last executing test programs: 3.522579923s ago: executing program 2 (id=1861): bpf$PROG_LOAD(0x5, 0x0, 0x39) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="170000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB="1000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x80, 0x3, 0x0, 0xd, 0x0, 0xffff}, 0x67) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000"], 0x48) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH") bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000180)="317aa26a5cc62cda6e544b7d44f8ae6498acda3d2223306e40ebc11db687e7a4f991613b23aca5a4c9eb83af2ea1904c31e359fcaf6681045b1e1baa61047aea179fdd35dd454d3a0bbb57d6b45a60c9f7ea2fa2f3a28ffd83", &(0x7f0000000580)=""/215}, 0x20) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c0000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00'}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 3.175268011s ago: executing program 2 (id=1866): setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}, 0x1, 0x0, 0x0, 0x204c000}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x4a79a644ae8bc70) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r6}, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000d40)=@newsa={0x1fc, 0x10, 0x200, 0x70bd26, 0x25dfdbfe, {{@in=@local, @in6=@empty, 0x4e26, 0x100, 0x4e24, 0x6, 0xa, 0x0, 0x80, 0x32}, {@in6=@local, 0x4d5, 0x32}, @in6=@remote, {0xffff, 0x3, 0x1, 0x0, 0xe, 0x8, 0x7f, 0x7ff}, {0x7fffffff, 0x0, 0x6, 0xb648}, {0x5, 0x2, 0x3}, 0x70bd28, 0x3507, 0x2, 0x1, 0xf, 0x69}, [@sa={0xe4, 0x6, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e21, 0x9, 0x4e24, 0x9, 0xa, 0xc0, 0x0, 0x2f}, {@in6=@dev={0xfe, 0x80, '\x00', 0x2f}, 0x4d4, 0xff}, @in=@local, {0x6, 0x0, 0xfffffffffffffffb, 0x10, 0x7bfa, 0xa, 0xf, 0x2}, {0x9, 0x376, 0xffffffff80000001, 0x2}, {0x510, 0xffff, 0xfffffffe}, 0x70bd29, 0x3502, 0xa, 0x1, 0x4, 0x1}}, @address_filter={0x28, 0x1a, {@in6=@local, @in6=@rand_addr=' \x01\x00', 0x0, 0x2, 0x7}}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x40000}, 0x4) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, &(0x7f00000001c0)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x89901) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) close(r7) socket$inet6_mptcp(0xa, 0x1, 0x106) r8 = syz_open_procfs(0x0, &(0x7f0000000040)='clear_refs\x00') mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r8}}) 2.729168178s ago: executing program 0 (id=1872): bpf$PROG_LOAD(0x5, 0x0, 0x39) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="170000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB="1000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x80, 0x3, 0x0, 0xd, 0x0, 0xffff}, 0x67) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000"], 0x48) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH") bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000180)="317aa26a5cc62cda6e544b7d44f8ae6498acda3d2223306e40ebc11db687e7a4f991613b23aca5a4c9eb83af2ea1904c31e359fcaf6681045b1e1baa61047aea179fdd35dd454d3a0bbb57d6b45a60c9f7ea2fa2f3a28ffd83", &(0x7f0000000580)=""/215}, 0x20) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00'}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 2.228290649s ago: executing program 2 (id=1873): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10) pwritev(r0, &(0x7f0000001680)=[{&(0x7f0000001540)='@7', 0x2}], 0x1, 0x99, 0x10000) 2.149045055s ago: executing program 0 (id=1875): mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0xd9}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r1}, 0x18) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) dup(r2) ioctl$F2FS_IOC_GET_COMPRESS_OPTION(0xffffffffffffffff, 0x8002f515, &(0x7f0000000200)) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='sched_switch\x00', r5, 0x0, 0xfffffffffffffffe}, 0x18) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x4000, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[@ANYBLOB="0200ff00", @ANYRES16=r7, @ANYBLOB="796100000000000000007e00000033000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x4000054) getrusage(0x1, &(0x7f0000000180)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r3}, 0x10) r8 = socket$xdp(0x2c, 0x3, 0x0) syz_io_uring_setup(0xbc3, 0x0, 0x0, 0x0) setsockopt$XDP_UMEM_REG(r8, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) r9 = getpid() process_vm_readv(r9, &(0x7f0000008400)=[{&(0x7f0000000340)=""/69, 0x623c41ea}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 2.143567646s ago: executing program 2 (id=1876): r0 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000300)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000009c0)="010000000037a788a11d1f000000000000006923c63a4541062101b60a2156566de77062086575a59ea9cb", 0x2b, r0) r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa) keyctl$unlink(0x9, r0, r1) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='signal_deliver\x00', r2}, 0x18) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x4880, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000280)={'syzkaller0\x00', 0xca02}) close(r3) socket$netlink(0x10, 0x3, 0x0) preadv(r4, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/108, 0x6c}], 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe4059d1ed18e2292, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18003200"/13, @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xffffa725, 0x30, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r6, 0x0, 0x9}, 0x18) r7 = getpid() sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) clock_nanosleep(0x8, 0x0, &(0x7f00000004c0)={0x0, 0x3938700}, 0x0) r8 = socket$inet6_icmp(0xa, 0x2, 0x3a) getpeername$inet6(r8, &(0x7f00000000c0)={0xa, 0x0, 0x0, @private1}, &(0x7f0000000100)=0x1c) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES64=r1], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES8=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000724ab161dcc9105d803000008000000b704000000000000a700000001000005953e945f93bacfeebad2d552f60256a605ee769900eb9424184f21ac7fcf19cea69ac26578414a3c013e8150afc1095e32edc8a18b5cd20594"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.911851024s ago: executing program 3 (id=1877): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000400)=[{0x6, 0x1, 0x2, 0x8c}]}) openat$misdntimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f00000012c0)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x290) close_range(r2, 0xffffffffffffffff, 0x0) 1.877532937s ago: executing program 1 (id=1878): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="070000000400000008000000ff00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="000000000000000000000000000000000000000000000000000000005b5c6b7b6fa65ba6cb4cf3bcbb754da9a2c8684be52013fd4c609e4b09a853763338da7c6bdccb5582eb554d76d11a722ba2bd11c0537875e984c4d5304c905b39e1cd859d9e3f38e04ec0c12f683ff2cfd97eca896fab150d7c5d2cae51470160f8f9eb3080418675dca0b37f054d14a1fde608a8f91a164fa863eef3317c99d39cea06ae3c37cfe9e95a47ab69932d78cd1649e819a9c5d3ec87ac7c6496a3e994a99de99f3b20c14e8cdec91ccf0abf8bdc9dce2e4c0f3733e762d47469f34f27b0d40f1988bdf7faa0c7da53cb1c4ef9c22efe75f60edf5df2b83f2fb80210c4d221bcaffce9e46992d91c7570d73d5c3b75e8880a14d1", @ANYRESOCT=0x0, @ANYRES8=r0, @ANYRESHEX], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000015c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000009c3e850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) syz_clone3(&(0x7f00000003c0)={0x68006080, &(0x7f0000000080), &(0x7f0000000000), &(0x7f0000000140), {0x11}, &(0x7f00000001c0)=""/151, 0x97, &(0x7f00000002c0)=""/43, &(0x7f0000000300)}, 0x58) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000100)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffff8}, 0x18) socket$kcm(0x29, 