last executing test programs: 6.192945065s ago: executing program 2 (id=1343): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdir(0x0, 0x12c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]}) utime(&(0x7f0000000100)='./file0\x00', 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) clock_settime(0x1ed5d7403, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 6.114480282s ago: executing program 2 (id=1345): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x12, 0x4, 0x4, 0x12}, 0x48) close(r1) socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r2}, &(0x7f0000000500), &(0x7f0000000540)=r1}, 0x20) close(r0) 6.077668584s ago: executing program 2 (id=1346): perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x210800, &(0x7f0000000680)={[{@nombcache}, {@grpid}, {@nodioread_nolock}, {@barrier}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nomblk_io_submit}, {@noinit_itable}, {@grpid}, {@i_version}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}]}, 0x1, 0x597, &(0x7f0000001280)="$eJzs3d9rU2cfAPDvSdPaqu9rBZH3fS9eBC/mcKa23Q+Fwdzl2GTCdu9CG4s0NdKkYjtBvVhvdjNkMMaEsT9g97uU/QP7K4RNkCFluxiDjpOe1Gjzw9bYVPP5wEmfJ+ecPOeb5zxPnicnaQIYWMfSm1zEfyPiqyTiUNO6fGQrj21st/boxky6JLG+/snvSSTZfY3tk+zvgYixNPOfiPj5i4iTua3lVpdX5ovlcmkxy0/UFq5OVJdXTl1eKM6V5kpXpqanz7w1PXX2nbd7FuvrF/789uN7H5z58vjaNz8+OHwniXNxMFvXHMdzuNWcOVb8O0sNx7mnNpzsQWF7SdLvA2BHhrJ2PhxpH3AohrJWD7z6bkbEOjCgEu0fBlRjHNCY2/doHvzSePj+xgSoHvtIc/z5jfdGYrQ+N9q/ljwxM0rnu+M9KD8t46ff7t5Jl+j8PsRYlzzAtty6HRGn8/mt/X+S9X87d7r+5nFnT5cxaK8/0E/30vHPG63Gf7nN8U+0GP8caNF2d6J7+8896EExbaXjv3dbjn83u67xoSz3r/qYbzi5dLlcSp+Mf0fEiRjel+Y7Xc85s3Z/vd265vFfuqTlN8aC2XE8yO97cp/ZYq0YESPPE3fDw9sR/8u3ij/ZrP+kRf2nz8eF5gcaal/G0dLd/7db1z3+F2v9h4jXWtb/4ytaSefrkxNp/Z/euG1Zxh+rR39pV36/40/rf3/n+MeT5uu11ea9m2eQ7X0/+lep3bqdnv8jyaf1dKMRXC/WaouTESPJR1vvn3q8byPf2D6N/8Txzv1fq/M/nXx91j30utUjq203fSL+JPpS/7Pbqv/tJ+5/+Pl37cp/tvp/s546kd2T9X+tZefKsx7g8z5/AAAAAAAAsJfkIuJgJLnCZjqXKxQ2Pt9xJPbnypVq7eSlytKV2ah/V3Y8hnONK92Hmj4PMZl9HraRn3oqPx0RhyPi66Gxer4wUynP9jt4AAAAAAAAAAAAAAAAAAAA2CMOtPn+f+rXDv/TH3hF1H/YYF+/jwLoh64/+d/il55uvqBjAXZX1/YPvLK0fxhc2j8Mrp23/9GeHgew+7z+w+DS/mFwaf8wuLR/AAAAAAAAAAAAAAAAAAAAAAAAAAAA6KkL58+ny/raoxszaX722vLSfOXaqdlSdb6wsDRTmKksXi3MVSpz5VJhprLQ7fHKlcrVyalYuj5RK1VrE9XllYsLlaUrtYuXF4pzpYul4V2JCgAAAAAAAAAAAAAAAAAAAF4u1eWV+WK5XFqUaJt4L15wEaPR7wA37Gj3fG+PZ2x3Qj67N06tXUisbrb17e3ety4JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALb4JwAA///tWDMf") mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0) chroot(&(0x7f0000000000)='./file0/../file0\x00') mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='./file0\x00') 5.905420478s ago: executing program 2 (id=1351): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b000000000000"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000002c0)='timer_start\x00', r1, 0x0, 0x8}, 0x18) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000040)={0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffdffffff}) 5.580020564s ago: executing program 2 (id=1354): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000000000100000000a00000004000380040002800000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20008004}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000340)=[{0x200000000006, 0x0, 0x3, 0x7ffc9fff}]}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095", @ANYRES64=r2, @ANYRES8=r2], 0x0, 0xe99}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10) r6 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01) ioctl$SCSI_IOCTL_SEND_COMMAND(r6, 0x1, &(0x7f00000000c0)=ANY=[]) r7 = socket$xdp(0x2c, 0x3, 0x0) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='mm_page_free\x00', r9}, 0x18) r10 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r10, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r8}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r11}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000180)={@link_local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0x8, 0x11, 0x0, @private1, @mcast2, {[], {0xfffc, 0xe22, 0x8}}}}}}, 0x0) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f00000001c0)={0x5, &(0x7f0000000080)=[{0x9, 0x81, 0xff, 0x4}, {0xfff, 0x7, 0x6, 0xd7}, {0xc, 0x2, 0x9, 0x5a5d}, {0x81, 0x9, 0x4, 0xfffffffd}, {0xb6b, 0xd, 0x8, 0x2}]}, 0x10) r12 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r12, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newsa={0x164, 0x10, 0x713, 0x70bd26, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x4e22, 0x1, 0x0, 0x3, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x32}, @in6=@local, {0x0, 0x0, 0x8, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x2, 0xfffffffffffffff8}, {0xc, 0x0, 0x2}, 0x70bd29, 0x0, 0x2, 0x1, 0x0, 0x28}, [@algo_aead={0x71, 0x12, {{'rfc4543(gcm(aes))\x00'}, 0x128, 0x80, "316f74eeac053deb73fc018493cc121927a9bcbfdaa207141b9a451c0e7e6112ba007be9f5"}}]}, 0x164}, 0x1, 0x0, 0x0, 0xc0}, 0x0) unshare(0x4000000) r13 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) ioctl$TCSETS(r13, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"}) syz_open_pts(r13, 0x0) socket$tipc(0x1e, 0x5, 0x0) 5.122171421s ago: executing program 2 (id=1366): r0 = socket$unix(0x1, 0x2, 0x0) connect$unix(r0, &(0x7f0000002800)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async) connect$unix(r0, &(0x7f0000002800)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) (async) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) socket$netlink(0x10, 0x3, 0x10) (async) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)={0x34, r4, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x8000) (async) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)={0x34, r4, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x8000) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r5}, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/oops_count', 0x400, 0x8) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000000), r7) sendmsg$NLBL_MGMT_C_ADDDEF(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000000400000014000500fc01000000000000000000000000080008000200050000000a0006"], 0x4c}}, 0x0) sendmsg$NLBL_MGMT_C_ADD(r6, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0x64, r8, 0x300, 0x70bd2a, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_CV4DOI={0x8}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @local}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x8}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @empty}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast2}]}, 0x64}, 0x1, 0x0, 0x0, 0x40001}, 0x4000000) 1.038613377s ago: executing program 4 (id=1483): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYBLOB="dfbf00000000000000006700000008000300", @ANYRES32=r0, @ANYBLOB="0800c300741300000800c4"], 0x30}, 0x1, 0x0, 0x0, 0x240408c3}, 0x0) 979.222092ms ago: executing program 4 (id=1486): r0 = syz_io_uring_setup(0x1370, &(0x7f00000000c0)={0x0, 0x49fa, 0x10, 0x0, 0x50}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000140)=[0xffffffffffffffff], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="05f00088dc000000dd102000000000000fa00000000000009500000000000000b77d8800ec10a34a98161d5c24d9cbb6eab3fc2ebe7d938e68178001c66729b3dca64d514b6cd5cc88a6109e2b18194eda606dc4e46523d628ec53db6dbd5e9871003da0"], &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[0xffffffffffffffff], 0x1}) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x114, &(0x7f0000000000), 0x0, 0x4) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) unshare(0x28000600) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r4, 0x0, 0x2}, 0x18) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r6, 0x0, &(0x7f00000006c0)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7, 0x0, 0x400}, 0x18) accept(r5, &(0x7f0000000500)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, &(0x7f0000000580)=0x80) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2000008, &(0x7f00000003c0), 0xfc, 0x550, &(0x7f0000001780)="$eJzs3c9vHFcdAPDvTHYTJ3G6LnCASi2FFiUVZDeuaWtxKEVCcKqEKJyDsTeWlbU3yq7b2KrA+QuQEAIkTnDhgsQfgFRF4sKxQqoEZ5CKQIimIMEBOmh3Z9dhM2uvy/pH1p+PNJ733uzM971dz483M5oJ4NR6OiJeiYgPsix7LiIqeXmaD7HTGzqfe//+m8udIYkse+1vSSR52fAyL+azzUTE178a8e3k4bitre2bS41GqZ+vtddv1Vpb21fX1pdW66v1jYWF+RcXX1p8YfFaxFv/fzsvRcTLX/7TD7/386+8/Nbn3vjj9b9c+U6nWrP59KJ2jKm018Re08vnZoZmuP0hg51EnfaU+5nz481z9xDrAwDAaJ1j/I9ExKcj4rmoxJm9D2cBAACAR1D2xdn4dxKRFTs7ohwAAAB4hKTde2CTtJrfCzAbaVqt9u7h/VhcSBvNVvuzN5qbGyu9e2XnopzeWGvUr+X3Cs9FOenk57vp3fzzQ/mFiHg8In5QOd/NV5ebjZXjPvkBAAAAp8TFof7/Pyq9/j8AAAAwZeb2nlw5qnoAAAAAh2ef/j8AAAAwBfT/AQAAYKp97dVXO0PWf//1yutbmzebr19dqbduVtc3l6vLzdu3qqvN5mr3mX3r+y2v0Wze+nxsbN6pteutdq21tX19vbm50b6+FjNH0iAAAADgIY9/8t7vk4jY+cL57tBx9rgrBRyJ0iCV5OOCtf8Pj/XG7x5RpYAjcWbklHSQevdc8SccJ8CjrTRcMGJdB6ZP+bgrABy7ZJ/pQzfvXBik3s7Hn5p8nQAAgMm6/Ini6/+jrwv07aRHUD3gEFmJ4fQa2s9n3vUDp0f3+v+4N/I4WICpUh6jpw9MtwNe/9/19rgRsuxAFQIAACZutjskaTU/vTcbaVqtRlzqvhagnNxYa9SvRcRjEfG7SvlcJz/fnTPZt88AAAAAAAAAAAAAAAAAAAAAAAAAAPRkWRIZAAAAMNUi0j8nv+49y/9y5dnZ4fMDZ5N/dV8JfDYi3vjJaz+6s9Ru357vlL83KG//OC9//jjOYAAAAADD+v307vifx10bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKbN+/ffXO4PY3z8/KTi/vVLETFXFL8UM93xTJQj4sLfkyg9MF8SEWcmEH/nbkR8vCh+0qnWIGRR/El8CfvEj7n8WyiKf3EC8eE0u9fZ/rxStP6l8XR3XLz+lSL+J/9hjd7+xWD7d2bE+n9pzBhPvPPL2sj4dyOeKBVvf/rxkxHxnxkz/re+sb09alr204jL/f1Pd4s3iDDzYKxae/1WrbW1fXVtfWm1vlrfWFiYf3HxpcUXFq/Vbqw16vnfwhjff/JXH+zV/guF+78kr83o9j9bsLyifdJ/3rlz/6P9zM7D8a88UxD/Nz/LP5HHT3bnSfM4n8nTSSSD8mSn930+6Klf/Papvdq/stv+8kF+/yujFjrsoRXlyXH/dQCAQ9Da2r651GjUb09totNLPwHVOPREVun9oielPkOJb753Av/ZvjvRBWZZlnV+gYJJ9yJinOUkMeGWpsX12U2M/FGOecMEAABM3O5B/2SupwMAAAAAAAAAAAAAAAAAAAAHdxRPWRuOufsI5GQSj9AGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJiI/wYAAP//in3QFg==") bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0xa, 0x0, 0x0, 0x40f00, 0x60, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route(r8, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)=@ipv6_getnetconf={0x2c, 0x52, 0x8, 0x70bd2b, 0x25dfdbfc, {}, [@NETCONFA_IFINDEX={0x8}, @NETCONFA_FORWARDING={0x8, 0x2, 0x8}, @NETCONFA_RP_FILTER={0x8, 0x3, 0x80000000}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000500)='kmem_cache_free\x00', r9}, 0x18) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r10, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r11, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054) socket$vsock_stream(0x28, 0x1, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000780), 0x6}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000002c0)=""/29}, 0x20) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[], 0xe8}, 0x1, 0x0, 0x0, 0x40040000}, 0x0) 759.910519ms ago: executing program 0 (id=1493): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000300)={'vxcan1\x00', 0x0}) bind$can_raw(r2, &(0x7f0000000000)={0x1d, r3}, 0x10) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) 725.852192ms ago: executing program 1 (id=1494): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="dfbf00000000000000006700000008000300", @ANYBLOB="0800c3"], 0x30}, 0x1, 0x0, 0x0, 0x240408c3}, 0x0) 636.328389ms ago: executing program 4 (id=1495): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x0, 0x1}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x200000, 0x3}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000500)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x10001}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) sendmsg$tipc(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000090}, 0x95) setsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000000), 0x4) r3 = dup3(r0, r2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000ff7f000000000000d69d000018400000ffffffff000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000186400000600000000000000ff7f0000186b0000090000000000000004000000185b000004000000000000da19000000b708000000b7080000090000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a50000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000050100008500000006000000181a0000", @ANYRES32=r3, @ANYBLOB="00000000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x1000, 0x2, &(0x7f00000000c0)=""/2, 0x40f00, 0x32, '\x00', 0x0, @sched_cls=0x37, r3, 0x8, &(0x7f0000000300)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000340)={0x3, 0x3, 0xfff, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x5, 0x0, &(0x7f0000000380)=[{0x4, 0x3, 0xd, 0x5}, {0x5, 0x5, 0x10}, {0x3, 0x4, 0x6, 0x9}, {0x5, 0x5, 0xa, 0x5}, {0x3, 0x2, 0xa, 0x3}], 0x10, 0x9}, 0x94) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r3, 0x0, 0x0) setsockopt$TIPC_GROUP_LEAVE(r3, 0x10f, 0x88) 600.503392ms ago: executing program 1 (id=1496): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[@ANYRES16=r0, @ANYBLOB="dfbf00000000000000006700000008000300", @ANYRES32=r0, @ANYBLOB="0800c300741300000800c4"], 0x30}, 0x1, 0x0, 0x0, 0x240408c3}, 0x0) 589.190143ms ago: executing program 1 (id=1497): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000040)={[{@grpquota}, {@nogrpid}, {@noinit_itable}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r1) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r1, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x48, r3, 0x8, 0x70bd25, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xc00000}, {0x6, 0x11, 0x7fff}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000c0}, 0x20040000) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f00000006c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x1e00, 0x4, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000ac0)=[{0x1, 0x3, 0xf, 0x4}, {0x4, 0x4, 0xb, 0x8}, {0x3, 0x4, 0xc, 0x1}], 0x10, 0x8a2}, 0x94) r5 = socket$kcm(0xa, 0x2, 0x0) sendmsg$sock(r5, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0}, 0x0) msgrcv(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x3000) recvmsg$kcm(r5, 0x0, 0x12160) quotactl$Q_QUOTAOFF(0xffffffff80000301, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) fcntl$notify(r2, 0x402, 0x8000003c) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$NFT_MSG_GETSETELEM(r0, 0x0, 0x8000) openat$tun(0xffffffffffffff9c, 0x0, 0x2040, 0x0) r6 = socket(0x10, 0x803, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x4}}}, 0x24}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newlink={0x58, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r8, 0x0, 0x3114}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x28, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_LIMIT={0x5, 0x6, 0xee}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x3}]}}}]}, 0x58}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="9c0000001000010400"/20, @ANYRES32=r8, @ANYBLOB="8750a754ac0000007c0012800b000100697036746e6c00106c000280140002000000000000000000000000000000000114000200fe8000000000000000000000000000aa14000300fe8000"/87, @ANYRES32=r8, @ANYBLOB], 0x9c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090) connect$netlink(r0, &(0x7f0000000080)=@proc={0x10, 0x0, 0x25dfdbff, 0x10000}, 0xc) openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0xa02, 0x0) io_setup(0x7ff, &(0x7f0000000680)) 564.744235ms ago: executing program 0 (id=1498): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0xffffff1f, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x117, 0x2048a}}, 0x20}}, 0x24008000) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000200)=0x7bc, 0x4) bind$inet(r1, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x300) setsockopt$inet_int(r1, 0x0, 0x12, &(0x7f0000000080)=0x1f5, 0x4) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7fe, 0xf83, 0x8}, 0x1c) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000280)) r3 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r3, &(0x7f00000005c0)="599647365af6", 0x6, 0x0, &(0x7f0000000100)={0x11, 0x88a8, 0x0, 0x1, 0x3}, 0x14) 463.170283ms ago: executing program 0 (id=1499): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0xe) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r2, 0x2, 0x6}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000240)={r2, 0x1, 0x6, @multicast}, 0x10) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) 462.296083ms ago: executing program 1 (id=1500): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e0000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000300)={'vxcan1\x00', 0x0}) bind$can_raw(r2, &(0x7f0000000000)={0x1d, r3}, 0x10) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) 450.120584ms ago: executing program 3 (id=1501): bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000010000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008a7080000a4cab77c7b8af8ff00000000bfa200000000000207020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, 0x0) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045515, &(0x7f0000000080)={0x1, 0x1}) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = socket$isdn_base(0x22, 0x3, 0x0) bind$isdn_base(r2, &(0x7f0000000000)={0x22, 0x11, 0x71, 0x2, 0x8}, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021bc0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000900003808c000080080003400000000280000b807c000180090001006c617374000000006c000280080001400000000508000140000000090c0002"], 0x140}}, 0x0) 389.215729ms ago: executing program 1 (id=1502): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000240)='devpts\x00', 0x1010401, 0x0) mkdir(&(0x7f0000000000)='./control\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2060, 0x0) fcntl$setlease(r0, 0x400, 0x0) fremovexattr(r0, &(0x7f00000000c0)=@known='trusted.overlay.redirect\x00') fchmodat(r0, &(0x7f0000000040)='./control\x00', 0x141) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000140)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@quota}, {@resuid}, {@lazytime}]}, 