_1: entered promiscuous mode [ 60.577416][ T3325] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.585339][ T3325] Cannot create hsr debugfs directory [ 60.597823][ T3315] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.607227][ T3315] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.624664][ T3315] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.640478][ T3315] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 60.677633][ T3317] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 60.686969][ T3317] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 60.702397][ T3317] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 60.719339][ T3317] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 60.759547][ T3326] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 60.784634][ T3326] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 60.807003][ T3326] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 60.817645][ T3326] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 60.862447][ T3319] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 60.879066][ T3319] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 60.897611][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.905799][ T3319] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 60.922871][ T3319] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 60.947920][ T3315] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.961353][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.969928][ T3325] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 60.986237][ T3325] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 60.998091][ T1072] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.006125][ T1072] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.016055][ T3325] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 61.026250][ T3325] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 61.044422][ T1072] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.053433][ T1072] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.066946][ T3317] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.089370][ T1072] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.096896][ T1072] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.115562][ T3326] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.135206][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.142381][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.165492][ T3326] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.190881][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.198339][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.207876][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.215162][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.254310][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.266672][ T3319] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.287255][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.294588][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.330679][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.337915][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.354112][ T3325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.387316][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.428454][ T3325] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.446292][ T3317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.458155][ T3326] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.474293][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.481509][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.509693][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.518399][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.555764][ T3319] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.609836][ T3315] veth0_vlan: entered promiscuous mode [ 61.654010][ T3315] veth1_vlan: entered promiscuous mode [ 61.685886][ T3315] veth0_macvtap: entered promiscuous mode [ 61.704211][ T3315] veth1_macvtap: entered promiscuous mode [ 61.744615][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.755133][ T3326] veth0_vlan: entered promiscuous mode [ 61.770307][ T3326] veth1_vlan: entered promiscuous mode [ 61.785338][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.801670][ T3317] veth0_vlan: entered promiscuous mode [ 61.819550][ T3317] veth1_vlan: entered promiscuous mode [ 61.826730][ T3315] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.836161][ T3315] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.845615][ T3315] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.854655][ T3315] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.878879][ T3325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.889921][ T3319] veth0_vlan: entered promiscuous mode [ 61.898997][ T3326] veth0_macvtap: entered promiscuous mode [ 61.907753][ T3326] veth1_macvtap: entered promiscuous mode [ 61.923018][ T3319] veth1_vlan: entered promiscuous mode [ 61.948669][ T3326] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.969135][ T3319] veth0_macvtap: entered promiscuous mode [ 61.976782][ T3317] veth0_macvtap: entered promiscuous mode [ 61.991180][ T3319] veth1_macvtap: entered promiscuous mode [ 62.000633][ T3317] veth1_macvtap: entered promiscuous mode [ 62.019236][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.028804][ T3326] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.054572][ T3326] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.064326][ T3326] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.065603][ T3315] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 62.074127][ T3326] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.099381][ T3326] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.112859][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.122560][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.138152][ T3319] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.147273][ T3319] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.156390][ T3319] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.166088][ T3319] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.184634][ T29] kauditd_printk_skb: 18 callbacks suppressed [ 62.184681][ T29] audit: type=1400 audit(1749488765.143:90): avc: denied { read write } for pid=3315 comm="syz-executor" name="loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 62.223477][ T3325] veth0_vlan: entered promiscuous mode [ 62.226202][ T29] audit: type=1400 audit(1749488765.143:91): avc: denied { open } for pid=3315 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 62.231915][ T3325] veth1_vlan: entered promiscuous mode [ 62.255255][ T29] audit: type=1400 audit(1749488765.143:92): avc: denied { ioctl } for pid=3315 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=100 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 62.255287][ T29] audit: type=1400 audit(1749488765.153:93): avc: denied { map_create } for pid=3482 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 62.264085][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.287502][ T29] audit: type=1400 audit(1749488765.153:94): avc: denied { map_read map_write } for pid=3482 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 62.336931][ T29] audit: type=1400 audit(1749488765.153:95): avc: denied { prog_load } for pid=3482 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 62.357125][ T29] audit: type=1400 audit(1749488765.153:96): avc: denied { bpf } for pid=3482 comm="syz.0.1" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 62.378973][ T29] audit: type=1400 audit(1749488765.153:97): avc: denied { perfmon } for pid=3482 comm="syz.0.1" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 62.401648][ T29] audit: type=1400 audit(1749488765.153:98): avc: denied { allowed } for pid=3482 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 62.424977][ T29] audit: type=1400 audit(1749488765.273:99): avc: denied { create } for pid=3482 comm="syz.0.1" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 62.462163][ T3317] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.471734][ T3317] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.480950][ T3317] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.490304][ T3317] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.514019][ C0] hrtimer: interrupt took 47086 ns [ 62.527604][ T3325] veth0_macvtap: entered promiscuous mode [ 62.538964][ T3485] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 62.569563][ T3325] veth1_macvtap: entered promiscuous mode [ 62.615417][ T3325] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.644139][ T3493] loop1: detected capacity change from 0 to 512 [ 62.656435][ T3325] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.661909][ T3492] netdevsim netdevsim3: Direct firmware load for ÈöníñÆgkNšÄq>ä*x(Oˆ@ failed with error -2 [ 62.674802][ T3493] ======================================================= [ 62.674802][ T3493] WARNING: The mand mount option has been deprecated and [ 62.674802][ T3493] and is ignored by this kernel. Remove the mand [ 62.674802][ T3493] option from the mount to silence this warning. [ 62.674802][ T3493] ======================================================= [ 62.716563][ T3325] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.725877][ T3325] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.735001][ T3325] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.744385][ T3325] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.756164][ T3493] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 62.788473][ T3493] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2: invalid indirect mapped block 4294967295 (level 1) [ 62.837264][ T3493] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2: invalid indirect mapped block 4294967295 (level 1) [ 62.853273][ T3503] FAULT_INJECTION: forcing a failure. [ 62.853273][ T3503] name failslab, interval 1, probability 0, space 0, times 1 [ 62.867754][ T3503] CPU: 0 UID: 0 PID: 3503 Comm: syz.3.7 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 62.867786][ T3503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 62.867807][ T3503] Call Trace: [ 62.867815][ T3503] [ 62.867824][ T3503] __dump_stack+0x1d/0x30 [ 62.867915][ T3503] dump_stack_lvl+0xe8/0x140 [ 62.867936][ T3503] dump_stack+0x15/0x1b [ 62.868022][ T3503] should_fail_ex+0x265/0x280 [ 62.868228][ T3503] ? tcp_sendmsg_fastopen+0x172/0x520 [ 62.868301][ T3503] should_failslab+0x8c/0xb0 [ 62.868325][ T3503] __kmalloc_cache_noprof+0x4c/0x320 [ 62.868359][ T3503] tcp_sendmsg_fastopen+0x172/0x520 [ 62.868457][ T3503] tcp_sendmsg_locked+0x27be/0x2cc0 [ 62.868496][ T3503] ? mntput_no_expire+0x6f/0x3c0 [ 62.868538][ T3503] ? mntput+0x4b/0x80 [ 62.868569][ T3503] ? __rcu_read_unlock+0x4f/0x70 [ 62.868610][ T3503] ? avc_has_perm_noaudit+0x1b1/0x200 [ 62.868674][ T3503] ? avc_has_perm+0xd3/0x150 [ 62.868804][ T3503] ? _raw_spin_unlock_bh+0x36/0x40 [ 62.868839][ T3503] ? __pfx_tcp_sendmsg+0x10/0x10 [ 62.868946][ T3503] tcp_sendmsg+0x2f/0x50 [ 62.868982][ T3503] inet6_sendmsg+0x76/0xd0 [ 62.869010][ T3503] __sock_sendmsg+0x8b/0x180 [ 62.869077][ T3503] __sys_sendto+0x268/0x330 [ 62.869134][ T3503] __x64_sys_sendto+0x76/0x90 [ 62.869186][ T3503] x64_sys_call+0x2eb6/0x2fb0 [ 62.869233][ T3503] do_syscall_64+0xd2/0x200 [ 62.869257][ T3503] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 62.869289][ T3503] ? clear_bhb_loop+0x40/0x90 [ 62.869321][ T3503] ? clear_bhb_loop+0x40/0x90 [ 62.869351][ T3503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.869407][ T3503] RIP: 0033:0x7f99eabde929 [ 62.869440][ T3503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.869464][ T3503] RSP: 002b:00007f99e9247038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 62.869492][ T3503] RAX: