last executing test programs: 4.553342584s ago: executing program 0 (id=845): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000000c00)=ANY=[@ANYRES8=0x0, @ANYRES16=0x0, @ANYRESDEC, @ANYBLOB="9ea458a4fe6c440c3dffaed6b8884fdf614a44b5be27389e4cfe9d1bb232d5be7c040a1f814f10b5f5aaee6bfdd1300fb37e18e6b14da155bb3f7f1e11ee0286ed883f58822473c134f614ca78a84f18b9d98301040927155669953922c34d7cc1c4482e9f43f8dcf1d8607761a37fb7651ab50e49d6b2e61d3220b1c7cde6115d43ff2b554acee8e19b89719ab533eb33eb94443074a4da0b8c08d01c18d58ccb6160d592100fbee915cf474b3884ff0a0b20fd48d595194ae547707af110ac9c630414df484a8b330da3d1ae8a6909c5ee4ddf4b159579a27c6441994d574e8be44e6c06b73dc402c67dd93f7feecaa148be9e6eeee52b9e183de6d0be19bc783d4770cef9ab513a39df6ff6ded2d8cfa1378299451f1a805fabe658d9428a992aa3d99670f2743f079e1ece83feef237735f05d199ebbfe451b38212e2b408fa2209c2d9577a57b3b344615f73e1f92a1c739aa461313c068e0889ebd1ac2845d3d2433a7ffeff3ec303f6e4f9e4104e709e1fee12735dc0be01c976caaac8267d99cddb6c5058216b49c940bf65cbb730e9b8bebe75de8fc1d4167f07591cc6f747be481987f7290cbc526295933573ba0e50ca82df25b101dd86cab8b9b826b9ead21a664cb94fc751c82060b3440970062b990860e139146ddba3fb400685b87cf5c11697cad23c556b48badbdf5b0559d7dfb117b9644f3e570a1a8710d5862a17aeee28e1c5a3ce83ff12da1269109c3e9486376ef981a61e0c75d7d87d164f500f0dc70d6a242797869c3e55ccda3bf957bfbd1ac88c0b0164856c14634da1e43d27ea5c2b0268a95791cbdd3f2b07a0f0b43a5186e4cf11e8a50ddc4eb46c6a6ef5250126f3f9811ed9d7b0cc813fc4b6c454ced9108e371440e1b460f078b300e961cdfca77deedc87c5d2b9b4d8ae97e0b81440135c68b9791e4e4fbcc90c0feac1b54fdc695eab7092e6a507179840b97efe807c9ed8873a61bf7a0693f2905841fcbbc887e7bec62f1b53879e884d48d82fdb4ad3dea6917697740c355ac877968a99d02e092ed2be8ecfda0b74300ec7408b6f4e26f8a17781e5586e7ae8cb9fb91668c3f1df5a1b37d2d56ab770f082c7463cbb6da4f9eca052aa5e80c33d397849369c9eb49d0236cd4b0af0a96697eec3ae4dcc7cfb74fc9ab3aa976d33ffd982a62002f0512f80a04d2480c28fe1dbd0097f749af3695fb1a637f73bb5d7ddff8dd42cff1631f7efb6de00bc50ad2b0be559771537837a5b0a2a96d3de085548cb0d667703332927bff64a4cfca9561fb03990c19090b004b377b1f612487bd79484abec9b62486ac3576d6d3126c843486655304798e8ca874a42084fb8bdb1847383d27b4ab0301816820503a602aabd81feb2599e5598ed4579f49d90f98b2514149e1c5d3dc86dc4e4094e56264c6de6ad1087ff75760788439dc7f5f05d37b1a0bc9bd6fb4bf3a928fdc7f140bae3ef8eaa990231e1cda7851dbda9c29e9804ebce584de62068d5e799341e628cb7023099f4a397ef3a40cc0731217a2b2919867758cac001f49b7a4884fd6428b0fd3a1d8771f516ca64d36efb71a78f9e9d6e976515c2604de4cc7d7324c15fa59bd092d6feaf1e2f06dd0e736e074f338ce013539d405486f3725680f8c0d143cc61ebd317a666d9a433723748c458886981229d6dcfeb0c6468762063cf5096b67d50ea77a0fcc73db66282425dbc3cc9752f18085569fa5c01066d1e91ce4fcb87c4b43faba0a8cb277b76c1a2ba289c5e76783c480a719bed5aaca1e11ce78dcd9dbc6aacea8169c4decb0395f2b5cc922db37ea48c9dafd90d0cb6867cfc1038eb2e5b5101efe649814fb4bd1932cbae54d9b455c98045f4cde5ed850d7276bb7d44ffc1f255b3ae6f2fbeb842bac0211348736371eabe80dade81bcd969401237eedab018606f7445e83e03dcecb2dc8428bf44da7181d5c3f1c2b7e43b0c32687405687ccedeb7f9b6fb6df7fc34407da50dbbea192fb043a65221b58cfff9db98403803ff2e50b6566a7b770146ccc31b63c7f39b5a66c3541328ddd80cf4848bed2f661303901e4e0e634d34b3b58382e25767dac7ea170fbd4e3315a3eeacb282536f84912fef0eb2575ccba6329b07ed576ba6f3181414cce162e3b96def073840fb822391ff93288985a1937a690ff4c57041fed6f6058346de590afcd9b6ac393bc6dfa818b5ba781ae07fe2b425de8b691861fb4d27526f6a9b218df7e32f4d430efa4a926eef68aa219704d7da72b82fb739bcecb5460b262967e0a902bdf97afa3e4c48d0cedef49b1a0cae1eda26a3c1996d3c4738e8e7cc7b6d75866aa1028206af937db4615ff916da9ab66a25d142b667ec08298814fa3cce45114cfcf63ae536f165108d5adf136742a658522c9f7976d5a3ca833c743b645435108a92586ec962450b92c76b4694699a4e5d6d5adf8113331f6e08d905568c8221f0867eb7d66d75070c71cff5c7324a02e6ea5306f7b0d7df939b293d8215a2be54210fea655f6ce92579dc74ec0b5cd7134d5feaa9c2536289103c1ee464d0a0f18cae08615938534f73a7de3a04d21c063387d7e615274788b7d66844a6e3d18f34344fdd720eda1c8806e9a7f6343b39beeefc54f744500c5037ef24b132776d49897c1887f04b48b0e2cb859417b74a871ac33b590f573bcb04c3f52af96fdc069a0b1abce0f4421bb36ac04729ec24215876d49570f2c1d3d6b4942f8a785c8b84e11587aac06c42d52b5016b884bee7a4bbc0057321f9e6aae15b462d5670b29c03cf5f13a7977fff40bf9d1379eb0c143e32bb350cefcdd3adaf087f02bb1c3c02c9381ea1075a4d29730b9a3e1c19a62efb7ccfa6bc8961c9c15f827206e618b3cd5e1b5346a4e1e5f09d897aa1ef8b76bdb96285b6fd76c0f967f87c4d3650f008f7c0b6bfbdc3e1a277473818dc54981f610686965527867afc97357b9ad4b7b6e4d77ea4546e18f35c844b4d26274c63f23ef03cf04164d8bf2e7526bbe270ebf81fcde5ade3b25824b5f7e7af4850621e1b3729a1cbef954c3050e30166c2ebf11387621c4af7882b0984d8f4688558420f506edd4d3162b376773f331b93094374e9ace36aeb8c6ea2429803c541ddcadda5e695aab5c462d4b1ffb915f104a0c4521684f0a79f6a20440a425bf9400687fc9f63eb5cc64607b48c6d02b3c1a07f966ce8e4be486562a4d40dc293fed15196c601970b6e94488734470edd10609d4cf19bacd90c67b7d49ea65f8f996118ae9fcad0464a35be040d0a5e54e902b4f55d22340b3a93b645d99815d2133c073ecf88b32a7e24a937be97842af594680308565afec8c4ff7e2fcea1cc688ec47b19cd81e02ea60ad87c5d108c9bc0db646a09752d70258641c286a69c334f5a98de21bcd81738d5b78495b7a9b9aa715abac17005f4775846946ad94ce81348ac3f48849f9e6c0c88b91d4445f7672c1bd865c6f537a6eea0361e2f708a4d938139e4d28facbee60f9c217fddc9ce161666d9513059ec1a1f491a7c515a0408002d2b58f5d288da0c4a945d76a630faca1842cebb93e0222be5d4d3d7494293316a339d78ddc2ddcf2058fee82b99a1cdd9ab2ce7122719076ee902ced2938287339c7cf81f39ce38972aba1edead18b01e8f0b9fe36dbf9900213881101e1fa4c320cfe313a9967162159aef1a21ed0e990ca236260862b54164c68fa7b54b249c7a102c4e4b37065438826f1a83e21b1ffbb3828da820bcb807d3de360e569261e0da7e856891c3881386af8404060a46a2036f5f5e60ee83e92dd70ac03107bfd257faf28bbcc3e169129031bf81ecf09d5187fc12a749bee059a8483657691c29da9fa4661c156c289f0b689a0b892f2d972aa452b6ddbed481e1fbe4f54fb832c8f67c9a3cfd20afed68427d8b7a1c6812d110dc1da300b329a5c8b58169a76584316f1a67616f0177ed2ace2c4024c52f19e7701575d2e5aaccb2f93f88538460e149f6d918b084ea077fa6e5a90c24440c624f8dc87af323fa2556a9a81409ebc1d5eb223bf602d50a218fb47c8da7df0848864e6a7f34b999b07bc8a310201800ca7e9f970c5031e6e035024cb049432c93f62fc5acb3b81bd0333271d5f041fdb83bbc2db7065cbcd0faf3a3b4a5ec15024bae7b5b9df5a9eb8b42c59309cc8183f8862f861804136b72d3396e1ac120bff209dc9283358b1ef62aabaa728d803e06eb13a6cf6cf57913aab17291474ab53ab7eeac02b4d25ac332d9aaec05ae637a1a4b63668e4b9c6d4fb0112838bd6dc4e0c16809fcc57b8b19cab29107a14d1d64c6c04509210cf4c169cf6e5abbd85dbaad8f9e71f23ace4f6624f744cbd8cd8fa19752c3749ad91fa661a4b4cadd540612233ce6340b77a702c4652a16953c4bd86cd869ca3b2020b1fae2b58fb208170800d9ea2e5cc4c11eb02b20acdb26457ec36e1ce5235239924e3d173a27e375fe800f2f147a72bc35d93d416266522ec6f056d286c8e8e34100d180256b67d4bc4eff977cdae09fb6d484890fbea8bd1080f67d0fcbc899dbd2454ff289f6bdd7844c97bbd8b6a77fb37e371f7be6f86e0524f2500f01014a976df51b385eb3a31b8a9da2f3cfb60c925d0fcca346fe300222a248d650cd798bbe5b550cd4689e24813d991bcd64ff9269133b491a98c23a8a9a2e850d780a68142903c3e46713b729fd4157645ded83a9fe0f21f47316c61ea9ea9c36477e93cc21f91e8f9b4e862934bf598018c7d93a9b21550a5126c2109538b196f1c37ae7363af2a2ef4c8b868e328fcc89c8277f14249a2969761988c704ec8904e5d3df35082ce09c18546e3adfde62ea8d26bf2e512100fc26836a069ecb501bc86a2d49a3a1e42aa9ba1440f7ed6291075aeca366108d93dabf2409b90c8f6d2d5ea39cd1860d033c454a903d8b947ba9fbea460a61198dba27c62387e0daf367b8f6aacb159bbc9511bd30c2933172d73ae96bbd56e47c7ab978377e9df7736aa28e62121851b259ddf7cc9dc419266083483fdf4d92f3eea638a4a91bef06c30a6389d32d42f73b557005b924afa9228cf5a4570abf081de3141f66650225c07ecae4a339d9d31f298ae0f4adcf1fe26aa97a857338cafea50464d11c994029f011e808f645dbb920bed610b3cb51b464829873585779af9194b78b2751365926723afc8254c6f9048b7af1c33bff39ed289b1dc5ac92336b27d2c5a8ee095c31db79fbb527231f53699e12166262e02d8433eeefedbc877223ee8c281e248bea106c656e2785a4a4a942567dcdae2d487f5077f7db8bc69a622fb39fb536c9e713147dfdd7180dc946da9dfaad10cc950a59012d3452acebe44409ab768273b8bb1ec7252ba0cb6a40e5125f3dae47ff3b8e20bac56243504b0798666df4f8a5c33ac9c5fb6a783b3de48d5fb35eba414172f5ba15a0fc5047c004ba25fa40808200eca5ce62239870b713361b0eb82d8e9797fa2809e531dbc3c7457b489ba0b60e7759ebc6ff8fe2ad70ae8198d293134d31238f181633baed5b1e3bd5b9d88d865c67bf6b20c98ed60eff853eb9f324715ce0f56b9d07ae6617280aba83060f21b9ad50eb185cafd73c55c1b5e286dcfcdf06064de52ff8925fa90825ddd763bf3681df3a481e00566e48a1e65c0b0e35069ed7ad9f2d7bae2edf82b381fc8d778d6893f3d034d531fe267a425d790564458eea0dab67dfe595fe16757af9eeae0af547ee1cc13cec317c4c8ded606c212f44c8f66fe", @ANYRESOCT=0x0, @ANYBLOB="c1d142dcdf1a78de088933cd217f0d2fbddabe353b5924e5ec5d568431b17b0ec0c889176aac2b9910a53462d0d2529ec4f67d112491babdfff550aa985a1468fa0afe9ac81e7ed0e6997e06bdbcbe3d0954c0a5dda6d28349bb96fb554a3362ce66a741aba6d863964020ac75e62bf7cd4910b7fcd4e44e8e54b111545bd84d7c7ab36b4049517f8a313e647fd153c709494e2785f902cc180f3d595ebb5f47ed5e314d1cf7ea40609561b0abc8a506fd7178e0b8ecbdcc59", @ANYBLOB="efb1cce45fac75b55c0a22aa86d715acecca0aa979b4d29fac76f08179aeaec3fd68428e2f1296ca209611505e1fc08510692ff2dcd9de8a1df6030afb9044fa0d877fdccd18f46ca6dab0921ca87bf4fe9938c4c0414ffa9949c19bda4184863abff03f769cb830b618ee918ecb072791fb01219fd39ccf42386b70d9ab5d9d8a0c5e038a3648371eda36c90e24e82b8e174ecd4a06b755bffd232f4a6dff5d554719f2eaa6b4774d605ab0cb1fb6cce7f95e4a922a07025071ab5564e1e37f507def4b0697a5f6da355cf0c0c1b561fdd734c2c6fb1d340994660ebbff88f2ee39ddb3af7fe80b967ef82da422f756e688ec941aff97", @ANYRES16, @ANYRES16=0x0, @ANYRESDEC], 0x1, 0x2f4, &(0x7f0000000900)="$eJzs3M9PE1sUwPHTn7QlUBYv7+W95IUb3ehmAtW10hhIjE0kSI0/EpMBptp0bEmnwdQY0ZVb4x/hgrBkR6L8A2zc6caNOzYmLmRhrOn8oKVMKYVKEb6fhMxhzj3tvZ2SnNt02Lrz+nEhZ2k5vSLBmJKAiMi2yIgExRNwj0E7jkqzF3Jx8NvH/2/dvXcjnclMzig1lZ69lFJKDY++e/Is7g5bH5DNkQdbX1NfNv/e/Hfr5+yjvKXyliqWKkpXc6XPFX3ONNRC3ipoSk2bhm4ZKl+0jLKTLzn5nFlaXKwqvbgwlFgsG5al9GJVFYyqqpRUpVxVoYd6vqg0TVNDCUEn2ZWZGT19yOL5Hk8Gv0m5nNZDIhLfk8mu9GVCAACgr1r7/6CoXvb/q+c2KoO314bd/n896tf/X/7kPNau/j8mIr79v/f8vv2/3l3/v7cjOluO1P/jZBiN7jkVaIT1ZDmtJ9y/X9vL+6tjdkD/DwAAAAAAAAAAAAAAAAAAAADAn2C7VkvWarWkd/R+6rmYiDT/3iIkIlePf8bopXbXf6Dz9ccp0LhxLzwsYr5ayi5lnaM7YENETDFkTJLyw34/uOqxd+eRqhuR9+ayW7+8lA3ZmXRO8nb9uCQj0lpfq01dz0yOK8fu+ogkmutTkpS//OtTvvVRuXC+qV6TpHyYl5KYsmDPo1H/fFypazczLfVxexwAAAAAAKeBpnb47t81rV3eqd/ZX7d+PhBq7K/HfPfnYfkv3N+1AwAAAABwVljVpwXdNI3yPkFcOo9xgsgBxrQG4W4GdxF4Kzxolfddhh5P42CB9+S7UjH3ZM9flkAXL0ubICiHqRqtr0YddRXex0btxsj0xPFfQTv4583b7717wCtrsQ4rPXwQ2v8NEHG//gUAAADgFGk0/d6Zif5OCAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAM+g4/jtav9cIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnBS/AgAA//9p2gTn") r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x6e}}, './file0\x00'}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0xfffffd9d) 3.545968469s ago: executing program 0 (id=856): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$tmpfs(0x0, &(0x7f0000000400)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) 3.512392459s ago: executing program 0 (id=859): socket$kcm(0xa, 0x1, 0x0) open(0x0, 0x313442, 0x60) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='kfree\x00'}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001b00)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x25dfdbff, {0x60, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x4, 0x1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x18, 0x2, {{0x7fffffff, 0x14, 0xfcc, 0x400, 0x9}, 0x81, 0x0, 0xc8c3, 0x40, 0x4, 0x1c, 0x11, 0x9, 0x8, 0xffffffff, {0xfffffff5, 0x4, 0xad8, 0x7, 0x4, 0x4}}}}]}, 0x78}}, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000001600), 0xffffffffffffffff) socket$tipc(0x1e, 0x5, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0xfffffd7e) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x5}]}], {0x52}}, 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r2, 0x0, 0x2}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', 0xffffffffffffffff, 0x0, 0x7fffffffffffffff}, 0x18) 3.415281881s ago: executing program 0 (id=863): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2) sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000844}, 0x0) 3.376638481s ago: executing program 0 (id=864): syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f0000003540)=ANY=[@ANYBLOB="b7000000a0feffd7bca30000000000002403000040feffff7b1af0ff0000000079a4f0ff000000001f030000000000002e030200000000002604fdffffff000e61141800000000001d430000000000007a0a00fe0000001f61141400000000004603f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f2440000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c9494963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c88629a6c921c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fbf05b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71ca3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b60f132a2bf8a858392f34072d99aee0ec70aa6d75096e608d97ac4b7bfa2e0ae3e59718e7a7691a98b1334e34553300000000000000000000000000000000062c7cf52e9624806a4833e1c0059e5a703ab9c2e9b38779270dc5e80af75d509b1a31fe6ed3f8c0172659256dc88de4e377c8a07e95ec5549ae47dc43b93a159a201be254048b9e0857ea3c736c761e686f9b3d0690f035617a12055b2cb3a03794d67b95e7f4fc6af323120c09d0503c8ce92e869e22bb2590299ad76d541f844d32f96184f74d433793bbd75ec15fb1497ce835445212421cb4e3ce08395c9055a2"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x7, &(0x7f0000000100), 0x4) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x8000) socket$kcm(0x11, 0x3, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100) mount(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380)='devtmpfs\x00', 0x4000, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x3200890, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x262) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, 0x0, {0x10, 0x9}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r2, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f0000000380)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0x19, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000008000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x74, r7, {0xf}, {0x0, 0x1}, {0x3, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x40) 3.001398716s ago: executing program 3 (id=879): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1c, 0xe, &(0x7f0000001100)=ANY=[@ANYBLOB="b70000008113b0ffbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071103600000000001d300500000000004704000001ed00000f030000000000001d44020000000000620a00fe040400007203000000000000e500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba93eecff1f134a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f63cbea7c6f79520e1de3d1de3b1cd50d29db26d4e53ef5c1d6a396e8a319f723c3f722f2a38fd0983b2ff680f05e417e7572372f0facbaf8b8dc20d9025a2afa423573a57e32780ce9047fb0183af8c260bf3d0ce8cf59f50c45a9f8d451908f8ce1cf9eff0218786757814feb1222d7aa6bd8df50f12fdcd3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x6b, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain) syz_open_dev$tty20(0xc, 0x4, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x8, 0x0, 0x0, 0x9}]}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) perf_event_open(0x0, 0x0, 0xffffffffefffffff, 0xffffffffffffffff, 0x2) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000500)=ANY=[@ANYRESHEX=r0, @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x9, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x9, 0x4, &(0x7f0000000480)=ANY=[@ANYRES32=r1], 0x0, 0xdd1f, 0x0, 0x0, 0x100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, 0x0, 0x0}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x4000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r5}, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r6, 0x5, &(0x7f0000000300)={0x2, 0x4, 0x103ff, 0x56a}) listen(r3, 0xa) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6) bind$inet6(r7, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r7, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r7, &(0x7f0000000240)=':', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x4e23, 0x39a, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000040)='yeah\x00', 0x5) shutdown(r7, 0x1) close_range(r2, 0xffffffffffffffff, 0x0) 2.880446748s ago: executing program 3 (id=884): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={0x0, r0}, 0x18) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x12, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) ioperm(0x100, 0x0, 0xffffffffffffffff) 2.865741438s ago: executing program 3 (id=887): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10003, 0x1, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3af, 0x4}, 0x100000, 0x0, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$isdn_base(0x22, 0x3, 0x0) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f00000000c0)=ANY=[], 0x8) r2 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) shmat(r2, &(0x7f0000ff7000/0x3000)=nil, 0x400c) recvmmsg(r0, &(0x7f0000001b80)=[{{&(0x7f0000000940)=@un=@abs, 0x80, &(0x7f0000001a40)=[{&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f0000000480)}, {&(0x7f00000019c0)=""/68, 0x44}], 0x3, &(0x7f0000001a80)=""/240, 0xf0}, 0x8}], 0x1, 0x10000, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000240)={{{@in=@initdev, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@remote}}, &(0x7f0000000040)=0xe8) getgroups(0x6, &(0x7f0000000340)=[0xee00, 0xffffffffffffffff, 0x0, 0xee01, 0xee01, 0xffffffffffffffff]) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000000140)=0x0) fcntl$lock(r5, 0x24, &(0x7f0000000180)={0x1, 0x4, 0x2, 0x7fffffffffffffff, r6}) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) dup2(r5, r7) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000540)={r7, &(0x7f0000000480)="a3d1977e", &(0x7f0000000800)=""/117, 0x4}, 0x20) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000380)={{{@in6=@private0, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@loopback}}, &(0x7f0000000900)=0xa7) newfstatat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x100) r10 = syz_clone3(&(0x7f0000000780)={0x4000200, &(0x7f0000000500), 0x0, &(0x7f0000000640), {0x20}, &(0x7f0000000680)=""/35, 0x23, &(0x7f00000006c0)=""/93, &(0x7f0000000740)=[0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0], 0x5, {r1}}, 0x58) shmctl$IPC_SET(r2, 0x1, &(0x7f0000000880)={{0x0, r3, r4, r8, r9, 0x1c3, 0x384d}, 0x9, 0x8000, 0x4, 0x8000000000000001, r10, 0x0, 0x6}) shmctl$SHM_STAT_ANY(r2, 0xf, &(0x7f0000000280)=""/159) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) r11 = syz_open_dev$usbmon(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5421, 0x0) preadv(r11, &(0x7f0000000240)=[{&(0x7f0000000000)=""/53, 0x35}, {&(0x7f0000000040)=""/187, 0xbb}, {&(0x7f00000001c0)=""/100, 0x64}, {&(0x7f0000000100)=""/53, 0x35}], 0x4, 0x9, 0xcc21) 2.143138189s ago: executing program 3 (id=899): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000010000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000318110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000000)='%-010d \x00'}, 0x20) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000002480)=@raw={'raw\x00', 0x8, 0x3, 0x4e8, 0x0, 0x11, 0x148, 0x340, 0x0, 0x450, 0x2a8, 0x2a8, 0x450, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x81}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x4f, 0x7, "72f6daeff0a9c6294e211d2d88fe6dcff5d0e552201da3b7a1fdb30dcb59"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x548) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0) close(r4) socket$netlink(0x10, 0x3, 0x0) syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f00000006c0)='./file1\x00', 