0x1, 0x445, &(0x7f0000000200)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==") r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000008, 0x80091, r1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x2) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r6, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0x0, 0x100804, 0x0, 0xa, 0x10001, 0x0, 0x4, 0x0, 0x0, 0x4}) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r6, 0x40a85321, &(0x7f00000004c0)={{0x80}, 'port0\x00', 0x0, 0x121428, 0x7fff, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xe}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000df00000034000000340000040000000000000000000a0200000000000000000000d100000000000000000000000001000085000000000000000001000000000000000000"], 0x0, 0x4e}, 0x20) personality(0x400000) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0) 379.42961ms ago: executing program 0 (id=1503): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b800294429118927"], 0xfdef) (fail_nth: 10) 378.85502ms ago: executing program 3 (id=1504): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b70300"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0, 0x7ff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={0x0, r0}, 0x18) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x40, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b2518", 0x0, 0x24, 0x60000000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001700)={{}, &(0x7f0000001680), &(0x7f00000016c0)='%+9llu \x00'}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x8000000}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) r2 = socket$inet_sctp(0x2, 0x5, 0x84) close_range(r2, 0xffffffffffffffff, 0x0) 363.612291ms ago: executing program 3 (id=1505): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000380), &(0x7f0000000280)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x64002, 0x0) 341.253863ms ago: executing program 3 (id=1506): bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000010000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008a7080000a4cab77c7b8af8ff00000000bfa200000000000207020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, 0x0) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045515, &(0x7f0000000080)={0x1, 0x1}) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = socket$isdn_base(0x22, 0x3, 0x0) bind$isdn_base(r2, &(0x7f0000000000)={0x22, 0x11, 0x71, 0x2, 0x8}, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00'}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021bc0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000900003808c000080080003400000000280000b807c000180090001006c617374000000006c000280080001400000000508000140000000090c0002"], 0x140}}, 0x0) 286.891647ms ago: executing program 4 (id=1507): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[@ANYRES16=r0, @ANYBLOB="dfbf00000000000000006700000008000300", @ANYRES32=r0, @ANYBLOB="0800c300741300000800c4"], 0x30}, 0x1, 0x0, 0x0, 0x240408c3}, 0x0) 258.171699ms ago: executing program 4 (id=1508): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x8, 0x3, 0x4, 0x5}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000020002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x8) fchdir(r5) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f0000000600)={r2, 0x0, 0xa2, 0x0, &(0x7f00000004c0)="b21e9bb9760e5eddcc4519efe300dd3c7d6386a34e86c49afd46cd5eecd6ae8523567c17d74affdb0b763695cb542001da9678e990a3b9cc8565a367925fd80a54c329ee07365161006a284602954ec1ac62ed0cd5c0fbe5587badf543cb9fd0243ce5ee6c8415cfbf9a0dabc8c5a1298d25460ad626a452894a50c1f12fbc9a12a4236f45567471c01f131d288345ac8cc1e5bade3a1c532199347c9c406ae6c153", 0x0, 0xfffffffc, 0x0, 0x6d, 0x0, &(0x7f0000000580)="dc85966939206f6f677a3d65adf32a1fbf33415356be066888353f576d768173b7e6bbb7dfecbea58b9221fd660eaa5dffd29b25009fffe35d0cf7d18e6c2ebe00bb9569a543429d3a3d61dcf90d632fe2f719139e7eb2b356da72729153b3e31e86ad843de9eb2056587b6fbf", 0x0, 0x2, 0x0, 0x4}, 0x50) syz_open_dev$usbmon(&(0x7f0000000040), 0x5, 0x458402) lsetxattr$security_selinux(&(0x7f0000000400)='./file0\x00', &(0x7f0000000000), &(0x7f0000000280)='system_u:object_r:fsadm_exec_t:s0\x00', 0x22, 0x0) 73.102854ms ago: executing program 1 (id=1509): bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000010000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008a7080000a4cab77c7b8af8ff00000000bfa200000000000207020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, 0x0) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045515, &(0x7f0000000080)={0x1, 0x1}) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = socket$isdn_base(0x22, 0x3, 0x0) bind$isdn_base(r2, &(0x7f0000000000)={0x22, 0x11, 0x71, 0x2, 0x8}, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00'}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021bc0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000900003808c000080080003400000000280000b807c000180090001006c617374000000006c000280080001400000000508000140000000090c0002"], 0x140}}, 0x0) 52.986716ms ago: executing program 4 (id=1510): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000202300800000000025ad9835850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f00000d6000/0x1000)=nil, 0xfffffffffffffffd, 0x0, 0x0, 0x3ff, 0x0, 0x2, 0x4a, 0xe4}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={0x0, 0x10}, 0xc) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000600000000000000", @ANYRES32=0x1, @ANYBLOB="ffffffffffffff7f0500c579cf7ab74524e4c88f81a3783d45c452414a1af4b7db0055658a7dd629d88b5cb7847f390c1fd41dc12c2590cf6515cbf5c6ec202aefd6fef65bdbb3799527c2f15349afa10e2649d3cba527ab78d1a08e7f865e8219b36030ce", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="04000000040000000400"/28], 0x50) r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)=@generic={&(0x7f0000000300)='./bus\x00', 0x0, 0x8}, 0x18) r5 = socket(0x1e, 0x4, 0x0) r6 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffc}, 0x10) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2, 0x4}, 0x10) sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) r7 = dup3(r6, r5, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000002c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffff9]}, 0x0, 0x8) recvmmsg(r7, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0) unshare(0x24040400) r10 = socket$packet(0x11, 0x3, 0x300) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$packet_buf(r10, 0x107, 0x6, 0x0, 0x0) sync_file_range(0xffffffffffffffff, 0x80000000, 0xfffffffffffffffd, 0x6) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000440), &(0x7f0000000480)=r0}, 0x20) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18, r2, {0xa}}, './bus\x00'}) getpeername$packet(r12, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000017c0)=0x14) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001a00)={r12, 0x20, &(0x7f00000019c0)={&(0x7f0000001880)=""/152, 0x98, 0x0, &(0x7f0000001940)=""/110, 0x6e}}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000700)=@bpf_lsm={0x1d, 0x13, &(0x7f0000001b40)=ANY=[@ANYBLOB="18120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018250000", @ANYRES32=r0, @ANYRES16=r4, @ANYRES32=r11, @ANYRES64], &(0x7f0000000380)='syzkaller\x00', 0x3, 0x1000, &(0x7f00000007c0)=""/4096, 0x40f00, 0x21, '\x00', r13, 0x1b, r12, 0x8, &(0x7f0000001800)={0xfffffffd, 0x5}, 0x8, 0x10, &(0x7f0000001840)={0x4, 0x9, 0xfff, 0x2}, 0x10, r14, 0x0, 0x0, &(0x7f0000001a40)=[r3], 0x0, 0x10, 0x2653}, 0x94) 28.726168ms ago: executing program 3 (id=1511): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4, 0x0, 0x80000000}, 0x18) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) 3.69372ms ago: executing program 0 (id=1512): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e0000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000300)={'vxcan1\x00', 0x0}) bind$can_raw(r2, &(0x7f0000000000)={0x1d, r3}, 0x10) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) 3.34177ms ago: executing program 3 (id=1513): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0xe) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r2, 0x2, 0x6}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000240)={r2, 0x1, 0x6, @multicast}, 0x10) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) 0s ago: executing program 0 (id=1514): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0xffffff1f, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x117, 0x2048a}}, 0x20}}, 0x24008000) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000200)=0x7bc, 0x4) bind$inet(r1, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x300) setsockopt$inet_int(r1, 0x0, 0x12, &(0x7f0000000080)=0x1f5, 0x4) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7fe, 0xf83, 0x8}, 0x1c) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'ip_vti0\x00', 0x0}) r5 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r5, &(0x7f00000005c0)="599647365af6", 0x6, 0x0, &(0x7f0000000100)={0x11, 0x88a8, r4, 0x1, 0x3}, 0x14) setsockopt$inet_int(r1, 0x0, 0x14, &(0x7f0000000000)=0x40, 0x4) recvmmsg(r1, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}, 0x20001}], 0x1, 0x45833af92e4b39ff, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) kernel console output (not intermixed with test programs): acity change from 0 to 128 [ 77.073344][ T5889] loop4: detected capacity change from 0 to 1024 [ 77.092922][ T5887] loop0: detected capacity change from 0 to 512 [ 77.099670][ T5889] EXT4-fs: Ignoring removed nomblk_io_submit option [ 77.106371][ T5889] EXT4-fs: Ignoring removed i_version option [ 77.116005][ T5887] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.132759][ T5889] EXT4-fs: Mount option(s) incompatible with ext2 [ 77.204032][ T5887] ext4 filesystem being mounted at /149/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.260352][ T5902] loop4: detected capacity change from 0 to 1024 [ 77.282231][ T5902] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.306953][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.337067][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.376866][ T5918] futex_wake_op: syz.0.769 tries to shift op by -1; fix this program [ 77.478681][ T5927] loop0: detected capacity change from 0 to 512 [ 77.478808][ T5925] loop3: detected capacity change from 0 to 512 [ 77.506025][ T5925] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 77.536205][ T5925] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.775: Failed to acquire dquot type 1 [ 77.583124][ T5927] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.622687][ T5927] ext4 filesystem being mounted at /152/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.653489][ T5925] EXT4-fs (loop3): 1 truncate cleaned up [ 77.683638][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.718895][ T5938] $H: renamed from bond0 [ 77.725505][ T5938] $H: entered promiscuous mode [ 77.727669][ T5925] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.730572][ T5938] : entered promiscuous mode [ 77.730635][ T5938] bond_slave_1: entered promiscuous mode [ 77.814614][ T5942] loop4: detected capacity change from 0 to 512 [ 77.829932][ T5940] loop2: detected capacity change from 0 to 1024 [ 77.836821][ T5940] EXT4-fs: Ignoring removed nomblk_io_submit option [ 77.843488][ T5940] EXT4-fs: Ignoring removed i_version option [ 77.864968][ T5940] EXT4-fs: Mount option(s) incompatible with ext2 [ 77.873370][ T5942] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 77.908039][ T5942] EXT4-fs (loop4): 1 truncate cleaned up [ 77.914196][ T5942] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.930972][ T5944] loop0: detected capacity change from 0 to 512 [ 77.939065][ T5944] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 77.957062][ T5944] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 77.965094][ T5944] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 77.986003][ T5944] System zones: 0-1, 15-15, 18-18, 34-34 [ 77.989700][ T5950] loop2: detected capacity change from 0 to 128 [ 77.991828][ T5944] EXT4-fs (loop0): orphan cleanup on readonly fs [ 78.004582][ T5944] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 78.004904][ T5950] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 78.019104][ T5944] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 78.049800][ T5944] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.781: bg 0: block 40: padding at end of block bitmap is not set [ 78.059886][ T5950] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 78.083207][ T5944] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 78.096672][ T5944] EXT4-fs (loop0): 1 truncate cleaned up [ 78.109009][ T5953] __nla_validate_parse: 3 callbacks suppressed [ 78.109024][ T5953] netlink: 176 bytes leftover after parsing attributes in process `syz.3.782'. [ 78.223594][ T5962] netlink: 12 bytes leftover after parsing attributes in process `syz.2.783'. [ 78.267001][ T5964] loop4: detected capacity change from 0 to 1024 [ 78.295531][ T5964] EXT4-fs: Ignoring removed orlov option [ 78.302605][ T5970] loop0: detected capacity change from 0 to 512 [ 78.326221][ T5970] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 78.346777][ T5964] FAULT_INJECTION: forcing a failure. [ 78.346777][ T5964] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 78.360044][ T5964] CPU: 1 UID: 0 PID: 5964 Comm: syz.4.788 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 78.360072][ T5964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 78.360082][ T5964] Call Trace: [ 78.360087][ T5964] [ 78.360097][ T5964] __dump_stack+0x1d/0x30 [ 78.360118][ T5964] dump_stack_lvl+0xe8/0x140 [ 78.360138][ T5964] dump_stack+0x15/0x1b [ 78.360153][ T5964] should_fail_ex+0x265/0x280 [ 78.360176][ T5964] should_fail_alloc_page+0xf2/0x100 [ 78.360235][ T5964] alloc_pages_bulk_noprof+0xef/0x540 [ 78.360312][ T5964] copy_splice_read+0xf3/0x660 [ 78.360344][ T5964] ? __pfx_ext4_file_splice_read+0x10/0x10 [ 78.360421][ T5964] splice_direct_to_actor+0x290/0x680 [ 78.360442][ T5964] ? __pfx_direct_splice_actor+0x10/0x10 [ 78.360467][ T5964] do_splice_direct+0xda/0x150 [ 78.360525][ T5964] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 78.360550][ T5964] do_sendfile+0x380/0x650 [ 78.360581][ T5964] __x64_sys_sendfile64+0x105/0x150 [ 78.360609][ T5964] x64_sys_call+0x2bb0/0x2ff0 [ 78.360669][ T5964] do_syscall_64+0xd2/0x200 [ 78.360689][ T5964] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 78.360712][ T5964] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 78.360805][ T5964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.360860][ T5964] RIP: 0033:0x7f250418ebe9 [ 78.360878][ T5964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.360895][ T5964] RSP: 002b:00007f2502bef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 78.360963][ T5964] RAX: ffffffffffffffda RBX: 00007f25043b5fa0 RCX: 00007f250418ebe9 [ 78.360977][ T5964] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000006 [ 78.360990][ T5964] RBP: 00007f2502bef090 R08: 0000000000000000 R09: 0000000000000000 [ 78.361002][ T5964] R10: 000000000003ffff R11: 0000000000000246 R12: 0000000000000001 [ 78.361013][ T5964] R13: 00007f25043b6038 R14: 00007f25043b5fa0 R15: 00007ffcbf74f3c8 [ 78.361033][ T5964] [ 78.567476][ T5977] loop3: detected capacity change from 0 to 1024 [ 78.579060][ T5977] EXT4-fs: Ignoring removed nomblk_io_submit option [ 78.585713][ T5977] EXT4-fs: Ignoring removed i_version option [ 78.595127][ T5970] __quota_error: 485 callbacks suppressed [ 78.595142][ T5970] Quota error (device loop0): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 78.610950][ T5970] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 78.620873][ T5970] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.791: Failed to acquire dquot type 1 [ 78.662501][ T5977] EXT4-fs: Mount option(s) incompatible with ext2 [ 78.675919][ T5970] EXT4-fs (loop0): 1 truncate cleaned up [ 78.703011][ T5985] netlink: 176 bytes leftover after parsing attributes in process `syz.4.796'. [ 78.739204][ T29] audit: type=1400 audit(1754852296.364:5164): avc: denied { attach_queue } for pid=5986 comm="syz.1.797" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 78.892794][ T5994] loop1: detected capacity change from 0 to 1024 [ 78.957954][ T5999] loop3: detected capacity change from 0 to 512 [ 78.990450][ T29] audit: type=1326 audit(1754852296.614:5165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6001 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf49d9ebe9 code=0x7ffc0000 [ 79.031084][ T29] audit: type=1326 audit(1754852296.614:5166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6001 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcf49d9ebe9 code=0x7ffc0000 [ 79.054455][ T29] audit: type=1326 audit(1754852296.614:5167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6001 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf49d9ebe9 code=0x7ffc0000 [ 79.061007][ T5999] ext4 filesystem being mounted at /149/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 79.077884][ T29] audit: type=1326 audit(1754852296.614:5168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6001 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcf49d9ebe9 code=0x7ffc0000 [ 79.111426][ T29] audit: type=1326 audit(1754852296.614:5169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6001 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf49d9ebe9 code=0x7ffc0000 [ 79.134908][ T29] audit: type=1326 audit(1754852296.614:5170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6001 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7fcf49d9ebe9 code=0x7ffc0000 [ 79.158304][ T29] audit: type=1326 audit(1754852296.614:5171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6001 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf49d9ebe9 code=0x7ffc0000 [ 79.334748][ T6020] FAULT_INJECTION: forcing a failure. [ 79.334748][ T6020] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 79.347879][ T6020] CPU: 1 UID: 0 PID: 6020 Comm: syz.0.809 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 79.347907][ T6020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 79.347944][ T6020] Call Trace: [ 79.347950][ T6020] [ 79.348019][ T6020] __dump_stack+0x1d/0x30 [ 79.348037][ T6020] dump_stack_lvl+0xe8/0x140 [ 79.348147][ T6020] dump_stack+0x15/0x1b [ 79.348162][ T6020] should_fail_ex+0x265/0x280 [ 79.348184][ T6020] should_fail+0xb/0x20 [ 79.348203][ T6020] should_fail_usercopy+0x1a/0x20 [ 79.348224][ T6020] _copy_from_user+0x1c/0xb0 [ 79.348294][ T6020] copy_from_bpfptr+0x5c/0x90 [ 79.348321][ T6020] bpf_prog_load+0x74a/0x1070 [ 79.348376][ T6020] ? security_bpf+0x2b/0x90 [ 79.348416][ T6020] __sys_bpf+0x462/0x7b0 [ 79.348449][ T6020] __x64_sys_bpf+0x41/0x50 [ 79.348474][ T6020] x64_sys_call+0x2aea/0x2ff0 [ 79.348491][ T6020] do_syscall_64+0xd2/0x200 [ 79.348514][ T6020] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 79.348534][ T6020] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 79.348609][ T6020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.348631][ T6020] RIP: 0033:0x7fcf49d9ebe9 [ 79.348646][ T6020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.348664][ T6020] RSP: 002b:00007fcf487ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 79.348684][ T6020] RAX: ffffffffffffffda RBX: 00007fcf49fc5fa0 RCX: 00007fcf49d9ebe9 [ 79.348696][ T6020] RDX: 0000000000000094 RSI: 0000200000000500 RDI: 0000000000000005 [ 79.348784][ T6020] RBP: 00007fcf487ff090 R08: 0000000000000000 R09: 0000000000000000 [ 79.348797][ T6020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 79.348808][ T6020] R13: 00007fcf49fc6038 R14: 00007fcf49fc5fa0 R15: 00007ffc61826248 [ 79.348825][ T6020] [ 79.669535][ T6023] loop0: detected capacity change from 0 to 512 [ 79.713760][ T6023] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 79.796538][ T6023] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.810: Failed to acquire dquot type 1 [ 79.820594][ T6023] EXT4-fs (loop0): 1 truncate cleaned up [ 80.074184][ T6030] IPv6: Can't replace route, no match found [ 80.181700][ T6040] loop3: detected capacity change from 0 to 1024 [ 80.255981][ T6048] FAULT_INJECTION: forcing a failure. [ 80.255981][ T6048] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 80.269087][ T6048] CPU: 0 UID: 0 PID: 6048 Comm: syz.4.819 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 80.269190][ T6048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 80.269202][ T6048] Call Trace: [ 80.269207][ T6048] [ 80.269214][ T6048] __dump_stack+0x1d/0x30 [ 80.269268][ T6048] dump_stack_lvl+0xe8/0x140 [ 80.269309][ T6048] dump_stack+0x15/0x1b [ 80.269323][ T6048] should_fail_ex+0x265/0x280 [ 80.269340][ T6048] should_fail+0xb/0x20 [ 80.269355][ T6048] should_fail_usercopy+0x1a/0x20 [ 80.269373][ T6048] _copy_from_user+0x1c/0xb0 [ 80.269443][ T6048] copy_from_bpfptr+0x5c/0x90 [ 80.269466][ T6048] bpf_prog_load+0x74a/0x1070 [ 80.269516][ T6048] ? security_bpf+0x2b/0x90 [ 80.269542][ T6048] __sys_bpf+0x462/0x7b0 [ 80.269628][ T6048] __x64_sys_bpf+0x41/0x50 [ 80.269648][ T6048] x64_sys_call+0x2aea/0x2ff0 [ 80.269666][ T6048] do_syscall_64+0xd2/0x200 [ 80.269710][ T6048] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 80.269763][ T6048] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 80.269792][ T6048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.269810][ T6048] RIP: 0033:0x7f250418ebe9 [ 80.269822][ T6048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.269836][ T6048] RSP: 002b:00007f2502bef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 80.269853][ T6048] RAX: ffffffffffffffda RBX: 00007f25043b5fa0 RCX: 00007f250418ebe9 [ 80.269863][ T6048] RDX: 0000000000000094 RSI: 0000200000000500 RDI: 0000000000000005 [ 80.269921][ T6048] RBP: 00007f2502bef090 R08: 0000000000000000 R09: 0000000000000000 [ 80.269970][ T6048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 80.269980][ T6048] R13: 00007f25043b6038 R14: 00007f25043b5fa0 R15: 00007ffcbf74f3c8 [ 80.269996][ T6048] [ 80.520827][ T6061] loop1: detected capacity change from 0 to 512 [ 80.534744][ T6062] loop0: detected capacity change from 0 to 1024 [ 80.535157][ T6063] loop4: detected capacity change from 0 to 1024 [ 80.542297][ T6061] ext4 filesystem being mounted at /185/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 80.547878][ T6063] EXT4-fs: Ignoring removed nomblk_io_submit option [ 80.558168][ T6062] EXT4-fs: Ignoring removed nomblk_io_submit option [ 80.564461][ T6063] EXT4-fs: Ignoring removed i_version option [ 80.571048][ T6062] EXT4-fs: Ignoring removed i_version option [ 80.577877][ T6063] EXT4-fs: Mount option(s) incompatible with ext2 [ 80.588478][ T6067] loop3: detected capacity change from 0 to 1024 [ 80.596403][ T6067] EXT4-fs: Ignoring removed nomblk_io_submit option [ 80.603045][ T6067] EXT4-fs: Ignoring removed i_version option [ 80.609355][ T6067] EXT4-fs: Mount option(s) incompatible with ext2 [ 80.617177][ T6062] EXT4-fs: Mount option(s) incompatible with ext2 [ 80.635566][ T6061] netlink: 44 bytes leftover after parsing attributes in process `syz.1.825'. [ 80.688180][ T6073] loop3: detected capacity change from 0 to 1024 [ 80.738156][ T6083] sctp: [Deprecated]: syz.3.831 (pid 6083) Use of struct sctp_assoc_value in delayed_ack socket option. [ 80.738156][ T6083] Use struct sctp_sack_info instead [ 80.779977][ T6090] loop0: detected capacity change from 0 to 512 [ 80.794454][ T6090] ext4 filesystem being mounted at /164/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 80.814181][ T6088] netlink: 'syz.4.834': attribute type 3 has an invalid length. [ 80.865448][ T6098] loop3: detected capacity change from 0 to 512 [ 80.912369][ T6098] ext4 filesystem being mounted at /156/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 80.958230][ T6098] netlink: 44 bytes leftover after parsing attributes in process `syz.3.837'. [ 80.972668][ T6109] loop0: detected capacity change from 0 to 1024 [ 80.979459][ T6109] EXT4-fs: Ignoring removed nomblk_io_submit option [ 80.986209][ T6109] EXT4-fs: Ignoring removed i_version option [ 81.002743][ T4385] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 81.013537][ T6108] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 81.020727][ T6108] IPv6: NLM_F_CREATE should be set when creating new route [ 81.041317][ T6111] FAULT_INJECTION: forcing a failure. [ 81.041317][ T6111] name failslab, interval 1, probability 0, space 0, times 0 [ 81.054002][ T6111] CPU: 1 UID: 0 PID: 6111 Comm: syz.2.841 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 81.054031][ T6111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 81.054043][ T6111] Call Trace: [ 81.054070][ T6111] [ 81.054077][ T6111] __dump_stack+0x1d/0x30 [ 81.054095][ T6111] dump_stack_lvl+0xe8/0x140 [ 81.054113][ T6111] dump_stack+0x15/0x1b [ 81.054128][ T6111] should_fail_ex+0x265/0x280 [ 81.054157][ T6111] should_failslab+0x8c/0xb0 [ 81.054177][ T6111] kmem_cache_alloc_node_noprof+0x57/0x320 [ 81.054269][ T6111] ? __alloc_skb+0x101/0x320 [ 81.054320][ T6111] __alloc_skb+0x101/0x320 [ 81.054348][ T6111] ? audit_log_start+0x365/0x6c0 [ 81.054405][ T6111] audit_log_start+0x380/0x6c0 [ 81.054473][ T6111] ? __rcu_read_unlock+0x4f/0x70 [ 81.054492][ T6111] audit_seccomp+0x48/0x100 [ 81.054587][ T6111] ? __seccomp_filter+0x68c/0x10d0 [ 81.054677][ T6111] __seccomp_filter+0x69d/0x10d0 [ 81.054700][ T6111] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 81.054727][ T6111] ? vfs_write+0x7e8/0x960 [ 81.054747][ T6111] ? __rcu_read_unlock+0x4f/0x70 [ 81.054766][ T6111] ? __fget_files+0x184/0x1c0 [ 81.054850][ T6111] __secure_computing+0x82/0x150 [ 81.054867][ T6111] syscall_trace_enter+0xcf/0x1e0 [ 81.054905][ T6111] do_syscall_64+0xac/0x200 [ 81.054926][ T6111] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 81.054955][ T6111] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 81.055050][ T6111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.055116][ T6111] RIP: 0033:0x7f9c5fe6d5fc [ 81.055130][ T6111] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 81.055144][ T6111] RSP: 002b:00007f9c5e8cf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 81.055161][ T6111] RAX: ffffffffffffffda RBX: 00007f9c60095fa0 RCX: 00007f9c5fe6d5fc [ 81.055171][ T6111] RDX: 000000000000000f RSI: 00007f9c5e8cf0a0 RDI: 0000000000000005 [ 81.055182][ T6111] RBP: 00007f9c5e8cf090 R08: 0000000000000000 R09: 0000000000000000 [ 81.055193][ T6111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 81.055274][ T6111] R13: 00007f9c60096038 R14: 00007f9c60095fa0 R15: 00007ffd2b0767d8 [ 81.055293][ T6111] [ 81.302433][ T6109] EXT4-fs: Mount option(s) incompatible with ext2 [ 81.329969][ T6122] netlink: 104 bytes leftover after parsing attributes in process `syz.4.847'. [ 81.332865][ T6121] loop2: detected capacity change from 0 to 512 [ 81.347898][ T6121] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 81.372998][ T6114] loop1: detected capacity change from 0 to 1024 [ 81.382720][ T6121] EXT4-fs (loop2): 1 truncate cleaned up [ 81.421998][ T6129] loop4: detected capacity change from 0 to 512 [ 81.438470][ T6129] ext4 filesystem being mounted at /177/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 81.530474][ T6128] netlink: 4 bytes leftover after parsing attributes in process `syz.4.849'. [ 81.595677][ T6152] loop1: detected capacity change from 0 to 128 [ 82.046495][ T6174] $H: renamed from bond0 (while UP) [ 82.053931][ T6174] $H: entered promiscuous mode [ 82.058980][ T6174] bond_slave_0: entered promiscuous mode [ 82.064706][ T6174] bond_slave_1: entered promiscuous mode [ 82.075387][ T6172] loop4: detected capacity change from 0 to 1024 [ 82.082394][ T6172] EXT4-fs: Ignoring removed nomblk_io_submit option [ 82.089079][ T6172] EXT4-fs: Ignoring removed i_version option [ 82.095773][ T6172] EXT4-fs: Mount option(s) incompatible with ext2 [ 82.288527][ T6191] loop3: detected capacity change from 0 to 1024 [ 82.295903][ T6189] loop2: detected capacity change from 0 to 512 [ 82.314049][ T6189] ext4 filesystem being mounted at /163/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.325420][ T6193] loop4: detected capacity change from 0 to 164 [ 82.336633][ T6193] iso9660: Unknown parameter '0xffffffffffffffff0x000000000000ee01' [ 82.354432][ T6191] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.872: Allocating blocks 449-513 which overlap fs metadata [ 82.455605][ T6206] FAULT_INJECTION: forcing a failure. [ 82.455605][ T6206] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 82.468691][ T6206] CPU: 1 UID: 0 PID: 6206 Comm: +}[@ Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 82.468760][ T6206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 82.468772][ T6206] Call Trace: [ 82.468779][ T6206] [ 82.468785][ T6206] __dump_stack+0x1d/0x30 [ 82.468878][ T6206] dump_stack_lvl+0xe8/0x140 [ 82.469056][ T6206] dump_stack+0x15/0x1b [ 82.469070][ T6206] should_fail_ex+0x265/0x280 [ 82.469088][ T6206] should_fail+0xb/0x20 [ 82.469107][ T6206] should_fail_usercopy+0x1a/0x20 [ 82.469129][ T6206] _copy_from_user+0x1c/0xb0 [ 82.469157][ T6206] ___sys_sendmsg+0xc1/0x1d0 [ 82.469195][ T6206] __x64_sys_sendmsg+0xd4/0x160 [ 82.469346][ T6206] x64_sys_call+0x191e/0x2ff0 [ 82.469367][ T6206] do_syscall_64+0xd2/0x200 [ 82.469388][ T6206] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 82.469409][ T6206] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 82.469434][ T6206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.469478][ T6206] RIP: 0033:0x7f789e0aebe9 [ 82.469493][ T6206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.469574][ T6206] RSP: 002b:00007f789cb17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 82.469591][ T6206] RAX: ffffffffffffffda RBX: 00007f789e2d5fa0 RCX: 00007f789e0aebe9 [ 82.469602][ T6206] RDX: 00000000000008d0 RSI: 0000200000000500 RDI: 0000000000000005 [ 82.469612][ T6206] RBP: 00007f789cb17090 R08: 0000000000000000 R09: 0000000000000000 [ 82.469623][ T6206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 82.469656][ T6206] R13: 00007f789e2d6038 R14: 00007f789e2d5fa0 R15: 00007ffc317261b8 [ 82.469700][ T6206] [ 82.502438][ T6190] EXT4-fs (loop3): pa ffff888107235770: logic 48, phys. 177, len 21 [ 82.646758][ T6212] loop1: detected capacity change from 0 to 1024 [ 82.650613][ T6190] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 82.667388][ T6212] EXT4-fs: Ignoring removed nomblk_io_submit option [ 82.674138][ T6212] EXT4-fs: Ignoring removed i_version option [ 82.691028][ T6212] EXT4-fs: Mount option(s) incompatible with ext2 [ 83.166533][ T6234] syzkaller0: entered allmulticast mode [ 83.177073][ T6234] syzkaller0: entered promiscuous mode [ 83.205080][ T6234] syzkaller0 (unregistering): left allmulticast mode [ 83.211898][ T6234] syzkaller0 (unregistering): left promiscuous mode [ 83.358331][ T6248] loop3: detected capacity change from 0 to 512 [ 83.381399][ T6248] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 83.405936][ T6248] EXT4-fs (loop3): 1 truncate cleaned up [ 83.502083][ T6255] loop4: detected capacity change from 0 to 512 [ 83.529517][ T6255] ext4 filesystem being mounted at /185/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 83.594025][ T6267] pim6reg: entered allmulticast mode [ 83.620718][ T6255] netlink: 44 bytes leftover after parsing attributes in process `syz.4.893'. [ 83.646601][ T6267] pim6reg: left allmulticast mode [ 83.653516][ T29] kauditd_printk_skb: 356 callbacks suppressed [ 83.653529][ T29] audit: type=1326 audit(1754852301.286:5524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6269 comm="syz.3.899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 83.683161][ T29] audit: type=1326 audit(1754852301.286:5525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6269 comm="syz.3.899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 83.706504][ T29] audit: type=1326 audit(1754852301.286:5526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6269 comm="syz.3.899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 83.730371][ T29] audit: type=1326 audit(1754852301.286:5527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6269 comm="syz.3.899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 83.753721][ T29] audit: type=1326 audit(1754852301.286:5528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6269 comm="syz.3.899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 83.777106][ T29] audit: type=1326 audit(1754852301.286:5529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6269 comm="syz.3.899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 83.800505][ T29] audit: type=1326 audit(1754852301.286:5530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6269 comm="syz.3.899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 83.823935][ T29] audit: type=1326 audit(1754852301.286:5531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6269 comm="syz.3.899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 83.847353][ T29] audit: type=1326 audit(1754852301.286:5532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6269 comm="syz.3.899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 83.870755][ T29] audit: type=1326 audit(1754852301.286:5533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6269 comm="syz.3.899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 83.974694][ T6288] loop0: detected capacity change from 0 to 1024 [ 83.984863][ T6291] loop2: detected capacity change from 0 to 512 [ 83.992095][ T6291] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 84.007296][ T6291] EXT4-fs (loop2): 1 truncate cleaned up [ 84.013168][ T6288] netlink: 8 bytes leftover after parsing attributes in process `syz.0.906'. [ 84.049129][ T6288] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.906: Allocating blocks 449-513 which overlap fs metadata [ 84.066017][ T6287] EXT4-fs (loop0): pa ffff888107262380: logic 48, phys. 177, len 21 [ 84.074128][ T6287] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 84.169244][ T6309] loop1: detected capacity change from 0 to 1024 [ 84.176139][ T6309] EXT4-fs: Ignoring removed nomblk_io_submit option [ 84.182783][ T6309] EXT4-fs: Ignoring removed i_version option [ 84.203506][ T6309] EXT4-fs: Mount option(s) incompatible with ext2 [ 84.218424][ T6313] FAULT_INJECTION: forcing a failure. [ 84.218424][ T6313] name failslab, interval 1, probability 0, space 0, times 0 [ 84.231179][ T6313] CPU: 0 UID: 0 PID: 6313 Comm: syz.0.916 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 84.231207][ T6313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 84.231219][ T6313] Call Trace: [ 84.231226][ T6313] [ 84.231233][ T6313] __dump_stack+0x1d/0x30 [ 84.231293][ T6313] dump_stack_lvl+0xe8/0x140 [ 84.231313][ T6313] dump_stack+0x15/0x1b [ 84.231330][ T6313] should_fail_ex+0x265/0x280 [ 84.231351][ T6313] should_failslab+0x8c/0xb0 [ 84.231375][ T6313] kmem_cache_alloc_node_noprof+0x57/0x320 [ 84.231410][ T6313] ? __alloc_skb+0x101/0x320 [ 84.231441][ T6313] __alloc_skb+0x101/0x320 [ 84.231469][ T6313] ? audit_log_start+0x365/0x6c0 [ 84.231498][ T6313] audit_log_start+0x380/0x6c0 [ 84.231562][ T6313] audit_seccomp+0x48/0x100 [ 84.231611][ T6313] ? __seccomp_filter+0x68c/0x10d0 [ 84.231633][ T6313] __seccomp_filter+0x69d/0x10d0 [ 84.231745][ T6313] ? _raw_spin_unlock+0x26/0x50 [ 84.231778][ T6313] __secure_computing+0x82/0x150 [ 84.231806][ T6313] syscall_trace_enter+0xcf/0x1e0 [ 84.231892][ T6313] do_syscall_64+0xac/0x200 [ 84.231955][ T6313] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 84.231979][ T6313] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 84.232000][ T6313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.232021][ T6313] RIP: 0033:0x7fcf49d9d5fc [ 84.232086][ T6313] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 84.232102][ T6313] RSP: 002b:00007fcf487ff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 84.232119][ T6313] RAX: ffffffffffffffda RBX: 00007fcf49fc5fa0 RCX: 00007fcf49d9d5fc [ 84.232130][ T6313] RDX: 000000000000000f RSI: 00007fcf487ff0a0 RDI: 0000000000000006 [ 84.232140][ T6313] RBP: 00007fcf487ff090 R08: 0000000000000000 R09: 0000000000000000 [ 84.232151][ T6313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 84.232162][ T6313] R13: 00007fcf49fc6038 R14: 00007fcf49fc5fa0 R15: 00007ffc61826248 [ 84.232229][ T6313] [ 84.484251][ T6319] netlink: 348 bytes leftover after parsing attributes in process `syz.0.918'. [ 84.502853][ T6319] futex_wake_op: syz.0.918 tries to shift op by -1; fix this program [ 84.529061][ T6321] loop1: detected capacity change from 0 to 512 [ 84.542084][ T6321] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 84.582670][ T6321] EXT4-fs (loop1): 1 truncate cleaned up [ 84.595750][ T6327] loop0: detected capacity change from 0 to 512 [ 84.636255][ T6327] ext4 filesystem being mounted at /176/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 84.657510][ T6315] netlink: 12 bytes leftover after parsing attributes in process `syz.3.917'. [ 84.816208][ T6342] ip6gre1: entered allmulticast mode [ 84.829591][ T6347] loop2: detected capacity change from 0 to 1024 [ 84.845209][ T6347] EXT4-fs: Ignoring removed nomblk_io_submit option [ 84.851966][ T6347] EXT4-fs: Ignoring removed i_version option [ 84.882786][ T6353] loop4: detected capacity change from 0 to 1024 [ 84.887736][ T6347] EXT4-fs: Mount option(s) incompatible with ext2 [ 84.899645][ T6356] loop3: detected capacity change from 0 to 512 [ 84.928623][ T6356] ext4 filesystem being mounted at /178/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 84.959385][ T6366] random: crng reseeded on system resumption [ 84.996237][ T6369] loop0: detected capacity change from 0 to 512 [ 85.004457][ T6369] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 85.021557][ T6369] EXT4-fs (loop0): 1 truncate cleaned up [ 85.044073][ T6375] loop3: detected capacity change from 0 to 4096 [ 85.053384][ T6373] loop2: detected capacity change from 0 to 8192 [ 85.069188][ T6373] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 85.137511][ T6373] netlink: 36 bytes leftover after parsing attributes in process `syz.2.941'. [ 85.146499][ T6373] netlink: 16 bytes leftover after parsing attributes in process `syz.2.941'. [ 85.155394][ T6373] netlink: 36 bytes leftover after parsing attributes in process `syz.2.941'. [ 85.164346][ T6373] netlink: 36 bytes leftover after parsing attributes in process `syz.2.941'. [ 85.174283][ T6373] netlink: 24 bytes leftover after parsing attributes in process `syz.2.941'. [ 85.322810][ T6399] loop3: detected capacity change from 0 to 512 [ 85.343448][ T6399] ext4 filesystem being mounted at /182/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 85.366429][ T6397] loop2: detected capacity change from 0 to 1024 [ 85.386235][ T6397] EXT4-fs: Ignoring removed nomblk_io_submit option [ 85.392911][ T6397] EXT4-fs: Ignoring removed i_version option [ 85.440539][ T6407] loop0: detected capacity change from 0 to 1024 [ 85.446911][ T6397] EXT4-fs: Mount option(s) incompatible with ext2 [ 85.473195][ T6412] netlink: 4 bytes leftover after parsing attributes in process `syz.4.956'. [ 85.487262][ T6407] EXT4-fs: Ignoring removed nomblk_io_submit option [ 85.494016][ T6407] EXT4-fs: Ignoring removed i_version option [ 85.501816][ T6407] EXT4-fs: Mount option(s) incompatible with ext2 [ 85.521141][ T6414] loop2: detected capacity change from 0 to 512 [ 85.527659][ T6414] EXT4-fs: Ignoring removed i_version option [ 85.534826][ T6414] ext4: Unknown parameter 'euid' [ 85.552954][ T6418] loop3: detected capacity change from 0 to 1024 [ 85.656455][ T6433] loop2: detected capacity change from 0 to 512 [ 85.691324][ T6433] ext4 filesystem being mounted at /186/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 85.822280][ T6451] loop4: detected capacity change from 0 to 512 [ 85.840314][ T6451] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 85.872811][ T6455] loop2: detected capacity change from 0 to 512 [ 85.886454][ T6451] EXT4-fs (loop4): 1 truncate cleaned up [ 85.894980][ T6455] ext4 filesystem being mounted at /188/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 85.906230][ T6462] FAULT_INJECTION: forcing a failure. [ 85.906230][ T6462] name failslab, interval 1, probability 0, space 0, times 0 [ 85.918916][ T6462] CPU: 0 UID: 0 PID: 6462 Comm: syz.0.977 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 85.918941][ T6462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 85.918951][ T6462] Call Trace: [ 85.918958][ T6462] [ 85.918966][ T6462] __dump_stack+0x1d/0x30 [ 85.919052][ T6462] dump_stack_lvl+0xe8/0x140 [ 85.919073][ T6462] dump_stack+0x15/0x1b [ 85.919090][ T6462] should_fail_ex+0x265/0x280 [ 85.919158][ T6462] should_failslab+0x8c/0xb0 [ 85.919183][ T6462] __kmalloc_node_track_caller_noprof+0xa4/0x410 [ 85.919211][ T6462] ? p9_client_create+0x207/0xbc0 [ 85.919292][ T6462] kstrdup+0x3e/0xd0 [ 85.919370][ T6462] p9_client_create+0x207/0xbc0 [ 85.919397][ T6462] v9fs_session_init+0xf7/0xde0 [ 85.919414][ T6462] ? ___slab_alloc+0x270/0x900 [ 85.919495][ T6462] ? avc_has_perm_noaudit+0x1b1/0x200 [ 85.919555][ T6462] ? v9fs_mount+0x51/0x5c0 [ 85.919574][ T6462] ? should_fail_ex+0xdb/0x280 [ 85.919591][ T6462] ? v9fs_mount+0x51/0x5c0 [ 85.919665][ T6462] ? __kmalloc_cache_noprof+0x189/0x320 [ 85.919695][ T6462] v9fs_mount+0x67/0x5c0 [ 85.919718][ T6462] ? selinux_capable+0x31/0x40 [ 85.919774][ T6462] ? __pfx_v9fs_mount+0x10/0x10 [ 85.919875][ T6462] legacy_get_tree+0x75/0xd0 [ 85.919976][ T6462] vfs_get_tree+0x54/0x1d0 [ 85.919998][ T6462] do_new_mount+0x207/0x5e0 [ 85.920020][ T6462] ? security_capable+0x83/0x90 [ 85.920044][ T6462] path_mount+0x4a4/0xb20 [ 85.920077][ T6462] ? user_path_at+0x109/0x130 [ 85.920112][ T6462] __se_sys_mount+0x28f/0x2e0 [ 85.920143][ T6462] ? fput+0x8f/0xc0 [ 85.920207][ T6462] __x64_sys_mount+0x67/0x80 [ 85.920226][ T6462] x64_sys_call+0x2b4d/0x2ff0 [ 85.920243][ T6462] do_syscall_64+0xd2/0x200 [ 85.920264][ T6462] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 85.920324][ T6462] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 85.920354][ T6462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.920375][ T6462] RIP: 0033:0x7fcf49d9ebe9 [ 85.920391][ T6462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.920406][ T6462] RSP: 002b:00007fcf487ff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 85.920583][ T6462] RAX: ffffffffffffffda RBX: 00007fcf49fc5fa0 RCX: 00007fcf49d9ebe9 [ 85.920594][ T6462] RDX: 0000200000000280 RSI: 0000200000000300 RDI: 0000000000000000 [ 85.920607][ T6462] RBP: 00007fcf487ff090 R08: 0000200000000340 R09: 0000000000000000 [ 85.920620][ T6462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 85.920632][ T6462] R13: 00007fcf49fc6038 R14: 00007fcf49fc5fa0 R15: 00007ffc61826248 [ 85.920728][ T6462] [ 86.286642][ T6474] syzkaller0: entered allmulticast mode [ 86.324641][ T6474] syzkaller0: entered promiscuous mode [ 86.358459][ T6472] syzkaller0: left promiscuous mode [ 86.363885][ T6472] syzkaller0: left allmulticast mode [ 86.369265][ T6485] FAULT_INJECTION: forcing a failure. [ 86.369265][ T6485] name failslab, interval 1, probability 0, space 0, times 0 [ 86.381950][ T6485] CPU: 0 UID: 0 PID: 6485 Comm: syz.3.987 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 86.381979][ T6485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 86.381992][ T6485] Call Trace: [ 86.381998][ T6485] [ 86.382006][ T6485] __dump_stack+0x1d/0x30 [ 86.382028][ T6485] dump_stack_lvl+0xe8/0x140 [ 86.382086][ T6485] dump_stack+0x15/0x1b [ 86.382104][ T6485] should_fail_ex+0x265/0x280 [ 86.382125][ T6485] ? tcf_action_init_1+0x11e/0x4a0 [ 86.382300][ T6485] should_failslab+0x8c/0xb0 [ 86.382325][ T6485] __kmalloc_cache_noprof+0x4c/0x320 [ 86.382356][ T6485] tcf_action_init_1+0x11e/0x4a0 [ 86.382451][ T6485] tcf_action_init+0x267/0x6d0 [ 86.382549][ T6485] ? mark_reg_read+0x59/0x340 [ 86.382590][ T6485] tc_ctl_action+0x291/0x830 [ 86.382654][ T6485] ? __pfx_tc_ctl_action+0x10/0x10 [ 86.382679][ T6485] rtnetlink_rcv_msg+0x65a/0x6d0 [ 86.382709][ T6485] netlink_rcv_skb+0x120/0x220 [ 86.382728][ T6485] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 86.382806][ T6485] rtnetlink_rcv+0x1c/0x30 [ 86.382830][ T6485] netlink_unicast+0x5c0/0x690 [ 86.382932][ T6485] netlink_sendmsg+0x58b/0x6b0 [ 86.382956][ T6485] ? __pfx_netlink_sendmsg+0x10/0x10 [ 86.382978][ T6485] __sock_sendmsg+0x145/0x180 [ 86.383004][ T6485] ____sys_sendmsg+0x31e/0x4e0 [ 86.383024][ T6485] ___sys_sendmsg+0x17b/0x1d0 [ 86.383099][ T6485] __x64_sys_sendmsg+0xd4/0x160 [ 86.383125][ T6485] x64_sys_call+0x191e/0x2ff0 [ 86.383144][ T6485] do_syscall_64+0xd2/0x200 [ 86.383165][ T6485] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 86.383307][ T6485] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 86.383374][ T6485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.383395][ T6485] RIP: 0033:0x7fe46f59ebe9 [ 86.383408][ T6485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.383498][ T6485] RSP: 002b:00007fe46e007038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 86.383518][ T6485] RAX: ffffffffffffffda RBX: 00007fe46f7c5fa0 RCX: 00007fe46f59ebe9 [ 86.383531][ T6485] RDX: 00000000000000c0 RSI: 0000200000000080 RDI: 0000000000000006 [ 86.383549][ T6485] RBP: 00007fe46e007090 R08: 0000000000000000 R09: 0000000000000000 [ 86.383562][ T6485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 86.383575][ T6485] R13: 00007fe46f7c6038 R14: 00007fe46f7c5fa0 R15: 00007ffc18c256e8 [ 86.383591][ T6485] [ 86.634513][ T6487] loop0: detected capacity change from 0 to 512 [ 86.671531][ T6489] loop1: detected capacity change from 0 to 1024 [ 86.682217][ T6487] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 86.692762][ T6489] EXT4-fs: Ignoring removed orlov option [ 86.698434][ T6489] ext4: Unknown parameter 'smackfstransmute' [ 86.754838][ T6487] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.988: Failed to acquire dquot type 1 [ 86.767490][ T6487] EXT4-fs (loop0): 1 truncate cleaned up [ 86.888926][ T6511] FAULT_INJECTION: forcing a failure. [ 86.888926][ T6511] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 86.902083][ T6511] CPU: 1 UID: 0 PID: 6511 Comm: syz.2.999 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 86.902109][ T6511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 86.902119][ T6511] Call Trace: [ 86.902124][ T6511] [ 86.902130][ T6511] __dump_stack+0x1d/0x30 [ 86.902223][ T6511] dump_stack_lvl+0xe8/0x140 [ 86.902243][ T6511] dump_stack+0x15/0x1b [ 86.902260][ T6511] should_fail_ex+0x265/0x280 [ 86.902359][ T6511] should_fail+0xb/0x20 [ 86.902376][ T6511] should_fail_usercopy+0x1a/0x20 [ 86.902396][ T6511] strncpy_from_user+0x25/0x230 [ 86.902423][ T6511] ? kmem_cache_alloc_noprof+0x186/0x310 [ 86.902445][ T6511] ? getname_flags+0x80/0x3b0 [ 86.902549][ T6511] getname_flags+0xae/0x3b0 [ 86.902576][ T6511] user_path_at+0x28/0x130 [ 86.902621][ T6511] __x64_sys_umount+0x85/0xe0 [ 86.902637][ T6511] x64_sys_call+0xdd2/0x2ff0 [ 86.902655][ T6511] do_syscall_64+0xd2/0x200 [ 86.902747][ T6511] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 86.902796][ T6511] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 86.902882][ T6511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.902929][ T6511] RIP: 0033:0x7f9c5fe6ebe9 [ 86.902944][ T6511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.902960][ T6511] RSP: 002b:00007f9c5e8cf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 86.902977][ T6511] RAX: ffffffffffffffda RBX: 00007f9c60095fa0 RCX: 00007f9c5fe6ebe9 [ 86.902988][ T6511] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 86.902998][ T6511] RBP: 00007f9c5e8cf090 R08: 0000000000000000 R09: 0000000000000000 [ 86.903008][ T6511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 86.903068][ T6511] R13: 00007f9c60096038 R14: 00007f9c60095fa0 R15: 00007ffd2b0767d8 [ 86.903088][ T6511] [ 87.117854][ T6515] syzkaller0: entered allmulticast mode [ 87.128371][ T6517] loop2: detected capacity change from 0 to 1024 [ 87.149492][ T6515] syzkaller0: entered promiscuous mode [ 87.157289][ T6515] syzkaller0 (unregistering): left allmulticast mode [ 87.164028][ T6515] syzkaller0 (unregistering): left promiscuous mode [ 87.174690][ T6517] EXT4-fs: Ignoring removed nomblk_io_submit option [ 87.181357][ T6517] EXT4-fs: Ignoring removed i_version option [ 87.197803][ T6523] loop1: detected capacity change from 0 to 512 [ 87.204364][ T6517] EXT4-fs: Mount option(s) incompatible with ext2 [ 87.207313][ T6521] loop0: detected capacity change from 0 to 1024 [ 87.223622][ T6523] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 87.233930][ T6521] EXT4-fs: Ignoring removed nomblk_io_submit option [ 87.240699][ T6521] EXT4-fs: Ignoring removed i_version option [ 87.247134][ T6521] EXT4-fs: Mount option(s) incompatible with ext2 [ 87.253433][ T6525] loop3: detected capacity change from 0 to 512 [ 87.261164][ T6523] EXT4-fs (loop1): 1 truncate cleaned up [ 87.279290][ T6529] loop2: detected capacity change from 0 to 512 [ 87.296063][ T6529] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 87.326253][ T6525] ext4 filesystem being mounted at /192/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 87.339751][ T6529] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.1006: bg 0: block 104: invalid block bitmap [ 87.364757][ T6529] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 87.379426][ T6529] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.1006: invalid indirect mapped block 1 (level 1) [ 87.409348][ T6529] EXT4-fs (loop2): 1 truncate cleaned up [ 87.489351][ T6556] loop0: detected capacity change from 0 to 512 [ 87.528102][ T6556] ext4 filesystem being mounted at /202/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 87.538511][ T6563] loop4: detected capacity change from 0 to 512 [ 87.561379][ T6562] loop2: detected capacity change from 0 to 512 [ 87.576473][ T6562] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 87.587773][ T6562] EXT4-fs (loop2): 1 truncate cleaned up [ 87.605101][ T6563] ext4 filesystem being mounted at /203/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 87.625670][ T6567] syzkaller0: entered allmulticast mode [ 87.670202][ T6567] syzkaller0: entered promiscuous mode [ 87.677384][ T6567] syzkaller0 (unregistering): left allmulticast mode [ 87.684224][ T6567] syzkaller0 (unregistering): left promiscuous mode [ 87.819319][ T6592] loop4: detected capacity change from 0 to 512 [ 87.840550][ T6592] ext4 filesystem being mounted at /207/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 87.914141][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 87.921822][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 87.931566][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 87.939296][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 87.946670][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x2 [ 87.954124][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 87.961512][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 87.968903][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 87.976295][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 87.983842][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 87.991329][ T6606] loop2: detected capacity change from 0 to 1024 [ 88.031511][ T6612] loop4: detected capacity change from 0 to 512 [ 88.047728][ T6614] net_ratelimit: 325 callbacks suppressed [ 88.047809][ T6614] openvswitch: netlink: Message has 6 unknown bytes. [ 88.089754][ T6612] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 88.105551][ T36] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 88.143986][ T6612] EXT4-fs (loop4): 1 truncate cleaned up [ 88.203331][ T6623] netem: change failed [ 88.232242][ T6623] raw_sendmsg: syz.1.1040 forgot to set AF_INET. Fix it! [ 88.372351][ T6638] loop3: detected capacity change from 0 to 512 [ 88.386006][ T6638] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 88.416839][ T6638] EXT4-fs (loop3): 1 truncate cleaned up [ 88.515127][ T6658] FAULT_INJECTION: forcing a failure. [ 88.515127][ T6658] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 88.528390][ T6658] CPU: 1 UID: 0 PID: 6658 Comm: syz.3.1057 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 88.528415][ T6658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 88.528425][ T6658] Call Trace: [ 88.528432][ T6658] [ 88.528441][ T6658] __dump_stack+0x1d/0x30 [ 88.528540][ T6658] dump_stack_lvl+0xe8/0x140 [ 88.528559][ T6658] dump_stack+0x15/0x1b [ 88.528577][ T6658] should_fail_ex+0x265/0x280 [ 88.528599][ T6658] should_fail_alloc_page+0xf2/0x100 [ 88.528640][ T6658] __alloc_frozen_pages_noprof+0xff/0x360 [ 88.528757][ T6658] alloc_pages_mpol+0xb3/0x250 [ 88.528782][ T6658] alloc_pages_noprof+0x90/0x130 [ 88.528851][ T6658] pte_alloc_one+0x2d/0x120 [ 88.528872][ T6658] __pte_alloc+0x32/0x2b0 [ 88.528955][ T6658] handle_mm_fault+0x1c55/0x2c20 [ 88.529005][ T6658] do_user_addr_fault+0x636/0x1090 [ 88.529032][ T6658] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 88.529126][ T6658] exc_page_fault+0x62/0xa0 [ 88.529145][ T6658] asm_exc_page_fault+0x26/0x30 [ 88.529162][ T6658] RIP: 0033:0x7fe46f460c46 [ 88.529178][ T6658] Code: f0 72 6e 48 63 cd 48 01 c1 49 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 <47> 0f b6 0c 08 45 84 c9 74 08 45 88 0c 00 49 8b 47 10 48 83 c0 01 [ 88.529194][ T6658] RSP: 002b:00007fe46e0064a0 EFLAGS: 00010246 [ 88.529222][ T6658] RAX: 0000000000000001 RBX: 00007fe46e006540 RCX: 0000000000000101 [ 88.529237][ T6658] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00007fe46e0065e0 [ 88.529248][ T6658] RBP: 0000000000000102 R08: 00007fe465be7000 R09: 0000000000000000 [ 88.529261][ T6658] R10: 0000000000000000 R11: 00007fe46e006550 R12: 0000000000000001 [ 88.529275][ T6658] R13: 00007fe46f63d980 R14: 0000000000000000 R15: 00007fe46e0065e0 [ 88.529295][ T6658] [ 88.529305][ T6658] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 88.714422][ T6658] loop3: detected capacity change from 0 to 512 [ 88.752097][ T6668] __nla_validate_parse: 12 callbacks suppressed [ 88.752116][ T6668] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1060'. [ 88.768679][ T6668] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1060'. [ 88.771323][ T6658] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1057: bg 0: block 248: padding at end of block bitmap is not set [ 88.793037][ T6658] __quota_error: 510 callbacks suppressed [ 88.793049][ T6658] Quota error (device loop3): write_blk: dquota write failed [ 88.806185][ T6658] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 88.817186][ T6658] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1057: Failed to acquire dquot type 1 [ 88.829404][ T6658] EXT4-fs (loop3): 1 truncate cleaned up [ 88.835628][ T6658] ext4 filesystem being mounted at /203/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.866418][ T6675] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1062'. [ 88.907489][ T29] audit: type=1400 audit(1754852306.539:6040): avc: denied { write } for pid=6671 comm="syz.2.1061" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 88.932403][ T6684] loop3: detected capacity change from 0 to 512 [ 88.939435][ T6684] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 88.951073][ T6684] EXT4-fs (loop3): 1 truncate cleaned up [ 88.973884][ T29] audit: type=1326 audit(1754852306.609:6041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6687 comm="syz.3.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 88.997648][ T29] audit: type=1326 audit(1754852306.609:6042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6687 comm="syz.3.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 89.003388][ T6682] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 89.021126][ T29] audit: type=1326 audit(1754852306.609:6043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6687 comm="syz.3.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 89.054010][ T29] audit: type=1326 audit(1754852306.609:6044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6687 comm="syz.3.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 89.077488][ T29] audit: type=1326 audit(1754852306.609:6045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6687 comm="syz.3.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 89.100850][ T29] audit: type=1326 audit(1754852306.609:6046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6687 comm="syz.3.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 89.124226][ T29] audit: type=1326 audit(1754852306.609:6047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6687 comm="syz.3.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe46f59ebe9 code=0x7ffc0000 [ 89.166025][ T6672] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2578 sclass=netlink_route_socket pid=6672 comm=syz.2.1061 [ 89.303216][ T6701] syzkaller0: entered allmulticast mode [ 89.310132][ T6701] syzkaller0: entered promiscuous mode [ 89.317298][ T6701] syzkaller0 (unregistering): left allmulticast mode [ 89.324165][ T6701] syzkaller0 (unregistering): left promiscuous mode [ 89.439016][ T6707] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1075'. [ 89.463257][ T6713] loop1: detected capacity change from 0 to 512 [ 89.470552][ T6713] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 89.481759][ T6713] EXT4-fs (loop1): 1 truncate cleaned up [ 89.515958][ T6716] loop3: detected capacity change from 0 to 1024 [ 89.523019][ T6716] EXT4-fs: Ignoring removed nomblk_io_submit option [ 89.527602][ T6720] netlink: 'syz.1.1080': attribute type 13 has an invalid length. [ 89.529757][ T6716] EXT4-fs: Ignoring removed i_version option [ 89.544891][ T6716] EXT4-fs: Mount option(s) incompatible with ext2 [ 89.602385][ T6728] loop3: detected capacity change from 0 to 512 [ 89.604022][ T6726] loop1: detected capacity change from 0 to 4096 [ 89.615916][ T6726] EXT4-fs: Ignoring removed i_version option [ 89.622740][ T6726] ext4: Unknown parameter 'nouser_xattr' [ 89.640466][ T6728] ext4 filesystem being mounted at /212/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.673791][ T6738] syzkaller0: entered allmulticast mode [ 89.680128][ T6738] syzkaller0: entered promiscuous mode [ 89.688805][ T6738] syzkaller0 (unregistering): left allmulticast mode [ 89.695549][ T6738] syzkaller0 (unregistering): left promiscuous mode [ 89.789252][ T6749] syzkaller0: entered allmulticast mode [ 89.795051][ T6749] syzkaller0: entered promiscuous mode [ 89.813383][ T6747] syzkaller0: left promiscuous mode [ 89.818884][ T6747] syzkaller0: left allmulticast mode [ 89.924588][ T6770] loop1: detected capacity change from 0 to 1024 [ 89.932898][ T6770] EXT4-fs: Ignoring removed nomblk_io_submit option [ 89.939645][ T6770] EXT4-fs: Ignoring removed i_version option [ 89.946000][ T6770] EXT4-fs: Mount option(s) incompatible with ext2 [ 89.950424][ T6780] syzkaller0: entered allmulticast mode [ 89.958761][ T6780] syzkaller0: entered promiscuous mode [ 89.965634][ T6780] syzkaller0 (unregistering): left allmulticast mode [ 89.972517][ T6780] syzkaller0 (unregistering): left promiscuous mode [ 90.038988][ T6791] loop1: detected capacity change from 0 to 1024 [ 90.045748][ T6791] EXT4-fs: Ignoring removed nomblk_io_submit option [ 90.052695][ T6791] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 90.070929][ T6792] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1109'. [ 90.080076][ T6792] netem: change failed [ 90.209914][ T6802] loop1: detected capacity change from 0 to 512 [ 90.216778][ T6802] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 90.228569][ T6802] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1116: Failed to acquire dquot type 1 [ 90.242653][ T6802] EXT4-fs (loop1): 1 truncate cleaned up [ 90.270720][ T6808] loop2: detected capacity change from 0 to 512 [ 90.289191][ T6808] ext4 filesystem being mounted at /211/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 90.318790][ T6795] loop3: detected capacity change from 0 to 512 [ 90.326736][ T6795] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 90.335548][ T6812] loop2: detected capacity change from 0 to 512 [ 90.359110][ T6812] ext4 filesystem being mounted at /212/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 90.392821][ T6819] loop1: detected capacity change from 0 to 1024 [ 90.404843][ T6822] loop2: detected capacity change from 0 to 512 [ 90.411749][ T6822] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 90.429316][ T6822] EXT4-fs (loop2): 1 truncate cleaned up [ 90.521139][ T6829] syzkaller0: entered allmulticast mode [ 90.526806][ T6829] syzkaller0: entered promiscuous mode [ 90.533723][ T6829] syzkaller0 (unregistering): left allmulticast mode [ 90.540478][ T6829] syzkaller0 (unregistering): left promiscuous mode [ 90.691925][ T6847] usb usb1: usbfs: process 6847 (syz.1.1131) did not claim interface 0 before use [ 90.725074][ T6847] random: crng reseeded on system resumption [ 90.727167][ T6855] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1135'. [ 90.760528][ T6860] loop2: detected capacity change from 0 to 1024 [ 90.772123][ T6860] EXT4-fs: Ignoring removed nomblk_io_submit option [ 90.778850][ T6860] EXT4-fs: Ignoring removed i_version option [ 90.797677][ T6860] EXT4-fs: Mount option(s) incompatible with ext2 [ 90.811765][ T6864] loop0: detected capacity change from 0 to 512 [ 90.831303][ T6864] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 90.844517][ T6864] EXT4-fs (loop0): 1 truncate cleaned up [ 90.913282][ T6886] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1149'. [ 90.965600][ T6895] loop1: detected capacity change from 0 to 512 [ 90.999552][ T6895] ext4 filesystem being mounted at /258/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.032091][ T6905] loop0: detected capacity change from 0 to 512 [ 91.059559][ T6905] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 91.075387][ T6905] EXT4-fs (loop0): mount failed [ 91.173387][ T6926] loop2: detected capacity change from 0 to 1024 [ 91.181258][ T6926] EXT4-fs: Ignoring removed nobh option [ 91.191573][ T6924] SELinux: ebitmap: truncated map [ 91.198374][ T6924] SELinux: failed to load policy [ 91.205888][ T6926] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 91.288329][ T6926] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #11: comm syz.2.1164: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 91.377729][ T6926] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1164: couldn't read orphan inode 11 (err -117) [ 91.471097][ T6926] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.1164: Invalid block bitmap block 0 in block_group 0 [ 91.486337][ T6926] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1164: Failed to acquire dquot type 0 [ 91.499689][ T6926] EXT4-fs error (device loop2): __ext4_get_inode_loc:4861: comm syz.2.1164: Invalid inode table block 8589934593 in block_group 0 [ 91.701689][ T6947] loop3: detected capacity change from 0 to 1024 [ 91.708426][ T6947] EXT4-fs: Ignoring removed nomblk_io_submit option [ 91.715215][ T6947] EXT4-fs: Ignoring removed i_version option [ 91.747889][ T6947] EXT4-fs: Mount option(s) incompatible with ext2 [ 92.202754][ T6961] loop1: detected capacity change from 0 to 512 [ 92.209886][ T6960] loop4: detected capacity change from 0 to 1024 [ 92.217367][ T6960] EXT4-fs: Ignoring removed bh option [ 92.223808][ T6960] EXT4-fs: Ignoring removed nobh option [ 92.229511][ T6960] EXT4-fs: inline encryption not supported [ 92.238140][ T6961] ext4 filesystem being mounted at /260/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.264760][ T6960] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1180'. [ 92.273792][ T6960] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1180'. [ 92.284475][ T4354] EXT4-fs error (device loop2): __ext4_get_inode_loc:4861: comm kworker/u8:43: Invalid inode table block 8589934593 in block_group 0 [ 92.388044][ T6960] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.1180: Allocating blocks 385-513 which overlap fs metadata [ 92.424083][ T6960] EXT4-fs (loop4): pa ffff888107235850: logic 16, phys. 129, len 24 [ 92.432166][ T6960] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 92.496304][ T6960] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28 [ 92.508543][ T6960] EXT4-fs (loop4): This should not happen!! Data will be lost [ 92.508543][ T6960] [ 92.518308][ T6960] EXT4-fs (loop4): Total free blocks count 0 [ 92.524457][ T6960] EXT4-fs (loop4): Free/Dirty block details [ 92.530357][ T6960] EXT4-fs (loop4): free_blocks=128 [ 92.535525][ T6960] EXT4-fs (loop4): dirty_blocks=0 [ 92.540605][ T6960] EXT4-fs (loop4): Block reservation details [ 92.546717][ T6960] EXT4-fs (loop4): i_reserved_data_blocks=0 [ 92.623736][ T6989] loop1: detected capacity change from 0 to 8192 [ 92.646822][ T6989] loop1: p1 p2 p3 p4 [ 92.655381][ T6989] loop1: p1 size 3523149824 extends beyond EOD, truncated [ 92.666491][ T6989] loop1: p2 start 4293394688 is beyond EOD, truncated [ 92.672373][ T6998] syzkaller0: entered allmulticast mode [ 92.673332][ T6989] loop1: p3 start 150994944 is beyond EOD, truncated [ 92.679699][ T6998] syzkaller0: entered promiscuous mode [ 92.685531][ T6989] loop1: p4 size 50331648 extends beyond EOD, truncated [ 92.695187][ T6997] syzkaller0: left promiscuous mode [ 92.703237][ T6997] syzkaller0: left allmulticast mode [ 92.721246][ T6988] sd 0:0:1:0: device reset [ 92.727771][ T7000] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -107 0 [ 92.758304][ T7002] netlink: 'syz.4.1191': attribute type 11 has an invalid length. [ 92.768263][ T7004] FAULT_INJECTION: forcing a failure. [ 92.768263][ T7004] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 92.786829][ T7004] CPU: 1 UID: 0 PID: 7004 Comm: syz.1.1190 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 92.786910][ T7004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 92.786923][ T7004] Call Trace: [ 92.786930][ T7004] [ 92.786937][ T7004] __dump_stack+0x1d/0x30 [ 92.787024][ T7004] dump_stack_lvl+0xe8/0x140 [ 92.787044][ T7004] dump_stack+0x15/0x1b [ 92.787061][ T7004] should_fail_ex+0x265/0x280 [ 92.787147][ T7004] should_fail+0xb/0x20 [ 92.787163][ T7004] should_fail_usercopy+0x1a/0x20 [ 92.787211][ T7004] _copy_to_user+0x20/0xa0 [ 92.787234][ T7004] simple_read_from_buffer+0xb5/0x130 [ 92.787258][ T7004] proc_fail_nth_read+0x10e/0x150 [ 92.787345][ T7004] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 92.787424][ T7004] vfs_read+0x1a8/0x770 [ 92.787441][ T7004] ? __rcu_read_unlock+0x4f/0x70 [ 92.787458][ T7004] ? __fget_files+0x184/0x1c0 [ 92.787507][ T7004] ksys_read+0xda/0x1a0 [ 92.787530][ T7004] __x64_sys_read+0x40/0x50 [ 92.787551][ T7004] x64_sys_call+0x27bc/0x2ff0 [ 92.787572][ T7004] do_syscall_64+0xd2/0x200 [ 92.787598][ T7004] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 92.787661][ T7004] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 92.787685][ T7004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.787712][ T7004] RIP: 0033:0x7f789e0ad5fc [ 92.787727][ T7004] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 92.787741][ T7004] RSP: 002b:00007f789cb17030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 92.787760][ T7004] RAX: ffffffffffffffda RBX: 00007f789e2d5fa0 RCX: 00007f789e0ad5fc [ 92.787822][ T7004] RDX: 000000000000000f RSI: 00007f789cb170a0 RDI: 0000000000000004 [ 92.787835][ T7004] RBP: 00007f789cb17090 R08: 0000000000000000 R09: 0000000000000000 [ 92.787848][ T7004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 92.787861][ T7004] R13: 00007f789e2d6038 R14: 00007f789e2d5fa0 R15: 00007ffc317261b8 [ 92.787901][ T7004] [ 93.010854][ T7006] loop4: detected capacity change from 0 to 512 [ 93.018283][ T7006] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 93.038227][ T7006] EXT4-fs (loop4): 1 truncate cleaned up [ 93.073657][ T7014] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1194'. [ 93.181883][ T7021] loop4: detected capacity change from 0 to 1024 [ 93.336582][ T7031] FAULT_INJECTION: forcing a failure. [ 93.336582][ T7031] name failslab, interval 1, probability 0, space 0, times 0 [ 93.349228][ T7031] CPU: 1 UID: 0 PID: 7031 Comm: syz.4.1202 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 93.349257][ T7031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 93.349295][ T7031] Call Trace: [ 93.349302][ T7031] [ 93.349309][ T7031] __dump_stack+0x1d/0x30 [ 93.349331][ T7031] dump_stack_lvl+0xe8/0x140 [ 93.349352][ T7031] dump_stack+0x15/0x1b [ 93.349369][ T7031] should_fail_ex+0x265/0x280 [ 93.349434][ T7031] should_failslab+0x8c/0xb0 [ 93.349457][ T7031] kmem_cache_alloc_noprof+0x50/0x310 [ 93.349549][ T7031] ? __break_lease+0x78/0xe80 [ 93.349570][ T7031] __break_lease+0x78/0xe80 [ 93.349589][ T7031] ? may_link+0x2a5/0x2f0 [ 93.349615][ T7031] vfs_unlink+0x1d5/0x420 [ 93.349648][ T7031] do_unlinkat+0x24e/0x480 [ 93.349668][ T7031] __x64_sys_unlinkat+0x97/0xb0 [ 93.349740][ T7031] x64_sys_call+0x2ede/0x2ff0 [ 93.349761][ T7031] do_syscall_64+0xd2/0x200 [ 93.349792][ T7031] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 93.349877][ T7031] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 93.349902][ T7031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.349923][ T7031] RIP: 0033:0x7f250418ebe9 [ 93.349936][ T7031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.350018][ T7031] RSP: 002b:00007f2502bef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 93.350111][ T7031] RAX: ffffffffffffffda RBX: 00007f25043b5fa0 RCX: 00007f250418ebe9 [ 93.350122][ T7031] RDX: 0000000000000000 RSI: 0000200000000380 RDI: ffffffffffffff9c [ 93.350180][ T7031] RBP: 00007f2502bef090 R08: 0000000000000000 R09: 0000000000000000 [ 93.350191][ T7031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 93.350202][ T7031] R13: 00007f25043b6038 R14: 00007f25043b5fa0 R15: 00007ffcbf74f3c8 [ 93.350219][ T7031] [ 93.887067][ T7036] loop0: detected capacity change from 0 to 512 [ 93.992573][ T7036] ext4 filesystem being mounted at /226/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 94.006283][ T7036] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1203'. [ 94.030739][ T7043] loop3: detected capacity change from 0 to 512 [ 94.048420][ T29] kauditd_printk_skb: 328 callbacks suppressed [ 94.048434][ T29] audit: type=1326 audit(1754852311.691:6371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7042 comm="syz.4.