ffffffffffffffda RBX: 00007f99eae05fa0 RCX: 00007f99eabde929 [ 62.869508][ T3503] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003 [ 62.869524][ T3503] RBP: 00007f99e9247090 R08: 0000200000b63fe4 R09: 000000000000001c [ 62.869539][ T3503] R10: 0000000020000845 R11: 0000000000000246 R12: 0000000000000001 [ 62.869555][ T3503] R13: 0000000000000000 R14: 00007f99eae05fa0 R15: 00007ffd5712cc58 [ 62.869577][ T3503] [ 62.870502][ T3504] capability: warning: `syz.4.8' uses 32-bit capabilities (legacy support in use) [ 62.980079][ T3493] EXT4-fs (loop1): 2 truncates cleaned up [ 63.119422][ T3509] loop3: detected capacity change from 0 to 1024 [ 63.162011][ T3493] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.189930][ T3485] loop0: detected capacity change from 0 to 512 [ 63.211393][ T3485] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 63.223542][ T3509] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 63.279178][ T3509] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.300241][ T3493] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 63.309044][ T3515] loop2: detected capacity change from 0 to 1024 [ 63.318332][ T3518] FAULT_INJECTION: forcing a failure. [ 63.318332][ T3518] name failslab, interval 1, probability 0, space 0, times 0 [ 63.331175][ T3518] CPU: 1 UID: 0 PID: 3518 Comm: syz.4.10 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 63.331230][ T3518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 63.331306][ T3518] Call Trace: [ 63.331315][ T3518] [ 63.331324][ T3518] __dump_stack+0x1d/0x30 [ 63.331350][ T3518] dump_stack_lvl+0xe8/0x140 [ 63.331372][ T3518] dump_stack+0x15/0x1b [ 63.331388][ T3518] should_fail_ex+0x265/0x280 [ 63.331430][ T3518] ? nft_last_init+0x5a/0x180 [ 63.331491][ T3518] should_failslab+0x8c/0xb0 [ 63.331521][ T3518] __kmalloc_cache_noprof+0x4c/0x320 [ 63.331559][ T3518] nft_last_init+0x5a/0x180 [ 63.331585][ T3518] nf_tables_newrule+0xfaa/0x17a0 [ 63.331621][ T3518] ? __nla_parse+0x40/0x60 [ 63.331724][ T3518] nfnetlink_rcv+0xb96/0x1690 [ 63.331790][ T3518] netlink_unicast+0x5a1/0x670 [ 63.331833][ T3518] netlink_sendmsg+0x58b/0x6b0 [ 63.331940][ T3518] ? __pfx_netlink_sendmsg+0x10/0x10 [ 63.332037][ T3518] __sock_sendmsg+0x142/0x180 [ 63.332073][ T3518] ____sys_sendmsg+0x31e/0x4e0 [ 63.332104][ T3518] ___sys_sendmsg+0x17b/0x1d0 [ 63.332238][ T3518] __x64_sys_sendmsg+0xd4/0x160 [ 63.332272][ T3518] x64_sys_call+0x2999/0x2fb0 [ 63.332299][ T3518] do_syscall_64+0xd2/0x200 [ 63.332327][ T3518] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 63.332430][ T3518] ? clear_bhb_loop+0x40/0x90 [ 63.332583][ T3518] ? clear_bhb_loop+0x40/0x90 [ 63.332612][ T3518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.332640][ T3518] RIP: 0033:0x7fa23db0e929 [ 63.332655][ T3518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.332673][ T3518] RSP: 002b:00007fa23c156038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.332736][ T3518] RAX: ffffffffffffffda RBX: 00007fa23dd36080 RCX: 00007fa23db0e929 [ 63.332752][ T3518] RDX: 0000000000004000 RSI: 0000200000000180 RDI: 0000000000000004 [ 63.332767][ T3518] RBP: 00007fa23c156090 R08: 0000000000000000 R09: 0000000000000000 [ 63.332783][ T3518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 63.332798][ T3518] R13: 0000000000000000 R14: 00007fa23dd36080 R15: 00007ffcc2aca558 [ 63.332822][ T3518] [ 63.349371][ T3493] EXT4-fs error (device loop1): ext4_get_parent:1834: inode #11: comm syz.1.2: bad parent inode number: 3 [ 63.363217][ T3515] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.439354][ T3485] EXT4-fs (loop0): mounted filesystem 00000009-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.495774][ T3515] syzkaller1: entered promiscuous mode [ 63.512739][ T3485] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.523528][ T3515] syzkaller1: entered allmulticast mode [ 63.561125][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.660978][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.693911][ T3518] syz.4.10 (3518) used greatest stack depth: 10856 bytes left [ 63.737371][ T2998] udevd[2998]: worker [3307] terminated by signal 33 (Unknown signal 33) [ 63.780071][ T3315] EXT4-fs (loop0): unmounting filesystem 00000009-0000-0000-0000-000000000000. [ 63.897803][ T3538] netlink: 8 bytes leftover after parsing attributes in process `syz.1.19'. [ 63.907132][ T3538] FAULT_INJECTION: forcing a failure. [ 63.907132][ T3538] name failslab, interval 1, probability 0, space 0, times 0 [ 63.920848][ T3538] CPU: 1 UID: 0 PID: 3538 Comm: syz.1.19 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 63.920876][ T3538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 63.920892][ T3538] Call Trace: [ 63.920899][ T3538] [ 63.920910][ T3538] __dump_stack+0x1d/0x30 [ 63.920977][ T3538] dump_stack_lvl+0xe8/0x140 [ 63.920998][ T3538] dump_stack+0x15/0x1b [ 63.921017][ T3538] should_fail_ex+0x265/0x280 [ 63.921060][ T3538] should_failslab+0x8c/0xb0 [ 63.921106][ T3538] kmem_cache_alloc_noprof+0x50/0x310 [ 63.921138][ T3538] ? skb_clone+0x151/0x1f0 [ 63.921165][ T3538] skb_clone+0x151/0x1f0 [ 63.921193][ T3538] __netlink_deliver_tap+0x2c9/0x500 [ 63.921229][ T3538] __netlink_sendskb+0xc3/0xd0 [ 63.921266][ T3538] netlink_dump+0x698/0x7f0 [ 63.921331][ T3538] __netlink_dump_start+0x43e/0x520 [ 63.921355][ T3538] ? __pfx_rtnl_dump_all+0x10/0x10 [ 63.921385][ T3538] rtnetlink_rcv_msg+0x552/0x6d0 [ 63.921417][ T3538] ? __pfx_rtnl_dump_all+0x10/0x10 [ 63.921524][ T3538] ? __pfx_rtnl_dumpit+0x10/0x10 [ 63.921556][ T3538] ? __pfx_rtnl_dump_all+0x10/0x10 [ 63.921599][ T3538] netlink_rcv_skb+0x120/0x220 [ 63.921622][ T3538] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 63.921670][ T3538] rtnetlink_rcv+0x1c/0x30 [ 63.921700][ T3538] netlink_unicast+0x5a1/0x670 [ 63.921823][ T3538] netlink_sendmsg+0x58b/0x6b0 [ 63.921874][ T3538] ? __pfx_netlink_sendmsg+0x10/0x10 [ 63.921925][ T3538] __sock_sendmsg+0x142/0x180 [ 63.921955][ T3538] ____sys_sendmsg+0x31e/0x4e0 [ 63.922050][ T3538] ___sys_sendmsg+0x17b/0x1d0 [ 63.922091][ T3538] __x64_sys_sendmsg+0xd4/0x160 [ 63.922119][ T3538] x64_sys_call+0x2999/0x2fb0 [ 63.922149][ T3538] do_syscall_64+0xd2/0x200 [ 63.922172][ T3538] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 63.922198][ T3538] ? clear_bhb_loop+0x40/0x90 [ 63.922323][ T3538] ? clear_bhb_loop+0x40/0x90 [ 63.922350][ T3538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.922374][ T3538] RIP: 0033:0x7f951985e929 [ 63.922393][ T3538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.922493][ T3538] RSP: 002b:00007f9517ec7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.922511][ T3538] RAX: ffffffffffffffda RBX: 00007f9519a85fa0 RCX: 00007f951985e929 [ 63.922524][ T3538] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 63.922537][ T3538] RBP: 00007f9517ec7090 R08: 0000000000000000 R09: 0000000000000000 [ 63.922613][ T3538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 63.922628][ T3538] R13: 0000000000000000 R14: 00007f9519a85fa0 R15: 00007ffdd3793b68 [ 63.922650][ T3538] [ 64.216172][ T3541] loop4: detected capacity change from 0 to 512 [ 64.238734][ T3541] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 64.270378][ T3541] EXT4-fs (loop4): orphan cleanup on readonly fs [ 64.282273][ T3541] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.18: bg 0: block 248: padding at end of block bitmap is not set [ 64.304217][ T3541] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.18: Failed to acquire dquot type 1 [ 64.318062][ T3541] EXT4-fs (loop4): 1 truncate cleaned up [ 64.370515][ T3541] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 64.460973][ T3550] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 64.468586][ T3550] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 64.483549][ T3550] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 64.491682][ T3550] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 64.500709][ T3552] tmpfs: Bad value for 'mpol' [ 64.529140][ T3553] loop0: detected capacity change from 0 to 1024 [ 64.539313][ T3553] EXT4-fs: Invalid want_extra_isize 0 [ 64.593747][ T3555] loop1: detected capacity change from 0 to 128 [ 64.621136][ T3555] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 64.653726][ T3555] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 64.709512][ T3559] netlink: 'syz.1.26': attribute type 21 has an invalid length. [ 64.718986][ T3541] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.722711][ T3559] netlink: 132 bytes leftover after parsing attributes in process `syz.1.26'. [ 64.743945][ T3541] syz.4.18 (3541) used greatest stack depth: 9304 bytes left [ 64.821375][ T3562] netlink: 68 bytes leftover after parsing attributes in process `syz.3.27'. [ 64.856333][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.869115][ T3564] loop1: detected capacity change from 0 to 512 [ 64.880168][ T3564] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 64.880366][ T3564] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.910644][ T3569] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29'. [ 64.912138][ T3564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 64.932626][ T3564] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 64.961062][ T3574] netlink: 'syz.2.30': attribute type 21 has an invalid length. [ 64.961104][ T3574] netlink: 132 bytes leftover after parsing attributes in process `syz.2.30'. [ 65.155375][ T3581] geneve0: entered allmulticast mode [ 65.224726][ T3581] loop2: detected capacity change from 0 to 2048 [ 65.324932][ T3585] netlink: 12 bytes leftover after parsing attributes in process `syz.2.35'. [ 65.471017][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.522135][ T3594] loop3: detected capacity change from 0 to 512 [ 65.541940][ T3594] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 65.560137][ T3598] netlink: 2036 bytes leftover after parsing attributes in process `syz.2.37'. [ 65.561268][ T3594] EXT4-fs (loop3): mount failed [ 65.570646][ T3598] netlink: 24 bytes leftover after parsing attributes in process `syz.2.37'. [ 65.697630][ T3605] netlink: 'syz.3.41': attribute type 21 has an invalid length. [ 65.708233][ T3605] netlink: 132 bytes leftover after parsing attributes in process `syz.3.41'. [ 65.965261][ T3617] 9pnet: Could not find request transport: fd0x0000000000000003 [ 66.032891][ T3620] 9pnet_fd: Insufficient options for proto=fd [ 66.050651][ T3622] loop0: detected capacity change from 0 to 512 [ 66.067984][ T3622] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 66.082155][ T3622] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 66.131941][ T3622] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 66.157624][ T3627] FAULT_INJECTION: forcing a failure. [ 66.157624][ T3627] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 66.171937][ T3627] CPU: 0 UID: 0 PID: 3627 Comm: syz.1.49 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 66.171967][ T3627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 66.172062][ T3627] Call Trace: [ 66.172071][ T3627] [ 66.172081][ T3627] __dump_stack+0x1d/0x30 [ 66.172109][ T3627] dump_stack_lvl+0xe8/0x140 [ 66.172134][ T3627] dump_stack+0x15/0x1b [ 66.172151][ T3627] should_fail_ex+0x265/0x280 [ 66.172270][ T3627] should_fail+0xb/0x20 [ 66.172305][ T3627] should_fail_usercopy+0x1a/0x20 [ 66.172325][ T3627] _copy_to_user+0x20/0xa0 [ 66.172372][ T3627] simple_read_from_buffer+0xb5/0x130 [ 66.172419][ T3627] proc_fail_nth_read+0x100/0x140 [ 66.172502][ T3627] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 66.172526][ T3627] vfs_read+0x19d/0x6f0 [ 66.172542][ T3627] ? kmem_cache_free+0xdf/0x300 [ 66.172577][ T3627] ? __rcu_read_unlock+0x4f/0x70 [ 66.172649][ T3627] ? __fget_files+0x184/0x1c0 [ 66.172749][ T3627] ksys_read+0xda/0x1a0 [ 66.172774][ T3627] __x64_sys_read+0x40/0x50 [ 66.172856][ T3627] x64_sys_call+0x2d77/0x2fb0 [ 66.172885][ T3627] do_syscall_64+0xd2/0x200 [ 66.172912][ T3627] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 66.172947][ T3627] ? clear_bhb_loop+0x40/0x90 [ 66.172975][ T3627] ? clear_bhb_loop+0x40/0x90 [ 66.173052][ T3627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.173075][ T3627] RIP: 0033:0x7f951985d33c [ 66.173226][ T3627] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 66.173244][ T3627] RSP: 002b:00007f9517ec7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 66.173266][ T3627] RAX: ffffffffffffffda RBX: 00007f9519a85fa0 RCX: 00007f951985d33c [ 66.173354][ T3627] RDX: 000000000000000f RSI: 00007f9517ec70a0 RDI: 0000000000000004 [ 66.173390][ T3627] RBP: 00007f9517ec7090 R08: 0000000000000000 R09: 0000000000000000 [ 66.173407][ T3627] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001 [ 66.173423][ T3627] R13: 0000000000000000 R14: 00007f9519a85fa0 R15: 00007ffdd3793b68 [ 66.173510][ T3627] [ 66.401854][ T3622] EXT4-fs (loop0): 1 truncate cleaned up [ 66.408437][ T3622] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 66.423506][ T3622] EXT4-fs (loop0): shut down requested (2) [ 66.430084][ T3622] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 66.449408][ T3622] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 66.459657][ T3622] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=15 [ 66.480525][ T3622] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=13 [ 66.510226][ T3622] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 66.557579][ T3622] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=15 [ 66.586171][ T3622] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 66.613206][ T3622] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=13 [ 66.622798][ T3631] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=15 [ 66.634933][ T3631] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=15 [ 66.742435][ T3631] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=15 [ 66.763935][ T3631] 9pnet_fd: Insufficient options for proto=fd [ 66.830539][ T3642] loop2: detected capacity change from 0 to 512 [ 67.213533][ T3642] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 67.226022][ T3642] EXT4-fs (loop2): 1 truncate cleaned up [ 67.232583][ T3642] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 67.286347][ T29] kauditd_printk_skb: 140 callbacks suppressed [ 67.286366][ T29] audit: type=1400 audit(1749488770.243:237): avc: denied { setattr } for pid=3632 comm="syz.2.51" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 67.320754][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.345533][ T3649] FAULT_INJECTION: forcing a failure. [ 67.345533][ T3649] name failslab, interval 1, probability 0, space 0, times 0 [ 67.358609][ T3649] CPU: 0 UID: 0 PID: 3649 Comm: syz.1.57 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 67.358671][ T3649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 67.358687][ T3649] Call Trace: [ 67.358695][ T3649] [ 67.358704][ T3649] __dump_stack+0x1d/0x30 [ 67.358730][ T3649] dump_stack_lvl+0xe8/0x140 [ 67.358759][ T3649] dump_stack+0x15/0x1b [ 67.358780][ T3649] should_fail_ex+0x265/0x280 [ 67.358843][ T3649] should_failslab+0x8c/0xb0 [ 67.358874][ T3649] __kmalloc_noprof+0xa5/0x3e0 [ 67.358908][ T3649] ? nft_set_elem_expr_alloc+0xcf/0x330 [ 67.359043][ T3649] nft_set_elem_expr_alloc+0xcf/0x330 [ 67.359090][ T3649] nf_tables_newsetelem+0x10ed/0x29b0 [ 67.359154][ T3649] nfnetlink_rcv+0xb96/0x1690 [ 67.359234][ T3649] netlink_unicast+0x5a1/0x670 [ 67.359274][ T3649] netlink_sendmsg+0x58b/0x6b0 [ 67.359305][ T3649] ? __pfx_netlink_sendmsg+0x10/0x10 [ 67.359330][ T3649] __sock_sendmsg+0x142/0x180 [ 67.359421][ T3649] ____sys_sendmsg+0x31e/0x4e0 [ 67.359512][ T3649] ___sys_sendmsg+0x17b/0x1d0 [ 67.359557][ T3649] __x64_sys_sendmsg+0xd4/0x160 [ 67.359591][ T3649] x64_sys_call+0x2999/0x2fb0 [ 67.359620][ T3649] do_syscall_64+0xd2/0x200 [ 67.359713][ T3649] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 67.359756][ T3649] ? clear_bhb_loop+0x40/0x90 [ 67.359784][ T3649] ? clear_bhb_loop+0x40/0x90 [ 67.359809][ T3649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.359830][ T3649] RIP: 0033:0x7f951985e929 [ 67.359903][ T3649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.359921][ T3649] RSP: 002b:00007f9517ec7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 67.359939][ T3649] RAX: ffffffffffffffda RBX: 00007f9519a85fa0 RCX: 00007f951985e929 [ 67.359955][ T3649] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000006 [ 67.359970][ T3649] RBP: 00007f9517ec7090 R08: 0000000000000000 R09: 0000000000000000 [ 67.359984][ T3649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 67.359998][ T3649] R13: 0000000000000000 R14: 00007f9519a85fa0 R15: 00007ffdd3793b68 [ 67.360086][ T3649] [ 67.590920][ T29] audit: type=1400 audit(1749488770.273:238): avc: denied { watch watch_reads } for pid=3632 comm="syz.2.51" path="/10/file2/file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 67.624876][ T3653] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 67.632793][ T3653] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 67.640378][ T29] audit: type=1326 audit(1749488770.583:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db0e929 code=0x7ffc0000 [ 67.664923][ T29] audit: type=1326 audit(1749488770.583:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db0e929 code=0x7ffc0000 [ 67.689043][ T29] audit: type=1326 audit(1749488770.583:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fa23db0e929 code=0x7ffc0000 [ 67.712555][ T29] audit: type=1326 audit(1749488770.583:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db0e929 code=0x7ffc0000 [ 67.712678][ T3654] loop3: detected capacity change from 0 to 1024 [ 67.737068][ T29] audit: type=1326 audit(1749488770.583:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db0e929 code=0x7ffc0000 [ 67.762314][ T3654] EXT4-fs: Invalid want_extra_isize 0 [ 67.766824][ T29] audit: type=1326 audit(1749488770.583:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa23db0e929 code=0x7ffc0000 [ 67.796679][ T29] audit: type=1326 audit(1749488770.583:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db0e929 code=0x7ffc0000 [ 67.805276][ T3659] 9pnet_fd: Insufficient options for proto=fd [ 67.820585][ T29] audit: type=1326 audit(1749488770.583:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db0e929 code=0x7ffc0000 [ 67.868458][ T3653] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 67.876303][ T3653] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 67.893972][ T3661] loop4: detected capacity change from 0 to 1024 [ 67.902487][ T3662] netlink: 20 bytes leftover after parsing attributes in process `syz.0.56'. [ 67.907439][ T3664] loop1: detected capacity change from 0 to 1024 [ 67.924296][ T3657] bond1: entered promiscuous mode [ 67.929531][ T3657] bond1: entered allmulticast mode [ 67.945431][ T3657] 8021q: adding VLAN 0 to HW filter on device bond1 [ 68.006055][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.018583][ T3657] bond1 (unregistering): Released all slaves [ 68.056883][ T3664] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 68.082883][ T3672] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 68.136298][ T3664] syzkaller1: entered promiscuous mode [ 68.141986][ T3664] syzkaller1: entered allmulticast mode [ 68.432988][ T3686] loop2: detected capacity change from 0 to 512 [ 68.444692][ T3686] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 68.456838][ T3688] loop4: detected capacity change from 0 to 512 [ 68.479151][ T3686] EXT4-fs (loop2): orphan cleanup on readonly fs [ 68.490654][ T3688] EXT4-fs (loop4): can't mount with data=, fs mounted w/o journal [ 68.539324][ T3686] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.68: bg 0: block 248: padding at end of block bitmap is not set [ 68.639887][ T3686] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.68: Failed to acquire dquot type 1 [ 68.677665][ T3686] EXT4-fs (loop2): 1 truncate cleaned up [ 68.687698][ T3686] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 68.842358][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.882919][ T3694] loop0: detected capacity change from 0 to 512 [ 68.917965][ T3694] EXT4-fs (loop0): can't mount with data=, fs mounted w/o journal [ 69.038539][ T3703] bond1: entered promiscuous mode [ 69.044343][ T3703] bond1: entered allmulticast mode [ 69.063718][ T3703] 8021q: adding VLAN 0 to HW filter on device bond1 [ 69.086721][ T3703] bond1 (unregistering): Released all slaves [ 69.103860][ T3706] loop1: detected capacity change from 0 to 1024 [ 69.176236][ T3686] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.299100][ T3709] FAULT_INJECTION: forcing a failure. [ 69.299100][ T3709] name failslab, interval 1, probability 0, space 0, times 0 [ 69.312576][ T3709] CPU: 0 UID: 0 PID: 3709 Comm: syz.4.73 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 69.312609][ T3709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 69.312673][ T3709] Call Trace: [ 69.312680][ T3709] [ 69.312688][ T3709] __dump_stack+0x1d/0x30 [ 69.312711][ T3709] dump_stack_lvl+0xe8/0x140 [ 69.312729][ T3709] dump_stack+0x15/0x1b [ 69.312825][ T3709] should_fail_ex+0x265/0x280 [ 69.312862][ T3709] should_failslab+0x8c/0xb0 [ 69.312885][ T3709] kmem_cache_alloc_noprof+0x50/0x310 [ 69.312976][ T3709] ? dst_alloc+0xbd/0x100 [ 69.313008][ T3709] dst_alloc+0xbd/0x100 [ 69.313026][ T3709] ip_route_output_key_hash_rcu+0xf16/0x1440 [ 69.313118][ T3709] ip_route_output_key_hash+0x7a/0xb0 [ 69.313156][ T3709] vti6_tnl_xmit+0x859/0xe60 [ 69.313193][ T3709] dev_hard_start_xmit+0x122/0x3e0 [ 69.313308][ T3709] __dev_queue_xmit+0x10b9/0x1fb0 [ 69.313330][ T3709] ? __dev_queue_xmit+0x182/0x1fb0 [ 69.313409][ T3709] ? __kmalloc_node_track_caller_noprof+0x370/0x410 [ 69.313439][ T3709] ? pskb_expand_head+0x100/0x850 [ 69.313462][ T3709] ? skb_release_data+0x34a/0x370 [ 69.313490][ T3709] ? pskb_expand_head+0x6ab/0x850 [ 69.313527][ T3709] __bpf_redirect+0x67f/0x990 [ 69.313590][ T3709] bpf_clone_redirect+0x18e/0x200 [ 69.313614][ T3709] bpf_prog_6893982b85ceadf7+0x5f/0x68 [ 69.313699][ T3709] ? obj_cgroup_charge_account+0x122/0x1a0 [ 69.313732][ T3709] ? should_fail_ex+0x30/0x280 [ 69.313765][ T3709] ? __rcu_read_unlock+0x4f/0x70 [ 69.313865][ T3709] ? avc_has_perm_noaudit+0x1b1/0x200 [ 69.313898][ T3709] ? avc_has_perm+0xd3/0x150 [ 69.314008][ T3709] ? __rcu_read_unlock+0x4f/0x70 [ 69.314036][ T3709] ? is_bpf_text_address+0x141/0x160 [ 69.314138][ T3709] ? kernel_text_address+0x94/0xb0 [ 69.314163][ T3709] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 69.314202][ T3709] ? __kernel_text_address+0xd/0x40 [ 69.314228][ T3709] ? unwind_get_return_address+0x16/0x40 [ 69.314268][ T3709] ? arch_stack_walk+0xfc/0x150 [ 69.314299][ T3709] ? __list_add_valid_or_report+0x38/0xe0 [ 69.314332][ T3709] ? _raw_spin_unlock_irqrestore+0x2b/0x60 [ 69.314369][ T3709] ? stack_depot_save_flags+0xa6a/0xb60 [ 69.314474][ T3709] ? bpf_test_timer_continue+0xc0/0x260 [ 69.314497][ T3709] bpf_test_run+0x1e3/0x490 [ 69.314521][ T3709] ? __list_add_valid_or_report+0x38/0xe0 [ 69.314654][ T3709] ? bpf_test_run+0xf6/0x490 [ 69.314687][ T3709] bpf_prog_test_run_skb+0x834/0xbd0 [ 69.314720][ T3709] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 69.314746][ T3709] bpf_prog_test_run+0x227/0x390 [ 69.314846][ T3709] __sys_bpf+0x3dc/0x790 [ 69.314887][ T3709] __x64_sys_bpf+0x41/0x50 [ 69.314915][ T3709] x64_sys_call+0x2478/0x2fb0 [ 69.314936][ T3709] do_syscall_64+0xd2/0x200 [ 69.314991][ T3709] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 69.315018][ T3709] ? clear_bhb_loop+0x40/0x90 [ 69.315056][ T3709] ? clear_bhb_loop+0x40/0x90 [ 69.315086][ T3709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.315109][ T3709] RIP: 