0x5, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) unshare(0x12000100) r3 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) unshare(0x28060400) ptrace(0x10, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYRES8=r3], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) r4 = socket$inet(0x2, 0x1, 0x0) connect$inet(r4, &(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10) setsockopt$inet_opts(r4, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0), 0x4) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r6 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000280)={'\x00', 0x7e, 0x1000, 0x5c8, 0x80000003, 0x6}) ioctl$BLKTRACETEARDOWN(r6, 0x1276, 0x0) 1.849867819s ago: executing program 0 (id=1879): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000400)=[{0x6, 0x1, 0x2, 0x8c}]}) openat$misdntimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f00000012c0)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x290) close_range(r2, 0xffffffffffffffff, 0x0) 1.744620338s ago: executing program 1 (id=1881): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x2) r4 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x202, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[], 0x48) r5 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6, 0x0, 0x80010000}, 0x18) gettid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f0000000380)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r7, &(0x7f0000000200)=""/209, 0xd1) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x40, r5, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x40}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r9, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00'], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.626143398s ago: executing program 4 (id=1886): bpf$PROG_LOAD(0x5, 0x0, 0x39) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="170000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB="1000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x80, 0x3, 0x0, 0xd, 0x0, 0xffff}, 0x67) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000"], 0x48) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH") bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000180)="317aa26a5cc62cda6e544b7d44f8ae6498acda3d2223306e40ebc11db687e7a4f991613b23aca5a4c9eb83af2ea1904c31e359fcaf6681045b1e1baa61047aea179fdd35dd454d3a0bbb57d6b45a60c9f7ea2fa2f3a28ffd83", &(0x7f0000000580)=""/215}, 0x20) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00'}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 1.467453921s ago: executing program 4 (id=1887): mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f0000000240)='./file0\x00', 0x103) r1 = dup2(r0, r0) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0xb, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='mm_page_alloc\x00', r2}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) mount_setattr(0xffffffffffffff9c, 0x0, 0x8000, 0x0, 0x2000) bpf$PROG_LOAD(0x5, &(0x7f0000001f80)={0x27, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000001cc0)=ANY=[@ANYRES16=r2, @ANYRES16=r3, @ANYBLOB="4980825f231591b1906e34b2b9181636b2db58c40fa93daf8dd763380b9ffb5b24b565cb1603c8096ecd39affbb5635675250e7d0a62e888b0c7e1804abb5143c6192485322977b26d625036ba4a309cfa40d7a35f2616198f27decaf65bfe7d54c814ce79e40c6ec37591f6f0643e887cdcb06d38181e01d9af5d7d2e0a37ed91d58063c144b2781f40e09a5ab3dbd4b9cf6ea0cfc2ead7d7336947cb7ed840361cbfa29b5b041db3309e82584f203732310c7241eb567ea14a21863a232ba387ec9fcf2ec7a807051bcf3d3642f064679e5c9540f438762766916c344f033b7e9aaf0d2456b7ff42f6baf20cf8119aba93", @ANYBLOB="1747195d30e6eaf0ae596d5fe6f556b165bda4b0146891793b6ef5a4cc8a632d7e9da4ce96fa0723ff509b355fd17b55b57cd273337091fd3faf45d9359966c2e8537c67bf2de85a8464059b6499eafe49304d596cc8759debda9ca2b2a48be5da40f6130000a5b3a6e7d99eed0473fe8fa636778ed546266f2511e1e60133b9228e763a2b3b7334c8734ccf3d167b0e61460ee40fdbefc16e0534c3d83d30ab1713b0ec83d56ae7b4a7ae7084d4532572adcd91ba8a6341c17a44db75679e1512b397010c798a17abcc5876cef53324acf91d5e077771205d9f7938a6054f2690375d2fa6b57accbe942fa94b330a046caef3cf922cecc8afa7744b9628e2c9234ddb78fb60ebcddb018f50010414fc69eb7f0d17dd688752e7934e013fc2c5f18a6f7fef8132d0eb2faea2265888f716add552654a12fab55098b0fa5a50a93781266ee387dae372f79dde08d5cf1eb8109976e4a0d2573ee298f1f4996db8a32b6ac6547bac4e66a51b8125fde026568eb754038ab6f9583da14d9a0ebad1bbafaf49d460ad0c", @ANYRESOCT=r2, @ANYRES8], 0x50) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x4000050) sendto$inet6(r4, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c) shutdown(r4, 0x1) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x40, &(0x7f00000004c0), 0x1, 0x57b, &(0x7f0000000640)="$eJzs3T9sG9UfAPDvXeJf/+VHigQSVB0qQCpSVScpLRSmdkUUVeqAxAKR40ZVnDiKHWiiDOleITogQF3KBgMjiIEBsTCysoCYkSoagdR0AKPznzRN7OC0TYziz0e6+L17Z3/f+fx99p3ucgH0rWPZnzTi2Yi4mEQMr2sbjGbjscZyqytLhXsrS4UkarVLvyeRRMTdlaVCa/mk+XgoIpYj4pmI+D4XcSLdHLeysDg1XioV55r1ker07EhlYfHklenxyeJkcealV149c/b0mbFTY+ufdq+2vpbb3rpe/+XGB9d/fP3WjS++PLpc+Gg8iXMx1Gxbvx6PU+M9ycW5DfNP70SwHkp63QEeykAzz7NUejqGY6CZ9e3Uhne1a8AOq+2LqAF9KpH/0KdavwOy/d/WtJu/P26fb+yAZHFXm1OjZbBxbCL21/dNDv6RPLBnku1vHt7NjrInLV+LiNHBwc2f/6T5+Xt4o4+jg+yo7843NtTm7Z+ujT/RZvwZah07fUSt8W910/h3P/5Ah/HvYpcx/nr71087xr8WcaRt/GQtftImfhoR73YZ/+Zb35zt1Fb7LOJ4tI/fkmx9fHjk8pVScbTxt22Mb48ffW2r9T/YIX7jmO3++tdMu/d/tsv1//qHr55b3iL+i89vvf3bvf8HIuLDLuM/effzNzq13b6W3Ml+BWx3+2fzbnUZ/+Vzx37uclEAAAAAAAAAAGAb0vq5bEmaXyunaT7fuIb3qTiYlsqV6onL5fmZicY5b4cjl7bOtBpu1JOsPtY8H7dVP7Whvnbu0MCBej1fKJcmervqAAAAAAAAAAAAAAAAAAAA8J9xaMP1/38O1K//33i7amCv6nzLb2Cvk//Qvx7M/6Rn/QB2n+9/6Fs1+Q/9S/5D/5L/0L/kP/SvDvmf2+1+ALvP9z/0L/kPAAAAAAAAAAAAAAAAAAAAAAAAAAA74uKFC9lUu7eyVMjqE4ML81Pl905OFCtT+en5Qr5QnpvNT5bLk6VivlCe/rfXS8rl2dGYmb86Ui1WqiOVhcV3psvzM617ihb9T3EAAAAAAAAAAAAAAAAAAADYbKg+JWk+ItJ6OU3z+Yj/R8ThyCWXr5SKoxHxRET8NJDbl9XHet1pAAAAAAAAAAAAAAAAAAAA2GMqC4tT46VSca5PCoPbWTgilh9vN7JX3Pazcs1t1abpzSMdmxQUHqXQy1EJAAAAAAAAAAAAAAAAAAD60/2Lfrt9xt872yEAAAAAAAAAAAAAAAAAAADoS+lvSURk0/HhF4Y2tv4vWR2oP0bE+zcvfXx1vFqdG8vm31mbX/2kOf9UL/oPdKuVp608BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO6rLCxOjZdKxbkdLPR6HQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAexj8BAAD//+q51EI=") openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a) fallocate(r4, 0x20, 0x0, 0x7ffe) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0xf0) r7 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGPGRP(r6, 0x8904, &(0x7f0000000140)) sendmsg$AUDIT_SET(r7, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x8804}, 0x44080804) prctl$PR_SET_NAME(0xf, &(0x7f0000000580)='\x00=\xa8\xa89\xb3\x1aC=\xd4\x82}\x80Q\x98\xaa\'\xb2t\xad\x02\x96\x93 ^zT\xa5L\xac\x9e\x1a\xe7VD~\xd4\xd33\x13 \x00\x00\xce=\x06z\x9b\xae\x06\x9b\x06?\xbbX$-kS\xad\xebK\xedM\x84\x18.>\x10:\xa2\xa0\x83d|0K\x1d\xbc&\x80\x887\x83\xa6\xd9S\xe0p\xbf*\x19\x17\x1f\xef%\xd0\x81\x14ia\xec\xa8\x8c\xa3\xd0\xc7c\xed\x1cM\x16\x0e\xd3/\x80\x92\"M>I\x90.