0x40, &(0x7f00000000c0)={[{@user_xattr}, {@nodioread_nolock}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP") r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000740)='./file1\x00', 0x183042, 0x15) pwrite64(r6, &(0x7f0000000140)='2', 0xfdef, 0xe7c) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r5, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0), 0xfc, 0x574, &(0x7f0000001980)="$eJzs3c9rHFUcAPDvbJI2/aFJoRT1IIEerNRumsQfFTzUk4gWC3qvS7INJZtuyW5KEwu2B3vxIkUQsSB69+6x+A/4VxS0UKQEPXiJzGY2XZPZNNlumm3384Fp35uZzZvvvvm+fbOzywbQt8bSfwoRL0fEN0nESMu2wcg2jq3tt/Lw+nS6JLG6+ulfSSTZuub+Sfb/oazyUkT89lXEycLmdmtLy3OlSqW8kNXH6/NXxmtLy6cuzZdmy7Ply5NTU2fempp89523uxbr6+f/+f6Tux+e+fr4yne/3D9yO4mzcTjb1hrHE7jRWhmLsew5GYqzG3ac6EJjvSTZ6wOgIwNZng9FOgaMxECW9blWR57moQG77Ms0rYE+lch/6FPNeUDz2r5L18HPjAfvr10AbY5/cO29kRhuXBsdXEn+d2WUXu+OdqH9tI1f/7xzO12i3fsQ+7vQEMAGN25GxOnBwc3jX5KNf507vY19NrbRb68/sJfupvOfN/LmP4X1+U/kzH8O5eRuJx6f/4X7XWimrXT+917u/Hf9ptXoQFZ7oTHnG0ouXqqU07HtxYg4EUP70/pERHyQfxPk88LKvdV27bfO/9Ilbb85F8yO4/7ghvnfTKleevLI1zy4GfFK7vw3We//JKf/0+fj/DbbOFa+82q7bY+Pf3et/hTxWm7/P+rMZOv7k+ON82G8eVZs9vetY7+3a3+v40/7/+DW8Y8mrfdraztv48fhf8vttnV6/u9LPmuU92XrrpXq9YWJiH3Jx5vXTz56bLPe3D+N/8Txrce/vPP/QJrY24z/1tFbrbsO7yz+3ZXGP7Oj/t954d5HX/zQrv3t9f+bjdKJbM12xr/tHuCTPHcAAAAAAADQawoRcTiSQnG9XCgUi2uf7zgaBwuVaq1+8mJ18fJMNL4rOxpDhead7pGWz0NMZJ+HbdYnN9SnIuJIRHw7cKBRL05XKzN7HTwAAAAAAAAAAAAAAAAAAAD0iEMRw3nf/0/9MZD/mDargWfRFj/5DTzn2ud/tqUbv/QE9CSv/9C/5D/0L/kP/Uv+Q/+S/9C/5D/0L/kP/Wsn+f/zuV08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg+nD93Ll1WVx5en07rM1eXFueqV0/NlGtzxfnF6eJ0deFKcbZana2Ui9PV+cf9vUq1emViMhavjdfLtfp4bWn5wnx18XL9wqX50mz5QnnoqUQFAAAAAAAAAAAAAAAAAAAAz5ba0vJcqVIpLygodFQY7I3D6MFCoTcOo8PCXo9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDIfwEAAP//wGE62g==") ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r7 = socket$unix(0x1, 0x1, 0x0) socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48050}, 0x40004) recvmmsg(r9, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000640)=""/216, 0xd8}, {&(0x7f00000052c0)=""/235, 0xeb}, {&(0x7f0000003080)=""/4096, 0x1000}], 0x3}, 0x3}], 0x1b00, 0x0, 0x0) r10 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000001c0)=ANY=[@ANYRESDEC=0x0], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.805632734s ago: executing program 4 (id=905): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) unshare(0x22020600) r2 = socket$kcm(0x10, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000640)='~', 0x1, 0x20000000, &(0x7f0000000300)={0xa, 0x4e1f, 0x8, @private1, 0x68b0}, 0x1c) r4 = socket$kcm(0xa, 0x2, 0x3a) setsockopt$sock_attach_bpf(r4, 0x29, 0x21, &(0x7f0000000100), 0x4) sendmsg$kcm(r4, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @mcast2, 0x1a}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000780)="80005b020eaa4da2", 0x8}], 0x1, 0x0, 0x0, 0x900}, 0x0) recvmmsg(r2, &(0x7f00000067c0)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x120, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5}, 0x10) 890.020147ms ago: executing program 4 (id=915): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r0}, 0x10) io_setup(0x4082, &(0x7f0000000380)) (fail_nth: 21) 663.67162ms ago: executing program 2 (id=916): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket(0x10, 0x80002, 0x0) r2 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x400000080ffffff, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[], 0xa8}}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) r4 = fcntl$dupfd(r2, 0x0, r2) ioctl$SG_IO(r4, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x7, 0x8000, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10) listen(r1, 0x0) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) accept(r0, 0x0, 0x0) 609.116921ms ago: executing program 2 (id=917): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000040}, 0x20000000) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a09040000000000000000020000000900020073797a32000000000900010073797a30000000002c0004802800018008000100636d70001c000280080001400000001b08000380048001000800024000000003140000001100010000000000000000000000000a"], 0x80}}, 0x0) 608.742241ms ago: executing program 4 (id=918): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r0, &(0x7f0000000340)="48efd77724000000", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x4e22, @empty}, 0x10) getsockname$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0}, &(0x7f0000000440)=0x14) sendmsg$inet(r0, &(0x7f00000005c0)={&(0x7f0000000000)={0x2, 0x4e22, @private=0xa010100}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000040)="3d60ea2a67ef6a95fefa8e937ded8b1a4bc9800a7ba5a6b8d014e0e3836106e6aa8b26e6d950c21ba79eee572af6f5c14eaab5aade24e3d3822ceca79242e0bee851ff6a63735df5640d5f0a170687265ed87fe1028bc139652e99acd809fcce62d9de9883ca7a41630e8011215bf45bcff63f27a581bb928f10a2f9b16027cc1066a7ccea1a15fc944f9682e734968828edf4c5ea485c429d4521225a019651f3d3a165bb1391", 0xa7}, {&(0x7f0000000140)="47872476d6862917a88277b9952a74b1da6c06533cd3c40b1b50b97c5bc3f18eddb25f8d115cacbff6911a0dcb41d28bb41ab46fca96699e88c662d4efd199ffe6edfa1b2ff044abd515b56025325c94e57d7fd9a91a9afcd98372f455e4dc051c7ae5a5d6f53373ae79984380f5db08f43cc68b1e854f8f6c5794eb757d77ec307bfd08b0a2eadb8651a90da359a3c332f50fa9b0a1688c4091c6587f79fdff79ed00519c8a", 0xa6}, {&(0x7f0000000200)="042238a066e61e846064ac2587f0019aa269f1c9e19e86703f75afa45030a48b4b3d7b7a906c9481651b4df1821167cac10aeb5cc22cbfa6307bf15c221ab82dae2d3dea155b98bc54c1976b1580293c0d47a82b824741c909664425a1c001c9d42a76ce0c78aa9a5b4248f93b71fab2d0c089a6db7386682f4c8deb8e2dd70af7b0f218af89869061b079b795a4591d8a677fd7", 0x94}, {&(0x7f0000000380)="47026629f44d53a161bdd697b820c6fc8a02e7848798cdcca4f71a03c9bc9b963f94307aad0ae053f6b12550bacf0858a43c5bf227a39c173711f12c9e58307f3d756e791482bf633215d50442ac33c8e19261e372a26f5918881cc428675c53cf0c00e74b9e953dcdf513e725e0efe3294c6306f8daead627fbf48ccd9e6074b2024ef0c67151700c154710aa9af67e6af3a07c954fdc57", 0x98}], 0x4, &(0x7f0000000480)=[@ip_retopts={{0x54, 0x0, 0x7, {[@timestamp_addr={0x44, 0x2c, 0x54, 0x1, 0x9, [{@dev={0xac, 0x14, 0x14, 0x17}, 0xb}, {@dev={0xac, 0x14, 0x14, 0x36}}, {@empty, 0x2}, {@broadcast, 0x2}, {@multicast1, 0x1}]}, @noop, @lsrr={0x83, 0x17, 0x31, [@dev={0xac, 0x14, 0x14, 0xe}, @loopback, @dev={0xac, 0x14, 0x14, 0x18}, @remote, @empty]}]}}}, @ip_retopts={{0x68, 0x0, 0x7, {[@lsrr={0x83, 0x1b, 0x4c, [@broadcast, @loopback, @multicast1, @rand_addr=0x64010102, @empty, @local]}, @rr={0x7, 0xf, 0x4b, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010100]}, @lsrr={0x83, 0x2b, 0x1c, [@private=0xa010102, @broadcast, @dev={0xac, 0x14, 0x14, 0x12}, @rand_addr=0x64010100, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @empty, @broadcast, @loopback]}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xaf}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xe}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x29}}}}], 0x128}, 0x7c7522791196bbf0) recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20, 0x0) 569.695171ms ago: executing program 4 (id=919): r0 = syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x200000, 0x0, 0x4, 0x0, &(0x7f00000002c0)) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x34, r2, 0x1, 0x70bd2e, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_PKT_RATE_HIGH={0x8}]}, 0x34}}, 0x0) splice(r0, &(0x7f0000000180)=0x9, r1, &(0x7f00000001c0)=0x4, 0xd2, 0xb) pipe2$9p(&(0x7f0000000240), 0x80000) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) getpid() connect$unix(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES32=0x1], 0x50) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) pwrite64(r5, &(0x7f0000000080)='3', 0x1, 0x0) 565.242772ms ago: executing program 2 (id=920): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x200008, &(0x7f0000000040), 0x1, 0x504, &(0x7f0000001000)="$eJzs3c9vI1cdAPDveOPEyaZNWnoABO3SFha0WifxtlHVA5QTQqgSokeQtiHxRlHsOIqd0oQ9pGckTkhU4gRH/gDOPXHnguDGpRyQ+BGBGiQORjMep07W3gSS2FH8+UijeW/erL/vbXbei7/Z+AUwtu5ExEFETEbEuxExl19P8iPe6hzpfZ8cPl49Ony8mkS7/c7fk6w9vRY9fyZ1O3/NUkR871sRP0yejNvc299cqdWqO3l9oVXfXmju7d/fqK+sV9erW5XK8tLy4hsPXq9c2lhfqk/mpS9+/LuDr/047dZsfqV3HJepM/TicZzURER85yqCjcCtfDyTo+4I/5dCRDwfES9nz/9c3Mq+mgDATdZuz0V7rrd+LDlZBQBuikKWA0sK5TwXMBuFQrncyeG9EDOFWqPZuveosbu11smVzUex8GijVl3Mc4XzUUzS+lJW/rReOVV/EBHPRcTPpqazenm1UVsb5Tc+ADDGbp9a//811Vn/AYAbrjTqDgAAQ2f9B4DxY/0HgPFj/QeA8dNZ/6dH3Q0AYIi8/weA8WP9B4Cx8t23306P9lH++ddr7+3tbjbeu79WbW6W67ur5dXGznZ5vdFYzz6zp37W69Uaje2l12L3/fmvbzdbC829/Yf1xu5W62H2ud4Pq8XsroMhjAwAGOS5lz76Y5KuyG9OZ0f07OVQHGnPgKtWGHUHgJG5NeoOACNjty8YXxd4j1+M+KkUAdwAfbboPaHU7xeE2u12++q6BFyxu5+T/4dx1ZP/97+AYczI/8P4kv+H8dVuJ+fd5D/OeyMAcL3J8QMDfv7/fH7+df7DgR+snb7jw6vsFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFxv3f1/y/le4LNRKJTLEc9ExHwUk0cbtepiRDwbEX+YKk6l9aUR9xkAuKjCX5J8/6+7c6/Onmh68fZxcTIifvSLd37+/kqrtfP7iMnkH1Pd660P8+uV4fceADhbd53Ozj1v5D85fLzaPYbZn79+MyJKnfhHh5NxdBx/IiaycymKETHzzySvdyQ9uYuLOPggIj7bb/xJzGY5kM7Op6fjp7GfGWr8won4haytc07/Lj5zCX2BcfNROv+81e/5K8Sd7Nz/+S9lM9TF5fNf+lKrR9kc+Gn87vx3a8D8d+e8MV777bc7pekn2z6I+PxERDf2Uc/8042fDIj/6jnj/+kLL748qK39y4i70T9+b6yFVn17obm3f3+jvrJeXa9uVSrLS8uLbzx4vbKQ5agXBq8Gf3vz3rOD2tLxzwyIXzpj/F8+5/h/9Z93v/+lp8T/6iv94hfihafET9fEr5wz/srMb0qD2tL4awPGf9bX/94543/85/0ntg0HAEanube/uVKrVXcUFK5/If0new260bfwjWHFmoz+TT95pfNMn2rqfu//P8YaNGNcRtYNuA6OH/qI+PeoOwMAAAAAAAAAAAAAAPQ1jN9YGvUYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLn+GwAA//+hm8cd") quotactl$Q_QUOTAOFF(0xffffffff80000301, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) 550.906462ms ago: executing program 3 (id=921): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x200008, &(0x7f0000000040), 0x1, 0x504, &(0x7f0000001000)="$eJzs3c9vI1cdAPDveOPEyaZNWnoABO3SFha0WifxtlHVA5QTQqgSokeQtiHxRlHsOIqd0oQ9pGckTkhU4gRH/gDOPXHnguDGpRyQ+BGBGiQORjMep07W3gSS2FH8+UijeW/erL/vbXbei7/Z+AUwtu5ExEFETEbEuxExl19P8iPe6hzpfZ8cPl49Ony8mkS7/c7fk6w9vRY9fyZ1O3/NUkR871sRP0yejNvc299cqdWqO3l9oVXfXmju7d/fqK+sV9erW5XK8tLy4hsPXq9c2lhfqk/mpS9+/LuDr/047dZsfqV3HJepM/TicZzURER85yqCjcCtfDyTo+4I/5dCRDwfES9nz/9c3Mq+mgDATdZuz0V7rrd+LDlZBQBuikKWA0sK5TwXMBuFQrncyeG9EDOFWqPZuveosbu11smVzUex8GijVl3Mc4XzUUzS+lJW/rReOVV/EBHPRcTPpqazenm1UVsb5Tc+ADDGbp9a//811Vn/AYAbrjTqDgAAQ2f9B4DxY/0HgPFj/QeA8dNZ/6dH3Q0AYIi8/weA8WP9B4Cx8t23306P9lH++ddr7+3tbjbeu79WbW6W67ur5dXGznZ5vdFYzz6zp37W69Uaje2l12L3/fmvbzdbC829/Yf1xu5W62H2ud4Pq8XsroMhjAwAGOS5lz76Y5KuyG9OZ0f07OVQHGnPgKtWGHUHgJG5NeoOACNjty8YXxd4j1+M+KkUAdwAfbboPaHU7xeE2u12++q6BFyxu5+T/4dx1ZP/97+AYczI/8P4kv+H8dVuJ+fd5D/OeyMAcL3J8QMDfv7/fH7+df7DgR+snb7jw6vsFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFxv3f1/y/le4LNRKJTLEc9ExHwUk0cbtepiRDwbEX+YKk6l9aUR9xkAuKjCX5J8/6+7c6/Onmh68fZxcTIifvSLd37+/kqrtfP7iMnkH1Pd660P8+uV4fceADhbd53Ozj1v5D85fLzaPYbZn79+MyJKnfhHh5NxdBx/IiaycymKETHzzySvdyQ9uYuLOPggIj7bb/xJzGY5kM7Op6fjp7GfGWr8won4haytc07/Lj5zCX2BcfNROv+81e/5K8Sd7Nz/+S9lM9TF5fNf+lKrR9kc+Gn87vx3a8D8d+e8MV777bc7pekn2z6I+PxERDf2Uc/8042fDIj/6jnj/+kLL748qK39y4i70T9+b6yFVn17obm3f3+jvrJeXa9uVSrLS8uLbzx4vbKQ5agXBq8Gf3vz3rOD2tLxzwyIXzpj/F8+5/h/9Z93v/+lp8T/6iv94hfihafET9fEr5wz/srMb0qD2tL4awPGf9bX/94543/85/0ntg0HAEanube/uVKrVXcUFK5/If0new260bfwjWHFmoz+TT95pfNMn2rqfu//P8YaNGNcRtYNuA6OH/qI+PeoOwMAAAAAAAAAAAAAAPQ1jN9YGvUYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLn+GwAA//+hm8cd") bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) quotactl$Q_QUOTAOFF(0xffffffff80000301, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) 383.380545ms ago: executing program 1 (id=922): r0 = io_uring_setup(0x1694, &(0x7f0000000340)={0x0, 0xa07d, 0x10, 0x0, 0x1}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 382.823115ms ago: executing program 4 (id=923): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x898, 0x30, 0xffff, 0x0, 0x0, {}, [{0x884, 0x1, [@m_police={0x880, 0x1, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE64={0xc, 0xb}, @TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4e16, 0x0, 0x0, 0x0, 0x0, 0x101, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xfffffffe, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb7fe6bd0, 0x1, 0x1ffffffe, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x894e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x319e, 0x0, 0x6, 0x0, 0x18a, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x4, 0x0, 0x0, 0x0, 0x0, 0xff}}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x898}}, 0x0) 382.389165ms ago: executing program 2 (id=924): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) r1 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) 351.715625ms ago: executing program 4 (id=925): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) unshare(0x22020600) r2 = socket$kcm(0x10, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000640)='~', 0x1, 0x20000000, &(0x7f0000000300)={0xa, 0x4e1f, 0x8, @private1, 0x68b0}, 0x1c) r4 = socket$kcm(0xa, 0x2, 0x3a) setsockopt$sock_attach_bpf(r4, 0x29, 0x21, &(0x7f0000000100), 0x4) sendmsg$kcm(r4, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @mcast2, 0x1a}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000780)="80005b020eaa4da2", 0x8}], 0x1, 0x0, 0x0, 0x900}, 0x0) recvmmsg(r2, &(0x7f00000067c0)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x120, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5}, 0x10) 322.317616ms ago: executing program 0 (id=926): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) r2 = accept4$x25(0xffffffffffffffff, &(0x7f0000000100)={0x9, @remote}, &(0x7f0000000200)=0x12, 0x80800) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f00000001c0)=0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x4, 0x0, 0x0, 0x0, 0x2, 0x91511, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x6dd0, 0x2}, 0x5c70, 0x7, 0x0, 0x1, 0x8, 0x6, 0xb, 0x0, 0x0, 0x0, 0x2}, r3, 0xa, 0xffffffffffffffff, 0xb) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000100095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x18) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r9, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f00000002c0)="ea", 0x1}], 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}}], 0x1, 0x4) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r8, 0x0, r11, 0x0, 0x39000, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) r12 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r12, 0x0, &(0x7f00000000c0)=0x0) r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r15 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r14) sendmsg$NFC_CMD_DEV_UP(r14, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r15, @ANYBLOB="0100259d7000fcdbdf250200000008000100", @ANYRES32=r13], 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x8004) ioctl$IOCTL_GET_NCIDEV_IDX(r10, 0x0, &(0x7f0000000280)=0x0) sendmsg$NFC_CMD_DEACTIVATE_TARGET(r0, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r15, @ANYBLOB="00012cbd7000fbdbdf251e00000008000100", @ANYRES32=r16, @ANYBLOB="c1de0100", @ANYRES32=0x0, @ANYBLOB="0800040000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x50) sendmsg(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000003c0)="c7", 0x1}], 0x1}, 0x4005) recvmsg(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x60) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0100000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="00000000000000f6cd3326c6e1", @ANYRES32=0x0, @ANYRES32], 0x48) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000300000000000100000007000100020000007e7500000000000008000500087b0d610800060052000000080006001a000000080006f0ff00000008000600c30000000800060094000000080006277c8c67c139e6e9aee254248b001a0000000800020002000000190f55f25a17d9d9cc35ddb5656f47966f2efb6aa9037ac190a1a3fad8d1787c24bb1fc4e3ca17839192d7e0231e9ea598c28792c29f41f6ad4f9233f0b3ded6d2cda73c247145f13a6e"], 0x64}}, 0x8000) 266.274506ms ago: executing program 2 (id=927): r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) splice(r1, &(0x7f00000001c0)=0x8, r0, 0x0, 0x9322, 0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r3, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r2], 0x4}}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r3, 0x100, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xf1ad}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40800) 265.462586ms ago: executing program 3 (id=928): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50) r1 = socket(0xa, 0x3, 0x438) setsockopt$MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd0, 0x0, 0x0) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000ac0)=ANY=[@ANYRES8=r0, @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095", @ANYBLOB="948dfc80bc4fb45ec9250c89c3072282695d3eae1f2b262f2c7d20998c2a5738e161a38147a27adade78873e5c135b778601381cecf669e87d920b6d09e2dd2483262391ef43b88ea227c748324531865e3a398c096ff88e5a12827813b689f15653a5523552a12aff361cb4521ba56f", @ANYRES32=r1, @ANYRES8=r0, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6e, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r3}, 0x10) epoll_pwait(r2, 0x0, 0x0, 0x8, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r4, &(0x7f0000000940)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000900)={&(0x7f0000000980)=ANY=[@ANYBLOB="884f000000000000000000020000073c0004800800014000000008024000000005080001400000000108000140000000003a758d7f46dd2782292ce926c2000000020400024000000002a80635ae0800014000006ca208000140000000ff08000000030600024088090000bcc6010073797a30000000000000000000000000000000877b47b8"], 0x88}}, 0x8000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_opts(r5, 0x0, 0x9, &(0x7f0000000840)=""/44, &(0x7f0000000880)=0x2c) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), 0xffffffffffffffff) syz_open_dev$usbfs(0x0, 0x76, 0x101341) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) socket(0x15, 0x5, 0x0) timer_create(0x4, &(0x7f0000000540)={0x0, 0x1, 0x2, @thr={&(0x7f0000000340)="903eb3187add0534e21ca03d614cd1bf2ac5624ce8019c8ab2eac6b37fbe49295ea023c59d3354ba76831fbaebc91b3ac3e26b886170819d330b68c801874f2e8fbdf8035adebea11ade3222da4d8188c87a9fa578d38b7ff28db80da683841830e829b584ffb820b5d7c80ec16782dff72be44112c62e037d2f76fe2b6949dc1b2ae47738f0c658b343553e6d5fcd2029062f6eb937f18a552bb4e467ca447ff7d5bc4abd1f136affd937f6500b46dffed16f995101c1e98a6009c8fe8e0bae3ba5db", &(0x7f00000004c0)="518d309676ac7b4d81c9a99762a5d25cfcf87e1cc137269b8ee048bacaf2a3c4b5e9d029008f58a7b6c4d58f3a9da2caf31f2974c15e69e4636137b0f056440487e3d1385956419e749232b4ae7f2df119e3542b8c5385cc779e17d0124a806a6143bb2cc94e63"}}, &(0x7f00000005c0)) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000b80)=ANY=[@ANYRESHEX=r5], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r7, 0x0, 0xfffffffffffffff9}, 0x18) r8 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, 0x0) r9 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r9, 0x0, 0x482, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r10 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r10}, 0x18) 186.438167ms ago: executing program 2 (id=929): r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000240)=ANY=[@ANYRESDEC=r0], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f00000004c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@rdma_args={0x48, 0x114, 0x1, {{0x3, 0x2}, {0x0}, &(0x7f0000000340)=[{&(0x7f0000001140)=""/102, 0x66}], 0x1, 0x60, 0xfffffffefffffffe}}], 0x48, 0x8004}, 0x0) r3 = gettid() r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000800)={r5, 0x0, 0x87, 0x9, &(0x7f00000005c0)="aa4a140415a1743deef3b79f294f3e3e9c522c2f05759ddf4b40c2ebe345f6a7275deaa5a8c81784b5897ae49ad0a8696e7937ab41a297361d3fc0c1857a08105050210b0429d332cc3e4b5ef4694b67648541d63f0802f4ec2e07fb4f097d987538d511e446d403d8238d4ec0318bcef6dbd2da6b655798b98ceedb29cc6c1d3b64228dffac75", &(0x7f00000002c0)=""/9, 