0033:0x7fa23db0e929 [ 69.315124][ T3709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.315147][ T3709] RSP: 002b:00007fa23c177038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 69.315228][ T3709] RAX: ffffffffffffffda RBX: 00007fa23dd35fa0 RCX: 00007fa23db0e929 [ 69.315242][ T3709] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 69.315254][ T3709] RBP: 00007fa23c177090 R08: 0000000000000000 R09: 0000000000000000 [ 69.315304][ T3709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 69.315319][ T3709] R13: 0000000000000000 R14: 00007fa23dd35fa0 R15: 00007ffcc2aca558 [ 69.315344][ T3709] [ 69.759145][ T3714] netlink: 'syz.4.75': attribute type 10 has an invalid length. [ 69.787637][ T3714] veth0_macvtap: left promiscuous mode [ 69.799495][ T3714] veth0_macvtap: entered promiscuous mode [ 69.816789][ T3719] netlink: 8 bytes leftover after parsing attributes in process `syz.4.75'. [ 69.839997][ T3714] team0: Device macvtap0 failed to register rx_handler [ 69.874258][ T3725] loop3: detected capacity change from 0 to 512 [ 69.893235][ T3714] veth0_macvtap: left promiscuous mode [ 69.920083][ T3725] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 69.943200][ T3721] netlink: 32 bytes leftover after parsing attributes in process `syz.1.79'. [ 69.961045][ T3714] vlan2: entered allmulticast mode [ 69.975721][ T3725] EXT4-fs (loop3): orphan cleanup on readonly fs [ 70.004484][ T3725] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.74: bg 0: block 248: padding at end of block bitmap is not set [ 70.036475][ T3725] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.74: Failed to acquire dquot type 1 [ 70.075031][ T3725] EXT4-fs (loop3): 1 truncate cleaned up [ 70.113506][ T3725] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 70.168775][ T3714] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 70.188665][ T3714] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 70.467368][ T3749] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 70.475972][ T3749] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 70.504257][ T3749] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 70.512893][ T3749] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 70.538623][ T3753] loop1: detected capacity change from 0 to 1024 [ 70.560875][ T3753] EXT4-fs: Invalid want_extra_isize 0 [ 70.781134][ T3764] process 'syz.4.92' launched './file0' with NULL argv: empty string added [ 70.895179][ T3766] netlink: 12 bytes leftover after parsing attributes in process `syz.4.93'. [ 70.927733][ T3766] ÿÿÿÿÿÿ: renamed from vlan1 (while UP) [ 71.064124][ T3774] xt_hashlimit: invalid interval [ 71.071605][ T3774] syz.0.97: attempt to access beyond end of device [ 71.071605][ T3774] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 71.164489][ T3777] 9pnet_fd: Insufficient options for proto=fd [ 71.198017][ T3779] 9pnet_fd: Insufficient options for proto=fd [ 71.255318][ T3783] 9pnet_fd: Insufficient options for proto=fd [ 71.288038][ T3787] FAULT_INJECTION: forcing a failure. [ 71.288038][ T3787] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 71.294306][ T3786] netlink: 16 bytes leftover after parsing attributes in process `syz.1.98'. [ 71.301534][ T3787] CPU: 0 UID: 0 PID: 3787 Comm: syz.4.104 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 71.301657][ T3787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 71.301675][ T3787] Call Trace: [ 71.301685][ T3787] [ 71.301703][ T3787] __dump_stack+0x1d/0x30 [ 71.301733][ T3787] dump_stack_lvl+0xe8/0x140 [ 71.301788][ T3787] dump_stack+0x15/0x1b [ 71.301810][ T3787] should_fail_ex+0x265/0x280 [ 71.301925][ T3787] should_fail+0xb/0x20 [ 71.301970][ T3787] should_fail_usercopy+0x1a/0x20 [ 71.301999][ T3787] _copy_from_user+0x1c/0xb0 [ 71.302034][ T3787] copy_clone_args_from_user+0x14f/0x490 [ 71.302121][ T3787] ? kstrtouint+0x76/0xc0 [ 71.302215][ T3787] __se_sys_clone3+0x6f/0x200 [ 71.302269][ T3787] __x64_sys_clone3+0x31/0x40 [ 71.302307][ T3787] x64_sys_call+0x10c9/0x2fb0 [ 71.302338][ T3787] do_syscall_64+0xd2/0x200 [ 71.302388][ T3787] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 71.302425][ T3787] ? clear_bhb_loop+0x40/0x90 [ 71.302455][ T3787] ? clear_bhb_loop+0x40/0x90 [ 71.302488][ T3787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.302558][ T3787] RIP: 0033:0x7fa23db0e929 [ 71.302581][ T3787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.302607][ T3787] RSP: 002b:00007fa23c176f08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 71.302632][ T3787] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fa23db0e929 [ 71.302651][ T3787] RDX: 00007fa23c176f20 RSI: 0000000000000058 RDI: 00007fa23c176f20 [ 71.302668][ T3787] RBP: 00007fa23c177090 R08: 0000000000000000 R09: 0000000000000058 [ 71.302717][ T3787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 71.302734][ T3787] R13: 0000000000000000 R14: 00007fa23dd35fa0 R15: 00007ffcc2aca558 [ 71.302798][ T3787] [ 71.546807][ T3793] loop4: detected capacity change from 0 to 8192 [ 71.600152][ T3799] netlink: 8 bytes leftover after parsing attributes in process `syz.0.106'. [ 71.665816][ T3803] loop0: detected capacity change from 0 to 512 [ 71.693363][ T3803] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 71.720498][ T3807] loop1: detected capacity change from 0 to 1024 [ 71.732760][ T3803] loop0: detected capacity change from 0 to 512 [ 71.748951][ T3807] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.773012][ T3803] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 71.792552][ T3803] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.108: invalid indirect mapped block 2683928664 (level 1) [ 71.795291][ T3807] syzkaller1: entered promiscuous mode [ 71.812711][ T3807] syzkaller1: entered allmulticast mode [ 71.823136][ T3803] EXT4-fs (loop0): Remounting filesystem read-only [ 71.833317][ T3803] EXT4-fs (loop0): 1 truncate cleaned up [ 71.839523][ T3803] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.907383][ T1086] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.999139][ T1086] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.131884][ T1086] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.236094][ T1086] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.286665][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.356180][ T3824] netlink: 'syz.0.114': attribute type 1 has an invalid length. [ 72.364355][ T3824] netlink: 154788 bytes leftover after parsing attributes in process `syz.0.114'. [ 72.373927][ T1086] bridge_slave_1: left allmulticast mode [ 72.379628][ T1086] bridge_slave_1: left promiscuous mode [ 72.385392][ T1086] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.403670][ T1086] bridge_slave_0: left promiscuous mode [ 72.408516][ T29] kauditd_printk_skb: 272 callbacks suppressed [ 72.408535][ T29] audit: type=1400 audit(1749488775.363:515): avc: denied { mounton } for pid=3822 comm="syz.0.114" path="/proc/75/cgroup" dev="proc" ino=5568 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 72.409819][ T1086] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.642620][ T1086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 72.688070][ T1086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 72.709406][ T1086] bond0 (unregistering): Released all slaves [ 72.768751][ T3833] loop0: detected capacity change from 0 to 1024 [ 72.776794][ T3833] EXT4-fs: Invalid want_extra_isize 0 [ 72.797033][ T1086] hsr_slave_0: left promiscuous mode [ 72.809574][ T1086] hsr_slave_1: left promiscuous mode [ 72.821909][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 72.830031][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 72.868100][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 72.869482][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.876226][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 72.898314][ T1086] veth1_macvtap: left promiscuous mode [ 72.906404][ T1086] veth1_vlan: left promiscuous mode [ 72.912292][ T1086] veth0_vlan: left promiscuous mode [ 73.122332][ T1086] team0 (unregistering): Port device team_slave_1 removed [ 73.143713][ T1086] team0 (unregistering): Port device team_slave_0 removed [ 73.287923][ T3814] chnl_net:caif_netlink_parms(): no params data found [ 73.316195][ T29] audit: type=1400 audit(1749488776.273:516): avc: denied { setopt } for pid=3860 comm="syz.1.127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 73.317682][ T3862] loop1: detected capacity change from 0 to 128 [ 73.434754][ T3867] loop2: detected capacity change from 0 to 512 [ 73.448613][ T3814] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.455978][ T3814] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.463653][ T3867] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.488472][ T3867] EXT4-fs (loop2): orphan cleanup on readonly fs [ 73.509318][ T3814] bridge_slave_0: entered allmulticast mode [ 73.539058][ T3867] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.126: bg 0: block 248: padding at end of block bitmap is not set [ 73.557786][ T3814] bridge_slave_0: entered promiscuous mode [ 73.577024][ T3862] syz.1.127: attempt to access beyond end of device [ 73.577024][ T3862] loop1: rw=2049, sector=137, nr_sectors = 8 limit=128 [ 73.593805][ T3814] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.601897][ T3814] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.620032][ T3867] Quota error (device loop2): write_blk: dquota write failed [ 73.628765][ T3867] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 73.640435][ T3867] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.126: Failed to acquire dquot type 1 [ 73.663195][ T3862] syz.1.127: attempt to access beyond end of device [ 73.663195][ T3862] loop1: rw=2049, sector=153, nr_sectors = 8 limit=128 [ 73.677975][ T3814] bridge_slave_1: entered allmulticast mode [ 73.693845][ T3814] bridge_slave_1: entered promiscuous mode [ 73.702460][ T3862] syz.1.127: attempt to access beyond end of device [ 73.702460][ T3862] loop1: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 73.712075][ T3875] loop0: detected capacity change from 0 to 512 [ 73.743249][ T3862] syz.1.127: attempt to access beyond end of device [ 73.743249][ T3862] loop1: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 73.758758][ T3814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.769202][ T3867] EXT4-fs (loop2): 1 truncate cleaned up [ 73.779570][ T3867] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 73.803201][ T3862] syz.1.127: attempt to access beyond end of device [ 73.803201][ T3862] loop1: rw=2049, sector=201, nr_sectors = 8 limit=128 [ 73.835601][ T3814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.863109][ T3875] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.878300][ T3862] syz.1.127: attempt to access beyond end of device [ 73.878300][ T3862] loop1: rw=2049, sector=217, nr_sectors = 8 limit=128 [ 73.927906][ T3875] EXT4-fs (loop0): orphan cleanup on readonly fs [ 73.936231][ T3814] team0: Port device team_slave_0 added [ 73.944961][ T3814] team0: Port device team_slave_1 added [ 73.955334][ T3862] syz.1.127: attempt to access beyond end of device [ 73.955334][ T3862] loop1: rw=2049, sector=233, nr_sectors = 8 limit=128 [ 74.010698][ T3814] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.019237][ T3814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.049612][ T3814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.074738][ T3862] syz.1.127: attempt to access beyond end of device [ 74.074738][ T3862] loop1: rw=2049, sector=249, nr_sectors = 8 limit=128 [ 74.110694][ T3875] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.124: bg 0: block 248: padding at end of block bitmap is not set [ 74.126294][ T3862] syz.1.127: attempt to access beyond end of device [ 74.126294][ T3862] loop1: rw=2049, sector=265, nr_sectors = 8 limit=128 [ 74.179510][ T3875] Quota error (device loop0): write_blk: dquota write failed [ 74.188277][ T3875] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 74.199125][ T3875] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.124: Failed to acquire dquot type 1 [ 74.213567][ T3814] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.221406][ T3814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.251657][ T3814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.265577][ T3875] EXT4-fs (loop0): 1 truncate cleaned up [ 74.272794][ T3875] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 74.287039][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.298408][ T3867] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.340342][ T3814] hsr_slave_0: entered promiscuous mode [ 74.350564][ T3814] hsr_slave_1: entered promiscuous mode [ 74.607388][ T3888] loop1: detected capacity change from 0 to 512 [ 74.676371][ T3888] EXT4-fs (loop1): 1 orphan inode deleted [ 74.700436][ T3888] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.753683][ T3888] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 74.796468][ T29] audit: type=1400 audit(1749488777.753:517): avc: denied { read } for pid=3886 comm="syz.1.129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 74.871927][ T1086] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 74.881984][ T1086] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:6: Failed to release dquot type 1 [ 74.907228][ T3814] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 74.915235][ T3893] netlink: 'syz.3.130': attribute type 10 has an invalid length. [ 74.935083][ T3814] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 74.955194][ T3893] veth0_macvtap: left promiscuous mode [ 74.958837][ T3894] netlink: 8 bytes leftover after parsing attributes in process `syz.3.130'. [ 74.971975][ T3893] veth0_macvtap: entered promiscuous mode [ 74.983079][ T3893] team0: Device macvtap0 failed to register rx_handler [ 75.000823][ T3893] veth0_macvtap: left promiscuous mode [ 75.009609][ T3814] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 75.025355][ T3814] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 75.038316][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.103733][ T3902] loop1: detected capacity change from 0 to 512 [ 75.114876][ T3814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.116664][ T3902] EXT4-fs: Ignoring removed nomblk_io_submit option [ 75.139245][ T3814] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.147050][ T3902] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 75.159914][ T3893] vlan2: entered allmulticast mode [ 75.176002][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.183459][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.192572][ T3902] EXT4-fs (loop1): 1 truncate cleaned up [ 75.199290][ T3902] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.203703][ T3894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 75.221996][ T3894] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 75.242051][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.250051][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.264927][ T29] audit: type=1400 audit(1749488778.223:518): avc: denied { read write } for pid=3901 comm="+}[@" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 75.289039][ T29] audit: type=1400 audit(1749488778.223:519): avc: denied { open } for pid=3901 comm="+}[@" path="/37/file2/file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 75.372976][ T3814] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.407854][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.464896][ T3917] 9pnet: Could not find request transport: fd0x0000000000000003 [ 75.555536][ T3921] loop1: detected capacity change from 0 to 1024 [ 75.574306][ T3921] EXT4-fs: Invalid want_extra_isize 0 [ 75.588161][ T3814] veth0_vlan: entered promiscuous mode [ 75.607557][ T3814] veth1_vlan: entered promiscuous mode [ 75.640337][ T3814] veth0_macvtap: entered promiscuous mode [ 75.657952][ T3814] veth1_macvtap: entered promiscuous mode [ 75.685323][ T3814] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.712843][ T3814] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.732106][ T3814] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.741805][ T3814] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.751495][ T3814] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.760865][ T3814] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.875686][ T3934] netlink: 160 bytes leftover after parsing attributes in process `syz.5.113'. [ 75.934516][ T3934] loop5: detected capacity change from 0 to 1024 [ 75.952010][ T3934] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 75.965508][ T3934] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 76.031766][ T3934] JBD2: no valid journal superblock found [ 76.034952][ T3943] netlink: 'syz.3.137': attribute type 10 has an invalid length. [ 76.037882][ T3934] EXT4-fs (loop5): Could not load journal inode [ 76.057632][ T3943] veth0_macvtap: entered promiscuous mode [ 76.074875][ T3943] team0: Device macvtap0 failed to register rx_handler [ 76.092386][ T3944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.137'. [ 76.114707][ T3943] veth0_macvtap: left promiscuous mode [ 76.233472][ T3943] vlan2: entered allmulticast mode [ 76.287984][ T3947] loop5: detected capacity change from 0 to 1024 [ 76.296568][ T3944] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.315812][ T3947] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.319349][ T3944] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.384882][ T3947] syzkaller1: entered promiscuous mode [ 76.390466][ T3947] syzkaller1: entered allmulticast mode [ 76.484790][ T3954] netlink: 12 bytes leftover after parsing attributes in process `syz.1.141'. [ 76.533952][ T3954] ÿÿÿÿÿÿ: renamed from vlan1 (while UP) [ 76.678638][ T3959] bond1: entered promiscuous mode [ 76.684348][ T3959] bond1: entered allmulticast mode [ 76.702107][ T3959] 8021q: adding VLAN 0 to HW filter on device bond1 [ 76.724094][ T3959] bond1 (unregistering): Released all slaves [ 76.750320][ T3961] loop1: detected capacity change from 0 to 1024 [ 77.272172][ T3969] netlink: 8 bytes leftover after parsing attributes in process `syz.3.145'. [ 77.829395][ T3973] FAULT_INJECTION: forcing a failure. [ 77.829395][ T3973] name failslab, interval 1, probability 0, space 0, times 0 [ 77.842403][ T3973] CPU: 0 UID: 0 PID: 3973 Comm: syz.1.147 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 77.842439][ T3973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 77.842609][ T3973] Call Trace: [ 77.842615][ T3973] [ 77.842621][ T3973] __dump_stack+0x1d/0x30 [ 77.842644][ T3973] dump_stack_lvl+0xe8/0x140 [ 77.842726][ T3973] dump_stack+0x15/0x1b [ 77.842746][ T3973] should_fail_ex+0x265/0x280 [ 77.842848][ T3973] should_failslab+0x8c/0xb0 [ 77.842879][ T3973] kmem_cache_alloc_noprof+0x50/0x310 [ 77.842981][ T3973] ? __kernfs_new_node+0x6d/0x350 [ 77.843004][ T3973] __kernfs_new_node+0x6d/0x350 [ 77.843030][ T3973] ? __rcu_read_unlock+0x4f/0x70 [ 77.843076][ T3973] ? __rcu_read_unlock+0x4f/0x70 [ 77.843103][ T3973] ? __rcu_read_unlock+0x4f/0x70 [ 77.843131][ T3973] ? kernfs_next_descendant_post+0xd3/0x110 [ 77.843160][ T3973] kernfs_new_node+0xd0/0x140 [ 77.843195][ T3973] __kernfs_create_file+0x4b/0x180 [ 77.843245][ T3973] ? __pfx_rx_queue_attr_show+0x10/0x10 [ 77.843287][ T3973] ? __pfx_rx_queue_attr_store+0x10/0x10 [ 77.843385][ T3973] sysfs_add_file_mode_ns+0x132/0x1c0 [ 77.843439][ T3973] internal_create_group+0x441/0x9e0 [ 77.843477][ T3973] ? dev_ethtool+0x1561/0x1650 [ 77.843502][ T3973] ? sock_ioctl+0x41b/0x610 [ 77.843587][ T3973] ? __se_sys_ioctl+0xce/0x140 [ 77.843660][ T3973] ? __x64_sys_ioctl+0x43/0x50 [ 77.843702][ T3973] sysfs_create_groups+0x3f/0xf0 [ 77.843739][ T3973] net_rx_queue_update_kobjects+0x1ce/0x520 [ 77.843788][ T3973] netif_set_real_num_rx_queues+0x1a0/0x260 [ 77.843854][ T3973] veth_set_channels+0x239/0x8c0 [ 77.843888][ T3973] ? should_fail_ex+0xdb/0x280 [ 77.843990][ T3973] ethtool_set_channels+0x396/0x400 [ 77.844032][ T3973] dev_ethtool+0x1561/0x1650 [ 77.844087][ T3973] ? full_name_hash+0x92/0xe0 [ 77.844133][ T3973] dev_ioctl+0x2e0/0x960 [ 77.844185][ T3973] sock_do_ioctl+0x197/0x220 [ 77.844219][ T3973] sock_ioctl+0x41b/0x610 [ 77.844328][ T3973] ? __pfx_sock_ioctl+0x10/0x10 [ 77.844387][ T3973] __se_sys_ioctl+0xce/0x140 [ 77.844422][ T3973] __x64_sys_ioctl+0x43/0x50 [ 77.844452][ T3973] x64_sys_call+0x19a8/0x2fb0 [ 77.844520][ T3973] do_syscall_64+0xd2/0x200 [ 77.844541][ T3973] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 77.844568][ T3973] ? clear_bhb_loop+0x40/0x90 [ 77.844589][ T3973] ? clear_bhb_loop+0x40/0x90 [ 77.844687][ T3973] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.844715][ T3973] RIP: 0033:0x7f951985e929 [ 77.844733][ T3973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.844751][ T3973] RSP: 002b:00007f9517ec7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.844769][ T3973] RAX: ffffffffffffffda RBX: 00007f9519a85fa0 RCX: 00007f951985e929 [ 77.844781][ T3973] RDX: 0000200000000140 RSI: 0000000000008946 RDI: 0000000000000006 [ 77.844843][ T3973] RBP: 00007f9517ec7090 R08: 0000000000000000 R09: 0000000000000000 [ 77.844855][ T3973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 77.844867][ T3973] R13: 0000000000000000 R14: 00007f9519a85fa0 R15: 00007ffdd3793b68 [ 77.844892][ T3973] [ 78.300577][ T3977] veth0: entered promiscuous mode [ 78.338350][ T29] kauditd_printk_skb: 202 callbacks suppressed [ 78.338365][ T29] audit: type=1400 audit(1749488781.293:722): avc: denied { map } for pid=3976 comm="syz.1.149" path="/proc/123/attr/prev" dev="proc" ino=5935 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 78.382719][ T3977] mmap: syz.1.149 (3977) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 78.398233][ T29] audit: type=1400 audit(1749488781.333:723): avc: denied { create } for pid=3976 comm="syz.1.149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 78.418131][ T29] audit: type=1400 audit(1749488781.333:724): avc: denied { connect } for pid=3976 comm="syz.1.149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 78.479021][ T29] audit: type=1400 audit(1749488781.423:725): avc: denied { mounton } for pid=3981 comm="syz.2.151" path="/22/file0" dev="tmpfs" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 78.492755][ T3980] bridge_slave_0: left allmulticast mode [ 78.501661][ T29] audit: type=1400 audit(1749488781.423:726): avc: denied { mount } for pid=3981 comm="syz.2.151" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 78.507340][ T3980] bridge_slave_0: left promiscuous mode [ 78.529972][ T29] audit: type=1400 audit(1749488781.433:727): avc: denied { unmount } for pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 78.535680][ T3980] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.579114][ T3977] netlink: 44 bytes leftover after parsing attributes in process `syz.1.149'. [ 78.597830][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.614917][ T3975] loop3: detected capacity change from 0 to 512 [ 78.638304][ T3980] bridge_slave_1: left allmulticast mode [ 78.644345][ T3980] bridge_slave_1: left promiscuous mode [ 78.650032][ T3980] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.652433][ T3984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.152'. [ 78.666047][ T3984] netlink: 24 bytes leftover after parsing attributes in process `syz.2.152'. [ 78.682064][ T3980] bond0: (slave bond_slave_0): Releasing backup interface [ 78.695648][ T29] audit: type=1326 audit(1749488781.653:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3985 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 78.720041][ T29] audit: type=1326 