\xad*0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r11, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@delchain={0x2c, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xe}, {0xffff, 0x3}, {0xffff, 0x1}}, [@TCA_CHAIN={0x8, 0xb, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) pwritev2(r0, &(0x7f00000004c0)=[{&(0x7f0000000000)="a1", 0x1}], 0x1, 0xbf1b, 0xfffffff2, 0x1) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kmem_cache_free\x00', r12}, 0x10) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) 970.760171ms ago: executing program 3 (id=1890): mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0xd9}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r1}, 0x18) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) dup(r2) ioctl$F2FS_IOC_GET_COMPRESS_OPTION(0xffffffffffffffff, 0x8002f515, &(0x7f0000000200)) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='sched_switch\x00', r5, 0x0, 0xfffffffffffffffe}, 0x18) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x4000, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[@ANYBLOB="0200ff00", @ANYRES16=r7, @ANYBLOB="796100000000000000007e00000033000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x4000054) getrusage(0x1, &(0x7f0000000180)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r3}, 0x10) socket$xdp(0x2c, 0x3, 0x0) syz_io_uring_setup(0xbc3, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) r8 = getpid() process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f0000000340)=""/69, 0x623c41ea}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 916.158126ms ago: executing program 3 (id=1891): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x6f, r3, 0x1, 0x0, 0x0, {{}, {0x0, 0x6}}}, 0xfd53}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 887.023158ms ago: executing program 3 (id=1892): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x70, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10) close(r1) 879.783579ms ago: executing program 1 (id=1893): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000340)=[@in6={0xa, 0x4e24, 0x3, @empty, 0xffffffff}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000700)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value, 0x8) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r4, 0x0, 0x2}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e0000000000000000180100", @ANYRES32, @ANYBLOB="0000000000000000b708"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae091f75cd9701ffa62891f686bfbb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003875c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9e"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10) r6 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r6, &(0x7f0000000040), 0x10) listen(r6, 0x0) r7 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r7, &(0x7f0000000080), 0x10) sendmmsg(r7, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094) r8 = accept4$unix(r6, 0x0, 0x0, 0x0) recvfrom$unix(r8, &(0x7f0000000140)=""/263, 0x40000, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000000206010200000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a320000000005000400000000001400078008001240000000000500150022000000050005000200000005000100"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0xfffffffd, 0x0, 0x1, 0x1}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000100000000000000"], 0xb8}}, 0x0) 866.39571ms ago: executing program 4 (id=1894): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x6f, r3, 0x1, 0x0, 0x0, {{}, {0x0, 0x6}}}, 0xfd53}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (fail_nth: 1) 853.546311ms ago: executing program 3 (id=1895): syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000a40), 0x1, 0x55e, &(0x7f0000000a80)="$eJzs3c1rHOUfAPDvbJK+/35NoRQVkUAPVmo3TeJLBQ/1KFos6L0uyTSUbLoluylNLNge7MWLFEHEgnjXu8fiP+BfUdBCkRL04CUym9k0L7vJNt2ajfP5wITn2Znd5/nuzPfJMzuzbACFNZL9KUW8GBFfJRFHIyLJ1w1GvnJkZbulxzcnsyWJ5eWP/0ia22X11mu1nnc4r7wQEb98EXG6tLnd+sLiTKVaTefy+mhj9tpofWHxzJXZynQ6nV4dn5g49+bE+Dtvv9WzWF+7+Ne3H91//9yXJ5e++enhsbtJnI8j+bq1cTyDW2srIzGSvydDcX7DhmM9aKyfJLvdAXZkIM/zocjGgKMxkGc98N/3eUQsAwWVyH8oqNY8oHVu36Pz4D3j0XsrJ0Cb4x9c+WwkDjTPjQ4tJevOjLLz3eEetJ+18fPv9+5mS2z4HOJAD14foJNbtyPi7ODg5vEvyce/nTvbxTYb2yja/x/YTfez+c/r7eY/pdX5T7SZ/xxuk7s7sX3+lx72oJmOsvnfu23nv6sXrYYH8tr/mnO+oeTylWqajW3/j4hTMbQ/q291Pefc0oPlTuvWzv+yJWu/NRfM+/FwcP/650xVGpVniXmtR7cjXmo7/01W93/SZv9n78fFLts4kd57pdO67eN/vpZ/iHi17f5/ckUr2fr65GjzeBhtHRWb/XnnxK+d2t/t+LP9f2jr+IeTtddr60/fxvcH/k47rVsXf3R//O9LPmmW9+WP3ag0GnNjEfuSDzc/Pv7kua16a/ss/lMntx7/2h3/ByPi0y7jv3P8x5e7in+X9v/UU+3/py88+OCz7zq1393490azdCp/pJvxr9sOPst7BwAAAAAAAP2mFBFHIimVV8ulUrm8cn/H8ThUqtbqjdOXa/NXp6L5XdnhGCq1rnQfXXM/xFh+P2yrPr6hPhERxyLi64GDzXp5slad2u3gAQAAAAAAAAAAAAAAAAAAoE8c7vD9/8xvA7vdO+C585PfUFzb5n8vfukJ6Ev+/0NxyX8oLvkPxSX/objkPxSX/Ifikv9QXPIfAAAAAAAAAAAAAAAAAAAAAAAAAAAAeurihQvZsrz0+OZkVp+6vjA/U7t+Ziqtz5Rn5yfLk7W5a+XpWm26mpYna7PbvV61Vrs2Nh7zN0Ybab0xWl9YvDRbm7/auHRltjKdXkqH/pWoAAAAAAAAAAAAAAAAAAAAYG+pLyzOVKrVdE5BYUeFwf7oxp4vZNnYB91Y1x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6A//BAAA//8iuzYD") mmap(&(0x7f0000702000/0x4000)=nil, 0x4000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00"/11], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b000000070000000100010009000000"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r3, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) munmap(&(0x7f0000001000/0x2000)=nil, 0x2000) ptrace$peeksig(0x4209, 0x0, 0x0, 0x0) r6 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x7}, 0x1c) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$tipc(r1, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10, &(0x7f0000004340)=[{&(0x7f0000000f00)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c81be3110a36a27aeffe0ad5a8a7385a1913a64fb2db630e8fc8017828cea60f327c3a510b441d94d32584e55f7c2320d89b2ba3d44d832b8e7c5f45442de9ef37d057e6d0c6664e8d74e23f18336d41a3e38c2cda49050cb32ca7040a388c75741ac07d3befc714df35dc92ff70ad041cf17b70a971c142bb89ecfe25290750e989c8666560a61b62fdc4fadef7f30b6269a669ef99be7e7ba7ddddf99949fedc0c331796988c6eedb5c66cbe2870a2affce0b550c3411a2aaf302481ee93398c0fbc0c815cfe1e78bf8fed7f19f2c2dae17a4533aa85f6b787f8072adda379118d76dbba3cebfc4c8aacbb1f79a28ec3a0ec99816e3c8721ddcde1ce73b0704063474", 0xe24}, {0x0, 0x4000}, {0x0}, {0x0}, {&(0x7f00000020c0), 0x500}], 0x5}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x18) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201) socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r7, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r8, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r8}, @IFLA_PROTO_DOWN={0x5}]}, 0x44}}, 0x0) 731.967871ms ago: executing program 1 (id=1896): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}}, 0x1c}}, 0x10000800) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="4696e32919cce1055f8a45cc32e0d0ae5ca5212d7f81d4107b7f3c3881626ea6", @ANYBLOB="0000000000000000b702000013000000850000008600000095200b4f0cb956e7f842fd60714779e0958c960c381caee13eb022dc8556ceefdece6978ae02057d14627e1b99eb3600abe1cf6fd4a6c8d21ec91a34a2d4b17a1d5c9f79e6e9841e2d45dc3410e1e1aa87bebeddb5815cc405496beefd0c06a9b9e41730e7de5ca59e83af06f1d103715abfc03061c6ff2ce6152f02d554c611ff6d6ac735dbcb3423a3a934f1fb306f85a6ed804f9de51a580cbac0b9cc7fcc1cdb5c684bcd9e00"/214], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x6f, r3, 0x1, 0x0, 0x0, {{}, {0x0, 0x6}}}, 0xfd53}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 713.160392ms ago: executing program 1 (id=1897): bpf$PROG_LOAD(0x5, 0x0, 0x39) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="170000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB="1000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x80, 0x3, 0x0, 0xd, 0x0, 0xffff}, 0x67) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000"], 0x48) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH") bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000180)="317aa26a5cc62cda6e544b7d44f8ae6498acda3d2223306e40ebc11db687e7a4f991613b23aca5a4c9eb83af2ea1904c31e359fcaf6681045b1e1baa61047aea179fdd35dd454d3a0bbb57d6b45a60c9f7ea2fa2f3a28ffd83", &(0x7f0000000580)=""/215}, 0x20) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00'}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 702.076563ms ago: executing program 4 (id=1898): socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r1}, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x40, 0x7ffc1ffb}]}) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0xd, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x18, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18020000040000000000000000000000850000004100000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000180000850000008200000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x17, 