0xffffffff, 0x0, 0x98, 0x58, &(0x7f0000000740)="61dee826fe021edafb3748c0efb957c333c3028ccacd66cf7e8f63a9c3d4a9f98eab57acb1cb996536e6eb0787b7e68b69dfd268e282218b91d02892c870a7b68fe1399f0a29b32b56ba0d084626c468d6f79347381bf4fa861a82cc2665534827a19f0bc934e34b69d301d672352a61aa641e4891a74ea3c5ba74ce5566ff59f57be9e73161444cd342ba58863a7144f0bc1b4695974eb1", &(0x7f0000000680)="ff2bb00f6bd27001c64567c665aebc4fe16b3eb519cba0598d3907b66e6a4196e2e76a020c5547e85f21104c81e25dd20e2f8abca603e0b7758710c29f4652367fe507de64c5ee61b4b162b3b8e0cc1c37b5b60bd7812f99", 0xaf1a4f67cd56d774, 0x0, 0x7}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1c, 0xb, &(0x7f0000000300)=ANY=[@ANYRES64=r4], &(0x7f0000000940)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, @void, @value}, 0x94) write$qrtrtun(r5, &(0x7f0000000200)="919874b8e9035100601744841b332c2e531c14601183e8485e7aa7cdc6078ee307c5f7d658", 0x25) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) timer_settime(r6, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) fcntl$setlease(r7, 0x400, 0x1) mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\xc0\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x0, 0x0) 174.412238ms ago: executing program 1 (id=930): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a09040000000000000000020000000900020073797a32000000000900010073797a30000000002c0004802800018008000100636d70001c000280080001400000001b08000380048001000800024000000003140000001100010000000000000000000000000a"], 0x80}}, 0x0) 146.293648ms ago: executing program 1 (id=931): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xcf) setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x68, 0x32, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffff7}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0xc881}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000082f0fd43668b218fb8ae11114997c6e6beacfcfbde8034b60da5d300"/58, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r4 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) recvmmsg$unix(r4, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1}}], 0x1, 0x0, 0x0) sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9e3120000000190a01020000000000000006797a320000000000cd7e8a0073cc7e1038555445d1d800"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4048010) r6 = msgget(0x2, 0x11) msgctl$IPC_RMID(r6, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r5}, 0x18) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND(r8, &(0x7f0000000240)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x30, 0x0, @ib={0x1b, 0x0, 0x10000, {"ea1d664ba74162b876462768175d891c"}, 0x4, 0x1, 0x4}}}, 0x90) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000480)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x9, @private0, 0x2}, {0xa, 0x4e22, 0x5, @private0, 0x5}, 0xffffffffffffffff, 0x4}}, 0x48) 41.21826ms ago: executing program 1 (id=932): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00'}, 0x10) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r1 = inotify_init1(0x80000) inotify_add_watch(r1, 0x0, 0x500082c) lsetxattr$security_selinux(&(0x7f0000000400)='./file0\x00', &(0x7f0000000000), &(0x7f0000000280)='system_u:object_r:fsadm_exec_t:s0\x00', 0x22, 0x0) 40.476089ms ago: executing program 1 (id=933): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x103f81af530ab711, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r3, 0x0, 0x1}, 0x18) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_settime(0xa, 0x0) r4 = socket$kcm(0x29, 0x7, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000580)={0xffffffffffffffff, r2}) r5 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0) write$binfmt_register(r5, &(0x7f0000000040)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0xffffffffffffffff, 0x3a, 'allow_other', 0x3a, '', 0x3a, './cgroup.cpu/cpuset.cpus', 0x3a, [0x46, 0x46]}, 0x45) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r6, 0x0, 0x2e, &(0x7f0000000340)={0x23, {{0x2, 0x0, @loopback}}, {{0x2, 0x0, @loopback}}}, 0x108) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000004000000b703000008000040850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='sys_enter\x00', r8}, 0x10) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000080)) r9 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_mreqn(r9, 0x0, 0x0, &(0x7f0000000300)={@multicast1, @rand_addr, 0x0}, &(0x7f0000000340)=0xc) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r3, r10, 0x25, 0x0, @void}, 0x10) 0s ago: executing program 1 (id=934): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x3fffffffe}, 0x18) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000600)='./file0\x00', 0x2000000, &(0x7f0000000700)=ANY=[@ANYRES8=0x0, @ANYRESOCT=0x0, @ANYRESOCT, @ANYRESHEX=0x0, @ANYBLOB="308af218c507fba195043000030fac571f882167129e3ce9ffb2d4b5e03563b8b8032777302a9b251d128f8ecf8d76d5490ef766de9b3e0ea02211fb", @ANYRES64=0x0, @ANYRES32], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=") r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12) write(r3, &(0x7f0000004200)='t', 0x1) sendfile(r3, r2, 0x0, 0x3ffff) sendfile(r3, r2, 0x0, 0x7ffff000) sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)="cc", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f0000000300)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a02001fc3fb089ed9e5234", 0x25}], 0x2}}], 0x2, 0x4048884) kernel console output (not intermixed with test programs): 531][ T3628] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.53: lblock 3 mapped to illegal pblock 3 (length 1) [ 40.539164][ T3635] loop1: detected capacity change from 0 to 512 [ 40.568400][ T3635] journal_path: Non-blockdev passed as './bus' [ 40.574701][ T3635] EXT4-fs: error: could not find journal device path [ 40.644202][ T3619] team0 (unregistering): Port device team_slave_0 removed [ 40.708004][ T3608] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.53: lblock 3 mapped to illegal pblock 3 (length 1) [ 40.771626][ T3608] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.53: lblock 3 mapped to illegal pblock 3 (length 1) [ 40.801364][ T3608] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.53: lblock 3 mapped to illegal pblock 3 (length 1) [ 40.820595][ T3619] team0 (unregistering): Port device team_slave_1 removed [ 40.826300][ T3608] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.53: lblock 3 mapped to illegal pblock 3 (length 1) [ 40.967558][ T3648] loop1: detected capacity change from 0 to 512 [ 40.974436][ T3648] EXT4-fs: Ignoring removed nobh option [ 41.017416][ T3648] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 41.029077][ T3648] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 41.039361][ T3648] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.61: Corrupt directory, running e2fsck is recommended [ 41.117749][ T3648] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 41.143615][ T3648] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.61: corrupted in-inode xattr: invalid ea_ino [ 41.163101][ T3656] loop3: detected capacity change from 0 to 128 [ 41.170877][ T3648] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.61: couldn't read orphan inode 15 (err -117) [ 41.194900][ T3656] bio_check_eod: 28 callbacks suppressed [ 41.194918][ T3656] syz.3.66: attempt to access beyond end of device [ 41.194918][ T3656] loop3: rw=2049, sector=140, nr_sectors = 8 limit=128 [ 41.225099][ T3656] syz.3.66: attempt to access beyond end of device [ 41.225099][ T3656] loop3: rw=2049, sector=156, nr_sectors = 1 limit=128 [ 41.239103][ T3656] buffer_io_error: 26 callbacks suppressed [ 41.239120][ T3656] Buffer I/O error on dev loop3, logical block 156, lost async page write [ 41.254077][ T3656] syz.3.66: attempt to access beyond end of device [ 41.254077][ T3656] loop3: rw=2049, sector=157, nr_sectors = 1 limit=128 [ 41.267942][ T3656] Buffer I/O error on dev loop3, logical block 157, lost async page write [ 41.277298][ T3648] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.291222][ T3646] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 41.294082][ T3656] syz.3.66: attempt to access beyond end of device [ 41.294082][ T3656] loop3: rw=2049, sector=158, nr_sectors = 1 limit=128 [ 41.302839][ T3646] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 41.302865][ T3646] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.61: Corrupt directory, running e2fsck is recommended [ 41.316122][ T3656] Buffer I/O error on dev loop3, logical block 158, lost async page write [ 41.316212][ T3656] syz.3.66: attempt to access beyond end of device [ 41.316212][ T3656] loop3: rw=2049, sector=159, nr_sectors = 1 limit=128 [ 41.361240][ T3656] Buffer I/O error on dev loop3, logical block 159, lost async page write [ 41.369922][ T3656] syz.3.66: attempt to access beyond end of device [ 41.369922][ T3656] loop3: rw=2049, sector=160, nr_sectors = 1 limit=128 [ 41.383275][ T3656] Buffer I/O error on dev loop3, logical block 160, lost async page write [ 41.398692][ T3656] syz.3.66: attempt to access beyond end of device [ 41.398692][ T3656] loop3: rw=2049, sector=161, nr_sectors = 1 limit=128 [ 41.412294][ T3656] Buffer I/O error on dev loop3, logical block 161, lost async page write [ 41.422526][ T3656] syz.3.66: attempt to access beyond end of device [ 41.422526][ T3656] loop3: rw=2049, sector=134, nr_sectors = 1 limit=128 [ 41.435915][ T3656] Buffer I/O error on dev loop3, logical block 134, lost async page write [ 41.445769][ T3656] syz.3.66: attempt to access beyond end of device [ 41.445769][ T3656] loop3: rw=2049, sector=135, nr_sectors = 1 limit=128 [ 41.459201][ T3656] Buffer I/O error on dev loop3, logical block 135, lost async page write [ 41.511539][ T3656] syz.3.66: attempt to access beyond end of device [ 41.511539][ T3656] loop3: rw=2049, sector=136, nr_sectors = 1 limit=128 [ 41.525018][ T3656] Buffer I/O error on dev loop3, logical block 136, lost async page write [ 41.535108][ T3656] Buffer I/O error on dev loop3, logical block 137, lost async page write [ 41.596968][ T3646] netlink: 52 bytes leftover after parsing attributes in process `syz.1.61'. [ 41.657465][ T2941] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 20 with max blocks 4 with error 28 [ 41.669976][ T2941] EXT4-fs (loop4): This should not happen!! Data will be lost [ 41.669976][ T2941] [ 41.679936][ T2941] EXT4-fs (loop4): Total free blocks count 0 [ 41.686012][ T2941] EXT4-fs (loop4): Free/Dirty block details [ 41.692305][ T2941] EXT4-fs (loop4): free_blocks=4293918720 [ 41.698286][ T2941] EXT4-fs (loop4): dirty_blocks=32 [ 41.703561][ T2941] EXT4-fs (loop4): Block reservation details [ 41.767630][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.843289][ T3668] loop0: detected capacity change from 0 to 512 [ 41.857629][ T3668] journal_path: Non-blockdev passed as './bus' [ 41.863936][ T3668] EXT4-fs: error: could not find journal device path [ 41.963184][ T3681] netlink: 8 bytes leftover after parsing attributes in process `syz.1.76'. [ 42.010279][ T3686] loop0: detected capacity change from 0 to 128 [ 42.073726][ T3691] loop4: detected capacity change from 0 to 512 [ 42.080723][ T3691] EXT4-fs: Ignoring removed nobh option [ 42.132492][ T3693] loop0: detected capacity change from 0 to 1024 [ 42.162551][ T3691] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 42.174324][ T3691] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it [ 42.184514][ T3691] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.81: Corrupt directory, running e2fsck is recommended [ 42.215589][ T3701] xt_hashlimit: max too large, truncated to 1048576 [ 42.232367][ T3701] loop3: detected capacity change from 0 to 1024 [ 42.244090][ T3691] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 42.253431][ T3691] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.81: corrupted in-inode xattr: invalid ea_ino [ 42.268207][ T3691] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.81: couldn't read orphan inode 15 (err -117) [ 42.280912][ T3691] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.296413][ T3688] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 42.308271][ T3688] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it [ 42.318440][ T3688] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.81: Corrupt directory, running e2fsck is recommended [ 42.335148][ T3688] netlink: 52 bytes leftover after parsing attributes in process `syz.4.81'. [ 42.361415][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.373774][ T3693] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.432014][ T3303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.445224][ T3701] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.466984][ T3710] loop1: detected capacity change from 0 to 512 [ 42.473581][ T3701] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.484753][ T3710] journal_path: Non-blockdev passed as './bus' [ 42.491201][ T3710] EXT4-fs: error: could not find journal device path [ 42.511247][ T3699] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 3: comm syz.3.80: lblock 3 mapped to illegal pblock 3 (length 13) [ 42.547157][ T3699] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 42.559765][ T3699] EXT4-fs (loop3): This should not happen!! Data will be lost [ 42.559765][ T3699] [ 42.585573][ T3721] loop1: detected capacity change from 0 to 128 [ 42.593178][ T3701] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.80: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.611239][ T3701] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.80: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.634947][ T3701] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.80: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.661793][ T3726] netlink: 8 bytes leftover after parsing attributes in process `syz.4.95'. [ 42.681821][ T3701] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.80: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.698114][ T3684] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.80: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.731668][ T3684] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.80: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.756603][ T3701] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.80: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.774880][ T3701] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.80: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.794188][ T3701] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.80: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.821944][ T3736] loop1: detected capacity change from 0 to 512 [ 42.830374][ T3736] EXT4-fs: Ignoring removed nobh option [ 42.848176][ T3736] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 42.859774][ T3736] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 42.869936][ T3736] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.98: Corrupt directory, running e2fsck is recommended [ 42.883858][ T3736] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 42.930062][ T3736] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.98: corrupted in-inode xattr: invalid ea_ino [ 42.945394][ T3736] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.98: couldn't read orphan inode 15 (err -117) [ 42.982960][ T3736] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.022820][ T3743] loop4: detected capacity change from 0 to 1024 [ 43.026535][ T3736] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 43.038366][ T3743] EXT4-fs: Ignoring removed nobh option [ 43.041808][ T3736] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 43.047451][ T3743] EXT4-fs: Ignoring removed bh option [ 43.058107][ T3736] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.98: Corrupt directory, running e2fsck is recommended [ 43.099321][ T3743] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.113876][ T3736] netlink: 52 bytes leftover after parsing attributes in process `syz.1.98'. [ 43.168192][ T3742] netlink: 4 bytes leftover after parsing attributes in process `syz.2.110'. [ 43.181129][ T2941] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 20 with max blocks 4 with error 28 [ 43.193558][ T2941] EXT4-fs (loop3): This should not happen!! Data will be lost [ 43.193558][ T2941] [ 43.203388][ T2941] EXT4-fs (loop3): Total free blocks count 0 [ 43.209715][ T2941] EXT4-fs (loop3): Free/Dirty block details [ 43.215696][ T2941] EXT4-fs (loop3): free_blocks=4293918720 [ 43.221547][ T2941] EXT4-fs (loop3): dirty_blocks=32 [ 43.226915][ T2941] EXT4-fs (loop3): Block reservation details [ 43.364674][ T3739] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.100: Allocating blocks 497-513 which overlap fs metadata [ 43.455572][ T3755] loop3: detected capacity change from 0 to 512 [ 43.472137][ T3739] EXT4-fs (loop4): pa ffff888106eca070: logic 464, phys. 385, len 8 [ 43.480570][ T3739] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 43.491168][ T3755] journal_path: Non-blockdev passed as './bus' [ 43.497506][ T3755] EXT4-fs: error: could not find journal device path [ 43.559830][ T3762] loop3: detected capacity change from 0 to 128 [ 43.573936][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.601603][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.618603][ T3765] netlink: 8 bytes leftover after parsing attributes in process `syz.0.108'. [ 43.813854][ T3791] loop4: detected capacity change from 0 to 764 [ 43.860626][ T3794] loop1: detected capacity change from 0 to 128 [ 43.961650][ T3803] loop3: detected capacity change from 0 to 512 [ 43.987387][ T3803] EXT4-fs: Ignoring removed nobh option [ 43.999768][ T3803] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 44.012085][ T3803] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 44.023145][ T3803] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.123: Corrupt directory, running e2fsck is recommended [ 44.039357][ T3803] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 44.048012][ T3803] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.123: corrupted in-inode xattr: invalid ea_ino [ 44.081287][ T3803] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.123: couldn't read orphan inode 15 (err -117) [ 44.096671][ T3803] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.124483][ T3803] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 44.137138][ T3803] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 44.147281][ T3803] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.123: Corrupt directory, running e2fsck is recommended [ 44.197429][ T3822] loop1: detected capacity change from 0 to 764 [ 44.234731][ T3828] loop1: detected capacity change from 0 to 128 [ 44.361485][ T3850] loop1: detected capacity change from 0 to 764 [ 44.397273][ T3856] loop4: detected capacity change from 0 to 128 [ 44.520207][ T3876] loop1: detected capacity change from 0 to 764 [ 44.767706][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.205461][ T29] kauditd_printk_skb: 150 callbacks suppressed [ 45.205526][ T29] audit: type=1326 audit(1750768017.247:1623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 45.235992][ T29] audit: type=1326 audit(1750768017.247:1624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 45.259860][ T29] audit: type=1326 audit(1750768017.247:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 