audit(1749488781.653:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3985 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 78.743928][ T29] audit: type=1326 audit(1749488781.653:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3985 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 78.767879][ T29] audit: type=1326 audit(1749488781.653:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3985 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 78.788959][ T3975] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.794577][ T3986] netlink: 12 bytes leftover after parsing attributes in process `syz.0.153'. [ 78.818270][ T3975] ext4 filesystem being mounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 78.840746][ T3980] bond0: (slave bond_slave_1): Releasing backup interface [ 78.842420][ T3975] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.148: corrupted inode contents [ 78.866760][ T3975] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.148: mark_inode_dirty error [ 78.884839][ T3980] team0: Port device team_slave_0 removed [ 78.894311][ T3975] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.148: corrupted inode contents [ 78.910427][ T3980] team0: Port device team_slave_1 removed [ 78.943119][ T3993] ÿÿÿÿÿÿ: renamed from vlan1 (while UP) [ 78.974930][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.993069][ T3976] veth0: left promiscuous mode [ 79.048750][ T4001] netlink: 12 bytes leftover after parsing attributes in process `syz.2.159'. [ 79.072365][ T4004] netlink: 'syz.1.160': attribute type 10 has an invalid length. [ 79.091857][ T4001] ÿÿÿÿÿÿ: renamed from vlan1 (while UP) [ 79.111464][ T4004] veth0_macvtap: left promiscuous mode [ 79.131466][ T4004] veth0_macvtap: entered promiscuous mode [ 79.139831][ T4004] team0: Device macvtap0 failed to register rx_handler [ 79.159736][ T4004] veth0_macvtap: left promiscuous mode [ 79.168203][ T4010] netlink: 'syz.3.156': attribute type 10 has an invalid length. [ 79.201070][ T4007] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.260940][ T4010] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 79.270445][ T4011] 9pnet: Could not find request transport: fd0x0000000000000003 [ 79.271002][ T4010] team0: Failed to send options change via netlink (err -105) [ 79.286807][ T4010] team0: Port device geneve1 added [ 79.316697][ T3814] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.326899][ T4008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 79.343594][ T4004] vlan1: entered allmulticast mode [ 79.349048][ T4004] bridge_slave_0: entered allmulticast mode [ 79.360211][ T4020] Zero length message leads to an empty skb [ 79.368492][ T4008] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 79.386347][ T4007] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.440219][ T4025] FAULT_INJECTION: forcing a failure. [ 79.440219][ T4025] name failslab, interval 1, probability 0, space 0, times 0 [ 79.454202][ T4025] CPU: 0 UID: 0 PID: 4025 Comm: syz.2.167 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 79.454232][ T4025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 79.454247][ T4025] Call Trace: [ 79.454254][ T4025] [ 79.454263][ T4025] __dump_stack+0x1d/0x30 [ 79.454286][ T4025] dump_stack_lvl+0xe8/0x140 [ 79.454308][ T4025] dump_stack+0x15/0x1b [ 79.454327][ T4025] should_fail_ex+0x265/0x280 [ 79.454370][ T4025] should_failslab+0x8c/0xb0 [ 79.454415][ T4025] kmem_cache_alloc_noprof+0x50/0x310 [ 79.454448][ T4025] ? mas_alloc_nodes+0x265/0x520 [ 79.454479][ T4025] mas_alloc_nodes+0x265/0x520 [ 79.454510][ T4025] mas_preallocate+0x32b/0x510 [ 79.454542][ T4025] __split_vma+0x240/0x650 [ 79.454574][ T4025] ? __mpol_equal+0x2e/0x1e0 [ 79.454614][ T4025] ? can_vma_merge_right+0x105/0x2e0 [ 79.454643][ T4025] vma_modify+0x21e/0xca0 [ 79.454669][ T4025] ? find_vma+0x6c/0xa0 [ 79.454710][ T4025] vma_modify_policy+0x101/0x130 [ 79.454741][ T4025] mbind_range+0x1b8/0x440 [ 79.454764][ T4025] ? mas_find+0x4ea/0x610 [ 79.454791][ T4025] __se_sys_mbind+0x648/0xac0 [ 79.454839][ T4025] __x64_sys_mbind+0x78/0x90 [ 79.454875][ T4025] x64_sys_call+0x14af/0x2fb0 [ 79.454903][ T4025] do_syscall_64+0xd2/0x200 [ 79.454928][ T4025] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 79.454960][ T4025] ? clear_bhb_loop+0x40/0x90 [ 79.454982][ T4025] ? clear_bhb_loop+0x40/0x90 [ 79.455003][ T4025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.455027][ T4025] RIP: 0033:0x7fc9b0b2e929 [ 79.455045][ T4025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.455068][ T4025] RSP: 002b:00007fc9af197038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 79.455092][ T4025] RAX: ffffffffffffffda RBX: 00007fc9b0d55fa0 RCX: 00007fc9b0b2e929 [ 79.455117][ T4025] RDX: 0000000000000004 RSI: 0000000000800000 RDI: 0000200000001000 [ 79.455134][ T4025] RBP: 00007fc9af197090 R08: 0000000000000000 R09: 0000000000000000 [ 79.455149][ T4025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 79.455163][ T4025] R13: 0000000000000000 R14: 00007fc9b0d55fa0 R15: 00007ffe27da1718 [ 79.455184][ T4025] [ 79.689154][ T4007] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.714881][ T4027] ÿÿÿÿÿÿ: renamed from vlan1 (while UP) [ 79.749709][ T4007] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.917145][ T4007] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.929394][ T4007] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.945431][ T4007] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.972564][ T4007] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.166471][ T4042] netlink: 'syz.1.172': attribute type 10 has an invalid length. [ 80.220627][ T4043] __nla_validate_parse: 4 callbacks suppressed [ 80.220672][ T4043] netlink: 8 bytes leftover after parsing attributes in process `syz.1.172'. [ 80.404165][ T4042] veth0_macvtap: entered promiscuous mode [ 80.413951][ T4042] team0: Device macvtap0 failed to register rx_handler [ 80.435276][ T4046] loop5: detected capacity change from 0 to 1024 [ 80.444480][ T4042] veth0_macvtap: left promiscuous mode [ 80.456217][ T4046] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.465273][ T4048] 9pnet: Could not find request transport: fd0x0000000000000003 [ 80.476126][ T4043] vlan1: entered allmulticast mode [ 80.501212][ T4046] syzkaller1: entered promiscuous mode [ 80.507031][ T4046] syzkaller1: entered allmulticast mode [ 80.512544][ T4042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 80.521727][ T4042] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 80.616326][ T4056] FAULT_INJECTION: forcing a failure. [ 80.616326][ T4056] name failslab, interval 1, probability 0, space 0, times 0 [ 80.630092][ T4056] CPU: 0 UID: 0 PID: 4056 Comm: syz.3.177 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 80.630134][ T4056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 80.630151][ T4056] Call Trace: [ 80.630160][ T4056] [ 80.630170][ T4056] __dump_stack+0x1d/0x30 [ 80.630194][ T4056] dump_stack_lvl+0xe8/0x140 [ 80.630233][ T4056] dump_stack+0x15/0x1b [ 80.630255][ T4056] should_fail_ex+0x265/0x280 [ 80.630299][ T4056] ? rt_acct_proc_show+0x39/0x1f0 [ 80.630361][ T4056] should_failslab+0x8c/0xb0 [ 80.630392][ T4056] __kmalloc_cache_noprof+0x4c/0x320 [ 80.630495][ T4056] rt_acct_proc_show+0x39/0x1f0 [ 80.630529][ T4056] seq_read_iter+0x316/0x940 [ 80.630601][ T4056] proc_reg_read_iter+0x110/0x180 [ 80.630628][ T4056] copy_splice_read+0x3c1/0x5f0 [ 80.630674][ T4056] ? __pfx_copy_splice_read+0x10/0x10 [ 80.630739][ T4056] splice_direct_to_actor+0x26c/0x680 [ 80.630774][ T4056] ? __pfx_direct_splice_actor+0x10/0x10 [ 80.630863][ T4056] do_splice_direct+0xda/0x150 [ 80.630903][ T4056] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 80.630931][ T4056] do_sendfile+0x380/0x650 [ 80.630961][ T4056] __x64_sys_sendfile64+0x105/0x150 [ 80.631047][ T4056] x64_sys_call+0xb39/0x2fb0 [ 80.631076][ T4056] do_syscall_64+0xd2/0x200 [ 80.631103][ T4056] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 80.631169][ T4056] ? clear_bhb_loop+0x40/0x90 [ 80.631196][ T4056] ? clear_bhb_loop+0x40/0x90 [ 80.631240][ T4056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.631264][ T4056] RIP: 0033:0x7f99eabde929 [ 80.631350][ T4056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.631434][ T4056] RSP: 002b:00007f99e9247038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 80.631459][ T4056] RAX: ffffffffffffffda RBX: 00007f99eae05fa0 RCX: 00007f99eabde929 [ 80.631476][ T4056] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 80.631492][ T4056] RBP: 00007f99e9247090 R08: 0000000000000000 R09: 0000000000000000 [ 80.631508][ T4056] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 80.631521][ T4056] R13: 0000000000000000 R14: 00007f99eae05fa0 R15: 00007ffd5712cc58 [ 80.631541][ T4056] [ 80.935626][ T4059] FAULT_INJECTION: forcing a failure. [ 80.935626][ T4059] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 80.949598][ T4059] CPU: 1 UID: 0 PID: 4059 Comm: syz.2.178 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 80.949634][ T4059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 80.949681][ T4059] Call Trace: [ 80.949686][ T4059] [ 80.949696][ T4059] __dump_stack+0x1d/0x30 [ 80.949801][ T4059] dump_stack_lvl+0xe8/0x140 [ 80.949824][ T4059] dump_stack+0x15/0x1b [ 80.949845][ T4059] should_fail_ex+0x265/0x280 [ 80.949921][ T4059] should_fail+0xb/0x20 [ 80.949957][ T4059] should_fail_usercopy+0x1a/0x20 [ 80.949978][ T4059] _copy_from_user+0x1c/0xb0 [ 80.950049][ T4059] ___bpf_copy_key+0xa5/0x110 [ 80.950076][ T4059] map_update_elem+0x165/0x520 [ 80.950155][ T4059] __sys_bpf+0x5d7/0x790 [ 80.950196][ T4059] __x64_sys_bpf+0x41/0x50 [ 80.950256][ T4059] x64_sys_call+0x2478/0x2fb0 [ 80.950283][ T4059] do_syscall_64+0xd2/0x200 [ 80.950347][ T4059] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 80.950382][ T4059] ? clear_bhb_loop+0x40/0x90 [ 80.950416][ T4059] ? clear_bhb_loop+0x40/0x90 [ 80.950494][ T4059] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.950519][ T4059] RIP: 0033:0x7fc9b0b2e929 [ 80.950539][ T4059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.950577][ T4059] RSP: 002b:00007fc9af197038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 80.950675][ T4059] RAX: ffffffffffffffda RBX: 00007fc9b0d55fa0 RCX: 00007fc9b0b2e929 [ 80.950693][ T4059] RDX: 0000000000000020 RSI: 0000200000000740 RDI: 0000000000000002 [ 80.950709][ T4059] RBP: 00007fc9af197090 R08: 0000000000000000 R09: 0000000000000000 [ 80.950730][ T4059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 80.950744][ T4059] R13: 0000000000000000 R14: 00007fc9b0d55fa0 R15: 00007ffe27da1718 [ 80.950776][ T4059] [ 81.239523][ T4065] netlink: 12 bytes leftover after parsing attributes in process `syz.2.180'. [ 81.375235][ T4069] loop3: detected capacity change from 0 to 1024 [ 81.402440][ T4074] loop2: detected capacity change from 0 to 512 [ 81.411698][ T4076] loop1: detected capacity change from 0 to 1024 [ 81.419089][ T4069] EXT4-fs: Invalid want_extra_isize 0 [ 81.446031][ T4074] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 81.461867][ T4076] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.501781][ T4074] EXT4-fs (loop2): mount failed [ 81.541650][ T4076] syzkaller1: entered promiscuous mode [ 81.547995][ T4076] syzkaller1: entered allmulticast mode [ 81.549230][ T4074] loop2: detected capacity change from 0 to 1024 [ 81.590593][ T3814] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.625150][ T4074] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.703756][ T4074] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 81.817438][ T1072] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 52 with error 28 [ 81.831514][ T1072] EXT4-fs (loop2): This should not happen!! Data will be lost [ 81.831514][ T1072] [ 81.842437][ T1072] EXT4-fs (loop2): Total free blocks count 