0x10, &(0x7f0000000580)=ANY=[@ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf94e9898e3717a49, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x18) syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f00000006c0)='./file1\x00', 0x40, &(0x7f00000000c0)={[{@user_xattr}, {@nodioread_nolock}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP") r6 = open(&(0x7f0000000140)='./file1\x00', 0x64042, 0x169) pwritev(r6, &(0x7f0000000080)=[{&(0x7f0000000800)="59fdd4", 0xfdef}], 0x1, 0x8, 0x365) 495.43002ms ago: executing program 3 (id=1899): r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\x01\x04\x00\x00\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) 116.530061ms ago: executing program 4 (id=1901): mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0xd9}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r1}, 0x18) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) dup(r2) ioctl$F2FS_IOC_GET_COMPRESS_OPTION(0xffffffffffffffff, 0x8002f515, &(0x7f0000000200)) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='sched_switch\x00', r5, 0x0, 0xfffffffffffffffe}, 0x18) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x4000, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[@ANYBLOB="0200ff00", @ANYRES16=r7, @ANYBLOB="796100000000000000007e00000033000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x4000054) getrusage(0x1, &(0x7f0000000180)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r3}, 0x10) socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) r8 = getpid() process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f0000000340)=""/69, 0x623c41ea}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 110.319021ms ago: executing program 0 (id=1902): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xa6}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'geneve1\x00', 0x0}) sendto$packet(r2, 0x0, 0x0, 0x4c001, &(0x7f00000002c0)={0x11, 0x9, r3, 0x1, 0xd, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x14) 82.343154ms ago: executing program 0 (id=1903): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x2) r4 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x202, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[], 0x48) r5 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6, 0x0, 0x80010000}, 0x18) gettid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f0000000380)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r7, &(0x7f0000000200)=""/209, 0xd1) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x40, r5, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x40}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r9, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00'], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) 33.039348ms ago: executing program 1 (id=1904): mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x40009, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32=r2, @ANYBLOB="0000faffffff000034001280110001006272696467655f736c617665000000001c000580050021000000000006001f0000000000080022"], 0x54}}, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x101c0ca, &(0x7f0000000400)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c666d61736b3d30303030303030303030303030303030303030303036362c696f636861727365743d69736f383835392d312c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c696f636861727365743d61736369692c726f6469722c73686f72746e616d653d6d697865642c756e695f786c6174653d302c757466383d302c757466383d302c756e695f786c6174653d312c64656275672c756e695f786c6174653d312c666d61736b3d30303030303030303030303030303030303030303030332c6e6f63617365aec489af6ba9723d4b17106f6d47b9ade1c253d4e3b08066427cae9f41fd1e1dd25a22ec22ad6e8bf6f67e052de91b544f2f4541f87a0c0b36e8d444150b35c110bda57fe7a9c06ba087cc975447082aaf95213301f3e04b70ea67a8aa0d582ca1a9525dba7116d80f126f782a78428b878fc79c0be9ad98cb6950995e6edba78e5301e8c8e69cc85beceb8b54f84a84787815ef9a18f1fe1c81b4c1830102f7e3236e2533e486ecb46ee53991c5bfe6289a474582b2e57741fd8de78f42097851bee74d4201c7767e0e0f4b34523150639b1291441ad01f2f72ed3679d7bca0e8b4e0689f883196af0d0dfe7344f276c1b4bd333882cf7879248ad423e3f21cd0cae2309519f9d40df23cf05d9c8d8f9d07da771ea1e3bcd8478fb989f770da17f700000000000000"], 0x6, 0x2c0, &(0x7f0000000900)="$eJzs3U9rK1UUAPAz+TOJukgWrkRwQBeuHu+9rZsUeQ/ErnxkoS60+FqQJggtFKri2JVbNy78DILgB3HjNxDcCu6sUBiZyaRJ2pg2palof79Fe3vnnLlnboZ2WujJx6+O959nsXfy5a/R7SbRGMQgTpPoRyOmvo4Fg28DAPgvOy2K+KOYWCcviYju5soCADboej//W7PhT3dSFgCwQc/e/+Ddre3tJ+9lWTeejr85Gpa/2ZefJ8e39uLTGMVuPIxenEVUDwrtqJ4WyuHToijyVlbqxxvj/GhYZo4/+rk+/9bv9R8LSv3q4/nTRpX/zvaTR9nEXH5e1vFivf6gXP9x9OLl8+SF/MdL8mOYxpuvz9X/IHrxyyfxWYzieVXELP+rR1n2dvHdn198WJZX5if50bBTxc0UzTt8WQAAAAAAAAAAAAAAAAAAAAAA+J97UPfO6UTVv6ecqvvvNM/KL9qRTfUX+/NM8qetfRb6AxVFkVftcib9dR5mWVbUgbP8VrzSmm8sCAAAAAAAAAAAAAAAAAAAAPfX4fHn+zuj0e7BrQym3QBaEfHXs4ibnmcwN/NarA7u1GvujEaNergY05qfieY0JolYWUZ5Ebe0LVcNXrhUcz344cd1T9i9Oqa9fK3D4+ZNX6/84sz07trfSZbvYSemM9160e/TiFlMGtdcPf2nQ0Wsc/ulSw/11t6N9KVqkK+IiWRVYW/9Ntm5eia5eBVptatL09v1YC79wr1xrfs5upP0y98rEt06AAAAAAAAAAAAAAAAAABgo2b//bvk4MnK1EbR2VhZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCnZu//v8Ygj4h2fYIrgtM4OPyXLxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB74O8AAAD//0aWVl0=") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = open(&(0x7f0000000100)='./file1\x00', 0x147842, 0x180) preadv2(r3, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0) 0s ago: executing program 4 (id=1905): mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f0000000240)='./file0\x00', 0x103) r1 = dup2(r0, r0) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0xb, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='mm_page_alloc\x00', r2}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) mount_setattr(0xffffffffffffff9c, 0x0, 0x8000, 0x0, 0x2000) bpf$PROG_LOAD(0x5, &(0x7f0000001f80)={0x27, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000001cc0)=ANY=[@ANYRES16=r2, @ANYRES16=r3, @ANYBLOB="4980825f231591b1906e34b2b9181636b2db58c40fa93daf8dd763380b9ffb5b24b565cb1603c8096ecd39affbb5635675250e7d0a62e888b0c7e1804abb5143c6192485322977b26d625036ba4a309cfa40d7a35f2616198f27decaf65bfe7d54c814ce79e40c6ec37591f6f0643e887cdcb06d38181e01d9af5d7d2e0a37ed91d58063c144b2781f40e09a5ab3dbd4b9cf6ea0cfc2ead7d7336947cb7ed840361cbfa29b5b041db3309e82584f203732310c7241eb567ea14a21863a232ba387ec9fcf2ec7a807051bcf3d3642f064679e5c9540f438762766916c344f033b7e9aaf0d2456b7ff42f6baf20cf8119aba93", @ANYBLOB="1747195d30e6eaf0ae596d5fe6f556b165bda4b0146891793b6ef5a4cc8a632d7e9da4ce96fa0723ff509b355fd17b55b57cd273337091fd3faf45d9359966c2e8537c67bf2de85a8464059b6499eafe49304d596cc8759debda9ca2b2a48be5da40f6130000a5b3a6e7d99eed0473fe8fa636778ed546266f2511e1e60133b9228e763a2b3b7334c8734ccf3d167b0e61460ee40fdbefc16e0534c3d83d30ab1713b0ec83d56ae7b4a7ae7084d4532572adcd91ba8a6341c17a44db75679e1512b397010c798a17abcc5876cef53324acf91d5e077771205d9f7938a6054f2690375d2fa6b57accbe942fa94b330a046caef3cf922cecc8afa7744b9628e2c9234ddb78fb60ebcddb018f50010414fc69eb7f0d17dd688752e7934e013fc2c5f18a6f7fef8132d0eb2faea2265888f716add552654a12fab55098b0fa5a50a93781266ee387dae372f79dde08d5cf1eb8109976e4a0d2573ee298f1f4996db8a32b6ac6547bac4e66a51b8125fde026568eb754038ab6f9583da14d9a0ebad1bbafaf49d460ad0c", @ANYRESOCT=r2, @ANYRES8], 0x50) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x4000050) sendto$inet6(r4, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c) shutdown(r4, 0x1) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x40, &(0x7f00000004c0), 0x1, 