45.283786][ T29] audit: type=1326 audit(1750768017.247:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 45.308630][ T29] audit: type=1326 audit(1750768017.247:1627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 45.332239][ T29] audit: type=1326 audit(1750768017.247:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 45.356317][ T29] audit: type=1326 audit(1750768017.247:1629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 45.381641][ T29] audit: type=1326 audit(1750768017.247:1630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 45.405834][ T29] audit: type=1326 audit(1750768017.247:1631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3e710858e7 code=0x7ffc0000 [ 45.430000][ T29] audit: type=1326 audit(1750768017.247:1632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3e7102ab19 code=0x7ffc0000 [ 45.506376][ T3936] netlink: 4 bytes leftover after parsing attributes in process `syz.4.182'. [ 45.988375][ T3936] team0 (unregistering): Port device team_slave_0 removed [ 46.025239][ T3943] loop3: detected capacity change from 0 to 764 [ 46.035273][ T3936] team0 (unregistering): Port device team_slave_1 removed [ 46.060140][ T3947] loop1: detected capacity change from 0 to 128 [ 46.148370][ T3958] loop1: detected capacity change from 0 to 512 [ 46.158481][ T3958] journal_path: Non-blockdev passed as './bus' [ 46.164983][ T3958] EXT4-fs: error: could not find journal device path [ 46.218570][ T3970] netlink: 8 bytes leftover after parsing attributes in process `syz.1.201'. [ 46.227581][ T3970] netlink: 8 bytes leftover after parsing attributes in process `syz.1.201'. [ 46.333886][ T3970] loop1: detected capacity change from 0 to 512 [ 46.358627][ T3970] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 46.388826][ T3970] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.413928][ T3970] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.048344][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.060407][ T4076] loop4: detected capacity change from 0 to 764 [ 47.187623][ T4085] __nla_validate_parse: 1 callbacks suppressed [ 47.187734][ T4085] netlink: 4 bytes leftover after parsing attributes in process `syz.1.241'. [ 47.341290][ T4103] loop3: detected capacity change from 0 to 512 [ 47.344189][ T4085] team0 (unregistering): Port device team_slave_0 removed [ 47.363183][ T4103] journal_path: Non-blockdev passed as './bus' [ 47.369555][ T4103] EXT4-fs: error: could not find journal device path [ 47.377569][ T4106] loop4: detected capacity change from 0 to 764 [ 47.396591][ T4085] team0 (unregistering): Port device team_slave_1 removed [ 48.675442][ T4140] netlink: 8 bytes leftover after parsing attributes in process `syz.0.269'. [ 48.722907][ T4144] loop4: detected capacity change from 0 to 764 [ 48.751332][ T4149] loop3: detected capacity change from 0 to 512 [ 48.768776][ T4149] EXT4-fs: Ignoring removed nobh option [ 48.786608][ T4149] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 48.798195][ T4149] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 48.808511][ T4149] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.267: Corrupt directory, running e2fsck is recommended [ 48.823807][ T4149] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 48.846333][ T4149] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.267: corrupted in-inode xattr: invalid ea_ino [ 48.864724][ T4149] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.267: couldn't read orphan inode 15 (err -117) [ 48.880295][ T4149] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.904556][ T4149] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 48.916435][ T4149] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 48.926755][ T4149] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.267: Corrupt directory, running e2fsck is recommended [ 48.985030][ T4176] netlink: 8 bytes leftover after parsing attributes in process `syz.4.284'. [ 49.033047][ T4180] loop4: detected capacity change from 0 to 764 [ 49.352740][ T4199] netlink: 4 bytes leftover after parsing attributes in process `syz.4.292'. [ 49.562018][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.837806][ T4217] netlink: 8 bytes leftover after parsing attributes in process `syz.3.297'. [ 50.092866][ T4239] netlink: 48 bytes leftover after parsing attributes in process `syz.1.310'. [ 50.104565][ T4241] loop3: detected capacity change from 0 to 128 [ 50.118263][ T4239] netlink: 16 bytes leftover after parsing attributes in process `syz.1.310'. [ 50.139737][ T4241] bio_check_eod: 127 callbacks suppressed [ 50.139758][ T4241] syz.3.311: attempt to access beyond end of device [ 50.139758][ T4241] loop3: rw=2049, sector=140, nr_sectors = 8 limit=128 [ 50.172674][ T4243] loop1: detected capacity change from 0 to 512 [ 50.172915][ T4241] syz.3.311: attempt to access beyond end of device [ 50.172915][ T4241] loop3: rw=2049, sector=156, nr_sectors = 1 limit=128 [ 50.192499][ T4241] buffer_io_error: 116 callbacks suppressed [ 50.192541][ T4241] Buffer I/O error on dev loop3, logical block 156, lost async page write [ 50.207921][ T4243] journal_path: Non-blockdev passed as './bus' [ 50.214193][ T4243] EXT4-fs: error: could not find journal device path [ 50.225117][ T4241] syz.3.311: attempt to access beyond end of device [ 50.225117][ T4241] loop3: rw=2049, sector=157, nr_sectors = 1 limit=128 [ 50.238627][ T4241] Buffer I/O error on dev loop3, logical block 157, lost async page write [ 50.247652][ T29] kauditd_printk_skb: 751 callbacks suppressed [ 50.247668][ T29] audit: type=1326 audit(1750768022.297:2384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4240 comm="syz.3.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4c9d7e929 code=0x7ffc0000 [ 50.277588][ T29] audit: type=1326 audit(1750768022.297:2385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4240 comm="syz.3.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4c9d7e929 code=0x7ffc0000 [ 50.301104][ T29] audit: type=1400 audit(1750768022.317:2386): avc: denied { read } for pid=4242 comm="syz.1.312" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 50.324655][ T29] audit: type=1400 audit(1750768022.317:2387): avc: denied { open } for pid=4242 comm="syz.1.312" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 50.348873][ T4241] syz.3.311: attempt to access beyond end of device [ 50.348873][ T4241] loop3: rw=2049, sector=158, nr_sectors = 1 limit=128 [ 50.362446][ T4241] Buffer I/O error on dev loop3, logical block 158, lost async page write [ 50.380995][ T4241] syz.3.311: attempt to access beyond end of device [ 50.380995][ T4241] loop3: rw=2049, sector=159, nr_sectors = 1 limit=128 [ 50.394405][ T4241] Buffer I/O error on dev loop3, logical block 159, lost async page write [ 50.403085][ T4241] syz.3.311: attempt to access beyond end of device [ 50.403085][ T4241] loop3: rw=2049, sector=160, nr_sectors = 1 limit=128 [ 50.410792][ T29] audit: type=1326 audit(1750768022.397:2388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4242 comm="syz.1.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9dbde929 code=0x7ffc0000 [ 50.416431][ T4241] Buffer I/O error on dev loop3, logical block 160, lost async page write [ 50.440322][ T29] audit: type=1326 audit(1750768022.397:2389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4242 comm="syz.1.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9dbde929 code=0x7ffc0000 [ 50.453673][ T4248] netlink: 8 bytes leftover after parsing attributes in process `syz.1.313'. [ 50.472852][ T29] audit: type=1326 audit(1750768022.397:2390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4242 comm="syz.1.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f6e9dbde929 code=0x7ffc0000 [ 50.494847][ T4241] syz.3.311: attempt to access beyond end of device [ 50.494847][ T4241] loop3: rw=2049, sector=161, nr_sectors = 1 limit=128 [ 50.504774][ T29] audit: type=1326 audit(1750768022.397:2391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4242 comm="syz.1.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9dbde929 code=0x7ffc0000 [ 50.518144][ T4241] Buffer I/O error on dev loop3, logical block 161, lost async page write [ 50.541473][ T29] audit: type=1326 audit(1750768022.397:2392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4242 comm="syz.1.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9dbde929 code=0x7ffc0000 [ 50.573776][ T29] audit: type=1326 audit(1750768022.397:2393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4242 comm="syz.1.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e9dbde929 code=0x7ffc0000 [ 50.595199][ T4241] syz.3.311: attempt to access beyond end of device [ 50.595199][ T4241] loop3: rw=2049, sector=134, nr_sectors = 1 limit=128 [ 50.610545][ T4241] Buffer I/O error on dev loop3, logical block 134, lost async page write [ 50.620975][ T4241] syz.3.311: attempt to access beyond end of device [ 50.620975][ T4241] loop3: rw=2049, sector=135, nr_sectors = 1 limit=128 [ 50.634617][ T4241] Buffer I/O error on dev loop3, logical block 135, lost async page write [ 50.644880][ T4250] xt_hashlimit: max too large, truncated to 1048576 [ 50.645708][ T4241] syz.3.311: attempt to access beyond end of device [ 50.645708][ T4241] loop3: rw=2049, sector=136, nr_sectors = 1 limit=128 [ 50.665028][ T4241] Buffer I/O error on dev loop3, logical block 136, lost async page write [ 50.673790][ T4241] Buffer I/O error on dev loop3, logical block 137, lost async page write [ 50.682556][ T4250] loop1: detected capacity change from 0 to 1024 [ 50.711129][ T4250] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.724024][ T4250] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.756248][ T4250] EXT4-fs error (device loop1): ext4_map_blocks:816: inode #15: block 3: comm syz.1.314: lblock 3 mapped to illegal pblock 3 (length 13) [ 50.786378][ T4250] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 50.798926][ T4250] EXT4-fs (loop1): This should not happen!! Data will be lost [ 50.798926][ T4250] [ 50.839676][ T4261] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 50.899404][ T4249] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 51.006018][ T4249] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 51.042800][ T4249] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 51.076985][ T4261] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 51.118046][ T4275] netlink: 8 bytes leftover after parsing attributes in process `syz.3.324'. [ 51.135034][ T4249] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 51.189726][ T4249] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 51.222968][ T4261] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 51.248689][ T4249] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 52.149890][ T12] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 20 with max blocks 4 with error 28 [ 52.162347][ T12] EXT4-fs (loop1): This should not happen!! Data will be lost [ 52.162347][ T12] [ 52.172059][ T12] EXT4-fs (loop1): Total free blocks count 0 [ 52.178091][ T12] EXT4-fs (loop1): Free/Dirty block details [ 52.184041][ T12] EXT4-fs (loop1): free_blocks=4293918720 [ 52.189831][ T12] EXT4-fs (loop1): dirty_blocks=32 [ 52.195093][ T12] EXT4-fs (loop1): Block reservation details [ 52.268131][ T4312] FAULT_INJECTION: forcing a failure. [ 52.268131][ T4312] name failslab, interval 1, probability 0, space 0, times 1 [ 52.281000][ T4312] CPU: 1 UID: 0 PID: 4312 Comm: syz.4.340 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) [ 52.281110][ T4312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 52.281126][ T4312] Call Trace: [ 52.281133][ T4312] [ 52.281141][ T4312] __dump_stack+0x1d/0x30 [ 52.281173][ T4312] dump_stack_lvl+0xe8/0x140 [ 52.281245][ T4312] dump_stack+0x15/0x1b [ 52.281266][ T4312] should_fail_ex+0x265/0x280 [ 52.281374][ T4312] should_failslab+0x8c/0xb0 [ 52.281478][ T4312] kmem_cache_alloc_node_noprof+0x57/0x320 [ 52.281515][ T4312] ? __alloc_skb+0x101/0x320 [ 52.281618][ T4312] __alloc_skb+0x101/0x320 [ 52.281654][ T4312] ? audit_log_start+0x365/0x6c0 [ 52.281694][ T4312] audit_log_start+0x380/0x6c0 [ 52.281745][ T4312] audit_seccomp+0x48/0x100 [ 52.281780][ T4312] ? __seccomp_filter+0x68c/0x10d0 [ 52.281839][ T4312] __seccomp_filter+0x69d/0x10d0 [ 52.281878][ T4312] ? update_load_avg+0x1da/0x820 [ 52.281913][ T4312] ? __list_add_valid_or_report+0x38/0xe0 [ 52.281942][ T4312] ? _raw_spin_unlock+0x26/0x50 [ 52.281995][ T4312] __secure_computing+0x82/0x150 [ 52.282035][ T4312] syscall_trace_enter+0xcf/0x1e0 [ 52.282066][ T4312] do_syscall_64+0xac/0x200 [ 52.282088][ T4312] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 52.282119][ T4312] ? clear_bhb_loop+0x40/0x90 [ 52.282146][ T4312] ? clear_bhb_loop+0x40/0x90 [ 52.282188][ T4312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.282237][ T4312] RIP: 0033:0x7f03573dd33c [ 52.282339][ T4312] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 52.282362][ T4312] RSP: 002b:00007f0355a47030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 52.282386][ T4312] RAX: ffffffffffffffda RBX: 00007f0357605fa0 RCX: 00007f03573dd33c [ 52.282403][ T4312] RDX: 000000000000000f RSI: 00007f0355a470a0 RDI: 0000000000000006 [ 52.282457][ T4312] RBP: 00007f0355a47090 R08: 0000000000000000 R09: 0000000000000000 [ 52.282469][ T4312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 52.282480][ T4312] R13: 0000000000000000 R14: 00007f0357605fa0 R15: 00007ffc8c814df8 [ 52.282530][ T4312] [ 52.585571][ T4328] loop4: detected capacity change from 0 to 512 [ 52.608450][ T4328] journal_path: Non-blockdev passed as './bus' [ 52.614981][ T4328] EXT4-fs: error: could not find journal device path [ 52.703291][ T4344] loop1: detected capacity change from 0 to 128 [ 52.707270][ T4339] netlink: 4 bytes leftover after parsing attributes in process `syz.0.349'. [ 52.857178][ T4357] loop1: detected capacity change from 0 to 512 [ 52.864913][ T4357] EXT4-fs: Ignoring removed nobh option [ 52.925626][ T4357] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 52.937304][ T4357] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 52.947445][ T4357] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.357: Corrupt directory, running e2fsck is recommended [ 52.965962][ T4357] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 52.979287][ T4357] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.357: corrupted in-inode xattr: invalid ea_ino [ 52.995986][ T4357] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.357: couldn't read orphan inode 15 (err -117) [ 53.039956][ T4365] loop4: detected capacity change from 0 to 128 [ 53.064116][ T4339] team0 (unregistering): Port device team_slave_0 removed [ 53.081694][ T4357] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.145092][ T4357] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 53.157038][ T4357] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 53.167264][ T4357] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.357: Corrupt directory, running e2fsck is recommended [ 53.259695][ T4339] team0 (unregistering): Port device team_slave_1 removed [ 53.418848][ T4380] netlink: 8 bytes leftover after parsing attributes in process `syz.4.369'. [ 53.809450][ T4393] FAULT_INJECTION: forcing a failure. [ 53.809450][ T4393] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 53.822753][ T4393] CPU: 0 UID: 0 PID: 4393 Comm: syz.4.376 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) [ 53.822853][ T4393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 53.822867][ T4393] Call Trace: [ 53.822874][ T4393] [ 53.822882][ T4393] __dump_stack+0x1d/0x30 [ 53.822903][ T4393] dump_stack_lvl+0xe8/0x140 [ 53.822925][ T4393] dump_stack+0x15/0x1b [ 53.822947][ T4393] should_fail_ex+0x265/0x280 [ 53.823042][ T4393] should_fail+0xb/0x20 [ 53.823070][ T4393] should_fail_usercopy+0x1a/0x20 [ 53.823166][ T4393] _copy_from_user+0x1c/0xb0 [ 53.823193][ T4393] ___sys_sendmsg+0xc1/0x1d0 [ 53.823317][ T4393] __x64_sys_sendmsg+0xd4/0x160 [ 53.823356][ T4393] x64_sys_call+0x2999/0x2fb0 [ 53.823384][ T4393] do_syscall_64+0xd2/0x200 [ 53.823408][ T4393] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 53.823495][ T4393] ? clear_bhb_loop+0x40/0x90 [ 53.823516][ T4393] ? clear_bhb_loop+0x40/0x90 [ 53.823540][ T4393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.823568][ T4393] RIP: 0033:0x7f03573de929 [ 53.823588][ T4393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.823611][ T4393] RSP: 002b:00007f0355a47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.823636][ T4393] RAX: ffffffffffffffda RBX: 00007f0357605fa0 RCX: 00007f03573de929 [ 53.823651][ T4393] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 53.823667][ T4393] RBP: 00007f0355a47090 R08: 0000000000000000 R09: 0000000000000000 [ 53.823682][ T4393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 53.823705][ T4393] R13: 0000000000000000 R14: 00007f0357605fa0 R15: 00007ffc8c814df8 [ 53.823729][ T4393] [ 54.102187][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.108458][ T4398] netlink: 184 bytes leftover after parsing attributes in process `syz.4.378'. [ 54.239976][ T4407] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4407 comm=syz.4.378 [ 54.283042][ T4412] netlink: 8 bytes leftover after parsing attributes in process `syz.2.382'. [ 54.586730][ T4428] loop4: detected capacity change from 0 to 128 [ 55.204257][ T4428] bio_check_eod: 47 callbacks suppressed [ 55.204316][ T4428] syz.4.388: attempt to access beyond end of device [ 55.204316][ T4428] loop4: rw=2049, sector=140, nr_sectors = 8 limit=128 [ 55.260321][ T4428] syz.4.388: attempt to access beyond end of device [ 55.260321][ T4428] loop4: rw=2049, sector=156, nr_sectors = 1 limit=128 [ 55.273874][ T4428] buffer_io_error: 44 callbacks suppressed [ 55.273889][ T4428] Buffer I/O error on dev loop4, logical block 156, lost async page write [ 55.274431][ T4434] loop3: detected capacity change from 0 to 128 [ 55.289243][ T4428] syz.4.388: attempt to access beyond end of device [ 55.289243][ T4428] loop4: rw=2049, sector=157, nr_sectors = 1 limit=128 [ 55.289269][ T4428] Buffer I/O error on dev loop4, logical block 157, lost async page write [ 55.289287][ T4428] syz.4.388: attempt to access beyond end of device [ 55.289287][ T4428] loop4: rw=2049, sector=158, nr_sectors = 1 limit=128 [ 55.331219][ T4428] Buffer I/O error on dev loop4, logical block 158, lost async page write [ 55.360789][ T29] kauditd_printk_skb: 543 callbacks suppressed [ 55.360809][ T29] audit: type=1400 audit(1750768027.417:2935): avc: denied { create } for pid=4433 comm="syz.2.390" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 55.387926][ T29] audit: type=1400 audit(1750768027.417:2936): avc: denied { setattr } for pid=4433 comm="syz.2.390" name="file0" dev="tmpfs" ino=364 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 55.392581][ T4428] syz.4.388: attempt to access beyond end of device [ 55.392581][ T4428] loop4: rw=2049, sector=159, nr_sectors = 1 limit=128 [ 55.423910][ T4428] Buffer I/O error on dev loop4, logical block 159, lost async page write [ 55.428731][ T4434] syz.3.389: attempt to access beyond end of device [ 55.428731][ T4434] loop3: rw=2049, sector=140, nr_sectors = 8 limit=128 [ 55.454738][ T4434] syz.3.389: attempt to access beyond end of device [ 55.454738][ T4434] loop3: rw=2049, sector=156, nr_sectors = 1 limit=128 [ 55.462322][ T4428] syz.4.388: attempt to access beyond end of device [ 55.462322][ T4428] loop4: rw=2049, sector=160, nr_sectors = 1 limit=128 [ 55.468121][ T4434] Buffer I/O error on dev loop3, logical block 156, lost async page write [ 55.470719][ T4434] syz.3.389: attempt to access beyond end of device [ 55.470719][ T4434] loop3: rw=2049, sector=157, nr_sectors = 1 limit=128 [ 55.481507][ T4428] Buffer I/O error on dev loop4, logical block 160, lost async page write [ 55.490515][ T29] audit: type=1326 audit(1750768027.467:2937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4427 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03573de929 code=0x7ffc0000 [ 55.503772][ T4434] Buffer I/O error on dev loop3, logical block 157, lost async page write [ 55.512318][ T29] audit: type=1326 audit(1750768027.467:2938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4427 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03573de929 code=0x7ffc0000 [ 55.535962][ T4428] syz.4.388: attempt to access beyond end of device [ 55.535962][ T4428] loop4: rw=2049, sector=161, nr_sectors = 1 limit=128 [ 55.544572][ T29] audit: type=1400 audit(1750768027.547:2939): avc: denied { unmount } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 55.544597][ T29] audit: type=1400 audit(1750768027.557:2940): avc: denied { unlink } for pid=3308 comm="syz-executor" name="file0" dev="tmpfs" ino=364 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 55.567967][ T4428] Buffer I/O error on dev loop4, logical block 161, lost async page write [ 55.634237][ T4434] Buffer I/O error on dev loop3, logical block 158, lost async page write [ 55.638532][ T4428] Buffer I/O error on dev loop4, logical block 134, lost async page write [ 55.654424][ T29] audit: type=1400 audit(1750768027.697:2941): avc: denied { unmount } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 55.674799][ T29] audit: type=1400 audit(1750768027.717:2942): avc: denied { create } for pid=4440 comm="syz.1.393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 55.706031][ T4443] loop1: detected capacity change from 0 to 2048 [ 55.725615][ T29] audit: type=1400 audit(1750768027.777:2943): avc: denied { create } for pid=4441 comm="syz.2.394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 55.745945][ T29] audit: type=1400 audit(1750768027.777:2944): avc: denied { setopt } for pid=4441 comm="syz.2.394" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 55.756412][ T4449] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 55.822588][ T4454] netlink: 8 bytes leftover after parsing attributes in process `syz.2.396'. [ 55.842125][ T4443] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.016447][ T4464] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 56.031250][ T4464] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 56.043602][ T4464] EXT4-fs (loop1): This should not happen!! Data will be lost [ 56.043602][ T4464] [ 56.053458][ T4464] EXT4-fs (loop1): Total free blocks count 0 [ 56.059690][ T4464] EXT4-fs (loop1): Free/Dirty block details [ 56.066190][ T4464] EXT4-fs (loop1): free_blocks=2415919504 [ 56.072052][ T4464] EXT4-fs (loop1): dirty_blocks=16 [ 56.077230][ T4464] EXT4-fs (loop1): Block reservation details [ 56.083617][ T4464] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 56.150455][ T4470] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 3 with error 28 [ 56.376111][ T4474] netlink: 268 bytes leftover after parsing attributes in process `syz.1.393'. [ 56.385263][ T4474] unsupported nla_type 65024 [ 57.038559][ T4464] syz.1.393 (4464) used greatest stack depth: 9880 bytes left [ 57.090112][ T4489] netlink: 8 bytes leftover after parsing attributes in process `syz.0.410'. [ 57.146311][ T4494] loop3: detected capacity change from 0 to 128 [ 57.320657][ T4519] loop1: detected capacity change from 0 to 512 [ 57.327315][ T4519] EXT4-fs: dax option not supported [ 57.370402][ T4523] netlink: 8 bytes leftover after parsing attributes in process `syz.4.421'. [ 57.512873][ T4524] netlink: 'syz.2.424': attribute type 10 has an invalid length. [ 57.540405][ T4524] veth0_macvtap: left promiscuous mode [ 57.939979][ T4546] netlink: 12 bytes leftover after parsing attributes in process `syz.4.433'. [ 58.092492][ T4558] loop1: detected capacity change from 0 to 512 [ 58.094298][ T4560] loop4: detected capacity change from 0 to 764 [ 58.120626][ T4558] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.144308][ T4558] ext4 filesystem being mounted at /91/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 58.209931][ T4566] mmap: syz.0.440 (4566) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 58.212757][ T4568] FAULT_INJECTION: forcing a failure. [ 58.212757][ T4568] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 58.235320][ T4568] CPU: 0 UID: 0 PID: 4568 Comm: syz.3.443 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) [ 58.235355][ T4568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 58.235430][ T4568] Call Trace: [ 58.235437][ T4568] [ 58.235446][ T4568] __dump_stack+0x1d/0x30 [ 58.235506][ T4568] dump_stack_lvl+0xe8/0x140 [ 58.235531][ T4568] dump_stack+0x15/0x1b [ 58.235619][ T4568] should_fail_ex+0x265/0x280 [ 58.235654][ T4568] should_fail_alloc_page+0xf2/0x100 [ 58.235748][ T4568] __alloc_frozen_pages_noprof+0xff/0x360 [ 58.235792][ T4568] alloc_pages_mpol+0xb3/0x250 [ 58.235873][ T4568] vma_alloc_folio_noprof+0x1aa/0x300 [ 58.235905][ T4568] handle_mm_fault+0xec2/0x2be0 [ 58.235932][ T4568] ? mas_walk+0xf2/0x120 [ 58.236016][ T4568] do_user_addr_fault+0x636/0x1090 [ 58.236059][ T4568] ? fpregs_assert_state_consistent+0xb4/0xe0 [ 58.236196][ T4568] exc_page_fault+0x62/0xa0 [ 58.236243][ T4568] asm_exc_page_fault+0x26/0x30 [ 58.236272][ T4568] RIP: 0033:0x7fa4c9c40d50 [ 58.236291][ T4568] Code: 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 47 0f b6 0c 08 45 84 c9 74 08 <45> 88 0c 00 49 8b 47 10 48 83 c0 01 49 89 47 10 83 e9 01 73 d3 41 [ 58.236309][ T4568] RSP: 002b:00007fa4c83e64a0 EFLAGS: 00010286 [ 58.236349][ T4568] RAX: 0000000000001000 RBX: 00007fa4c83e6540 RCX: 0000000000000001 [ 58.236367][ T4568] RDX: 0000000000000009 RSI: 0000000000000001 RDI: 00007fa4c83e65e0 [ 58.236425][ T4568] RBP: 00000000000000db R08: 00007fa4bffc7000 R09: 00000000000000ff [ 58.236443][ T4568] R10: 0000000000000000 R11: 00007fa4c83e6550 R12: 0000000000000001 [ 58.236484][ T4568] R13: 00007fa4c9e1c200 R14: 0000000000000000 R15: 00007fa4c83e65e0 [ 58.236507][ T4568] [ 58.236525][ T4568] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 58.266330][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.273481][ T4568] loop3: detected capacity change from 0 to 512 [ 58.349720][ T4572] netlink: 8 bytes leftover after parsing attributes in process `syz.4.444'. [ 58.364164][ T4568] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 58.436327][ T4576] loop4: detected capacity change from 0 to 512 [ 58.444543][ T4568] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 58.477395][ T4568] EXT4-fs error (device loop3): xattr_find_entry:333: inode #15: comm syz.3.443: corrupted xattr entries [ 58.489255][ T4576] journal_path: Non-blockdev passed as './bus' [ 58.495625][ T4576] EXT4-fs: error: could not find journal device path [ 58.503545][ T4568] EXT4-fs (loop3): Remounting filesystem read-only [ 58.510280][ T4568] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 58.556745][ T4586] netlink: 12 bytes leftover after parsing attributes in process `syz.1.449'. [ 58.569450][ T4568] EXT4-fs (loop3): 1 truncate cleaned up [ 58.576204][ T4568] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.601701][ T4588] loop4: detected capacity change from 0 to 128 [ 58.623227][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.811077][ T4599] loop3: detected capacity change from 0 to 764 [ 58.821382][ T4603] netlink: 8 bytes leftover after parsing attributes in process `syz.4.456'. [ 58.917606][ T4612] loop4: detected capacity change from 0 to 512 [ 58.929163][ T4612] journal_path: Non-blockdev passed as './bus' [ 58.935509][ T4612] EXT4-fs: error: could not find journal device path [ 59.065916][ T4632] netlink: 12 bytes leftover after parsing attributes in process `syz.4.468'. [ 59.099037][ T4636] loop4: detected capacity change from 0 to 764 [ 59.182793][ T4640] netlink: 8 bytes leftover after parsing attributes in process `syz.4.471'. [ 60.304314][ T4661] loop1: detected capacity change from 0 to 512 [ 60.359040][ T4661] journal_path: Non-blockdev passed as './bus' [ 60.365992][ T4661] EXT4-fs: error: could not find journal device path [ 60.403463][ T29] kauditd_printk_skb: 283 callbacks suppressed [ 60.403478][ T29] audit: type=1400 audit(1750768032.467:3228): avc: denied { unmount } for pid=3307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 60.453021][ T4673] loop3: detected capacity change from 0 to 764 [ 60.456596][ T4676] netlink: 8 bytes leftover after parsing attributes in process `syz.4.484'. [ 60.461177][ T29] audit: type=1400 audit(1750768032.467:3229): avc: denied { read } for pid=4658 comm="syz.1.478" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 60.468776][ T4674] netlink: 12 bytes leftover after parsing attributes in process `syz.1.483'. [ 60.491777][ T29] audit: type=1400 audit(1750768032.467:3230): avc: denied { open } for pid=4658 comm="syz.1.478" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 60.524869][ T29] audit: type=1400 audit(1750768032.467:3231): avc: denied { ioctl } for pid=4658 comm="syz.1.478" path="/dev/sg0" dev="devtmpfs" ino=135 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 60.550322][ T29] audit: type=1400 audit(1750768032.507:3232): avc: denied { unmount } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 60.578575][ T4678] loop4: detected capacity change from 0 to 128 [ 60.586725][ T29] audit: type=1400 audit(1750768032.647:3233): avc: denied { block_suspend } for pid=4653 comm="syz.0.477" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 60.608371][ T29] audit: type=1400 audit(1750768032.647:3234): avc: denied { mounton } for pid=4653 comm="syz.0.477" path="/85/file0" dev="tmpfs" ino=475 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 60.630984][ T29] audit: type=1400 audit(1750768032.657:3235): avc: denied { mount } for pid=4671 comm="syz.3.482" name="/" dev="loop3" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 60.654121][ T29] audit: type=1326 audit(1750768032.687:3236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4679 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9dbde929 code=0x7ffc0000 [ 60.677984][ T29] audit: type=1326 audit(1750768032.687:3237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4679 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9dbde929 code=0x7ffc0000 [ 60.708086][ T4684] loop1: detected capacity change from 0 to 512 [ 60.716788][ T4678] bio_check_eod: 66 callbacks suppressed [ 60.716806][ T4678] syz.4.485: attempt to access beyond end of device [ 60.716806][ T4678] loop4: rw=2049, sector=132, nr_sectors = 8 limit=128 [ 60.723109][ T4684] EXT4-fs: Ignoring removed nobh option [ 60.736651][ T4678] syz.4.485: attempt to access beyond end of device [ 60.736651][ T4678] loop4: rw=2049, sector=148, nr_sectors = 8 limit=128 [ 60.755452][ T4678] syz.4.485: attempt to access beyond end of device [ 60.755452][ T4678] loop4: rw=2049, sector=142, nr_sectors = 1 limit=128 [ 60.768894][ T4678] buffer_io_error: 62 callbacks suppressed [ 60.768911][ T4678] Buffer I/O error on dev loop4, logical block 142, lost async page write [ 60.785409][ T4678] syz.4.485: attempt to access beyond end of device [ 60.785409][ T4678] loop4: rw=2049, sector=143, nr_sectors = 1 limit=128 [ 60.798854][ T4678] Buffer I/O error on dev loop4, logical block 143, lost async page write [ 60.799030][ T4684] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 60.819221][ T4684] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 60.829650][ T4684] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.487: Corrupt directory, running e2fsck is recommended [ 60.842784][ T4678] syz.4.485: attempt to access beyond end of device [ 60.842784][ T4678] loop4: rw=2049, sector=144, nr_sectors = 1 limit=128 [ 60.845979][ T4684] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 60.856623][ T4678] Buffer I/O error on dev loop4, logical block 144, lost async page write [ 60.868435][ T4684] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.487: corrupted in-inode xattr: invalid ea_ino [ 60.891067][ T4678] syz.4.485: attempt to access beyond end of device [ 60.891067][ T4678] loop4: rw=2049, sector=145, nr_sectors = 1 limit=128 [ 60.904517][ T4678] Buffer I/O error on dev loop4, logical block 145, lost async page write [ 60.904819][ T4684] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.487: couldn't read orphan inode 15 (err -117) [ 60.913317][ T4678] syz.4.485: attempt to access beyond end of device [ 60.913317][ T4678] loop4: rw=2049, sector=146, nr_sectors = 1 limit=128 [ 60.938269][ T4678] Buffer I/O error on dev loop4, logical block 146, lost async page write [ 60.946999][ T4678] syz.4.485: attempt to access beyond end of device [ 60.946999][ T4678] loop4: rw=2049, sector=147, nr_sectors = 1 limit=128 [ 60.960567][ T4678] Buffer I/O error on dev loop4, logical block 147, lost async page write [ 61.017452][ T4684] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 61.031404][ T4678] syz.4.485: attempt to access beyond end of device [ 61.031404][ T4678] loop4: rw=2049, sector=156, nr_sectors = 1 limit=128 [ 61.045071][ T4678] Buffer I/O error on dev loop4, logical block 156, lost async page write [ 61.053907][ T4684] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 61.054451][ T4678] syz.4.485: attempt to access beyond end of device [ 61.054451][ T4678] loop4: rw=2049, sector=157, nr_sectors = 1 limit=128 [ 61.065575][ T4684] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 61.078910][ T4678] Buffer I/O error on dev loop4, logical block 157, lost async page write [ 61.089167][ T4684] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.487: Corrupt directory, running e2fsck is recommended [ 61.098336][ T4678] Buffer I/O error on dev loop4, logical block 160, lost async page write [ 61.121396][ T4678] Buffer I/O error on dev loop4, logical block 161, lost async page write [ 61.197421][ T4708] netlink: 4 bytes leftover after parsing attributes in process `syz.4.496'. [ 61.402687][ T3402] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=3402 comm=kworker/1:3 [ 61.418684][ T4724] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4724 comm=syz.0.503 [ 61.505722][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.534278][ T4734] loop1: detected capacity change from 0 to 128 [ 61.547609][ T4737] xt_hashlimit: max too large, truncated to 1048576 [ 61.571003][ T4737] loop4: detected capacity change from 0 to 1024 [ 61.592038][ T4737] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 61.604491][ T4737] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 61.620020][ T4737] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.508: lblock 3 mapped to illegal pblock 3 (length 13) [ 61.642242][ T4745] loop1: detected capacity change from 0 to 764 [ 61.650511][ T4737] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 61.663020][ T4737] EXT4-fs (loop4): This should not happen!! Data will be lost [ 61.663020][ T4737] [ 61.686504][ T4746] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.508: lblock 3 mapped to illegal pblock 3 (length 1) [ 61.701334][ T4746] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.508: lblock 3 mapped to illegal pblock 3 (length 1) [ 61.755628][ T4746] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.508: lblock 3 mapped to illegal pblock 3 (length 1) [ 61.795804][ T4762] sd 0:0:1:0: device reset [ 61.796489][ T4746] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.508: lblock 3 mapped to illegal pblock 3 (length 1) [ 61.826034][ T4736] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.508: lblock 3 mapped to illegal pblock 3 (length 1) [ 61.847299][ T4765] loop3: detected capacity change from 0 to 512 [ 61.862182][ T4767] netlink: 8 bytes leftover after parsing attributes in process `syz.0.521'. [ 61.871659][ T4765] EXT4-fs: Ignoring removed nobh option [ 61.889731][ T4746] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.508: lblock 3 mapped to illegal pblock 3 (length 1) [ 61.917264][ T4765] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 61.924620][ T4736] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.508: lblock 3 mapped to illegal pblock 3 (length 1) [ 61.928960][ T4765] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 61.948946][ T4746] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.508: lblock 3 mapped to illegal pblock 3 (length 1) [ 61.952993][ T4765] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.517: Corrupt directory, running e2fsck is recommended [ 61.970428][ T4736] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.508: lblock 3 mapped to illegal pblock 3 (length 1) [ 62.036634][ T4765] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 62.083510][ T4765] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.517: corrupted in-inode xattr: invalid ea_ino [ 62.123756][ T4765] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.517: couldn't read orphan inode 15 (err -117) [ 62.159839][ T4765] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.234829][ T4765] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 62.246488][ T4765] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 62.256945][ T4765] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.517: Corrupt directory, running e2fsck is recommended [ 62.926113][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.935376][ T41] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 20 with max blocks 4 with error 28 [ 62.947710][ T41] EXT4-fs (loop4): This should not happen!! Data will be lost [ 62.947710][ T41] [ 62.957435][ T41] EXT4-fs (loop4): Total free blocks count 0 [ 62.963474][ T41] EXT4-fs (loop4): Free/Dirty block details [ 62.969536][ T41] EXT4-fs (loop4): free_blocks=4293918720 [ 62.975420][ T41] EXT4-fs (loop4): dirty_blocks=32 [ 62.980713][ T41] EXT4-fs (loop4): Block reservation details [ 63.013490][ T4805] __nla_validate_parse: 1 callbacks suppressed [ 63.013510][ T4805] netlink: 8 bytes leftover after parsing attributes in process `syz.4.534'. [ 63.147852][ T4813] loop4: detected capacity change from 0 to 128 [ 63.262568][ T4819] loop1: detected capacity change from 0 to 512 [ 63.276385][ T4819] journal_path: Non-blockdev passed as './bus' [ 63.282927][ T4819] EXT4-fs: error: could not find journal device path [ 63.442307][ T4842] loop4: detected capacity change from 0 to 512 [ 63.462757][ T4842] EXT4-fs: Ignoring removed nobh option [ 63.476498][ T4842] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 63.488311][ T4842] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it [ 63.498437][ T4842] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.544: Corrupt directory, running e2fsck is recommended [ 63.537421][ T4849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.552'. [ 63.557178][ T4842] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 63.575571][ T4842] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.544: corrupted in-inode xattr: invalid ea_ino [ 63.598014][ T4842] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.544: couldn't read orphan inode 15 (err -117) [ 63.617000][ T4842] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.668321][ T4842] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 63.680006][ T4842] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it [ 63.690206][ T4842] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.544: Corrupt directory, running e2fsck is recommended [ 63.719999][ T4854] loop1: detected capacity change from 0 to 2048 [ 63.775454][ T4854] loop1: p1 < > p4 [ 63.781617][ T4854] loop1: p4 size 8388608 extends beyond EOD, truncated [ 63.825658][ T4854] loop1: detected capacity change from 0 to 512 [ 63.835336][ T4854] EXT4-fs: inline encryption not supported [ 63.841912][ T4854] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 63.889339][ T4854] EXT4-fs (loop1): 1 truncate cleaned up [ 63.895586][ T4854] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 64.091351][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.182361][ T4876] netlink: 8 bytes leftover after parsing attributes in process `syz.1.564'. [ 64.238680][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.301418][ T4886] loop4: detected capacity change from 0 to 128 [ 64.317298][ T4880] vhci_hcd: invalid port number 236 [ 64.351094][ T4888] loop1: detected capacity change from 0 to 764 [ 64.507609][ T4893] syzkaller1: entered promiscuous mode [ 64.513227][ T4893] syzkaller1: entered allmulticast mode [ 64.698710][ T4903] xt_hashlimit: max too large, truncated to 1048576 [ 64.727410][ T4903] loop4: detected capacity change from 0 to 1024 [ 64.750836][ T4903] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 64.767430][ T4912] loop1: detected capacity change from 0 to 512 [ 64.774179][ T4912] EXT4-fs: Ignoring removed nobh option [ 64.797047][ T4903] ext4 filesystem being mounted at /128/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.815491][ T4912] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 64.828007][ T4912] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 64.838192][ T4912] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.578: Corrupt directory, running e2fsck is recommended [ 64.859001][ T4903] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.577: lblock 3 mapped to illegal pblock 3 (length 13) [ 64.885007][ T4903] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 64.898227][ T4903] EXT4-fs (loop4): This should not happen!! Data will be lost [ 64.898227][ T4903] [ 64.916839][ T4912] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 64.925477][ T4915] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.577: lblock 3 mapped to illegal pblock 3 (length 1) [ 64.940483][ T4912] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.578: corrupted in-inode xattr: invalid ea_ino [ 64.941782][ T4915] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.577: lblock 3 mapped to illegal pblock 3 (length 1) [ 64.971790][ T4915] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.577: lblock 3 mapped to illegal pblock 3 (length 1) [ 64.988016][ T4915] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.577: lblock 3 mapped to illegal pblock 3 (length 1) [ 65.002261][ T4915] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.577: lblock 3 mapped to illegal pblock 3 (length 1) [ 65.018315][ T4902] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.577: lblock 3 mapped to illegal pblock 3 (length 1) [ 65.018454][ T4912] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.578: couldn't read orphan inode 15 (err -117) [ 65.046864][ T4912] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 65.050321][ T4902] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.577: lblock 3 mapped to illegal pblock 3 (length 1) [ 65.077014][ T4902] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.577: lblock 3 mapped to illegal pblock 3 (length 1) [ 65.091520][ T4915] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.577: lblock 3 mapped to illegal pblock 3 (length 1) [ 65.402621][ T4930] bridge: RTM_NEWNEIGH with invalid ether address [ 65.464702][ T29] kauditd_printk_skb: 635 callbacks suppressed [ 65.464721][ T29] audit: type=1326 audit(1750768037.527:3873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.3.588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4c9d7e929 code=0x7ffc0000 [ 65.495270][ T29] audit: type=1326 audit(1750768037.527:3874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.3.588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4c9d7e929 code=0x7ffc0000 [ 65.519707][ T29] audit: type=1326 audit(1750768037.527:3875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.3.588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa4c9d7e929 code=0x7ffc0000 [ 65.543920][ T29] audit: type=1326 audit(1750768037.527:3876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.3.588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4c9d7e929 code=0x7ffc0000 [ 65.568142][ T29] audit: type=1326 audit(1750768037.527:3877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.3.588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7fa4c9d7e929 code=0x7ffc0000 [ 65.592190][ T29] audit: type=1326 audit(1750768037.527:3878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.3.588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4c9d7e929 code=0x7ffc0000 [ 65.638217][ T29] audit: type=1400 audit(1750768037.667:3879): avc: denied { create } for pid=4936 comm="syz.0.589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.659551][ T29] audit: type=1400 audit(1750768037.667:3880): avc: denied { write } for pid=4936 comm="syz.0.589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.680710][ T29] audit: type=1400 audit(1750768037.667:3881): avc: denied { read } for pid=4936 comm="syz.0.589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.701833][ T4940] loop3: detected capacity change from 0 to 128 [ 65.708763][ T29] audit: type=1400 audit(1750768037.707:3882): avc: denied { unmount } for pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 65.732049][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.749408][ T57] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 20 with max blocks 4 with error 28 [ 65.762303][ T57] EXT4-fs (loop4): This should not happen!! Data will be lost [ 65.762303][ T57] [ 65.772110][ T57] EXT4-fs (loop4): Total free blocks count 0 [ 65.778175][ T57] EXT4-fs (loop4): Free/Dirty block details [ 65.784165][ T57] EXT4-fs (loop4): free_blocks=4293918720 [ 65.790015][ T57] EXT4-fs (loop4): dirty_blocks=32 [ 65.795467][ T57] EXT4-fs (loop4): Block reservation details [ 65.832611][ T4940] bio_check_eod: 46 callbacks suppressed [ 65.832631][ T4940] syz.3.591: attempt to access beyond end of device [ 65.832631][ T4940] loop3: rw=2049, sector=132, nr_sectors = 8 limit=128 [ 65.868055][ T4940] syz.3.591: attempt to access beyond end of device [ 65.868055][ T4940] loop3: rw=2049, sector=148, nr_sectors = 8 limit=128 [ 65.882723][ T4940] syz.3.591: attempt to access beyond end of device [ 65.882723][ T4940] loop3: rw=2049, sector=142, nr_sectors = 1 limit=128 [ 65.883731][ T4953] loop4: detected capacity change from 0 to 764 [ 65.896129][ T4940] buffer_io_error: 38 callbacks suppressed [ 65.896146][ T4940] Buffer I/O error on dev loop3, logical block 142, lost async page write [ 65.896484][ T4940] syz.3.591: attempt to access beyond end of device [ 65.896484][ T4940] loop3: rw=2049, sector=143, nr_sectors = 1 limit=128 [ 65.931650][ T4940] Buffer I/O error on dev loop3, logical block 143, lost async page write [ 65.940940][ T4940] syz.3.591: attempt to access beyond end of device [ 65.940940][ T4940] loop3: rw=2049, sector=144, nr_sectors = 1 limit=128 [ 65.955268][ T4940] Buffer I/O error on dev loop3, logical block 144, lost async page write [ 65.964078][ T4940] syz.3.591: attempt to access beyond end of device [ 65.964078][ T4940] loop3: rw=2049, sector=145, nr_sectors = 1 limit=128 [ 65.978244][ T4940] Buffer I/O error on dev loop3, logical block 145, lost async page write [ 65.988235][ T4940] syz.3.591: attempt to access beyond end of device [ 65.988235][ T4940] loop3: rw=2049, sector=146, nr_sectors = 1 limit=128 [ 66.002459][ T4940] Buffer I/O error on dev loop3, logical block 146, lost async page write [ 66.013773][ T4940] syz.3.591: attempt to access beyond end of device [ 66.013773][ T4940] loop3: rw=2049, sector=147, nr_sectors = 1 limit=128 [ 66.028239][ T4940] Buffer I/O error on dev loop3, logical block 147, lost async page write [ 66.037235][ T4940] syz.3.591: attempt to access beyond end of device [ 66.037235][ T4940] loop3: rw=2049, sector=156, nr_sectors = 1 limit=128 [ 66.051269][ T4940] Buffer I/O error on dev loop3, logical block 156, lost async page write [ 66.060776][ T4940] syz.3.591: attempt to access beyond end of device [ 66.060776][ T4940] loop3: rw=2049, sector=157, nr_sectors = 1 limit=128 [ 66.074956][ T4940] Buffer I/O error on dev loop3, logical block 157, lost async page write [ 66.085530][ T4940] Buffer I/O error on dev loop3, logical block 160, lost async page write [ 66.094277][ T4940] Buffer I/O error on dev loop3, logical block 161, lost async page write [ 66.117247][ T4958] netlink: 4 bytes leftover after parsing attributes in process `syz.0.596'. [ 66.337083][ T4969] loop3: detected capacity change from 0 to 128 [ 66.836509][ T4980] loop1: detected capacity change from 0 to 512 [ 66.848444][ T4983] loop3: detected capacity change from 0 to 764 [ 66.895770][ T4980] journal_path: Non-blockdev passed as './bus' [ 66.902134][ T4980] EXT4-fs: error: could not find journal device path [ 67.170445][ T5007] xt_hashlimit: max too large, truncated to 1048576 [ 67.257676][ T5007] syzkaller0: entered promiscuous mode [ 67.263212][ T5007] syzkaller0: entered allmulticast mode [ 67.290426][ T5014] loop1: detected capacity change from 0 to 764 [ 67.363164][ T5019] loop1: detected capacity change from 0 to 128 [ 67.525153][ T5026] loop4: detected capacity change from 0 to 512 [ 67.571335][ T5026] journal_path: Non-blockdev passed as './bus' [ 67.577623][ T5026] EXT4-fs: error: could not find journal device path [ 68.257807][ T5050] loop3: detected capacity change from 0 to 512 [ 68.264574][ T5050] journal_path: Non-blockdev passed as './bus' [ 68.270921][ T5050] EXT4-fs: error: could not find journal device path [ 68.328547][ T5059] loop1: detected capacity change from 0 to 128 [ 68.456390][ T5084] SELinux: Context Ü is not valid (left unmapped). [ 68.508211][ T5088] FAULT_INJECTION: forcing a failure. [ 68.508211][ T5088] name failslab, interval 1, probability 0, space 0, times 0 [ 68.521054][ T5088] CPU: 0 UID: 0 PID: 5088 Comm: syz.1.654 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) [ 68.521091][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 68.521179][ T5088] Call Trace: [ 68.521188][ T5088] [ 68.521198][ T5088] __dump_stack+0x1d/0x30 [ 68.521347][ T5088] dump_stack_lvl+0xe8/0x140 [ 68.521372][ T5088] dump_stack+0x15/0x1b [ 68.521394][ T5088] should_fail_ex+0x265/0x280 [ 68.521429][ T5088] ? audit_log_d_path+0x8d/0x150 [ 68.521525][ T5088] should_failslab+0x8c/0xb0 [ 68.521555][ T5088] __kmalloc_cache_noprof+0x4c/0x320 [ 68.521592][ T5088] audit_log_d_path+0x8d/0x150 [ 68.521623][ T5088] audit_log_d_path_exe+0x42/0x70 [ 68.521752][ T5088] audit_log_task+0x1e9/0x250 [ 68.521792][ T5088] audit_seccomp+0x61/0x100 [ 68.521833][ T5088] ? __seccomp_filter+0x68c/0x10d0 [ 68.521874][ T5088] __seccomp_filter+0x69d/0x10d0 [ 68.521906][ T5088] ? up_write+0x18/0x60 [ 68.521925][ T5088] ? chown_common+0x39e/0x3f0 [ 68.521999][ T5088] __secure_computing+0x82/0x150 [ 68.522028][ T5088] syscall_trace_enter+0xcf/0x1e0 [ 68.522080][ T5088] do_syscall_64+0xac/0x200 [ 68.522099][ T5088] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 68.522124][ T5088] ? clear_bhb_loop+0x40/0x90 [ 68.522150][ T5088] ? clear_bhb_loop+0x40/0x90 [ 68.522178][ T5088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.522239][ T5088] RIP: 0033:0x7f6e9dbdd33c [ 68.522258][ T5088] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 68.522281][ T5088] RSP: 002b:00007f6e9c247030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 68.522304][ T5088] RAX: ffffffffffffffda RBX: 00007f6e9de05fa0 RCX: 00007f6e9dbdd33c [ 68.522319][ T5088] RDX: 000000000000000f RSI: 00007f6e9c2470a0 RDI: 0000000000000005 [ 68.522335][ T5088] RBP: 00007f6e9c247090 R08: 0000000000000000 R09: 0000000000000000 [ 68.522417][ T5088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 68.522432][ T5088] R13: 0000000000000000 R14: 00007f6e9de05fa0 R15: 00007ffd63f0e5d8 [ 68.522504][ T5088] [ 68.739496][ T5089] loop4: detected capacity change from 0 to 512 [ 68.747347][ T5089] EXT4-fs: Ignoring removed nobh option [ 68.758368][ T5089] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 68.770776][ T5089] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it [ 68.775340][ T5094] loop1: detected capacity change from 0 to 128 [ 68.780931][ T5089] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.649: Corrupt directory, running e2fsck is recommended [ 68.802278][ T5089] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 68.810726][ T5089] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.649: corrupted in-inode xattr: invalid ea_ino [ 68.825048][ T5089] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.649: couldn't read orphan inode 15 (err -117) [ 68.838084][ T5089] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.074081][ T5102] loop1: detected capacity change from 0 to 764 [ 69.241846][ T5108] loop1: detected capacity change from 0 to 2048 [ 69.257084][ T5108] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 69.287445][ T5116] xt_hashlimit: max too large, truncated to 1048576 [ 69.304148][ T5116] loop3: detected capacity change from 0 to 1024 [ 69.324894][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.353161][ T5121] netlink: 8 bytes leftover after parsing attributes in process `syz.2.667'. [ 69.379547][ T5123] loop4: detected capacity change from 0 to 512 [ 69.387073][ T5116] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 69.401255][ T5123] journal_path: Non-blockdev passed as './bus' [ 69.404945][ T5116] ext4 filesystem being mounted at /134/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 69.407588][ T5123] EXT4-fs: error: could not find journal device path [ 69.453671][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.463422][ T5130] ipt_REJECT: TCP_RESET invalid for non-tcp [ 69.474466][ T5116] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 3: comm syz.3.665: lblock 3 mapped to illegal pblock 3 (length 13) [ 69.490783][ T5116] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 69.503843][ T5116] EXT4-fs (loop3): This should not happen!! Data will be lost [ 69.503843][ T5116] [ 69.516422][ T5116] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.665: lblock 3 mapped to illegal pblock 3 (length 1) [ 69.547020][ T5116] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.665: lblock 3 mapped to illegal pblock 3 (length 1) [ 69.563390][ T5116] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.665: lblock 3 mapped to illegal pblock 3 (length 1) [ 69.563661][ T5116] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.665: lblock 3 mapped to illegal pblock 3 (length 1) [ 69.596275][ T5116] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.665: lblock 3 mapped to illegal pblock 3 (length 1) [ 69.596576][ T5116] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.665: lblock 3 mapped to illegal pblock 3 (length 1) [ 69.596755][ T5116] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.665: lblock 3 mapped to illegal pblock 3 (length 1) [ 69.597008][ T5116] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.665: lblock 3 mapped to illegal pblock 3 (length 1) [ 69.597294][ T5138] loop1: detected capacity change from 0 to 128 [ 69.597350][ T5116] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.665: lblock 3 mapped to illegal pblock 3 (length 1) [ 69.762796][ T5144] netlink: 60 bytes leftover after parsing attributes in process `syz.0.674'. [ 69.765501][ T5149] loop1: detected capacity change from 0 to 764 [ 69.803466][ T5144] binfmt_misc: register: failed to install interpreter file ./file0 [ 69.815832][ T5150] loop4: detected capacity change from 0 to 512 [ 69.822725][ T5150] EXT4-fs: Ignoring removed nobh option [ 69.833223][ T5150] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 69.845136][ T5150] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it [ 69.856010][ T5150] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.676: Corrupt directory, running e2fsck is recommended [ 69.891349][ T5150] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 69.910223][ T5150] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.676: corrupted in-inode xattr: invalid ea_ino [ 69.955040][ T5158] netlink: 8 bytes leftover after parsing attributes in process `syz.0.680'. [ 69.976969][ T5150] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.676: couldn't read orphan inode 15 (err -117) [ 69.997070][ T5150] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.118005][ T5163] FAULT_INJECTION: forcing a failure. [ 70.118005][ T5163] name failslab, interval 1, probability 0, space 0, times 0 [ 70.131032][ T5163] CPU: 0 UID: 0 PID: 5163 Comm: syz.1.682 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) [ 70.131084][ T5163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 70.131099][ T5163] Call Trace: [ 70.131106][ T5163] [ 70.131113][ T5163] __dump_stack+0x1d/0x30 [ 70.131172][ T5163] dump_stack_lvl+0xe8/0x140 [ 70.131191][ T5163] dump_stack+0x15/0x1b [ 70.131206][ T5163] should_fail_ex+0x265/0x280 [ 70.131350][ T5163] should_failslab+0x8c/0xb0 [ 70.131403][ T5163] kmem_cache_alloc_node_noprof+0x57/0x320 [ 70.131469][ T5163] ? __alloc_skb+0x101/0x320 [ 70.131506][ T5163] __alloc_skb+0x101/0x320 [ 70.131544][ T5163] netlink_alloc_large_skb+0xba/0xf0 [ 70.131680][ T5163] netlink_sendmsg+0x3cf/0x6b0 [ 70.131713][ T5163] ? __pfx_netlink_sendmsg+0x10/0x10 [ 70.131788][ T5163] __sock_sendmsg+0x142/0x180 [ 70.131820][ T5163] ____sys_sendmsg+0x31e/0x4e0 [ 70.131863][ T5163] ___sys_sendmsg+0x17b/0x1d0 [ 70.131922][ T5163] __x64_sys_sendmsg+0xd4/0x160 [ 70.131962][ T5163] x64_sys_call+0x2999/0x2fb0 [ 70.131998][ T5163] do_syscall_64+0xd2/0x200 [ 70.132069][ T5163] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 70.132095][ T5163] ? clear_bhb_loop+0x40/0x90 [ 70.132122][ T5163] ? clear_bhb_loop+0x40/0x90 [ 70.132147][ T5163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.132193][ T5163] RIP: 0033:0x7f6e9dbde929 [ 70.132209][ T5163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.132244][ T5163] RSP: 002b:00007f6e9c247038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 70.132269][ T5163] RAX: ffffffffffffffda RBX: 00007f6e9de05fa0 RCX: 00007f6e9dbde929 [ 70.132283][ T5163] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000008 [ 70.132295][ T5163] RBP: 00007f6e9c247090 R08: 0000000000000000 R09: 0000000000000000 [ 70.132343][ T5163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 70.132355][ T5163] R13: 0000000000000000 R14: 00007f6e9de05fa0 R15: 00007ffd63f0e5d8 [ 70.132375][ T5163] [ 70.489452][ T41] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 20 with max blocks 4 with error 28 [ 70.501882][ T41] EXT4-fs (loop3): This should not happen!! Data will be lost [ 70.501882][ T41] [ 70.512417][ T41] EXT4-fs (loop3): Total free blocks count 0 [ 70.518688][ T41] EXT4-fs (loop3): Free/Dirty block details [ 70.524625][ T41] EXT4-fs (loop3): free_blocks=4293918720 [ 70.531275][ T41] EXT4-fs (loop3): dirty_blocks=32 [ 70.536652][ T41] EXT4-fs (loop3): Block reservation details [ 70.563735][ T29] kauditd_printk_skb: 246 callbacks suppressed [ 70.563749][ T29] audit: type=1400 audit(1750768042.627:4129): avc: denied { read write } for pid=5170 comm="syz.1.688" name="ptp0" dev="devtmpfs" ino=247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 70.593582][ T29] audit: type=1400 audit(1750768042.627:4130): avc: denied { open } for pid=5170 comm="syz.1.688" path="/dev/ptp0" dev="devtmpfs" ino=247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 70.618288][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.635905][ T29] audit: type=1400 audit(1750768042.707:4131): avc: denied { ioctl } for pid=5170 comm="syz.1.688" path="/dev/ptp0" dev="devtmpfs" ino=247 ioctlcmd=0x3d0c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 70.636072][ T5172] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 70.684190][ T5177] loop3: detected capacity change from 0 to 128 [ 70.684716][ T29] audit: type=1400 audit(1750768042.707:4132): avc: denied { setopt } for pid=5170 comm="syz.1.688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 70.710243][ T29] audit: type=1400 audit(1750768042.747:4133): avc: denied { create } for pid=5170 comm="syz.1.688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 70.713735][ T5172] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 70.776909][ T5179] loop4: detected capacity change from 0 to 764 [ 70.780811][ T29] audit: type=1400 audit(1750768042.787:4134): avc: denied { setopt } for pid=5170 comm="syz.1.688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 70.802824][ T29] audit: type=1326 audit(1750768042.827:4135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5176 comm="syz.3.