0 [ 81.849280][ T1072] EXT4-fs (loop2): Free/Dirty block details [ 81.855821][ T1072] EXT4-fs (loop2): free_blocks=68451041280 [ 81.862488][ T1072] EXT4-fs (loop2): dirty_blocks=64 [ 81.868419][ T1072] EXT4-fs (loop2): Block reservation details [ 81.874887][ T1072] EXT4-fs (loop2): i_reserved_data_blocks=4 [ 81.888382][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.026767][ T4099] netlink: 24 bytes leftover after parsing attributes in process `syz.2.190'. [ 82.616351][ T4102] loop3: detected capacity change from 0 to 512 [ 82.651405][ T4102] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 82.728747][ T4106] capability: warning: `syz.2.193' uses deprecated v2 capabilities in a way that may be insecure [ 82.756445][ T4102] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 82.831132][ T4102] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.882833][ T4106] loop2: detected capacity change from 0 to 2048 [ 82.907644][ T4113] loop5: detected capacity change from 0 to 512 [ 82.934303][ T4113] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 82.945080][ T4106] loop2: p1 < > p4 [ 82.954955][ T4106] loop2: p4 size 8388608 extends beyond EOD, truncated [ 82.967138][ T4113] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e02c, mo2=0002] [ 82.967819][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 82.985180][ T4113] EXT4-fs (loop5): orphan cleanup on readonly fs [ 82.995665][ T4113] EXT4-fs error (device loop5): ext4_clear_blocks:876: inode #11: comm syz.5.195: attempt to clear invalid blocks 1024 len 1 [ 83.009727][ T4113] EXT4-fs (loop5): Remounting filesystem read-only [ 83.031323][ T4113] EXT4-fs (loop5): 1 truncate cleaned up [ 83.043667][ T4113] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 83.044253][ T4116] No such timeout policy "syz0" [ 83.076826][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.141292][ T4129] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 83.149089][ T4129] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 83.157242][ T4129] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 83.165211][ T4129] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 83.202816][ T4134] loop2: detected capacity change from 0 to 1024 [ 83.217932][ T4134] EXT4-fs: Invalid want_extra_isize 0 [ 83.289763][ T4132] loop0: detected capacity change from 0 to 1024 [ 83.325666][ T4126] bond1: entered promiscuous mode [ 83.331896][ T4126] bond1: entered allmulticast mode [ 83.339416][ T4126] 8021q: adding VLAN 0 to HW filter on device bond1 [ 83.351684][ T4126] bond1 (unregistering): Released all slaves [ 83.503223][ T29] kauditd_printk_skb: 321 callbacks suppressed [ 83.503319][ T29] audit: type=1326 audit(1749488786.393:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4123 comm="syz.0.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 83.534189][ T29] audit: type=1326 audit(1749488786.393:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4123 comm="syz.0.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 83.840895][ T3814] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 83.855845][ T29] audit: type=1326 audit(1749488786.813:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4123 comm="syz.0.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 83.879977][ T29] audit: type=1326 audit(1749488786.813:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4123 comm="syz.0.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 83.903899][ T29] audit: type=1326 audit(1749488786.813:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4123 comm="syz.0.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 83.928086][ T29] audit: type=1326 audit(1749488786.813:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4123 comm="syz.0.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 83.952089][ T29] audit: type=1326 audit(1749488786.813:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4123 comm="syz.0.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 83.975739][ T29] audit: type=1326 audit(1749488786.813:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4123 comm="syz.0.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 84.007940][ T4151] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 84.016032][ T4151] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 84.024744][ T4151] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 84.032328][ T4151] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 84.062243][ T4160] loop2: detected capacity change from 0 to 1024 [ 84.072477][ T4160] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.109134][ T4162] loop5: detected capacity change from 0 to 1024 [ 84.120509][ T4162] EXT4-fs: Invalid want_extra_isize 0 [ 84.122243][ T4160] syzkaller1: entered promiscuous mode [ 84.131895][ T4164] netlink: 24 bytes leftover after parsing attributes in process `syz.1.210'. [ 84.132720][ T4160] syzkaller1: entered allmulticast mode [ 84.178931][ T4164] loop1: detected capacity change from 0 to 2048 [ 84.274393][ T4173] netlink: 'syz.0.213': attribute type 21 has an invalid length. [ 84.284613][ T4173] netlink: 132 bytes leftover after parsing attributes in process `syz.0.213'. [ 84.365897][ T4164] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.419663][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.806026][ T4187] netlink: 'syz.5.218': attribute type 10 has an invalid length. [ 84.837663][ T4187] veth0_macvtap: left promiscuous mode [ 84.861070][ T4188] netlink: 8 bytes leftover after parsing attributes in process `syz.5.218'. [ 84.876470][ T4187] veth0_macvtap: entered promiscuous mode [ 84.904355][ T4187] team0: Device macvtap0 failed to register rx_handler [ 84.953259][ T4187] veth0_macvtap: left promiscuous mode [ 85.007863][ T4188] vlan1: entered allmulticast mode [ 85.210492][ T4187] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 85.260283][ T4187] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.116248][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.132291][ T4205] SELinux: policydb version 0 does not match my version range 15-34 [ 86.142850][ T4205] SELinux: failed to load policy [ 86.183090][ T29] audit: type=1400 audit(1749488789.083:1060): avc: denied { bind } for pid=4204 comm="syz.0.224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 86.203315][ T29] audit: type=1400 audit(1749488789.083:1061): avc: denied { load_policy } for pid=4204 comm="syz.0.224" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 86.266671][ T4212] 9pnet: Could not find request transport: fd0x0000000000000003 [ 86.304865][ T4220] loop1: detected capacity change from 0 to 256 [ 86.311830][ T4219] random: crng reseeded on system resumption [ 86.361787][ T4222] netlink: 12 bytes leftover after parsing attributes in process `syz.5.232'. [ 86.375315][ T4217] bond1: entered promiscuous mode [ 86.380751][ T4217] bond1: entered allmulticast mode [ 86.390933][ T4217] 8021q: adding VLAN 0 to HW filter on device bond1 [ 86.413960][ T4228] loop0: detected capacity change from 0 to 1024 [ 86.430514][ T4217] bond1 (unregistering): Released all slaves [ 86.453575][ T4234] SELinux: policydb version 0 does not match my version range 15-34 [ 86.465803][ T4236] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 86.488703][ T4234] SELinux: failed to load policy [ 86.506711][ T4239] loop5: detected capacity change from 0 to 512 [ 86.535025][ T4239] EXT4-fs (loop5): can't mount with data=, fs mounted w/o journal [ 86.556191][ T4242] loop1: detected capacity change from 0 to 512 [ 86.574752][ T4242] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 86.601970][ T4244] 9pnet: Could not find request transport: fd0x0000000000000003 [ 86.612788][ T4242] EXT4-fs (loop1): orphan cleanup on readonly fs [ 86.631599][ T4242] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.236: bg 0: block 248: padding at end of block bitmap is not set [ 86.647744][ T4242] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.236: Failed to acquire dquot type 1 [ 86.661016][ T4242] EXT4-fs (loop1): 1 truncate cleaned up [ 86.668006][ T4242] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 86.753732][ T4254] netlink: 'syz.2.242': attribute type 10 has an invalid length. [ 86.765706][ T4254] veth0_macvtap: left promiscuous mode [ 86.773906][ T4254] veth0_macvtap: entered promiscuous mode [ 86.781264][ T4254] team0: Device macvtap0 failed to register rx_handler [ 86.789210][ T4254] veth0_macvtap: left promiscuous mode [ 86.918823][ T4254] netlink: 8 bytes leftover after parsing attributes in process `syz.2.242'. [ 87.040851][ T4254] vlan1: entered allmulticast mode [ 87.137110][ T4256] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 87.185049][ T4256] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 87.358156][ T4271] loop0: detected capacity change from 0 to 1024 [ 87.370776][ T4271] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.413258][ T4271] syzkaller1: entered promiscuous mode [ 87.419074][ T4271] syzkaller1: entered allmulticast mode [ 87.525708][ T4282] 9pnet: Could not find request transport: fd0x0000000000000003 [ 87.645358][ T4298] No such timeout policy "syz0" [ 87.782391][ T4304] loop3: detected capacity change from 0 to 512 [ 87.793902][ T4304] EXT4-fs (loop3): can't mount with data=, fs mounted w/o journal [ 87.811463][ T4307] netlink: 12 bytes leftover after parsing attributes in process `syz.5.260'. [ 88.017264][ T4320] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4320 comm=syz.5.264 [ 88.422294][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.487840][ T4324] 9pnet_fd: Insufficient options for proto=fd [ 88.621355][ T4330] netlink: 'syz.3.268': attribute type 10 has an invalid length. [ 88.629562][ T4330] veth0_macvtap: entered promiscuous mode [ 88.637531][ T4330] team0: Device macvtap0 failed to register rx_handler [ 88.646124][ T4330] veth0_macvtap: left promiscuous mode [ 88.656764][ T4330] netlink: 8 bytes leftover after parsing attributes in process `syz.3.268'. [ 88.674467][ T4333] x_tables: ip_tables: osf match: only valid for protocol 6 [ 88.702559][ T4330] vlan2: entered allmulticast mode [ 88.760249][ T4334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.787147][ T29] kauditd_printk_skb: 175 callbacks suppressed [ 88.787209][ T29] audit: type=1326 audit(1749488791.743:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4337 comm="syz.2.