0x57b, &(0x7f0000000640)="$eJzs3T9sG9UfAPDvXeJf/+VHigQSVB0qQCpSVScpLRSmdkUUVeqAxAKR40ZVnDiKHWiiDOleITogQF3KBgMjiIEBsTCysoCYkSoagdR0AKPznzRN7OC0TYziz0e6+L17Z3/f+fx99p3ucgH0rWPZnzTi2Yi4mEQMr2sbjGbjscZyqytLhXsrS4UkarVLvyeRRMTdlaVCa/mk+XgoIpYj4pmI+D4XcSLdHLeysDg1XioV55r1ker07EhlYfHklenxyeJkcealV149c/b0mbFTY+ufdq+2vpbb3rpe/+XGB9d/fP3WjS++PLpc+Gg8iXMx1Gxbvx6PU+M9ycW5DfNP70SwHkp63QEeykAzz7NUejqGY6CZ9e3Uhne1a8AOq+2LqAF9KpH/0KdavwOy/d/WtJu/P26fb+yAZHFXm1OjZbBxbCL21/dNDv6RPLBnku1vHt7NjrInLV+LiNHBwc2f/6T5+Xt4o4+jg+yo7843NtTm7Z+ujT/RZvwZah07fUSt8W910/h3P/5Ah/HvYpcx/nr71087xr8WcaRt/GQtftImfhoR73YZ/+Zb35zt1Fb7LOJ4tI/fkmx9fHjk8pVScbTxt22Mb48ffW2r9T/YIX7jmO3++tdMu/d/tsv1//qHr55b3iL+i89vvf3bvf8HIuLDLuM/effzNzq13b6W3Ml+BWx3+2fzbnUZ/+Vzx37uclEAAAAAAAAAAGAb0vq5bEmaXyunaT7fuIb3qTiYlsqV6onL5fmZicY5b4cjl7bOtBpu1JOsPtY8H7dVP7Whvnbu0MCBej1fKJcmervqAAAAAAAAAAAAAAAAAAAA8J9xaMP1/38O1K//33i7amCv6nzLb2Cvk//Qvx7M/6Rn/QB2n+9/6Fs1+Q/9S/5D/5L/0L/kP/SvDvmf2+1+ALvP9z/0L/kPAAAAAAAAAAAAAAAAAAAAAAAAAAA74uKFC9lUu7eyVMjqE4ML81Pl905OFCtT+en5Qr5QnpvNT5bLk6VivlCe/rfXS8rl2dGYmb86Ui1WqiOVhcV3psvzM617ihb9T3EAAAAAAAAAAAAAAAAAAADYbKg+JWk+ItJ6OU3z+Yj/R8ThyCWXr5SKoxHxRET8NJDbl9XHet1pAAAAAAAAAAAAAAAAAAAA2GMqC4tT46VSca5PCoPbWTgilh9vN7JX3Pazcs1t1abpzSMdmxQUHqXQy1EJAAAAAAAAAAAAAAAAAAD60/2Lfrt9xt872yEAAAAAAAAAAAAAAAAAAADoS+lvSURk0/HhF4Y2tv4vWR2oP0bE+zcvfXx1vFqdG8vm31mbX/2kOf9UL/oPdKuVp608BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO6rLCxOjZdKxbkdLPR6HQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAexj8BAAD//+q51EI=") openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a) fallocate(r4, 0x20, 0x0, 0x7ffe) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0xf0) r7 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGPGRP(r6, 0x8904, &(0x7f0000000140)) sendmsg$AUDIT_SET(r7, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x8804}, 0x44080804) prctl$PR_SET_NAME(0xf, &(0x7f0000000580)='\x00=\xa8\xa89\xb3\x1aC=\xd4\x82}\x80Q\x98\xaa\'\xb2t\xad\x02\x96\x93 ^zT\xa5L\xac\x9e\x1a\xe7VD~\xd4\xd33\x13 \x00\x00\xce=\x06z\x9b\xae\x06\x9b\x06?\xbbX$-kS\xad\xebK\xedM\x84\x18.>\x10:\xa2\xa0\x83d|0K\x1d\xbc&\x80\x887\x83\xa6\xd9S\xe0p\xbf*\x19\x17\x1f\xef%\xd0\x81\x14ia\xec\xa8\x8c\xa3\xd0\xc7c\xed\x1cM\x16\x0e\xd3/\x80\x92\"M>I\x90.\xad* [ 100.008605][ T7859] __dump_stack+0x1d/0x30 [ 100.008622][ T7859] dump_stack_lvl+0xe8/0x140 [ 100.008698][ T7859] dump_stack+0x15/0x1b [ 100.008714][ T7859] should_fail_ex+0x265/0x280 [ 100.008744][ T7859] should_failslab+0x8c/0xb0 [ 100.008765][ T7859] kmem_cache_alloc_noprof+0x50/0x310 [ 100.008806][ T7859] ? security_file_alloc+0x32/0x100 [ 100.008825][ T7859] security_file_alloc+0x32/0x100 [ 100.008848][ T7859] init_file+0x5c/0x1d0 [ 100.008889][ T7859] alloc_empty_file+0x8b/0x200 [ 100.008959][ T7859] path_openat+0x68/0x2170 [ 100.009062][ T7859] ? _parse_integer_limit+0x170/0x190 [ 100.009084][ T7859] ? kstrtoull+0x111/0x140 [ 100.009107][ T7859] ? kstrtouint+0x76/0xc0 [ 100.009131][ T7859] do_filp_open+0x109/0x230 [ 100.009176][ T7859] do_sys_openat2+0xa6/0x110 [ 100.009197][ T7859] __x64_sys_openat+0xf2/0x120 [ 100.009245][ T7859] x64_sys_call+0x2e9c/0x2ff0 [ 100.009274][ T7859] do_syscall_64+0xd2/0x200 [ 100.009293][ T7859] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 100.009318][ T7859] ? clear_bhb_loop+0x40/0x90 [ 100.009348][ T7859] ? clear_bhb_loop+0x40/0x90 [ 100.009369][ T7859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.009389][ T7859] RIP: 0033:0x7fe62f33e9a9 [ 100.009403][ T7859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.009471][ T7859] RSP: 002b:00007fe62d9a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 100.009490][ T7859] RAX: ffffffffffffffda RBX: 00007fe62f565fa0 RCX: 00007fe62f33e9a9 [ 100.009502][ T7859] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 100.009515][ T7859] RBP: 00007fe62d9a7090 R08: 0000000000000000 R09: 0000000000000000 [ 100.009529][ T7859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.009573][ T7859] R13: 0000000000000001 R14: 00007fe62f565fa0 R15: 00007ffed0e39038 [ 100.009590][ T7859] [ 100.303590][ T7872] pim6reg1: entered promiscuous mode [ 100.308917][ T7872] pim6reg1: entered allmulticast mode [ 100.433696][ T7876] lo speed is unknown, defaulting to 1000 [ 100.485440][ T7882] FAULT_INJECTION: forcing a failure. [ 100.485440][ T7882] name failslab, interval 1, probability 0, space 0, times 0 [ 100.498105][ T7882] CPU: 0 UID: 0 PID: 7882 Comm: syz.3.1489 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 100.498206][ T7882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 100.498217][ T7882] Call Trace: [ 100.498223][ T7882] [ 100.498231][ T7882] __dump_stack+0x1d/0x30 [ 100.498251][ T7882] dump_stack_lvl+0xe8/0x140 [ 100.498268][ T7882] dump_stack+0x15/0x1b [ 100.498341][ T7882] should_fail_ex+0x265/0x280 [ 100.498370][ T7882] should_failslab+0x8c/0xb0 [ 100.498391][ T7882] __kmalloc_node_noprof+0xa9/0x410 [ 100.498549][ T7882] ? __vmalloc_node_range_noprof+0x3f9/0xe00 [ 100.498625][ T7882] __vmalloc_node_range_noprof+0x3f9/0xe00 [ 100.498688][ T7882] ? cred_has_capability+0x210/0x280 [ 100.498710][ T7882] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 100.498735][ T7882] __vmalloc_noprof+0x83/0xc0 [ 100.498761][ T7882] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 100.498833][ T7882] bpf_prog_alloc_no_stats+0x47/0x390 [ 100.498860][ T7882] ? bpf_prog_alloc+0x2a/0x150 [ 100.498978][ T7882] bpf_prog_alloc+0x3c/0x150 [ 100.499005][ T7882] bpf_prog_load+0x514/0x1070 [ 100.499041][ T7882] ? security_bpf+0x2b/0x90 [ 100.499061][ T7882] __sys_bpf+0x51d/0x790 [ 100.499157][ T7882] __x64_sys_bpf+0x41/0x50 [ 100.499181][ T7882] x64_sys_call+0x2aea/0x2ff0 [ 100.499202][ T7882] do_syscall_64+0xd2/0x200 [ 100.499225][ T7882] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 100.499379][ T7882] ? clear_bhb_loop+0x40/0x90 [ 100.499397][ T7882] ? clear_bhb_loop+0x40/0x90 [ 100.499414][ T7882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.499466][ T7882] RIP: 0033:0x7fd8e48fe9a9 [ 100.499481][ T7882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.499500][ T7882] RSP: 002b:00007fd8e2f5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 100.499594][ T7882] RAX: ffffffffffffffda RBX: 00007fd8e4b25fa0 RCX: 00007fd8e48fe9a9 [ 100.499605][ T7882] RDX: 0000000000000094 RSI: 0000200000000340 RDI: 0000000000000005 [ 100.499615][ T7882] RBP: 00007fd8e2f5f090 R08: 0000000000000000 R09: 0000000000000000 [ 100.499699][ T7882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.499709][ T7882] R13: 0000000000000001 R14: 00007fd8e4b25fa0 R15: 00007ffd26b264c8 [ 100.499724][ T7882] [ 100.727658][ T7882] syz.3.1489: vmalloc error: size 4096, failed to allocated page array size 8, mode:0x500dc2(GFP_HIGHUSER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0 [ 100.745023][ T7882] CPU: 0 UID: 0 PID: 7882 Comm: syz.3.1489 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 100.745116][ T7882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 100.745125][ T7882] Call Trace: [ 100.745130][ T7882] [ 100.745136][ T7882] __dump_stack+0x1d/0x30 [ 100.745153][ T7882] dump_stack_lvl+0xe8/0x140 [ 100.745174][ T7882] dump_stack+0x15/0x1b [ 100.745223][ T7882] warn_alloc+0x12b/0x1a0 [ 100.745245][ T7882] ? should_failslab+0x8c/0xb0 [ 100.745264][ T7882] __vmalloc_node_range_noprof+0x497/0xe00 [ 100.745291][ T7882] ? cred_has_capability+0x210/0x280 [ 100.745330][ T7882] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 100.745366][ T7882] __vmalloc_noprof+0x83/0xc0 [ 100.745387][ T7882] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 100.745408][ T7882] bpf_prog_alloc_no_stats+0x47/0x390 [ 100.745474][ T7882] ? bpf_prog_alloc+0x2a/0x150 [ 100.745495][ T7882] bpf_prog_alloc+0x3c/0x150 [ 100.745521][ T7882] bpf_prog_load+0x514/0x1070 [ 100.745591][ T7882] ? security_bpf+0x2b/0x90 [ 100.745607][ T7882] __sys_bpf+0x51d/0x790 [ 100.745632][ T7882] __x64_sys_bpf+0x41/0x50 [ 100.745651][ T7882] x64_sys_call+0x2aea/0x2ff0 [ 100.745739][ T7882] do_syscall_64+0xd2/0x200 [ 100.745758][ T7882] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 100.745848][ T7882] ? clear_bhb_loop+0x40/0x90 [ 100.745864][ T7882] ? clear_bhb_loop+0x40/0x90 [ 100.745880][ T7882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.745948][ T7882] RIP: 0033:0x7fd8e48fe9a9 [ 100.745960][ T7882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.745974][ T7882] RSP: 002b:00007fd8e2f5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 100.745989][ T7882] RAX: ffffffffffffffda RBX: 00007fd8e4b25fa0 RCX: 00007fd8e48fe9a9 [ 100.746000][ T7882] RDX: 0000000000000094 RSI: 0000200000000340 RDI: 0000000000000005 [ 100.746061][ T7882] RBP: 00007fd8e2f5f090 R08: 0000000000000000 R09: 0000000000000000 [ 100.746135][ T7882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.746144][ T7882] R13: 0000000000000001 R14: 00007fd8e4b25fa0 R15: 00007ffd26b264c8 [ 100.746158][ T7882] [ 100.746188][ T7882] Mem-Info: [ 100.783398][ T7883] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 100.783463][ T7882] active_anon:3865 inactive_anon:0 isolated_anon:0 [ 100.783463][ T7882] active_file:16197 inactive_file:2432 isolated_file:0 [ 100.783463][ T7882] unevictable:0 dirty:190 writeback:0 [ 100.783463][ T7882] slab_reclaimable:3090 slab_unreclaimable:15555 [ 100.783463][ T7882] mapped:29204 shmem:182 pagetables:1219 [ 100.783463][ T7882] sec_pagetables:0 bounce:0 [ 100.783463][ T7882] kernel_misc_reclaimable:0 [ 100.783463][ T7882] free:1886738 free_pcp:10689 free_cma:0 [ 100.787594][ T7883] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 100.791886][ T7882] Node 0 active_anon:15460kB inactive_anon:0kB active_file:64788kB inactive_file:9728kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:116816kB dirty:760kB writeback:0kB shmem:728kB writeback_tmp:0kB kernel_stack:3536kB pagetables:4876kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 100.791936][ T7882] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 100.859672][ T7886] can: request_module (can-proto-3) failed. [ 100.861064][ T7882] lowmem_reserve[]: [ 100.876927][ T7886] loop4: detected capacity change from 0 to 2048 [ 100.880921][ T7882] 0 2883 7862 7862 [ 100.880986][ T7882] Node 0 [ 100.926275][ T7886] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 100.927896][ T7882] DMA32 free:2949436kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953068kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:100kB free_cma:0kB [ 101.147044][ T7882] lowmem_reserve[]: 0 0 4978 4978 [ 101.152155][ T7882] Node 0 Normal free:4581540kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16504kB inactive_anon:0kB active_file:64788kB inactive_file:20284kB unevictable:0kB writepending:11432kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:27364kB local_pcp:19732kB free_cma:0kB [ 101.162276][ T7890] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, [ 101.184319][ T7882] lowmem_reserve[]: 0 0 0 0 [ 101.184365][ T7882] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB [ 101.192747][ T7890] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 101.197226][ T7882] 1*1024kB [ 101.212943][ T7890] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 101.214303][ T7882] (U) [ 101.217386][ T7890] EXT4-fs (loop4): This should not happen!! Data will be lost [ 101.217386][ T7890] [ 101.229778][ T7882] 1*2048kB (M) 3*4096kB (M) = 15360kB [ 101.229812][ T7882] Node 0 [ 101.232499][ T7890] EXT4-fs (loop4): Total free blocks count 0 [ 101.242108][ T7882] DMA32: 3*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 3*64kB (M) 2*128kB [ 101.247517][ T7890] EXT4-fs (loop4): Free/Dirty block details [ 101.250446][ T7882] (M) 3*256kB (M) 4*512kB (M) 3*1024kB [ 101.256431][ T7890] EXT4-fs (loop4): free_blocks=2415919104 [ 101.256446][ T7890] EXT4-fs (loop4): dirty_blocks=5376 [ 101.264690][ T7882] (M) [ 101.270540][ T7890] EXT4-fs (loop4): Block reservation details [ 101.276092][ T7882] 3*2048kB [ 101.281758][ T7890] EXT4-fs (loop4): i_reserved_data_blocks=336 [ 101.287015][ T7882] (M) 717*4096kB (M) = 2949436kB [ 101.310254][ T7882] Node 0 Normal: 1192*4kB (UM) 1372*8kB (UME) 979*16kB (UME) 419*32kB (UM) 413*64kB (UM) 270*128kB (UME) 185*256kB (UME) 139*512kB (UME) 101*1024kB (UME) 31*2048kB (UME) 1023*4096kB (UME) = 4581456kB [ 101.330032][ T7882] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 101.339317][ T7882] 20382 total pagecache pages [ 101.344027][ T7882] 0 pages in swap cache [ 101.348171][ T7882] Free swap = 124996kB [ 101.352350][ T7882] Total swap = 124996kB [ 101.356535][ T7882] 2097051 pages RAM [ 101.360353][ T7882] 0 pages HighMem/MovableOnly [ 101.365023][ T7882] 80384 pages reserved [ 101.418360][ T7897] loop3: detected capacity change from 0 to 128 [ 101.432619][ T29] kauditd_printk_skb: 443 callbacks suppressed [ 101.432633][ T29] audit: type=1400 audit(1753850056.261:7935): avc: denied { mounton } for pid=7896 comm="syz.3.1493" path="/332/file2/bus" dev="loop3" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1 [ 101.462623][ T144] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 101.496544][ T3311] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 101.504505][ T3311] FAT-fs (loop3): Filesystem has been set read-only [ 101.549511][ T7907] loop4: detected capacity change from 0 to 2048 [ 101.560868][ T7907] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.629272][ T7912] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.648261][ T7914] netlink: 'syz.0.1496': attribute type 39 has an invalid length. [ 101.671025][ T7912] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.699313][ T7914] loop0: detected capacity change from 0 to 8192 [ 101.716604][ T7914] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1) [ 101.724661][ T7914] FAT-fs (loop0): Filesystem has been set read-only [ 101.732159][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.739988][ T7915] lo speed is unknown, defaulting to 1000 [ 101.752024][ T7917] serio: Serial port ptm0 [ 101.761751][ T7920] blktrace: Concurrent blktraces are not allowed on loop4 [ 101.769098][ T29] audit: type=1326 audit(1753850056.591:7936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.2.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178730e9a9 code=0x7ffc0000 [ 101.769820][ T7912] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.792655][ T29] audit: type=1326 audit(1753850056.591:7937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.2.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f178730e9a9 code=0x7ffc0000 [ 101.826077][ T29] audit: type=1326 audit(1753850056.591:7938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.2.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178730e9a9 code=0x7ffc0000 [ 101.849640][ T29] audit: type=1326 audit(1753850056.591:7939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.2.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f178730e9a9 code=0x7ffc0000 [ 101.873173][ T29] audit: type=1326 audit(1753850056.591:7940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.2.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178730e9a9 code=0x7ffc0000 [ 101.896724][ T29] audit: type=1326 audit(1753850056.591:7941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.2.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f178730e9a9 code=0x7ffc0000 [ 101.920256][ T29] audit: type=1326 audit(1753850056.591:7942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.2.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178730e9a9 code=0x7ffc0000 [ 101.943866][ T29] audit: type=1326 audit(1753850056.591:7943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.2.