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4c9d7e929 code=0x7ffc0000 [ 70.826426][ T29] audit: type=1326 audit(1750768042.827:4136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5176 comm="syz.3.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4c9d7e929 code=0x7ffc0000 [ 70.857507][ T5182] netlink: 8 bytes leftover after parsing attributes in process `syz.0.691'. [ 70.890901][ T5185] loop3: detected capacity change from 0 to 512 [ 70.950395][ T5185] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.982090][ T29] audit: type=1326 audit(1750768043.047:4137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5191 comm="syz.4.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03573de929 code=0x7ffc0000 [ 71.006927][ T29] audit: type=1326 audit(1750768043.047:4138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5191 comm="syz.4.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f03573de929 code=0x7ffc0000 [ 71.057067][ T5200] xt_hashlimit: max too large, truncated to 1048576 [ 71.067254][ T5185] ext4 filesystem being mounted at /136/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.095345][ T5200] loop1: detected capacity change from 0 to 1024 [ 71.122976][ T5185] netlink: 60 bytes leftover after parsing attributes in process `syz.3.690'. [ 71.143478][ T5200] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 71.156063][ T5200] ext4 filesystem being mounted at /153/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.166113][ T5185] binfmt_misc: register: failed to install interpreter file ./file0 [ 71.188133][ T5200] EXT4-fs error (device loop1): ext4_map_blocks:816: inode #15: block 3: comm syz.1.697: lblock 3 mapped to illegal pblock 3 (length 13) [ 71.205758][ T5207] loop4: detected capacity change from 0 to 512 [ 71.212833][ T5207] EXT4-fs: Ignoring removed nobh option [ 71.218747][ T5200] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 71.220169][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.231198][ T5200] EXT4-fs (loop1): This should not happen!! Data will be lost [ 71.231198][ T5200] [ 71.252539][ T5208] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.697: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.275778][ T5207] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 71.288099][ T5207] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it [ 71.298407][ T5207] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.699: Corrupt directory, running e2fsck is recommended [ 71.313364][ T5208] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.697: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.329762][ T5199] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.697: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.344320][ T5199] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.697: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.366990][ T5207] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 71.371105][ T5211] loop3: detected capacity change from 0 to 128 [ 71.380049][ T5207] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.699: corrupted in-inode xattr: invalid ea_ino [ 71.399121][ T5208] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.697: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.415427][ T5211] bio_check_eod: 32 callbacks suppressed [ 71.415446][ T5211] syz.3.700: attempt to access beyond end of device [ 71.415446][ T5211] loop3: rw=2049, sector=132, nr_sectors = 8 limit=128 [ 71.435064][ T5207] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.699: couldn't read orphan inode 15 (err -117) [ 71.436301][ T5207] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.460752][ T5211] syz.3.700: attempt to access beyond end of device [ 71.460752][ T5211] loop3: rw=2049, sector=148, nr_sectors = 8 limit=128 [ 71.461616][ T5208] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.697: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.489196][ T5199] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.697: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.495832][ T5211] syz.3.700: attempt to access beyond end of device [ 71.495832][ T5211] loop3: rw=2049, sector=142, nr_sectors = 1 limit=128 [ 71.507034][ T5199] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.697: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.517209][ T5211] buffer_io_error: 26 callbacks suppressed [ 71.517227][ T5211] Buffer I/O error on dev loop3, logical block 142, lost async page write [ 71.531922][ T5208] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.697: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.539237][ T5211] syz.3.700: attempt to access beyond end of device [ 71.539237][ T5211] loop3: rw=2049, sector=143, nr_sectors = 1 limit=128 [ 71.573498][ T5211] Buffer I/O error on dev loop3, logical block 143, lost async page write [ 71.588320][ T5211] syz.3.700: attempt to access beyond end of device [ 71.588320][ T5211] loop3: rw=2049, sector=144, nr_sectors = 1 limit=128 [ 71.593428][ T5218] netlink: 8 bytes leftover after parsing attributes in process `syz.2.703'. [ 71.601783][ T5211] Buffer I/O error on dev loop3, logical block 144, lost async page write [ 71.602109][ T5211] syz.3.700: attempt to access beyond end of device [ 71.602109][ T5211] loop3: rw=2049, sector=145, nr_sectors = 1 limit=128 [ 71.634948][ T5211] Buffer I/O error on dev loop3, logical block 145, lost async page write [ 71.650329][ T5211] syz.3.700: attempt to access beyond end of device [ 71.650329][ T5211] loop3: rw=2049, sector=146, nr_sectors = 1 limit=128 [ 71.664831][ T5211] Buffer I/O error on dev loop3, logical block 146, lost async page write [ 71.673612][ T5211] syz.3.700: attempt to access beyond end of device [ 71.673612][ T5211] loop3: rw=2049, sector=147, nr_sectors = 1 limit=128 [ 71.688108][ T5211] Buffer I/O error on dev loop3, logical block 147, lost async page write [ 71.696973][ T5211] syz.3.700: attempt to access beyond end of device [ 71.696973][ T5211] loop3: rw=2049, sector=156, nr_sectors = 1 limit=128 [ 71.710991][ T5211] Buffer I/O error on dev loop3, logical block 156, lost async page write [ 71.719622][ T5211] syz.3.700: attempt to access beyond end of device [ 71.719622][ T5211] loop3: rw=2049, sector=157, nr_sectors = 1 limit=128 [ 71.733736][ T5211] Buffer I/O error on dev loop3, logical block 157, lost async page write [ 71.742497][ T5211] Buffer I/O error on dev loop3, logical block 160, lost async page write [ 71.751907][ T5211] Buffer I/O error on dev loop3, logical block 161, lost async page write [ 71.796986][ T5222] loop3: detected capacity change from 0 to 764 [ 71.949042][ T3449] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 20 with max blocks 4 with error 28 [ 71.961777][ T3449] EXT4-fs (loop1): This should not happen!! Data will be lost [ 71.961777][ T3449] [ 71.971940][ T3449] EXT4-fs (loop1): Total free blocks count 0 [ 71.978277][ T3449] EXT4-fs (loop1): Free/Dirty block details [ 71.984551][ T3449] EXT4-fs (loop1): free_blocks=4293918720 [ 71.990540][ T3449] EXT4-fs (loop1): dirty_blocks=32 [ 71.995902][ T3449] EXT4-fs (loop1): Block reservation details [ 72.017774][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.066249][ T5241] netlink: 8 bytes leftover after parsing attributes in process `syz.4.714'. [ 72.080863][ T5243] loop1: detected capacity change from 0 to 512 [ 72.089581][ T5243] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 72.196600][ T5243] EXT4-fs (loop1): warning: maximal mount count reached, running e2fsck is recommended [ 72.213608][ T5243] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.715: inode #15: comm syz.1.715: iget: illegal inode # [ 72.230884][ T5243] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.715: couldn't read orphan inode 15 (err -117) [ 72.245715][ T5243] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.301864][ T5250] syzkaller0: entered promiscuous mode [ 72.308130][ T5250] syzkaller0: entered allmulticast mode [ 72.350940][ T5243] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.715: bg 0: block 19: invalid block bitmap [ 72.593707][ T5266] xt_hashlimit: max too large, truncated to 1048576 [ 72.610927][ T5266] loop4: detected capacity change from 0 to 1024 [ 72.628340][ T5266] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.640846][ T5266] ext4 filesystem being mounted at /160/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 72.657270][ T5266] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.723: lblock 3 mapped to illegal pblock 3 (length 13) [ 72.676459][ T5266] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 72.690026][ T5266] EXT4-fs (loop4): This should not happen!! Data will be lost [ 72.690026][ T5266] [ 72.758109][ T5281] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.723: lblock 3 mapped to illegal pblock 3 (length 1) [ 72.760047][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.790887][ T5283] ip6tnl1: entered promiscuous mode [ 72.796222][ T5283] ip6tnl1: entered allmulticast mode [ 72.809654][ T5283] team0: Device ip6tnl1 is of different type [ 72.824834][ T5281] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.723: lblock 3 mapped to illegal pblock 3 (length 1) [ 72.855551][ T5265] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.723: lblock 3 mapped to illegal pblock 3 (length 1) [ 72.905611][ T5265] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.723: lblock 3 mapped to illegal pblock 3 (length 1) [ 72.925403][ T5281] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.723: lblock 3 mapped to illegal pblock 3 (length 1) [ 72.963252][ T5265] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.723: lblock 3 mapped to illegal pblock 3 (length 1) [ 72.989924][ T5281] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.723: lblock 3 mapped to illegal pblock 3 (length 1) [ 73.024348][ T5265] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.723: lblock 3 mapped to illegal pblock 3 (length 1) [ 73.051925][ T5300] loop1: detected capacity change from 0 to 128 [ 73.063158][ T5281] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.723: lblock 3 mapped to illegal pblock 3 (length 1) [ 73.158236][ T5306] process 'syz.2.740' launched '/dev/fd/7' with NULL argv: empty string added [ 73.578704][ T5320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.744'. [ 73.617572][ T3449] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 20 with max blocks 4 with error 28 [ 73.630747][ T3449] EXT4-fs (loop4): This should not happen!! Data will be lost [ 73.630747][ T3449] [ 73.640521][ T3449] EXT4-fs (loop4): Total free blocks count 0 [ 73.647362][ T3449] EXT4-fs (loop4): Free/Dirty block details [ 73.653331][ T3449] EXT4-fs (loop4): free_blocks=4293918720 [ 73.659192][ T3449] EXT4-fs (loop4): dirty_blocks=32 [ 73.664361][ T3449] EXT4-fs (loop4): Block reservation details [ 73.675415][ T5322] FAULT_INJECTION: forcing a failure. [ 73.675415][ T5322] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 73.689219][ T5322] CPU: 1 UID: 0 PID: 5322 Comm: syz.2.746 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) [ 73.689278][ T5322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 73.689290][ T5322] Call Trace: [ 73.689297][ T5322] [ 73.689305][ T5322] __dump_stack+0x1d/0x30 [ 73.689331][ T5322] dump_stack_lvl+0xe8/0x140 [ 73.689350][ T5322] dump_stack+0x15/0x1b [ 73.689385][ T5322] should_fail_ex+0x265/0x280 [ 73.689426][ T5322] should_fail+0xb/0x20 [ 73.689466][ T5322] should_fail_usercopy+0x1a/0x20 [ 73.689506][ T5322] _copy_from_user+0x1c/0xb0 [ 73.689549][ T5322] ___sys_sendmsg+0xc1/0x1d0 [ 73.689604][ T5322] __x64_sys_sendmsg+0xd4/0x160 [ 73.689648][ T5322] x64_sys_call+0x2999/0x2fb0 [ 73.689733][ T5322] do_syscall_64+0xd2/0x200 [ 73.689755][ T5322] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 73.689788][ T5322] ? clear_bhb_loop+0x40/0x90 [ 73.689815][ T5322] ? clear_bhb_loop+0x40/0x90 [ 73.689841][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.689897][ T5322] RIP: 0033:0x7f3867e2e929 [ 73.689914][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.689937][ T5322] RSP: 002b:00007f3866497038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 73.689961][ T5322] RAX: ffffffffffffffda RBX: 00007f3868055fa0 RCX: 00007f3867e2e929 [ 73.689976][ T5322] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004 [ 73.689992][ T5322] RBP: 00007f3866497090 R08: 0000000000000000 R09: 0000000000000000 [ 73.690004][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 73.690095][ T5322] R13: 0000000000000000 R14: 00007f3868055fa0 R15: 00007ffeec21d348 [ 73.690119][ T5322] [ 73.886899][ T5320] team0 (unregistering): Port device team_slave_0 removed [ 73.907313][ T5320] team0 (unregistering): Port device team_slave_1 removed [ 74.226583][ T5333] netlink: 4 bytes leftover after parsing attributes in process `syz.0.752'. [ 74.288485][ T5354] netlink: 188 bytes leftover after parsing attributes in process `syz.1.758'. [ 74.294863][ T5352] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=36 sclass=netlink_tcpdiag_socket pid=5352 comm=syz.0.752 [ 74.485958][ T5369] loop4: detected capacity change from 0 to 128 [ 74.692290][ T5379] loop4: detected capacity change from 0 to 512 [ 74.699726][ T5379] journal_path: Non-blockdev passed as './bus' [ 74.706195][ T5379] EXT4-fs: error: could not find journal device path [ 75.406783][ T5407] loop4: detected capacity change from 0 to 512 [ 75.445081][ T5407] EXT4-fs: Ignoring removed nobh option [ 75.474209][ T5407] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 75.485906][ T5407] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it [ 75.496190][ T5407] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.777: Corrupt directory, running e2fsck is recommended [ 75.509645][ T5415] loop1: detected capacity change from 0 to 764 [ 75.517791][ T5407] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 75.528691][ T5407] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.777: corrupted in-inode xattr: invalid ea_ino [ 75.542689][ T5407] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.777: couldn't read orphan inode 15 (err -117) [ 75.558592][ T5407] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.576215][ T5407] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 75.587930][ T5407] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it [ 75.598176][ T5407] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.777: Corrupt directory, running e2fsck is recommended [ 75.617662][ T5407] netlink: 52 bytes leftover after parsing attributes in process `syz.4.777'. [ 75.681627][ T29] kauditd_printk_skb: 216 callbacks suppressed [ 75.681653][ T29] audit: type=1326 audit(1750768047.747:4355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5422 comm="syz.0.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 75.765846][ T29] audit: type=1326 audit(1750768047.817:4356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5422 comm="syz.0.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 75.790006][ T29] audit: type=1326 audit(1750768047.817:4357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5422 comm="syz.0.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 75.814310][ T29] audit: type=1326 audit(1750768047.817:4358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5422 comm="syz.0.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 75.838711][ T29] audit: type=1326 audit(1750768047.817:4359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5422 comm="syz.0.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 75.863147][ T29] audit: type=1326 audit(1750768047.817:4360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5422 comm="syz.0.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 75.887403][ T29] audit: type=1326 audit(1750768047.817:4361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5422 comm="syz.0.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 75.912164][ T29] audit: type=1326 audit(1750768047.817:4362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5422 comm="syz.0.783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7108e929 code=0x7ffc0000 [ 76.398617][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.430355][ T29] audit: type=1326 audit(1750768048.487:4363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5429 comm="syz.3.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4c9d7e929 code=0x7ffc0000 [ 76.453804][ T29] audit: type=1326 audit(1750768048.497:4364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5429 comm="syz.3.