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f250418ebe9 code=0x7ffc0000 [ 94.107775][ T7043] ext4 filesystem being mounted at /235/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.136021][ T29] audit: type=1326 audit(1754852311.691:6372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7042 comm="syz.4.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7f250418ebe9 code=0x7ffc0000 [ 94.147921][ T7048] netlink: 'syz.0.1207': attribute type 12 has an invalid length. [ 94.159644][ T29] audit: type=1326 audit(1754852311.691:6373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7042 comm="syz.4.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f250418ebe9 code=0x7ffc0000 [ 94.196579][ T7055] netlink: 176 bytes leftover after parsing attributes in process `syz.4.1209'. [ 94.231081][ T7056] loop1: detected capacity change from 0 to 1024 [ 94.246143][ T7056] EXT4-fs: Ignoring removed nomblk_io_submit option [ 94.252788][ T7056] EXT4-fs: Ignoring removed i_version option [ 94.295976][ T7063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 94.304358][ T7063] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 94.354896][ T29] audit: type=1326 audit(1754852311.982:6374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.4.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f250418ebe9 code=0x7ffc0000 [ 94.378543][ T29] audit: type=1326 audit(1754852311.982:6375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.4.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f250418ebe9 code=0x7ffc0000 [ 94.401936][ T29] audit: type=1326 audit(1754852311.982:6376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.4.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7f250418ebe9 code=0x7ffc0000 [ 94.425429][ T29] audit: type=1326 audit(1754852311.982:6377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.4.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f250418ebe9 code=0x7ffc0000 [ 94.427556][ T7063] SELinux: failed to load policy [ 94.448821][ T29] audit: type=1326 audit(1754852311.982:6378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.4.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f250418ebe9 code=0x7ffc0000 [ 94.477063][ T29] audit: type=1326 audit(1754852311.982:6379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.4.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f250418ebe9 code=0x7ffc0000 [ 94.478462][ T7056] EXT4-fs: Mount option(s) incompatible with ext2 [ 94.500528][ T29] audit: type=1326 audit(1754852311.982:6380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7065 comm="syz.4.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7f250418ebe9 code=0x7ffc0000 [ 94.547569][ T7073] loop0: detected capacity change from 0 to 512 [ 94.557790][ T7073] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 94.573151][ T7073] EXT4-fs (loop0): 1 truncate cleaned up [ 94.653724][ T7085] loop4: detected capacity change from 0 to 512 [ 94.682904][ T7088] syzkaller0: entered allmulticast mode [ 94.688745][ T7088] syzkaller0: entered promiscuous mode [ 94.694547][ T7087] syzkaller0: left promiscuous mode [ 94.699914][ T7087] syzkaller0: left allmulticast mode [ 94.732654][ T7085] ext4 filesystem being mounted at /246/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.743345][ T7080] loop2: detected capacity change from 0 to 4096 [ 94.750792][ T7080] EXT4-fs: Ignoring removed nomblk_io_submit option [ 94.761320][ T7090] usb usb8: usbfs: process 7090 (syz.1.1224) did not claim interface 0 before use [ 94.791442][ T7099] loop0: detected capacity change from 0 to 128 [ 94.803629][ T7090] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1224'. [ 94.866346][ T7111] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1228'. [ 95.019875][ T7125] loop3: detected capacity change from 0 to 1024 [ 95.026573][ T7125] EXT4-fs: Ignoring removed orlov option [ 95.040402][ T7123] FAULT_INJECTION: forcing a failure. [ 95.040402][ T7123] name failslab, interval 1, probability 0, space 0, times 0 [ 95.053115][ T7123] CPU: 1 UID: 0 PID: 7123 Comm: syz.0.1236 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 95.053144][ T7123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 95.053168][ T7123] Call Trace: [ 95.053174][ T7123] [ 95.053182][ T7123] __dump_stack+0x1d/0x30 [ 95.053201][ T7123] dump_stack_lvl+0xe8/0x140 [ 95.053260][ T7123] dump_stack+0x15/0x1b [ 95.053274][ T7123] should_fail_ex+0x265/0x280 [ 95.053295][ T7123] should_failslab+0x8c/0xb0 [ 95.053328][ T7123] kmem_cache_alloc_noprof+0x50/0x310 [ 95.053421][ T7123] ? audit_log_start+0x365/0x6c0 [ 95.053451][ T7123] audit_log_start+0x365/0x6c0 [ 95.053482][ T7123] audit_seccomp+0x48/0x100 [ 95.053507][ T7123] ? __seccomp_filter+0x68c/0x10d0 [ 95.053545][ T7123] __seccomp_filter+0x69d/0x10d0 [ 95.053564][ T7123] ? __rcu_read_unlock+0x4f/0x70 [ 95.053583][ T7123] ? newque+0x1ff/0x240 [ 95.053613][ T7123] ? up_write+0x18/0x60 [ 95.053637][ T7123] __secure_computing+0x82/0x150 [ 95.053713][ T7123] syscall_trace_enter+0xcf/0x1e0 [ 95.053733][ T7123] do_syscall_64+0xac/0x200 [ 95.053758][ T7123] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 95.053843][ T7123] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 95.053868][ T7123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.053886][ T7123] RIP: 0033:0x7fcf49d9d5fc [ 95.053900][ T7123] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 95.053914][ T7123] RSP: 002b:00007fcf487ff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 95.053980][ T7123] RAX: ffffffffffffffda RBX: 00007fcf49fc5fa0 RCX: 00007fcf49d9d5fc [ 95.054036][ T7123] RDX: 000000000000000f RSI: 00007fcf487ff0a0 RDI: 0000000000000006 [ 95.054046][ T7123] RBP: 00007fcf487ff090 R08: 0000000000000000 R09: 0000000000000000 [ 95.054102][ T7123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.054171][ T7123] R13: 00007fcf49fc6038 R14: 00007fcf49fc5fa0 R15: 00007ffc61826248 [ 95.054190][ T7123] [ 95.381206][ T7141] loop0: detected capacity change from 0 to 1024 [ 95.401945][ T7132] bond0: entered promiscuous mode [ 95.407313][ T7132] bond0: entered allmulticast mode [ 95.414720][ T7132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.426253][ T7141] EXT4-fs: Ignoring removed nomblk_io_submit option [ 95.426366][ T7141] EXT4-fs: Ignoring removed i_version option [ 95.427130][ T7141] EXT4-fs: Mount option(s) incompatible with ext2 [ 95.459615][ T7132] bond0 (unregistering): Released all slaves [ 95.491468][ T7150] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1248'. [ 95.707384][ T7170] usb usb1: usbfs: process 7170 (syz.1.1256) did not claim interface 0 before use [ 95.757078][ T7174] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1257'. [ 95.814215][ T7179] loop1: detected capacity change from 0 to 512 [ 95.814546][ T7181] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1262'. [ 95.866597][ T7183] loop2: detected capacity change from 0 to 1024 [ 95.873611][ T7179] EXT4-fs mount: 130 callbacks suppressed [ 95.873626][ T7179] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.919902][ T7183] EXT4-fs: Ignoring removed nomblk_io_submit option [ 95.926626][ T7183] EXT4-fs: Ignoring removed i_version option [ 95.941665][ T7192] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.948960][ T7192] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.977939][ T7183] EXT4-fs: Mount option(s) incompatible with ext2 [ 96.026181][ T7192] $H: left promiscuous mode [ 96.030971][ T7192] bond_slave_0: left promiscuous mode [ 96.036516][ T7192] bond_slave_1: left promiscuous mode [ 96.045633][ T7179] ext4 filesystem being mounted at /274/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.110691][ T7192] bond1: left promiscuous mode [ 96.115517][ T7192] bond1: left allmulticast mode [ 96.123679][ T7197] gre0: Master is either lo or non-ether device [ 96.181758][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.196034][ T7198] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 96.208446][ T7203] pimreg: entered allmulticast mode [ 96.228845][ T12] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.237942][ T7192] pimreg: left allmulticast mode [ 96.328143][ T12] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.352147][ T7212] usb usb1: usbfs: process 7212 (syz.2.1271) did not claim interface 0 before use [ 96.364777][ T7211] FAULT_INJECTION: forcing a failure. [ 96.364777][ T7211] name failslab, interval 1, probability 0, space 0, times 0 [ 96.377462][ T7211] CPU: 1 UID: 0 PID: 7211 Comm: syz.1.1267 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 96.377490][ T7211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 96.377518][ T7211] Call Trace: [ 96.377524][ T7211] [ 96.377531][ T7211] __dump_stack+0x1d/0x30 [ 96.377553][ T7211] dump_stack_lvl+0xe8/0x140 [ 96.377593][ T7211] dump_stack+0x15/0x1b [ 96.377609][ T7211] should_fail_ex+0x265/0x280 [ 96.377627][ T7211] should_failslab+0x8c/0xb0 [ 96.377647][ T7211] __kmalloc_node_track_caller_noprof+0xa4/0x410 [ 96.377732][ T7211] ? cond_bools_copy+0x30/0x80 [ 96.377756][ T7211] ? __pfx_cond_bools_destroy+0x10/0x10 [ 96.377847][ T7211] kmemdup_noprof+0x2b/0x70 [ 96.377872][ T7211] ? __pfx_cond_bools_destroy+0x10/0x10 [ 96.377897][ T7211] cond_bools_copy+0x30/0x80 [ 96.377948][ T7211] ? __pfx_cond_bools_destroy+0x10/0x10 [ 96.377971][ T7211] hashtab_duplicate+0x11e/0x360 [ 96.378078][ T7211] ? __pfx_cond_bools_copy+0x10/0x10 [ 96.378102][ T7211] cond_policydb_dup+0xd2/0x4e0 [ 96.378128][ T7211] security_set_bools+0xa0/0x340 [ 96.378170][ T7211] sel_commit_bools_write+0x1ea/0x270 [ 96.378195][ T7211] vfs_writev+0x403/0x8b0 [ 96.378219][ T7211] ? __pfx_sel_commit_bools_write+0x10/0x10 [ 96.378305][ T7211] ? mutex_lock+0xd/0x30 [ 96.378322][ T7211] do_writev+0xe7/0x210 [ 96.378344][ T7211] __x64_sys_writev+0x45/0x50 [ 96.378367][ T7211] x64_sys_call+0x1e9a/0x2ff0 [ 96.378501][ T7211] do_syscall_64+0xd2/0x200 [ 96.378521][ T7211] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 96.378619][ T7211] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 96.378638][ T7211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.378656][ T7211] RIP: 0033:0x7f789e0aebe9 [ 96.378669][ T7211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.378682][ T7211] RSP: 002b:00007f789cb17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 96.378764][ T7211] RAX: ffffffffffffffda RBX: 00007f789e2d5fa0 RCX: 00007f789e0aebe9 [ 96.378797][ T7211] RDX: 0000000000000001 RSI: 00002000000025c0 RDI: 0000000000000003 [ 96.378885][ T7211] RBP: 00007f789cb17090 R08: 0000000000000000 R09: 0000000000000000 [ 96.378895][ T7211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 96.378905][ T7211] R13: 00007f789e2d6038 R14: 00007f789e2d5fa0 R15: 00007ffc317261b8 [ 96.378920][ T7211] [ 96.625039][ T12] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.638249][ T12] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.686154][ T7219] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1274'. [ 96.723612][ T7229] FAULT_INJECTION: forcing a failure. [ 96.723612][ T7229] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 96.736773][ T7229] CPU: 0 UID: 0 PID: 7229 Comm: syz.0.1278 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 96.736834][ T7229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 96.736846][ T7229] Call Trace: [ 96.736852][ T7229] [ 96.736859][ T7229] __dump_stack+0x1d/0x30 [ 96.736880][ T7229] dump_stack_lvl+0xe8/0x140 [ 96.736900][ T7229] dump_stack+0x15/0x1b [ 96.736961][ T7229] should_fail_ex+0x265/0x280 [ 96.737027][ T7229] should_fail+0xb/0x20 [ 96.737042][ T7229] should_fail_usercopy+0x1a/0x20 [ 96.737060][ T7229] _copy_to_user+0x20/0xa0 [ 96.737093][ T7229] simple_read_from_buffer+0xb5/0x130 [ 96.737117][ T7229] proc_fail_nth_read+0x10e/0x150 [ 96.737200][ T7229] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 96.737224][ T7229] vfs_read+0x1a8/0x770 [ 96.737245][ T7229] ? __rcu_read_unlock+0x4f/0x70 [ 96.737265][ T7229] ? __fget_files+0x184/0x1c0 [ 96.737326][ T7229] ksys_read+0xda/0x1a0 [ 96.737344][ T7229] __x64_sys_read+0x40/0x50 [ 96.737433][ T7229] x64_sys_call+0x27bc/0x2ff0 [ 96.737454][ T7229] do_syscall_64+0xd2/0x200 [ 96.737475][ T7229] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 96.737499][ T7229] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 96.737570][ T7229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.737591][ T7229] RIP: 0033:0x7fcf49d9d5fc [ 96.737606][ T7229] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 96.737622][ T7229] RSP: 002b:00007fcf487ff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 96.737639][ T7229] RAX: ffffffffffffffda RBX: 00007fcf49fc5fa0 RCX: 00007fcf49d9d5fc [ 96.737730][ T7229] RDX: 000000000000000f RSI: 00007fcf487ff0a0 RDI: 0000000000000005 [ 96.737741][ T7229] RBP: 00007fcf487ff090 R08: 0000000000000000 R09: 0000000000000000 [ 96.737751][ T7229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 96.737762][ T7229] R13: 00007fcf49fc6038 R14: 00007fcf49fc5fa0 R15: 00007ffc61826248 [ 96.737777][ T7229] [ 96.970796][ T7232] loop1: detected capacity change from 0 to 512 [ 96.983010][ T7232] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 96.996035][ T7238] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1282'. [ 97.006359][ T7238] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1282'. [ 97.031913][ T7232] EXT4-fs (loop1): 1 truncate cleaned up [ 97.042842][ T7237] loop3: detected capacity change from 0 to 1024 [ 97.050942][ T7237] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 97.060175][ T7232] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.100176][ T7247] loop3: detected capacity change from 0 to 512 [ 97.113532][ T7247] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 97.156138][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.171334][ T7247] EXT4-fs (loop3): 1 truncate cleaned up [ 97.177826][ T7247] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.205867][ T7256] 8021q: VLANs not supported on ipvlan0 [ 97.221322][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.233754][ T7256] loop2: detected capacity change from 0 to 256 [ 97.256112][ T7256] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7256 comm=syz.2.1290 [ 97.260025][ T7262] loop0: detected capacity change from 0 to 128 [ 97.276169][ T7264] FAULT_INJECTION: forcing a failure. [ 97.276169][ T7264] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 97.289303][ T7264] CPU: 0 UID: 0 PID: 7264 Comm: syz.4.1294 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 97.289370][ T7264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 97.289461][ T7264] Call Trace: [ 97.289467][ T7264] [ 97.289475][ T7264] __dump_stack+0x1d/0x30 [ 97.289496][ T7264] dump_stack_lvl+0xe8/0x140 [ 97.289517][ T7264] dump_stack+0x15/0x1b [ 97.289534][ T7264] should_fail_ex+0x265/0x280 [ 97.289561][ T7264] should_fail+0xb/0x20 [ 97.289578][ T7264] should_fail_usercopy+0x1a/0x20 [ 97.289596][ T7264] _copy_from_user+0x1c/0xb0 [ 97.289649][ T7264] ___sys_sendmsg+0xc1/0x1d0 [ 97.289682][ T7264] __x64_sys_sendmsg+0xd4/0x160 [ 97.289707][ T7264] x64_sys_call+0x191e/0x2ff0 [ 97.289728][ T7264] do_syscall_64+0xd2/0x200 [ 97.289752][ T7264] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 97.289815][ T7264] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 97.289839][ T7264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.289860][ T7264] RIP: 0033:0x7f250418ebe9 [ 97.289875][ T7264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.289891][ T7264] RSP: 002b:00007f2502bef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 97.289979][ T7264] RAX: ffffffffffffffda RBX: 00007f25043b5fa0 RCX: 00007f250418ebe9 [ 97.289998][ T7264] RDX: 0000000020008000 RSI: 0000200000000500 RDI: 0000000000000006 [ 97.290011][ T7264] RBP: 00007f2502bef090 R08: 0000000000000000 R09: 0000000000000000 [ 97.290023][ T7264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.290036][ T7264] R13: 00007f25043b6038 R14: 00007f25043b5fa0 R15: 00007ffcbf74f3c8 [ 97.290056][ T7264] [ 97.481039][ T7268] loop0: detected capacity change from 0 to 512 [ 97.488413][ T7267] $H: entered promiscuous mode [ 97.493522][ T7267] bond_slave_0: entered promiscuous mode [ 97.499421][ T7267] bond_slave_1: entered promiscuous mode [ 97.520749][ T7268] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 97.555710][ T7268] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.569978][ T7268] ext4 filesystem being mounted at /253/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.573234][ T7280] loop2: detected capacity change from 0 to 164 [ 97.591107][ T7268] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.1296: corrupted xattr block 19: overlapping e_value [ 97.609191][ T7280] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 97.616833][ T7268] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 97.634088][ T7268] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.1296: corrupted xattr block 19: overlapping e_value [ 97.654015][ T7268] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 97.667653][ T7268] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.1296: corrupted xattr block 19: overlapping e_value [ 97.681566][ T7286] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.1296: corrupted xattr block 19: overlapping e_value [ 97.705301][ T7286] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.1296: corrupted xattr block 19: overlapping e_value [ 97.719647][ T7286] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 97.834546][ T7301] FAULT_INJECTION: forcing a failure. [ 97.834546][ T7301] name failslab, interval 