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9b0b2e929 code=0x7ffc0000 [ 88.823251][ T4334] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.839357][ T4340] FAULT_INJECTION: forcing a failure. [ 88.839357][ T4340] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 88.853319][ T4340] CPU: 1 UID: 0 PID: 4340 Comm: syz.0.272 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 88.853411][ T4340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 88.853426][ T4340] Call Trace: [ 88.853432][ T4340] [ 88.853488][ T4340] __dump_stack+0x1d/0x30 [ 88.853537][ T4340] dump_stack_lvl+0xe8/0x140 [ 88.853563][ T4340] dump_stack+0x15/0x1b [ 88.853585][ T4340] should_fail_ex+0x265/0x280 [ 88.853624][ T4340] should_fail+0xb/0x20 [ 88.853705][ T4340] should_fail_usercopy+0x1a/0x20 [ 88.853733][ T4340] _copy_to_user+0x20/0xa0 [ 88.853766][ T4340] simple_read_from_buffer+0xb5/0x130 [ 88.853843][ T4340] proc_fail_nth_read+0x100/0x140 [ 88.853873][ T4340] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 88.853940][ T4340] vfs_read+0x19d/0x6f0 [ 88.853964][ T4340] ? __rcu_read_unlock+0x4f/0x70 [ 88.853994][ T4340] ? __fget_files+0x184/0x1c0 [ 88.854027][ T4340] ksys_read+0xda/0x1a0 [ 88.854082][ T4340] __x64_sys_read+0x40/0x50 [ 88.854112][ T4340] x64_sys_call+0x2d77/0x2fb0 [ 88.854140][ T4340] do_syscall_64+0xd2/0x200 [ 88.854168][ T4340] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 88.854239][ T4340] ? clear_bhb_loop+0x40/0x90 [ 88.854264][ T4340] ? clear_bhb_loop+0x40/0x90 [ 88.854287][ T4340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.854414][ T4340] RIP: 0033:0x7fc31244d33c [ 88.854433][ T4340] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 88.854474][ T4340] RSP: 002b:00007fc310ab7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 88.854493][ T4340] RAX: ffffffffffffffda RBX: 00007fc312675fa0 RCX: 00007fc31244d33c [ 88.854505][ T4340] RDX: 000000000000000f RSI: 00007fc310ab70a0 RDI: 0000000000000006 [ 88.854517][ T4340] RBP: 00007fc310ab7090 R08: 0000000000000000 R09: 0000000000000000 [ 88.854608][ T4340] R10: 000000000003ffff R11: 0000000000000246 R12: 0000000000000002 [ 88.854623][ T4340] R13: 0000000000000000 R14: 00007fc312675fa0 R15: 00007fff1524ef38 [ 88.854710][ T4340] [ 88.869433][ T29] audit: type=1326 audit(1749488791.763:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4339 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 89.110530][ T29] audit: type=1326 audit(1749488791.763:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4339 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 89.135228][ T29] audit: type=1326 audit(1749488791.763:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4339 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 89.159998][ T29] audit: type=1326 audit(1749488791.763:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4339 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 89.184612][ T29] audit: type=1326 audit(1749488791.763:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4339 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 89.209392][ T29] audit: type=1326 audit(1749488791.763:1241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4339 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 89.233079][ T29] audit: type=1326 audit(1749488791.763:1242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4339 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 89.258513][ T29] audit: type=1326 audit(1749488791.763:1243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4339 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 89.282526][ T29] audit: type=1326 audit(1749488791.763:1244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4339 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31244e929 code=0x7ffc0000 [ 89.335554][ T4342] netlink: 12 bytes leftover after parsing attributes in process `syz.5.273'. [ 89.377814][ T4354] loop2: detected capacity change from 0 to 512 [ 89.399064][ T4354] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal [ 89.539292][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.575434][ T4373] loop3: detected capacity change from 0 to 1024 [ 89.590862][ T4373] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.622437][ T4373] syzkaller1: entered promiscuous mode [ 89.628910][ T4373] syzkaller1: entered allmulticast mode [ 89.677843][ T4381] loop5: detected capacity change from 0 to 1024 [ 89.693880][ T4381] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.717876][ T4381] syzkaller1: entered promiscuous mode [ 89.723125][ T4385] FAULT_INJECTION: forcing a failure. [ 89.723125][ T4385] name failslab, interval 1, probability 0, space 0, times 0 [ 89.723523][ T4381] syzkaller1: entered allmulticast mode [ 89.736331][ T4385] CPU: 1 UID: 0 PID: 4385 Comm: syz.0.290 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 89.736410][ T4385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 89.736428][ T4385] Call Trace: [ 89.736440][ T4385] [ 89.736448][ T4385] __dump_stack+0x1d/0x30 [ 89.736479][ T4385] dump_stack_lvl+0xe8/0x140 [ 89.736508][ T4385] dump_stack+0x15/0x1b [ 89.736601][ T4385] should_fail_ex+0x265/0x280 [ 89.736652][ T4385] should_failslab+0x8c/0xb0 [ 89.736685][ T4385] kmem_cache_alloc_noprof+0x50/0x310 [ 89.736724][ T4385] ? audit_log_start+0x365/0x6c0 [ 89.736884][ T4385] audit_log_start+0x365/0x6c0 [ 89.736933][ T4385] audit_seccomp+0x48/0x100 [ 89.736973][ T4385] ? __seccomp_filter+0x68c/0x10d0 [ 89.737067][ T4385] __seccomp_filter+0x69d/0x10d0 [ 89.737153][ T4385] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 89.737183][ T4385] ? vfs_write+0x75e/0x8e0 [ 89.737324][ T4385] __secure_computing+0x82/0x150 [ 89.737421][ T4385] syscall_trace_enter+0xcf/0x1e0 [ 89.737489][ T4385] do_syscall_64+0xac/0x200 [ 89.737519][ T4385] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 89.737679][ T4385] ? clear_bhb_loop+0x40/0x90 [ 89.737709][ T4385] ? clear_bhb_loop+0x40/0x90 [ 89.737742][ T4385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.737814][ T4385] RIP: 0033:0x7fc31244e929 [ 89.737837][ T4385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.737864][ T4385] RSP: 002b:00007fc310ab7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000df [ 89.737965][ T4385] RAX: ffffffffffffffda RBX: 00007fc312675fa0 RCX: 00007fc31244e929 [ 89.737983][ T4385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 89.738001][ T4385] RBP: 00007fc310ab7090 R08: 0000000000000000 R09: 0000000000000000 [ 89.738018][ T4385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.738035][ T4385] R13: 0000000000000000 R14: 00007fc312675fa0 R15: 00007fff1524ef38 [ 89.738061][ T4385] [ 89.961537][ T4387] netlink: 12 bytes leftover after parsing attributes in process `syz.1.291'. [ 90.058660][ T4392] netlink: 'syz.1.293': attribute type 10 has an invalid length. [ 90.081294][ T4392] veth0_macvtap: entered promiscuous mode [ 90.091306][ T4392] team0: Device macvtap0 failed to register rx_handler [ 90.099056][ T4392] veth0_macvtap: left promiscuous mode [ 90.113486][ T4392] netlink: 8 bytes leftover after parsing attributes in process `syz.1.293'. [ 90.181082][ T4392] vlan1: entered allmulticast mode [ 90.246448][ T4395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 90.259543][ T4395] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 90.367500][ T4407] loop2: detected capacity change from 0 to 512 [ 90.386039][ T4407] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 90.397090][ T4407] EXT4-fs (loop2): orphan cleanup on readonly fs [ 90.404190][ T4407] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.297: bg 0: block 248: padding at end of block bitmap is not set [ 90.423180][ T4407] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.297: Failed to acquire dquot type 1 [ 90.445813][ T4407] EXT4-fs (loop2): 1 truncate cleaned up [ 90.470937][ T4407] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 90.581910][ T4410] loop0: detected capacity change from 0 to 1024 [ 90.593817][ T4410] EXT4-fs: Ignoring removed bh option [ 90.603585][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.609435][ T4410] EXT4-fs: inline encryption not supported [ 90.637268][ T4410] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 90.669623][ T4410] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c842e018, mo2=0000] [ 90.694209][ T4410] EXT4-fs error (device loop0): ext4_orphan_get:1419: comm syz.0.300: bad orphan inode 11 [ 90.724055][ T4410] ext4_test_bit(bit=10, block=4) = 1 [ 90.729591][ T4410] is_bad_inode(inode)=0 [ 90.733826][ T4410] NEXT_ORPHAN(inode)=3254779904 [ 90.738883][ T4410] max_ino=32 [ 90.742127][ T4410] i_nlink=0 [ 90.753655][ T4410] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 2: comm syz.0.300: lblock 2 mapped to illegal pblock 2 (length 1) [ 90.793214][ T4410] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 48: comm syz.0.300: lblock 0 mapped to illegal pblock 48 (length 1) [ 90.866820][ T4410] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.300: Failed to acquire dquot type 0 [ 90.885638][ T4410] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 90.901923][ T4410] EXT4-fs error (device loop0): ext4_evict_inode:254: inode #11: comm syz.0.300: mark_inode_dirty error [ 90.914270][ T4410] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 90.926424][ T4410] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 90.946317][ T4421] netlink: 12 bytes leftover after parsing attributes in process `syz.1.304'. [ 90.960376][ T3814] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.010700][ T4423] ieee802154 phy0 wpan0: encryption failed: -22 [ 91.038757][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.069122][ T3315] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 91.086309][ T3315] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 91.107779][ T3315] EXT4-fs error (device loop0): ext4_quota_off:7217: inode #3: comm syz-executor: mark_inode_dirty error [ 91.175625][ T4435] loop0: detected capacity change from 0 to 512 [ 91.197546][ T4435] EXT4-fs (loop0): can't mount with data=, fs mounted w/o journal [ 91.322162][ T4441] netlink: 'syz.1.313': attribute type 10 has an invalid length. [ 91.331908][ T4441] veth0_macvtap: entered promiscuous mode [ 91.339284][ T4441] team0: Device macvtap0 failed to register rx_handler [ 91.349021][ T4441] veth0_macvtap: left promiscuous mode [ 91.372533][ T4441] netlink: 8 bytes leftover after parsing attributes in process `syz.1.313'. [ 91.419368][ T4441] vlan1: entered allmulticast mode [ 91.552349][ T4441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 91.561452][ T4441] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.218781][ T4451] netlink: 12 bytes leftover after parsing attributes in process `syz.0.317'. [ 92.806102][ T4470] loop0: detected capacity change from 0 to 1024 [ 93.273320][ T4470] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.325085][ T4477] syz.1.326 uses obsolete (PF_INET,SOCK_PACKET) [ 93.330264][ T4470] syzkaller1: entered promiscuous mode [ 93.337454][ T4470] syzkaller1: entered allmulticast mode [ 93.460610][ T4477] netlink: 4 bytes leftover after parsing attributes in process `syz.1.326'. [ 93.486622][ T4481] ================================================================== [ 93.494974][ T4481] BUG: KCSAN: data-race in filemap_splice_read / filemap_splice_read [ 93.503866][ T4481] [ 93.506270][ T4481] write to 0xffff88811e3f60a8 of 8 bytes by task 4470 on cpu 1: [ 93.514104][ T4481] filemap_splice_read+0x47e/0x6b0 [ 93.519469][ T4481] ext4_file_splice_read+0x8f/0xb0 [ 93.525424][ T4481] splice_direct_to_actor+0x26c/0x680 [ 93.531214][ T4481] do_splice_direct+0xda/0x150 [ 93.536522][ T4481] do_sendfile+0x380/0x650 [ 93.541179][ T4481] __x64_sys_sendfile64+0x105/0x150 [ 93.546733][ T4481] x64_sys_call+0xb39/0x2fb0 [ 93.551886][ T4481] do_syscall_64+0xd2/0x200 [ 93.556989][ T4481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.563332][ T4481] [ 93.565968][ T4481] write to 0xffff88811e3f60a8 of 8 bytes by task 4481 on cpu 0: [ 93.575388][ T4481] filemap_splice_read+0x47e/0x6b0 [ 93.580842][ T4481] ext4_file_splice_read+0x8f/0xb0 [ 93.586611][ T4481] splice_direct_to_actor+0x26c/0x680 [ 93.592575][ T4481] do_splice_direct+0xda/0x150 [ 93.598090][ T4481] do_sendfile+0x380/0x650 [ 93.603269][ T4481] __x64_sys_sendfile64+0x105/0x150 [ 93.608891][ T4481] x64_sys_call+0xb39/0x2fb0 [ 93.613879][ T4481] do_syscall_64+0xd2/0x200 [ 93.619040][ T4481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.625301][ T4481] [ 93.628548][ T4481] value changed: 0x0000000000000523 -> 0x0000000000000544 [ 93.636468][ T4481] [ 93.639069][ T4481] Reported by Kernel Concurrency Sanitizer on: [ 93.645869][ T4481] CPU: 0 UID: 0 PID: 4481 Comm: syz.0.324 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 93.658309][ T4481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 93.669444][ T4481] ================================================================== [ 93.838123][ T29] kauditd_printk_skb: 460 callbacks suppressed [ 93.838191][ T29] audit: type=1400 audit(1749488796.793:1699): avc: denied { unmount } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 93.875918][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.199726][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.