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f178730e9a9 code=0x7ffc0000 [ 101.954087][ T7925] serio: Serial port ptm1 [ 101.967320][ T29] audit: type=1326 audit(1753850056.591:7944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7919 comm="syz.2.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178730e9a9 code=0x7ffc0000 [ 102.061465][ T7912] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.135245][ T7941] loop2: detected capacity change from 0 to 2048 [ 102.136814][ T7912] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.152604][ T7912] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.161005][ T7941] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.169987][ T7912] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.216760][ T7945] loop1: detected capacity change from 0 to 2048 [ 102.268602][ T7945] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.297571][ T7912] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.371421][ T7956] serio: Serial port ptm0 [ 102.456439][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.486399][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.547492][ T7971] pim6reg1: entered promiscuous mode [ 102.552935][ T7971] pim6reg1: entered allmulticast mode [ 102.635106][ T7980] blktrace: Concurrent blktraces are not allowed on loop2 [ 102.670871][ T7983] loop1: detected capacity change from 0 to 512 [ 102.678207][ T7951] loop4: detected capacity change from 0 to 1024 [ 102.685098][ T7983] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 102.701365][ T7951] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.713793][ T7951] ext4 filesystem being mounted at /235/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.725960][ T7989] loop0: detected capacity change from 0 to 1024 [ 102.731381][ T7983] EXT4-fs (loop1): 1 truncate cleaned up [ 102.738711][ T7983] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.751393][ T7983] FAULT_INJECTION: forcing a failure. [ 102.751393][ T7983] name failslab, interval 1, probability 0, space 0, times 0 [ 102.764124][ T7983] CPU: 1 UID: 0 PID: 7983 Comm: syz.1.1525 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 102.764148][ T7983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 102.764159][ T7983] Call Trace: [ 102.764164][ T7983] [ 102.764171][ T7983] __dump_stack+0x1d/0x30 [ 102.764189][ T7983] dump_stack_lvl+0xe8/0x140 [ 102.764205][ T7983] dump_stack+0x15/0x1b [ 102.764278][ T7983] should_fail_ex+0x265/0x280 [ 102.764300][ T7983] should_failslab+0x8c/0xb0 [ 102.764318][ T7983] kmem_cache_alloc_noprof+0x50/0x310 [ 102.764340][ T7983] ? getname_flags+0x80/0x3b0 [ 102.764362][ T7983] getname_flags+0x80/0x3b0 [ 102.764451][ T7983] __x64_sys_rename+0x40/0x70 [ 102.764470][ T7983] x64_sys_call+0x1f9/0x2ff0 [ 102.764489][ T7983] do_syscall_64+0xd2/0x200 [ 102.764515][ T7983] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 102.764599][ T7983] ? clear_bhb_loop+0x40/0x90 [ 102.764641][ T7983] ? clear_bhb_loop+0x40/0x90 [ 102.764658][ T7983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.764675][ T7983] RIP: 0033:0x7f1ade52e9a9 [ 102.764688][ T7983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.764705][ T7983] RSP: 002b:00007f1adcb97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 102.764725][ T7983] RAX: ffffffffffffffda RBX: 00007f1ade755fa0 RCX: 00007f1ade52e9a9 [ 102.764748][ T7983] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000080 [ 102.764761][ T7983] RBP: 00007f1adcb97090 R08: 0000000000000000 R09: 0000000000000000 [ 102.764772][ T7983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 102.764782][ T7983] R13: 0000000000000000 R14: 00007f1ade755fa0 R15: 00007ffe8c577908 [ 102.764800][ T7983] [ 102.965271][ T7992] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1528'. [ 102.981034][ T7989] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.009851][ T7989] netlink: 'syz.0.1526': attribute type 1 has an invalid length. [ 103.023193][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.033849][ T7989] 8021q: adding VLAN 0 to HW filter on device bond5 [ 103.052473][ T7998] loop2: detected capacity change from 0 to 2048 [ 103.073420][ T7989] 8021q: adding VLAN 0 to HW filter on device batadv5 [ 103.076007][ T8001] loop1: detected capacity change from 0 to 1024 [ 103.086607][ T7989] bond5: (slave batadv5): making interface the new active one [ 103.095658][ T7989] bond5: (slave batadv5): Enslaving as an active interface with an up link [ 103.117318][ T7998] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.135427][ T8001] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.149028][ T8001] ext4 filesystem being mounted at /319/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.152889][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.176819][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.209256][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.232407][ T8013] FAULT_INJECTION: forcing a failure. [ 103.232407][ T8013] name failslab, interval 1, probability 0, space 0, times 0 [ 103.245185][ T8013] CPU: 1 UID: 0 PID: 8013 Comm: syz.0.1533 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 103.245213][ T8013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 103.245225][ T8013] Call Trace: [ 103.245232][ T8013] [ 103.245239][ T8013] __dump_stack+0x1d/0x30 [ 103.245256][ T8013] dump_stack_lvl+0xe8/0x140 [ 103.245272][ T8013] dump_stack+0x15/0x1b [ 103.245340][ T8013] should_fail_ex+0x265/0x280 [ 103.245365][ T8013] should_failslab+0x8c/0xb0 [ 103.245508][ T8013] __kmalloc_noprof+0xa5/0x3e0 [ 103.245530][ T8013] ? sel_write_validatetrans+0x1c7/0x370 [ 103.245568][ T8013] ? _copy_from_user+0x89/0xb0 [ 103.245623][ T8013] sel_write_validatetrans+0x1c7/0x370 [ 103.245649][ T8013] ? __pfx_sel_write_validatetrans+0x10/0x10 [ 103.245728][ T8013] vfs_write+0x266/0x8e0 [ 103.245756][ T8013] ? __rcu_read_unlock+0x4f/0x70 [ 103.245774][ T8013] ? __fget_files+0x184/0x1c0 [ 103.245791][ T8013] ksys_write+0xda/0x1a0 [ 103.245872][ T8013] __x64_sys_write+0x40/0x50 [ 103.245958][ T8013] x64_sys_call+0x27fe/0x2ff0 [ 103.246055][ T8013] do_syscall_64+0xd2/0x200 [ 103.246075][ T8013] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 103.246098][ T8013] ? clear_bhb_loop+0x40/0x90 [ 103.246119][ T8013] ? clear_bhb_loop+0x40/0x90 [ 103.246178][ T8013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.246196][ T8013] RIP: 0033:0x7fe62f33e9a9 [ 103.246208][ T8013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.246223][ T8013] RSP: 002b:00007fe62d9a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 103.246302][ T8013] RAX: ffffffffffffffda RBX: 00007fe62f565fa0 RCX: 00007fe62f33e9a9 [ 103.246314][ T8013] RDX: 000000000000006a RSI: 00002000000003c0 RDI: 0000000000000007 [ 103.246328][ T8013] RBP: 00007fe62d9a7090 R08: 0000000000000000 R09: 0000000000000000 [ 103.246339][ T8013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.246352][ T8013] R13: 0000000000000000 R14: 00007fe62f565fa0 R15: 00007ffed0e39038 [ 103.246370][ T8013] [ 103.460146][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.460743][ T8010] serio: Serial port ptm0 [ 103.493104][ T8019] tipc: Started in network mode [ 103.497994][ T8019] tipc: Node identity 86a7b4d8af4c, cluster identity 4711 [ 103.505229][ T8019] tipc: Enabled bearer , priority 0 [ 103.515011][ T8019] syzkaller0: entered promiscuous mode [ 103.520604][ T8019] syzkaller0: entered allmulticast mode [ 103.555437][ T8025] loop0: detected capacity change from 0 to 1024 [ 103.582530][ T8025] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.596698][ T8025] ext4 filesystem being mounted at /319/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.619485][ T8018] tipc: Resetting