1, probability 0, space 0, times 0 [ 97.847301][ T7301] CPU: 1 UID: 0 PID: 7301 Comm: syz.1.1308 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 97.847325][ T7301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 97.847335][ T7301] Call Trace: [ 97.847342][ T7301] [ 97.847350][ T7301] __dump_stack+0x1d/0x30 [ 97.847375][ T7301] dump_stack_lvl+0xe8/0x140 [ 97.847399][ T7301] dump_stack+0x15/0x1b [ 97.847413][ T7301] should_fail_ex+0x265/0x280 [ 97.847432][ T7301] should_failslab+0x8c/0xb0 [ 97.847457][ T7301] kmem_cache_alloc_noprof+0x50/0x310 [ 97.847490][ T7301] ? audit_log_start+0x365/0x6c0 [ 97.847587][ T7301] audit_log_start+0x365/0x6c0 [ 97.847628][ T7301] ? __rcu_read_unlock+0x4f/0x70 [ 97.847645][ T7301] ? perf_cgroup_switch+0x10c/0x480 [ 97.847745][ T7301] audit_seccomp+0x48/0x100 [ 97.847771][ T7301] ? __seccomp_filter+0x68c/0x10d0 [ 97.847793][ T7301] __seccomp_filter+0x69d/0x10d0 [ 97.847812][ T7301] ? proc_id_connector+0x114/0x270 [ 97.847918][ T7301] ? set_dumpable+0xb5/0x150 [ 97.847934][ T7301] ? key_fsuid_changed+0x80/0x90 [ 97.847959][ T7301] __secure_computing+0x82/0x150 [ 97.847980][ T7301] syscall_trace_enter+0xcf/0x1e0 [ 97.848047][ T7301] do_syscall_64+0xac/0x200 [ 97.848070][ T7301] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 97.848134][ T7301] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 97.848159][ T7301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.848176][ T7301] RIP: 0033:0x7f789e0ad5fc [ 97.848189][ T7301] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 97.848203][ T7301] RSP: 002b:00007f789cb17030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 97.848220][ T7301] RAX: ffffffffffffffda RBX: 00007f789e2d5fa0 RCX: 00007f789e0ad5fc [ 97.848313][ T7301] RDX: 000000000000000f RSI: 00007f789cb170a0 RDI: 0000000000000005 [ 97.848324][ T7301] RBP: 00007f789cb17090 R08: 0000000000000000 R09: 0000000000000000 [ 97.848335][ T7301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.848348][ T7301] R13: 00007f789e2d6038 R14: 00007f789e2d5fa0 R15: 00007ffc317261b8 [ 97.848373][ T7301] [ 98.260701][ T7313] syzkaller0: entered allmulticast mode [ 98.266712][ T7313] syzkaller0: entered promiscuous mode [ 98.283502][ T7312] syzkaller0: left promiscuous mode [ 98.288851][ T7312] syzkaller0: left allmulticast mode [ 98.564432][ T7347] syzkaller0: entered allmulticast mode [ 98.570156][ T7347] syzkaller0: entered promiscuous mode [ 98.583336][ T7347] syzkaller0 (unregistering): left allmulticast mode [ 98.590058][ T7347] syzkaller0 (unregistering): left promiscuous mode [ 98.614526][ T7350] loop1: detected capacity change from 0 to 512 [ 98.648172][ T7350] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 98.679807][ T7350] EXT4-fs (loop1): 1 truncate cleaned up [ 98.686272][ T7350] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.713734][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.737021][ T7343] pimreg: entered allmulticast mode [ 98.742395][ T7353] pimreg: left allmulticast mode [ 98.769977][ T7359] loop1: detected capacity change from 0 to 512 [ 98.819997][ T7359] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 98.839556][ T7359] EXT4-fs (loop1): 1 truncate cleaned up [ 98.852297][ T7368] loop4: detected capacity change from 0 to 512 [ 98.860181][ T7368] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 98.890458][ T7359] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.916578][ T7368] EXT4-fs (loop4): 1 truncate cleaned up [ 98.925394][ T7368] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.972165][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.993238][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.062068][ T7383] syzkaller0: entered allmulticast mode [ 99.070049][ T7382] syzkaller0: left allmulticast mode [ 99.078675][ T29] kauditd_printk_skb: 489 callbacks suppressed [ 99.078688][ T29] audit: type=1400 audit(1754852316.724:6866): avc: denied { listen } for pid=7376 comm="syz.3.1340" lport=45983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 99.148162][ T7392] loop2: detected capacity change from 0 to 1024 [ 99.152410][ T7394] loop4: detected capacity change from 0 to 128 [ 99.163082][ T7394] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 99.163714][ T7392] EXT4-fs: Ignoring removed nomblk_io_submit option [ 99.181728][ T7392] EXT4-fs: Ignoring removed i_version option [ 99.188279][ T7394] ext4 filesystem being mounted at /270/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.227252][ T7392] EXT4-fs: Mount option(s) incompatible with ext2 [ 99.253910][ T29] audit: type=1400 audit(1754852316.894:6867): avc: denied { write } for pid=7393 comm="syz.4.1349" path="/270/file0/file1" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 99.282443][ T7397] __nla_validate_parse: 4 callbacks suppressed [ 99.282544][ T7397] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1350'. [ 99.316094][ T7399] loop2: detected capacity change from 0 to 512 [ 99.338495][ T29] audit: type=1400 audit(1754852316.894:6868): avc: denied { mount } for pid=7387 comm="syz.2.1346" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 99.360264][ T29] audit: type=1400 audit(1754852316.894:6869): avc: denied { mounton } for pid=7387 comm="syz.2.1346" path="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1 [ 99.381615][ T29] audit: type=1400 audit(1754852316.924:6870): avc: denied { unmount } for pid=3300 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 99.401428][ T29] audit: type=1400 audit(1754852316.924:6871): avc: denied { unmount } for pid=3300 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 99.440004][ T7399] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.472014][ T29] audit: type=1400 audit(1754852317.094:6872): avc: denied { create } for pid=7401 comm="syz.1.1352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 99.491699][ T29] audit: type=1400 audit(1754852317.094:6873): avc: denied { connect } for pid=7401 comm="syz.1.1352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 99.511497][ T29] audit: type=1400 audit(1754852317.094:6874): avc: denied { setattr } for pid=7401 comm="syz.1.1352" name="secretmem" dev="secretmem" ino=19587 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 99.534765][ T29] audit: type=1326 audit(1754852317.094:6875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7401 comm="syz.1.1352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f789e0aebe9 code=0x7ffc0000 [ 99.561744][ T7399] ext4 filesystem being mounted at /268/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.573527][ T7405] usb usb8: usbfs: process 7405 (syz.1.1353) did not claim interface 0 before use [ 99.605080][ T3300] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.653821][ T3309] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 99.681511][ T7411] program syz.2.1354 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 99.721378][ T7414] syzkaller0: entered allmulticast mode [ 99.728599][ T7413] syzkaller0: left allmulticast mode [ 99.869667][ T7421] loop1: detected capacity change from 0 to 1024 [ 99.884621][ T7423] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1362'. [ 99.918568][ T7421] EXT4-fs: Ignoring removed nomblk_io_submit option [ 99.925241][ T7421] EXT4-fs: Ignoring removed i_version option [ 99.935250][ T7425] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 99.993171][ T7421] EXT4-fs: Mount option(s) incompatible with ext2 [ 100.004461][ T7189] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 100.036476][ T7435] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1364'. [ 100.077545][ T7439] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.093110][ T7444] syzkaller0: entered allmulticast mode [ 100.099286][ T7441] syzkaller0: left allmulticast mode [ 100.127519][ T7439] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.161658][ T7443] loop1: detected capacity change from 0 to 8192 [ 100.189745][ T7456] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1373'. [ 100.245629][ T7458] loop4: detected capacity change from 0 to 1024 [ 100.252958][ T7439] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.253782][ T7458] EXT4-fs: Ignoring removed nomblk_io_submit option [ 100.269405][ T7458] EXT4-fs: Ignoring removed i_version option [ 100.284819][ T7460] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 100.292599][ T7458] EXT4-fs: Mount option(s) incompatible with ext2 [ 100.315251][ T7439] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.353156][ T7462] loop3: detected capacity change from 0 to 2048 [ 100.372602][ T7468] FAULT_INJECTION: forcing a failure. [ 100.372602][ T7468] name failslab, interval 1, probability 0, space 0, times 0 [ 100.385305][ T7468] CPU: 0 UID: 0 PID: 7468 Comm: syz.1.1378 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 100.385396][ T7468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 100.385406][ T7468] Call Trace: [ 100.385412][ T7468] [ 100.385418][ T7468] __dump_stack+0x1d/0x30 [ 100.385436][ T7468] dump_stack_lvl+0xe8/0x140 [ 100.385453][ T7468] dump_stack+0x15/0x1b [ 100.385469][ T7468] should_fail_ex+0x265/0x280 [ 100.385555][ T7468] should_failslab+0x8c/0xb0 [ 100.385579][ T7468] kmem_cache_alloc_lru_noprof+0x55/0x310 [ 100.385601][ T7468] ? __d_alloc+0x3d/0x340 [ 100.385674][ T7468] __d_alloc+0x3d/0x340 [ 100.385702][ T7468] d_alloc_parallel+0x53/0xc60 [ 100.385732][ T7468] ? number+0x9ae/0xab0 [ 100.385836][ T7468] ? __rcu_read_unlock+0x4f/0x70 [ 100.385864][ T7468] ? __d_lookup+0x316/0x340 [ 100.385888][ T7468] __lookup_slow+0x8c/0x250 [ 100.385992][ T7468] lookup_noperm+0xc9/0x180 [ 100.386084][ T7468] simple_start_creating+0x97/0x120 [ 100.386109][ T7468] start_creating+0xe9/0x160 [ 100.386153][ T7468] __debugfs_create_file+0x6b/0x330 [ 100.386210][ T7468] debugfs_create_file_full+0x3f/0x60 [ 100.386229][ T7468] ? __pfx_macsec_setup+0x10/0x10 [ 100.386255][ T7468] ref_tracker_dir_debugfs+0x100/0x1e0 [ 100.386282][ T7468] alloc_netdev_mqs+0x1a2/0xa20 [ 100.386338][ T7468] rtnl_create_link+0x239/0x710 [ 100.386361][ T7468] rtnl_newlink_create+0x14c/0x620 [ 100.386419][ T7468] ? security_capable+0x83/0x90 [ 100.386439][ T7468] ? netlink_ns_capable+0x86/0xa0 [ 100.386463][ T7468] rtnl_newlink+0xf29/0x12d0 [ 100.386519][ T7468] ? __kfree_skb+0x109/0x150 [ 100.386593][ T7468] ? css_rstat_updated+0xb7/0x240 [ 100.386619][ T7468] ? __memcg_slab_free_hook+0x135/0x230 [ 100.386651][ T7468] ? __rcu_read_unlock+0x4f/0x70 [ 100.386671][ T7468] ? avc_has_perm_noaudit+0x1b1/0x200 [ 100.386721][ T7468] ? cred_has_capability+0x210/0x280 [ 100.386746][ T7468] ? selinux_capable+0x31/0x40 [ 100.386819][ T7468] ? security_capable+0x83/0x90 [ 100.386841][ T7468] ? ns_capable+0x7d/0xb0 [ 100.386935][ T7468] ? __pfx_rtnl_newlink+0x10/0x10 [ 100.386958][ T7468] rtnetlink_rcv_msg+0x5fb/0x6d0 [ 100.386983][ T7468] netlink_rcv_skb+0x120/0x220 [ 100.387002][ T7468] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 100.387051][ T7468] rtnetlink_rcv+0x1c/0x30 [ 100.387070][ T7468] netlink_unicast+0x5c0/0x690 [ 100.387156][ T7468] netlink_sendmsg+0x58b/0x6b0 [ 100.387175][ T7468] ? __pfx_netlink_sendmsg+0x10/0x10 [ 100.387253][ T7468] __sock_sendmsg+0x145/0x180 [ 100.387303][ T7468] ____sys_sendmsg+0x31e/0x4e0 [ 100.387326][ T7468] ___sys_sendmsg+0x17b/0x1d0 [ 100.387353][ T7468] __x64_sys_sendmsg+0xd4/0x160 [ 100.387379][ T7468] x64_sys_call+0x191e/0x2ff0 [ 100.387437][ T7468] do_syscall_64+0xd2/0x200 [ 100.387457][ T7468] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 100.387476][ T7468] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 100.387519][ T7468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.387540][ T7468] RIP: 0033:0x7f789e0aebe9 [ 100.387556][ T7468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.387573][ T7468] RSP: 002b:00007f789cb17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 100.387609][ T7468] RAX: ffffffffffffffda RBX: 00007f789e2d5fa0 RCX: 00007f789e0aebe9 [ 100.387620][ T7468] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004 [ 100.387632][ T7468] RBP: 00007f789cb17090 R08: 0000000000000000 R09: 0000000000000000 [ 100.387644][ T7468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.387654][ T7468] R13: 00007f789e2d6038 R14: 00007f789e2d5fa0 R15: 00007ffc317261b8 [ 100.387736][ T7468] [ 100.389037][ T7462] loop3: p1 < > p3 < p5 > p4 [ 100.751283][ T7462] loop3: partition table partially beyond EOD, truncated [ 100.758782][ T7462] loop3: p1 start 100663296 is beyond EOD, truncated [ 100.760552][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.768307][ T7462] loop3: p4 size 395008 extends beyond EOD, truncated [ 100.781429][ T7466] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1379'. [ 100.781903][ T7462] loop3: p5 size 395008 extends beyond EOD, truncated [ 100.816214][ T4385] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.827728][ T7471] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 100.837569][ T4308] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.854553][ T7475] loop0: detected capacity change from 0 to 128 [ 100.855357][ T7477] loop4: detected capacity change from 0 to 128 [ 100.867402][ T4308] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.874898][ T7477] EXT4-fs: Ignoring removed nobh option [ 100.897017][ T7477] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 100.914837][ T7485] loop0: detected capacity change from 0 to 512 [ 100.923525][ T7477] ext4 filesystem being mounted at /283/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.947342][ T7489] usb usb1: usbfs: process 7489 (syz.1.1387) did not claim interface 0 before use [ 100.960571][ T7488] loop3: detected capacity change from 0 to 512 [ 100.967914][ T7488] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 100.967969][ T7485] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.979406][ T3309] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 100.992103][ T7485] ext4 filesystem being mounted at /256/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 101.000504][ T7488] EXT4-fs (loop3): 1 truncate cleaned up [ 101.020298][ T7488] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.022661][ T7485] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1385'. [ 101.072498][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.082827][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.162813][ T7511] loop3: detected capacity change from 0 to 512 [ 101.172237][ T7518] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1398'. [ 101.172635][ T7511] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 101.198512][ T7511] EXT4-fs (loop3): 1 truncate cleaned up [ 101.205400][ T7511] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.235005][ T7525] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1400'. [ 101.243988][ T7524] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1399'. [ 101.261266][ T7527] loop1: detected capacity change from 0 to 512 [ 101.272528][ T7529] loop0: detected capacity change from 0 to 512 [ 101.281836][ T7527] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.295331][ T7529] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 101.303540][ T7527] ext4 filesystem being mounted at /308/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 101.314971][ T7529] EXT4-fs (loop0): 1 truncate cleaned up [ 101.321051][ T7529] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.333988][ T7527] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1401'. [ 101.343032][ T7538] loop4: detected capacity change from 0 to 2048 [ 101.350499][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.360978][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.374292][ T7529] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 4: comm syz.0.1402: path /262/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=131071, rec_len=65535, size=1024 fake=0 [ 101.394748][ T7529] EXT4-fs (loop0): Remounting filesystem read-only [ 101.414649][ T7538] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.445884][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.471117][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.494360][ T7552] 9pnet: p9_errstr2errno: server reported unknown error @0xffffffffffffffff [ 101.509679][ T7554] SELinux: security_context_str_to_sid (VWW) failed with errno=-22 [ 101.612775][ T7570] usb usb1: usbfs: process 7570 (syz.4.1417) did not claim interface 0 before use [ 101.640504][ T7574] loop1: detected capacity change from 0 to 512 [ 101.647577][ T7574] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 101.654676][ T7576] usb usb8: usbfs: process 7576 (syz.3.1420) did not claim interface 0 before use [ 101.659435][ T7574] EXT4-fs (loop1): 1 truncate cleaned up [ 101.672684][ T7574] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.701636][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.818936][ T7597] loop4: detected capacity change from 0 to 1024 [ 101.825855][ T7597] EXT4-fs: Ignoring removed nobh option [ 101.831979][ T7597] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 101.836001][ T7600] usb usb1: usbfs: process 7600 (syz.1.1431) did not claim interface 0 before use [ 101.844022][ T7597] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #11: comm +}[@: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 101.870967][ T7597] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm +}[@: couldn't read orphan inode 11 (err -117) [ 101.883616][ T7597] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.899311][ T7597] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 101.912538][ T7597] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm +}[@: Failed to acquire dquot type 0 [ 101.931021][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.949813][ T7603] loop4: detected capacity change from 0 to 1024 [ 101.956612][ T7603] EXT4-fs: Ignoring removed nomblk_io_submit option [ 101.963270][ T7603] EXT4-fs: Ignoring removed i_version option [ 101.969862][ T7603] EXT4-fs: Mount option(s) incompatible with ext2 [ 101.989256][ T7605] FAULT_INJECTION: forcing a failure. [ 101.989256][ T7605] name failslab, interval 1, probability 0, space 0, times 0 [ 102.001932][ T7605] CPU: 1 UID: 0 PID: 7605 Comm: syz.1.1433 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 102.001957][ T7605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 102.001969][ T7605] Call Trace: [ 102.001976][ T7605] [ 102.001983][ T7605] __dump_stack+0x1d/0x30 [ 102.002003][ T7605] dump_stack_lvl+0xe8/0x140 [ 102.002022][ T7605] dump_stack+0x15/0x1b [ 102.002038][ T7605] should_fail_ex+0x265/0x280 [ 102.002100][ T7605] should_failslab+0x8c/0xb0 [ 102.002114][ T7605] __kvmalloc_node_noprof+0x123/0x4e0 [ 102.002209][ T7605] ? alloc_netdev_mqs+0x553/0xa20 [ 102.002223][ T7605] alloc_netdev_mqs+0x553/0xa20 [ 102.002235][ T7605] rtnl_create_link+0x239/0x710 [ 102.002324][ T7605] rtnl_newlink_create+0x14c/0x620 [ 102.002366][ T7605] ? security_capable+0x83/0x90 [ 102.002452][ T7605] ? netlink_ns_capable+0x86/0xa0 [ 102.002468][ T7605] rtnl_newlink+0xf29/0x12d0 [ 102.002486][ T7605] ? __kfree_skb+0x109/0x150 [ 102.002497][ T7605] ? __kfree_skb+0x109/0x150 [ 102.002576][ T7605] ? __rcu_read_unlock+0x4f/0x70 [ 102.002588][ T7605] ? avc_has_perm_noaudit+0x1b1/0x200 [ 102.002603][ T7605] ? cred_has_capability+0x210/0x280 [ 102.002616][ T7605] ? selinux_capable+0x31/0x40 [ 102.002631][ T7605] ? security_capable+0x83/0x90 [ 102.002696][ T7605] ? ns_capable+0x7d/0xb0 [ 102.002707][ T7605] ? __pfx_rtnl_newlink+0x10/0x10 [ 102.002723][ T7605] rtnetlink_rcv_msg+0x5fb/0x6d0 [ 102.002738][ T7605] ? netlink_rcv_skb+0x7e/0x220 [ 102.002749][ T7605] netlink_rcv_skb+0x120/0x220 [ 102.002759][ T7605] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 102.002886][ T7605] rtnetlink_rcv+0x1c/0x30 [ 102.002899][ T7605] netlink_unicast+0x5c0/0x690 [ 102.002946][ T7605] netlink_sendmsg+0x58b/0x6b0 [ 102.002958][ T7605] ? __pfx_netlink_sendmsg+0x10/0x10 [ 102.002970][ T7605] __sock_sendmsg+0x145/0x180 [ 102.002985][ T7605] ____sys_sendmsg+0x345/0x4e0 [ 102.003074][ T7605] ___sys_sendmsg+0x17b/0x1d0 [ 102.003154][ T7605] __sys_sendmmsg+0x178/0x300 [ 102.003171][ T7605] __x64_sys_sendmmsg+0x57/0x70 [ 102.003182][ T7605] x64_sys_call+0x1c4a/0x2ff0 [ 102.003194][ T7605] do_syscall_64+0xd2/0x200 [ 102.003231][ T7605] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 102.003244][ T7605] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 102.003257][ T7605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.003337][ T7605] RIP: 0033:0x7f789e0aebe9 [ 102.003369][ T7605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.003464][ T7605] RSP: 002b:00007f789cb17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 102.003476][ T7605] RAX: ffffffffffffffda RBX: 00007f789e2d5fa0 RCX: 00007f789e0aebe9 [ 102.003513][ T7605] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 102.003520][ T7605] RBP: 00007f789cb17090 R08: 0000000000000000 R09: 0000000000000000 [ 102.003527][ T7605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 102.003534][ T7605] R13: 00007f789e2d6038 R14: 00007f789e2d5fa0 R15: 00007ffc317261b8 [ 102.003621][ T7605] [ 102.331080][ T7613] usb usb8: usbfs: process 7613 (syz.1.1436) did not claim interface 0 before use [ 102.425298][ T7625] loop4: detected capacity change from 0 to 512 [ 102.435304][ T7625] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 102.455553][ T7625] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1441: Failed to acquire dquot type 1 [ 102.468259][ T7625] EXT4-fs (loop4): 1 truncate cleaned up [ 102.474855][ T7625] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.487794][ T7633] loop1: detected capacity change from 0 to 1024 [ 102.494887][ T7633] EXT4-fs: Ignoring removed nomblk_io_submit option [ 102.501521][ T7633] EXT4-fs: Ignoring removed i_version option [ 102.508282][ T7633] EXT4-fs: Mount option(s) incompatible with ext2 [ 102.576196][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.611825][ T7648] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1539 sclass=netlink_route_socket pid=7648 comm=syz.3.1451 [ 102.637447][ T7648] loop3: detected capacity change from 0 to 1024 [ 102.646864][ T7440] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.648104][ T7648] EXT4-fs: Ignoring removed nomblk_io_submit option [ 102.727371][ T7648] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.765639][ T7440] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.777472][ T7658] SELinux: ebitmap: truncated map [ 102.787914][ T7658] SELinux: failed to load policy [ 102.835828][ T7440] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.901456][ T7668] loop1: detected capacity change from 0 to 1024 [ 102.910204][ T7668] EXT4-fs: Ignoring removed nomblk_io_submit option [ 102.916993][ T7668] EXT4-fs: Ignoring removed i_version option [ 102.923826][ T7668] EXT4-fs: Mount option(s) incompatible with ext2 [ 102.988929][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.303325][ T7696] loop1: detected capacity change from 0 to 512 [ 103.344595][ T7696] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.373471][ T7696] ext4 filesystem being mounted at /334/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 103.407725][ T7703] loop3: detected capacity change from 0 to 512 [ 103.425301][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.439400][ T7703] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 103.467153][ T7703] EXT4-fs (loop3): 1 truncate cleaned up [ 103.481432][ T7703] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.564446][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.604567][ T7716] syzkaller0: entered allmulticast mode [ 103.610268][ T7716] syzkaller0: entered promiscuous mode [ 103.624111][ T7715] syzkaller0: left promiscuous mode [ 103.629445][ T7715] syzkaller0: left allmulticast mode [ 103.640023][ T7717] FAULT_INJECTION: forcing a failure. [ 103.640023][ T7717] name failslab, interval 1, probability 0, space 0, times 0 [ 103.652654][ T7717] CPU: 0 UID: 0 PID: 7717 Comm: syz.0.1472 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 103.652677][ T7717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 103.652686][ T7717] Call Trace: [ 103.652691][ T7717] [ 103.652697][ T7717] __dump_stack+0x1d/0x30 [ 103.652747][ T7717] dump_stack_lvl+0xe8/0x140 [ 103.652763][ T7717] dump_stack+0x15/0x1b [ 103.652849][ T7717] should_fail_ex+0x265/0x280 [ 103.652868][ T7717] should_failslab+0x8c/0xb0 [ 103.652949][ T7717] kmem_cache_alloc_noprof+0x50/0x310 [ 103.652972][ T7717] ? security_file_alloc+0x32/0x100 [ 103.652998][ T7717] security_file_alloc+0x32/0x100 [ 103.653089][ T7717] init_file+0x5c/0x1d0 [ 103.653114][ T7717] alloc_empty_file+0x8b/0x200 [ 103.653137][ T7717] path_openat+0x68/0x2170 [ 103.653222][ T7717] ? bpf_get_stackid+0xee/0x120 [ 103.653304][ T7717] ? bpf_prog_e95a4a16f042d2d7+0x2a/0x32 [ 103.653319][ T7717] ? __rcu_read_unlock+0x4f/0x70 [ 103.653337][ T7717] ? __perf_event_task_sched_in+0xa5b/0xac0 [ 103.653355][ T7717] ? update_load_avg+0x1da/0x820 [ 103.653399][ T7717] ? _raw_spin_unlock+0x26/0x50 [ 103.653434][ T7717] do_filp_open+0x109/0x230 [ 103.653562][ T7717] do_sys_openat2+0xa6/0x110 [ 103.653588][ T7717] __x64_sys_creat+0x65/0x90 [ 103.653730][ T7717] x64_sys_call+0x2d94/0x2ff0 [ 103.653750][ T7717] do_syscall_64+0xd2/0x200 [ 103.653788][ T7717] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 103.653808][ T7717] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 103.653829][ T7717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.653849][ T7717] RIP: 0033:0x7fcf49d9ebe9 [ 103.653935][ T7717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.653953][ T7717] RSP: 002b:00007fcf487de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 103.653973][ T7717] RAX: ffffffffffffffda RBX: 00007fcf49fc6090 RCX: 00007fcf49d9ebe9 [ 103.653999][ T7717] RDX: 0000000000000000 RSI: c9028ba210c11f8b RDI: 00002000000000c0 [ 103.654012][ T7717] RBP: 00007fcf487de090 R08: 0000000000000000 R09: 0000000000000000 [ 103.654027][ T7717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.654037][ T7717] R13: 00007fcf49fc6128 R14: 00007fcf49fc6090 R15: 00007ffc61826248 [ 103.654054][ T7717] [ 103.896693][ T7714] syzkaller0: entered allmulticast mode [ 103.936238][ T7714] syzkaller0 (unregistering): left allmulticast mode [ 104.069888][ T7732] loop1: detected capacity change from 0 to 512 [ 104.085419][ T7732] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.192245][ T7732] ext4 filesystem being mounted at /341/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 104.223625][ T7743] loop4: detected capacity change from 0 to 512 [ 104.231227][ T7743] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 104.252163][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.266364][ T7743] __quota_error: 252 callbacks suppressed [ 104.266414][ T7743] Quota error (device loop4): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 104.282325][ T7743] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 104.292284][ T7743] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1486: Failed to acquire dquot type 1 [ 104.304362][ T7743] EXT4-fs (loop4): 1 truncate cleaned up [ 104.310620][ T7743] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.348320][ T7752] loop3: detected capacity change from 0 to 512 [ 104.356146][ T7752] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 104.367786][ T7752] EXT4-fs (loop3): 1 truncate cleaned up [ 104.376082][ T7752] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.423063][ T29] audit: type=1326 audit(1754852322.054:7124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7756 comm="syz.1.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f789e0aebe9 code=0x7ffc0000 [ 104.447422][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.460923][ T29] audit: type=1326 audit(1754852322.094:7125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7756 comm="syz.1.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f789e0aebe9 code=0x7ffc0000 [ 104.484444][ T29] audit: type=1326 audit(1754852322.094:7126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7756 comm="syz.1.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7f789e0aebe9 code=0x7ffc0000 [ 104.487082][ T7759] __nla_validate_parse: 9 callbacks suppressed [ 104.487095][ T7759] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1494'. [ 104.507883][ T29] audit: type=1326 audit(1754852322.094:7127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7756 comm="syz.1.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f789e0aebe9 code=0x7ffc0000 [ 104.546587][ T29] audit: type=1326 audit(1754852322.094:7128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7756 comm="syz.1.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f789e0aebe9 code=0x7ffc0000 [ 104.570029][ T29] audit: type=1326 audit(1754852322.094:7129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7756 comm="syz.1.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7f789e0aebe9 code=0x7ffc0000 [ 104.593584][ T29] audit: type=1326 audit(1754852322.094:7130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7756 comm="syz.1.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f789e0aebe9 code=0x7ffc0000 [ 104.610283][ T7765] loop1: detected capacity change from 0 to 512 [ 104.617046][ T29] audit: type=1326 audit(1754852322.094:7131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7756 comm="syz.1.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f789e0aebe9 code=0x7ffc0000 [ 104.648837][ T7767] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 104.656553][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.665520][ T7765] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.665649][ T7765] ext4 filesystem being mounted at /346/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 104.696500][ T7765] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1497'. [ 104.737843][ T7776] usb usb8: usbfs: process 7776 (syz.3.1501) did not claim interface 0 before use [ 104.749818][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.760586][ T7776] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1501'. [ 104.812239][ T7784] loop1: detected capacity change from 0 to 512 [ 104.819553][ T7784] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 104.830891][ T7787] FAULT_INJECTION: forcing a failure. [ 104.830891][ T7787] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 104.844004][ T7787] CPU: 1 UID: 0 PID: 7787 Comm: syz.0.1503 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 104.844271][ T7787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 104.844284][ T7787] Call Trace: [ 104.844290][ T7787] [ 104.844297][ T7787] __dump_stack+0x1d/0x30 [ 104.844329][ T7787] dump_stack_lvl+0xe8/0x140 [ 104.844371][ T7787] dump_stack+0x15/0x1b [ 104.844462][ T7787] should_fail_ex+0x265/0x280 [ 104.844484][ T7787] should_fail+0xb/0x20 [ 104.844502][ T7787] should_fail_usercopy+0x1a/0x20 [ 104.844524][ T7787] _copy_from_iter+0xcf/0xe40 [ 104.844603][ T7787] ? _copy_from_iter+0x16d/0xe40 [ 104.844631][ T7787] copy_page_from_iter+0x178/0x2a0 [ 104.844658][ T7787] skb_copy_datagram_from_iter+0x232/0x490 [ 104.844687][ T7787] tun_get_user+0xafa/0x2680 [ 104.844742][ T7787] ? ref_tracker_alloc+0x1f2/0x2f0 [ 104.844765][ T7787] ? selinux_file_permission+0x1e4/0x320 [ 104.844786][ T7787] tun_chr_write_iter+0x15e/0x210 [ 104.844828][ T7787] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 104.844855][ T7787] vfs_write+0x52a/0x960 [ 104.844878][ T7787] ksys_write+0xda/0x1a0 [ 104.844900][ T7787] __x64_sys_write+0x40/0x50 [ 104.844965][ T7787] x64_sys_call+0x27fe/0x2ff0 [ 104.844982][ T7787] do_syscall_64+0xd2/0x200 [ 104.845015][ T7787] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 104.845037][ T7787] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 104.845061][ T7787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.845082][ T7787] RIP: 0033:0x7fcf49d9ebe9 [ 104.845097][ T7787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.845125][ T7787] RSP: 002b:00007fcf487ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 104.845144][ T7787] RAX: ffffffffffffffda RBX: 00007fcf49fc5fa0 RCX: 00007fcf49d9ebe9 [ 104.845182][ T7787] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000005 [ 104.845195][ T7787] RBP: 00007fcf487ff090 R08: 0000000000000000 R09: 0000000000000000 [ 104.845207][ T7787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 104.845220][ T7787] R13: 00007fcf49fc6038 R14: 00007fcf49fc5fa0 R15: 00007ffc61826248 [ 104.845240][ T7787] [ 104.846916][ T7784] EXT4-fs (loop1): 1 truncate cleaned up [ 104.889784][ T7793] usb usb8: usbfs: process 7793 (syz.3.1506) did not claim interface 0 before use [ 104.903294][ T7784] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.921805][ T7793] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1506'. [ 104.956726][ T7798] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 105.111601][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.145116][ T7800] usb usb8: usbfs: process 7800 (syz.1.1509) did not claim interface 0 before use [ 105.156407][ T7800] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1509'. [ 105.182506][ T7807] ================================================================== [ 105.190587][ T7807] BUG: KCSAN: data-race in memcpy_and_pad / release_task [ 105.197601][ T7807] [ 105.199907][ T7807] write to 0xffff88811a3bc6c8 of 8 bytes by task 3306 on cpu 0: [ 105.207517][ T7807] release_task+0x6f9/0xb60 [ 105.212010][ T7807] wait_consider_task+0x114a/0x1660 [ 105.217201][ T7807] __do_wait+0xfa/0x510 [ 105.221376][ T7807] do_wait+0xb7/0x260 [ 105.225348][ T7807] kernel_wait4+0x16b/0x1e0 [ 105.229844][ T7807] __x64_sys_wait4+0x91/0x120 [ 105.234518][ T7807] x64_sys_call+0x2a66/0x2ff0 [ 105.239185][ T7807] do_syscall_64+0xd2/0x200 [ 105.243676][ T7807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.249551][ T7807] [ 105.251859][ T7807] read to 0xffff88811a3bc200 of 3264 bytes by task 7807 on cpu 1: [ 105.259645][ T7807] memcpy_and_pad+0x48/0x80 [ 105.264133][ T7807] arch_dup_task_struct+0x2c/0x40 [ 105.269138][ T7807] dup_task_struct+0x83/0x6a0 [ 105.273803][ T7807] copy_process+0x399/0x2000 [ 105.278391][ T7807] kernel_clone+0x16c/0x5c0 [ 105.282881][ T7807] __se_sys_clone3+0x1c2/0x200 [ 105.287636][ T7807] __x64_sys_clone3+0x31/0x40 [ 105.292304][ T7807] x64_sys_call+0x1fc9/0x2ff0 [ 105.296971][ T7807] do_syscall_64+0xd2/0x200 [ 105.301460][ T7807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.307339][ T7807] [ 105.309649][ T7807] Reported by Kernel Concurrency Sanitizer on: [ 105.315784][ T7807] CPU: 1 UID: 0 PID: 7807 Comm: syz.3.1513 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 105.327834][ T7807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 105.337874][ T7807] ================================================================== [ 105.351441][ T7810] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 105.808804][ T4385] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.819820][ T4385] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.830672][ T4385] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.841448][ T4385] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0