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4c9d7e929 code=0x7ffc0000 [ 76.494997][ T5440] xt_hashlimit: max too large, truncated to 1048576 [ 76.560949][ T5447] loop4: detected capacity change from 0 to 512 [ 76.576687][ T5440] syzkaller0: entered promiscuous mode [ 76.582267][ T5440] syzkaller0: entered allmulticast mode [ 76.592105][ T5447] journal_path: Non-blockdev passed as './bus' [ 76.598389][ T5447] EXT4-fs: error: could not find journal device path [ 76.655540][ T5458] loop4: detected capacity change from 0 to 764 [ 76.788032][ T5463] netlink: 4 bytes leftover after parsing attributes in process `syz.4.799'. [ 76.920318][ T5474] netlink: 'syz.0.804': attribute type 1 has an invalid length. [ 76.931069][ T5474] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 77.376294][ T5494] loop1: detected capacity change from 0 to 128 [ 77.429919][ T5494] bio_check_eod: 37 callbacks suppressed [ 77.429939][ T5494] syz.1.811: attempt to access beyond end of device [ 77.429939][ T5494] loop1: rw=2049, sector=132, nr_sectors = 8 limit=128 [ 77.454437][ T5494] syz.1.811: attempt to access beyond end of device [ 77.454437][ T5494] loop1: rw=2049, sector=148, nr_sectors = 8 limit=128 [ 77.474709][ T5502] netlink: 4 bytes leftover after parsing attributes in process `syz.0.815'. [ 77.483977][ T5494] syz.1.811: attempt to access beyond end of device [ 77.483977][ T5494] loop1: rw=2049, sector=142, nr_sectors = 1 limit=128 [ 77.497776][ T5494] buffer_io_error: 32 callbacks suppressed [ 77.497793][ T5494] Buffer I/O error on dev loop1, logical block 142, lost async page write [ 77.538082][ T5494] syz.1.811: attempt to access beyond end of device [ 77.538082][ T5494] loop1: rw=2049, sector=143, nr_sectors = 1 limit=128 [ 77.551693][ T5494] Buffer I/O error on dev loop1, logical block 143, lost async page write [ 77.589306][ T5509] loop3: detected capacity change from 0 to 512 [ 77.595711][ T5494] syz.1.811: attempt to access beyond end of device [ 77.595711][ T5494] loop1: rw=2049, sector=144, nr_sectors = 1 limit=128 [ 77.595803][ T5494] Buffer I/O error on dev loop1, logical block 144, lost async page write [ 77.595841][ T5494] syz.1.811: attempt to access beyond end of device [ 77.595841][ T5494] loop1: rw=2049, sector=145, nr_sectors = 1 limit=128 [ 77.631318][ T5494] Buffer I/O error on dev loop1, logical block 145, lost async page write [ 77.697772][ T5509] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.704774][ T5494] syz.1.811: attempt to access beyond end of device [ 77.704774][ T5494] loop1: rw=2049, sector=146, nr_sectors = 1 limit=128 [ 77.723901][ T5494] Buffer I/O error on dev loop1, logical block 146, lost async page write [ 77.732719][ T5494] syz.1.811: attempt to access beyond end of device [ 77.732719][ T5494] loop1: rw=2049, sector=147, nr_sectors = 1 limit=128 [ 77.746118][ T5494] Buffer I/O error on dev loop1, logical block 147, lost async page write [ 77.751621][ T5509] ext4 filesystem being mounted at /155/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 77.754968][ T5494] syz.1.811: attempt to access beyond end of device [ 77.754968][ T5494] loop1: rw=2049, sector=156, nr_sectors = 1 limit=128 [ 77.778361][ T5494] Buffer I/O error on dev loop1, logical block 156, lost async page write [ 77.786924][ T5494] syz.1.811: attempt to access beyond end of device [ 77.786924][ T5494] loop1: rw=2049, sector=157, nr_sectors = 1 limit=128 [ 77.800372][ T5494] Buffer I/O error on dev loop1, logical block 157, lost async page write [ 77.809183][ T5494] Buffer I/O error on dev loop1, logical block 160, lost async page write [ 77.817796][ T5494] Buffer I/O error on dev loop1, logical block 161, lost async page write [ 77.848280][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.892055][ T5518] loop1: detected capacity change from 0 to 128 [ 77.899533][ T5518] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 78.018355][ T5524] loop1: detected capacity change from 0 to 764 [ 78.210616][ T5547] Driver unsupported XDP return value 0 on prog (id 463) dev N/A, expect packet loss! [ 78.226707][ T5547] wireguard0: entered promiscuous mode [ 78.232306][ T5547] wireguard0: entered allmulticast mode [ 78.839593][ T5571] loop3: detected capacity change from 0 to 512 [ 78.867822][ T5571] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.888381][ T5571] ext4 filesystem being mounted at /158/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 78.992083][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.088272][ T5585] loop3: detected capacity change from 0 to 512 [ 79.097110][ T5585] journal_path: Non-blockdev passed as './bus' [ 79.103774][ T5585] EXT4-fs: error: could not find journal device path [ 79.149273][ T5592] netlink: 4 bytes leftover after parsing attributes in process `syz.3.851'. [ 79.167782][ T5592] netlink: 'syz.3.851': attribute type 1 has an invalid length. [ 79.587081][ T5595] netlink: 20 bytes leftover after parsing attributes in process `syz.2.852'. [ 79.969318][ T5615] loop4: detected capacity change from 0 to 512 [ 80.008955][ T5615] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.045352][ T5615] ext4 filesystem being mounted at /181/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 80.073006][ T5629] netlink: 20 bytes leftover after parsing attributes in process `syz.1.865'. [ 80.073426][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.149664][ T5632] loop4: detected capacity change from 0 to 512 [ 80.156936][ T5631] netlink: 4 bytes leftover after parsing attributes in process `syz.0.864'. [ 80.157042][ T5639] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=5639 comm=syz.3.868 [ 80.174424][ T5632] journal_path: Non-blockdev passed as './bus' [ 80.186344][ T5637] loop1: detected capacity change from 0 to 764 [ 80.193221][ T5632] EXT4-fs: error: could not find journal device path [ 80.308765][ T5649] netlink: 12 bytes leftover after parsing attributes in process `syz.3.873'. [ 80.319983][ T5649] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5649 comm=syz.3.873 [ 80.419543][ T5659] netlink: 20 bytes leftover after parsing attributes in process `syz.4.877'. [ 80.811331][ T29] kauditd_printk_skb: 150 callbacks suppressed [ 80.811349][ T29] audit: type=1400 audit(1750768052.877:4515): avc: denied { ioctl } for pid=5701 comm="syz.2.895" path="/dev/mISDNtimer" dev="devtmpfs" ino=250 ioctlcmd=0x4940 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 80.823918][ T5702] FAULT_INJECTION: forcing a failure. [ 80.823918][ T5702] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 80.855883][ T5702] CPU: 0 UID: 0 PID: 5702 Comm: syz.2.895 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) [ 80.855916][ T5702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 80.855930][ T5702] Call Trace: [ 80.855936][ T5702] [ 80.855943][ T5702] __dump_stack+0x1d/0x30 [ 80.856017][ T5702] dump_stack_lvl+0xe8/0x140 [ 80.856042][ T5702] dump_stack+0x15/0x1b [ 80.856132][ T5702] should_fail_ex+0x265/0x280 [ 80.856172][ T5702] should_fail+0xb/0x20 [ 80.856204][ T5702] should_fail_usercopy+0x1a/0x20 [ 80.856266][ T5702] fpu__restore_sig+0x12d/0xaa0 [ 80.856307][ T5702] ? should_fail_ex+0xdb/0x280 [ 80.856419][ T5702] __ia32_sys_rt_sigreturn+0x29f/0x350 [ 80.856529][ T5702] x64_sys_call+0x2e8a/0x2fb0 [ 80.856557][ T5702] do_syscall_64+0xd2/0x200 [ 80.856587][ T5702] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 80.856621][ T5702] ? clear_bhb_loop+0x40/0x90 [ 80.856648][ T5702] ? clear_bhb_loop+0x40/0x90 [ 80.856723][ T5702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.856749][ T5702] RIP: 0033:0x7f3867e2e927 [ 80.856820][ T5702] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 80.856842][ T5702] RSP: 002b:00007f3866497038 EFLAGS: 00000246 [ 80.856861][ T5702] RAX: 0000000000000000 RBX: 00007f3868055fa0 RCX: 00007f3867e2e929 [ 80.856875][ T5702] RDX: 0000000000001001 RSI: 00002000000019c0 RDI: 0000000000000007 [ 80.856949][ T5702] RBP: 00007f3866497090 R08: 0000000000000000 R09: 0000000000000000 [ 80.856963][ T5702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 80.856974][ T5702] R13: 0000000000000000 R14: 00007f3868055fa0 R15: 00007ffeec21d348 [ 80.856996][ T5702] [ 81.040985][ T29] audit: type=1400 audit(1750768052.927:4516): avc: denied { write } for pid=5699 comm="syz.1.893" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 81.061443][ T29] audit: type=1400 audit(1750768052.937:4517): avc: denied { read } for pid=5699 comm="syz.1.893" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 81.115640][ T29] audit: type=1326 audit(1750768053.187:4518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5707 comm="syz.2.897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3867e2e929 code=0x7ffc0000 [ 81.139949][ T29] audit: type=1326 audit(1750768053.187:4519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5707 comm="syz.2.897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3867e2e929 code=0x7ffc0000 [ 81.167562][ T29] audit: type=1326 audit(1750768053.237:4520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5707 comm="syz.2.897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3867e2e929 code=0x7ffc0000 [ 81.218956][ T29] audit: type=1326 audit(1750768053.237:4521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5707 comm="syz.2.897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3867e2e929 code=0x7ffc0000 [ 81.243317][ T29] audit: type=1326 audit(1750768053.237:4522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5707 comm="syz.2.897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3867e2e929 code=0x7ffc0000 [ 81.267394][ T29] audit: type=1326 audit(1750768053.237:4523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5707 comm="syz.2.897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3867e2e929 code=0x7ffc0000 [ 81.291518][ T29] audit: type=1326 audit(1750768053.237:4524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5707 comm="syz.2.897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3867e2e929 code=0x7ffc0000 [ 81.321509][ T5700] netlink: 'syz.1.893': attribute type 1 has an invalid length. [ 81.329343][ T5700] netlink: 224 bytes leftover after parsing attributes in process `syz.1.893'. [ 81.338944][ T5711] xt_hashlimit: max too large, truncated to 1048576 [ 81.372410][ T5711] loop3: detected capacity change from 0 to 1024 [ 81.429733][ T5719] xt_hashlimit: max too large, truncated to 1048576 [ 81.439937][ T5711] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.452141][ T5711] ext4 filesystem being mounted at /170/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 81.485531][ T5711] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 3: comm syz.3.899: lblock 3 mapped to illegal pblock 3 (length 13) [ 81.571659][ T5711] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 81.584155][ T5711] EXT4-fs (loop3): This should not happen!! Data will be lost [ 81.584155][ T5711] [ 81.649690][ T5724] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.899: lblock 3 mapped to illegal pblock 3 (length 1) [ 81.661780][ T5719] syzkaller0: entered promiscuous mode [ 81.669537][ T5719] syzkaller0: entered allmulticast mode [ 81.734938][ T5710] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.899: lblock 3 mapped to illegal pblock 3 (length 1) [ 81.765250][ T5724] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.899: lblock 3 mapped to illegal pblock 3 (length 1) [ 81.804961][ T5710] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.899: lblock 3 mapped to illegal pblock 3 (length 1) [ 81.838258][ T5724] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.899: lblock 3 mapped to illegal pblock 3 (length 1) [ 81.866201][ T5738] loop1: detected capacity change from 0 to 512 [ 81.872859][ T5710] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.899: lblock 3 mapped to illegal pblock 3 (length 1) [ 81.903181][ T5724] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.899: lblock 3 mapped to illegal pblock 3 (length 1) [ 81.922595][ T5738] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.907: bg 0: block 5: invalid block bitmap [ 81.938171][ T5710] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.899: lblock 3 mapped to illegal pblock 3 (length 1) [ 81.977341][ T5724] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.899: lblock 3 mapped to illegal pblock 3 (length 1) [ 82.020160][ T5738] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 82.228353][ T5738] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.907: invalid indirect mapped block 3 (level 2) [ 82.278220][ T5753] FAULT_INJECTION: forcing a failure. [ 82.278220][ T5753] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 82.290902][ T5738] EXT4-fs (loop1): 2 truncates cleaned up [ 82.291618][ T5753] CPU: 0 UID: 0 PID: 5753 Comm: syz.2.914 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) [ 82.291657][ T5753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 82.291676][ T5753] Call Trace: [ 82.291686][ T5753] [ 82.291697][ T5753] __dump_stack+0x1d/0x30 [ 82.291800][ T5753] dump_stack_lvl+0xe8/0x140 [ 82.291827][ T5753] dump_stack+0x15/0x1b [ 82.291855][ T5753] should_fail_ex+0x265/0x280 [ 82.291899][ T5753] should_fail_alloc_page+0xf2/0x100 [ 82.291934][ T5753] __alloc_frozen_pages_noprof+0xff/0x360 [ 82.292005][ T5753] alloc_pages_mpol+0xb3/0x250 [ 82.292049][ T5753] vma_alloc_folio_noprof+0x1aa/0x300 [ 82.292094][ T5753] do_wp_page+0x673/0x2400 [ 82.292192][ T5753] ? __rcu_read_lock+0x37/0x50 [ 82.292226][ T5753] handle_mm_fault+0x77d/0x2be0 [ 82.292329][ T5753] ? mas_walk+0xf2/0x120 [ 82.292389][ T5753] do_user_addr_fault+0x636/0x1090 [ 82.292572][ T5753] ? fpregs_restore_userregs+0xe2/0x1d0 [ 82.292685][ T5753] ? switch_fpu_return+0xe/0x20 [ 82.292747][ T5753] ? fpregs_assert_state_consistent+0xb4/0xe0 [ 82.292790][ T5753] exc_page_fault+0x62/0xa0 [ 82.292829][ T5753] asm_exc_page_fault+0x26/0x30 [ 82.292945][ T5753] RIP: 0033:0x7f3867cf0d50 [ 82.292970][ T5753] Code: 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 47 0f b6 0c 08 45 84 c9 74 08 <45> 88 0c 00 49 8b 47 10 48 83 c0 01 49 89 47 10 83 e9 01 73 d3 41 [ 82.292993][ T5753] RSP: 002b:00007f38664964a0 EFLAGS: 00010202 [ 82.293016][ T5753] RAX: 0000000000012005 RBX: 00007f3866496540 RCX: 0000000000000101 [ 82.293033][ T5753] RDX: 000000000000a1ff RSI: 0000000000000800 RDI: 00007f38664965e0 [ 82.293051][ T5753] RBP: 0000000000000102 R08: 00007f385e077000 R09: 0000000000000004 [ 82.293070][ T5753] R10: 0000200000000182 R11: 00000000000005ab R12: 0000000000000601 [ 82.293086][ T5753] R13: 00007f3867ecc200 R14: 0000000000000015 R15: 00007f38664965e0 [ 82.293114][ T5753] [ 82.293161][ T5753] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 82.305180][ T5738] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.540474][ T5755] FAULT_INJECTION: forcing a failure. [ 82.540474][ T5755] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 82.553791][ T5755] CPU: 0 UID: 0 PID: 5755 Comm: syz.4.915 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) [ 82.553824][ T5755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 82.553838][ T5755] Call Trace: [ 82.553845][ T5755] [ 82.553862][ T5755] __dump_stack+0x1d/0x30 [ 82.553885][ T5755] dump_stack_lvl+0xe8/0x140 [ 82.553907][ T5755] dump_stack+0x15/0x1b [ 82.553926][ T5755] should_fail_ex+0x265/0x280 [ 82.554041][ T5755] should_fail_alloc_page+0xf2/0x100 [ 82.554071][ T5755] __alloc_frozen_pages_noprof+0xff/0x360 [ 82.554119][ T5755] alloc_pages_mpol+0xb3/0x250 [ 82.554228][ T5755] folio_alloc_noprof+0x97/0x150 [ 82.554258][ T5755] filemap_alloc_folio_noprof+0x66/0x210 [ 82.554373][ T5755] __filemap_get_folio+0x28f/0x6b0 [ 82.554467][ T5755] ? aio_setup_ring+0x1e8/0x760 [ 82.554492][ T5755] aio_setup_ring+0x26c/0x760 [ 82.554513][ T5755] ioctx_alloc+0x2c4/0x4e0 [ 82.554529][ T5755] ? fput+0x8f/0xc0 [ 82.554654][ T5755] __se_sys_io_setup+0x6b/0x1b0 [ 82.554695][ T5755] __x64_sys_io_setup+0x31/0x40 [ 82.554885][ T5755] x64_sys_call+0x2f0e/0x2fb0 [ 82.554914][ T5755] do_syscall_64+0xd2/0x200 [ 82.554934][ T5755] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 82.555046][ T5755] ? clear_bhb_loop+0x40/0x90 [ 82.555072][ T5755] ? clear_bhb_loop+0x40/0x90 [ 82.555100][ T5755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.555122][ T5755] RIP: 0033:0x7f03573de929 [ 82.555140][ T5755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.555181][ T5755] RSP: 002b:00007f0355a47038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 82.555205][ T5755] RAX: ffffffffffffffda RBX: 00007f0357605fa0 RCX: 00007f03573de929 [ 82.555216][ T5755] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000004082 [ 82.555230][ T5755] RBP: 00007f0355a47090 R08: 0000000000000000 R09: 0000000000000000 [ 82.555245][ T5755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 82.555272][ T5755] R13: 0000000000000000 R14: 00007f0357605fa0 R15: 00007ffc8c814df8 [ 82.555296][ T5755] [ 82.817346][ T5761] netlink: 4 bytes leftover after parsing attributes in process `syz.2.917'. [ 82.867405][ T57] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 20 with max blocks 4 with error 28 [ 82.880603][ T57] EXT4-fs (loop3): This should not happen!! Data will be lost [ 82.880603][ T57] [ 82.890320][ T57] EXT4-fs (loop3): Total free blocks count 0 [ 82.897057][ T57] EXT4-fs (loop3): Free/Dirty block details [ 82.903036][ T57] EXT4-fs (loop3): free_blocks=4293918720 [ 82.908917][ T57] EXT4-fs (loop3): dirty_blocks=32 [ 82.914066][ T57] EXT4-fs (loop3): Block reservation details [ 82.943996][ T5764] loop3: detected capacity change from 0 to 512 [ 82.986313][ T5764] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.003844][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.021824][ T5764] ext4 filesystem being mounted at /171/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 83.154236][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.392879][ T5800] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus [ 83.441050][ T5802] loop1: detected capacity change from 0 to 128 [ 83.693356][ T5802] ================================================================== [ 83.701556][ T5802] BUG: KCSAN: data-race in __mark_inode_dirty / __mark_inode_dirty [ 83.709686][ T5802] [ 83.712039][ T5802] write to 0xffff888106fa7128 of 4 bytes by task 5803 on cpu 1: [ 83.719715][ T5802] __mark_inode_dirty+0x240/0x760 [ 83.724881][ T5802] fat_update_time+0x1ec/0x200 [ 83.729702][ T5802] touch_atime+0x148/0x340 [ 83.734155][ T5802] filemap_splice_read+0x629/0x6b0 [ 83.739322][ T5802] splice_direct_to_actor+0x26f/0x680 [ 83.744744][ T5802] do_splice_direct+0xda/0x150 [ 83.749557][ T5802] do_sendfile+0x380/0x650 [ 83.754270][ T5802] __x64_sys_sendfile64+0x105/0x150 [ 83.759515][ T5802] x64_sys_call+0xb39/0x2fb0 [ 83.764233][ T5802] do_syscall_64+0xd2/0x200 [ 83.768765][ T5802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.774718][ T5802] [ 83.777161][ T5802] read to 0xffff888106fa7128 of 4 bytes by task 5802 on cpu 0: [ 83.784992][ T5802] __mark_inode_dirty+0x18e/0x760 [ 83.790061][ T5802] fat_update_time+0x1ec/0x200 [ 83.794879][ T5802] touch_atime+0x148/0x340 [ 83.799348][ T5802] filemap_splice_read+0x629/0x6b0 [ 83.804517][ T5802] splice_direct_to_actor+0x26f/0x680 [ 83.810056][ T5802] do_splice_direct+0xda/0x150 [ 83.815004][ T5802] do_sendfile+0x380/0x650 [ 83.819563][ T5802] __x64_sys_sendfile64+0x105/0x150 [ 83.824803][ T5802] x64_sys_call+0xb39/0x2fb0 [ 83.829444][ T5802] do_syscall_64+0xd2/0x200 [ 83.833985][ T5802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.839929][ T5802] [ 83.842306][ T5802] value changed: 0x00000000 -> 0x00000038 [ 83.848057][ T5802] [ 83.850422][ T5802] Reported by Kernel Concurrency Sanitizer on: [ 83.856947][ T5802] CPU: 0 UID: 0 PID: 5802 Comm: syz.1.934 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) [ 83.869318][ T5802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 83.879506][ T5802] ================================================================== [ 83.956918][ T5790] netlink: 'syz.0.926': attribute type 1 has an invalid length. [ 90.135383][ T29] kauditd_printk_skb: 191 callbacks suppressed [ 90.135399][ T29] audit: type=1400 audit(1750768062.207:4716): avc: denied { egress } for pid=14 comm="ksoftirqd/0" saddr=fe80::1c daddr=ff02::2 netif=gretap0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1 [ 90.165364][ T29] audit: type=1400 audit(1750768062.207:4717): avc: denied { sendto } for pid=14 comm="ksoftirqd/0" saddr=fe80::1c daddr=ff02::2 netif=gretap0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1