bearer [ 103.639752][ T8036] loop2: detected capacity change from 0 to 2048 [ 103.648861][ T8018] tipc: Disabling bearer [ 103.659609][ T8034] can: request_module (can-proto-3) failed. [ 103.672553][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.681713][ T8034] loop3: detected capacity change from 0 to 2048 [ 103.690952][ T8034] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 103.704008][ T8036] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.736757][ T8045] netlink: 'syz.0.1543': attribute type 17 has an invalid length. [ 103.747555][ T8045] dummy0: entered promiscuous mode [ 103.754253][ T8045] macsec1: entered promiscuous mode [ 103.759856][ T8049] loop1: detected capacity change from 0 to 512 [ 103.759875][ T8045] macsec1: entered allmulticast mode [ 103.771557][ T8045] dummy0: entered allmulticast mode [ 103.776955][ T8047] loop4: detected capacity change from 0 to 2048 [ 103.782231][ T8045] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1543'. [ 103.792228][ T8045] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1543'. [ 103.801583][ T8045] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1543'. [ 103.809825][ T8036] EXT4-fs error (device loop2): ext4_find_dest_de:2052: inode #2: block 16: comm syz.2.1542: bad entry in directory: inode out of bounds - offset=92, inode=32784, rec_len=16, size=2048 fake=0 [ 103.833549][ T8049] EXT4-fs error (device loop1): ext4_iget_extra_inode:5030: inode #12: comm syz.1.1546: corrupted in-inode xattr: invalid ea_ino [ 103.841100][ T8036] EXT4-fs error (device loop2): ext4_find_dest_de:2052: inode #2: block 16: comm syz.2.1542: bad entry in directory: inode out of bounds - offset=92, inode=32784, rec_len=16, size=2048 fake=0 [ 103.855000][ T8049] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.1546: couldn't read orphan inode 12 (err -117) [ 103.881889][ T8050] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 103.886815][ T8036] EXT4-fs error (device loop2): ext4_find_dest_de:2052: inode #2: block 16: comm syz.2.1542: bad entry in directory: inode out of bounds - offset=92, inode=32784, rec_len=16, size=2048 fake=0 [ 103.903848][ T8050] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 716 with error 28 [ 103.927097][ T8047] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.928524][ T8050] EXT4-fs (loop3): This should not happen!! Data will be lost [ 103.928524][ T8050] [ 103.941200][ T8049] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.950214][ T8050] EXT4-fs (loop3): Total free blocks count 0 [ 103.950228][ T8050] EXT4-fs (loop3): Free/Dirty block details [ 103.950239][ T8050] EXT4-fs (loop3): free_blocks=2415919104 [ 103.950250][ T8050] EXT4-fs (loop3): dirty_blocks=720 [ 103.963867][ T8054] lo speed is unknown, defaulting to 1000 [ 103.968450][ T8050] EXT4-fs (loop3): Block reservation details [ 103.997154][ T8050] EXT4-fs (loop3): i_reserved_data_blocks=45 [ 104.066755][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.082057][ T144] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 104.124858][ T8065] loop3: detected capacity change from 0 to 1024 [ 104.134636][ T8063] process 'syz.1.1548' launched './file1' with NULL argv: empty string added [ 104.147563][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.158843][ T8065] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.174217][ T8065] ext4 filesystem being mounted at /341/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 104.200079][ T8063] vhci_hcd: invalid port number 65 [ 104.217023][ T8075] loop0: detected capacity change from 0 to 1024 [ 104.235249][ T8073] loop2: detected capacity change from 0 to 2048 [ 104.254702][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.260375][ T8075] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.286187][ T8081] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.297328][ T8075] ext4 filesystem being mounted at /324/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 104.335691][ T8081] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.355608][ T8073] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 104.361789][ T8086] can: request_module (can-proto-3) failed. [ 104.393547][ T8086] loop0: detected capacity change from 0 to 2048 [ 104.400770][ T8073] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1266 with error 28 [ 104.413274][ T8073] EXT4-fs (loop2): This should not happen!! Data will be lost [ 104.413274][ T8073] [ 104.423027][ T8073] EXT4-fs (loop2): Total free blocks count 0 [ 104.429001][ T8073] EXT4-fs (loop2): Free/Dirty block details [ 104.431791][ T8088] lo speed is unknown, defaulting to 1000 [ 104.434934][ T8073] EXT4-fs (loop2): free_blocks=2415919104 [ 104.446400][ T8073] EXT4-fs (loop2): dirty_blocks=1280 [ 104.451698][ T8073] EXT4-fs (loop2): Block reservation details [ 104.457754][ T8073] EXT4-fs (loop2): i_reserved_data_blocks=80 [ 104.502182][ T8081] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.554075][ T8098] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1559'. [ 104.570068][ T8098] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1559'. [ 104.591872][ T8081] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.706843][ T8081] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.708157][ T8099] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 104.738195][ T8099] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 104.750738][ T8099] EXT4-fs (loop0): This should not happen!! Data will be lost [ 104.750738][ T8099] [ 104.760436][ T8099] EXT4-fs (loop0): Total free blocks count 0 [ 104.760654][ T8081] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.766399][ T8099] EXT4-fs (loop0): Free/Dirty block details [ 104.766414][ T8099] EXT4-fs (loop0): free_blocks=2415919104 [ 104.766428][ T8099] EXT4-fs (loop0): dirty_blocks=3008 [ 104.791523][ T8099] EXT4-fs (loop0): Block reservation details [ 104.797509][ T8099] EXT4-fs (loop0): i_reserved_data_blocks=188 [ 104.825222][ T8081] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.842376][ T8114] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1566'. [ 104.864951][ T8081] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.898318][ T8120] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1568'. [ 104.910612][ T12] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 104.923241][ T12] EXT4-fs (loop0): This should not happen!! Data will be lost [ 104.923241][ T12] [ 104.977960][ T8129] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1572'. [ 105.029997][ T8131] RDS: rds_bind could not find a transport for ::9d:0:0:0:1, load rds_tcp or rds_rdma? [ 105.112922][ T8147] loop4: detected capacity change from 0 to 1024 [ 105.119699][ T8147] EXT4-fs: Ignoring removed nobh option [ 105.125262][ T8147] EXT4-fs: Ignoring removed bh option [ 105.154534][ T8151] tipc: Started in network mode [ 105.159533][ T8151] tipc: Node identity fec12b0a0904, cluster identity 4711 [ 105.167181][ T8151] tipc: Enabled bearer , priority 0 [ 105.176514][ T8151] tipc: Disabling bearer [ 105.268154][ T8153] C: renamed from team_slave_0 (while UP) [ 105.275525][ T8153] netlink: 'syz.3.1581': attribute type 3 has an invalid length. [ 105.283290][ T8153] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1581'. [ 105.293301][ T8153] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 105.336999][ T8155] tipc: Enabled bearer , priority 0 [ 105.344308][ T8155] FAULT_INJECTION: forcing a failure. [ 105.344308][ T8155] name failslab, interval 1, probability 0, space 0, times 0 [ 105.357134][ T8155] CPU: 1 UID: 0 PID: 8155 Comm: syz.3.1582 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 105.357160][ T8155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 105.357197][ T8155] Call Trace: [ 105.357203][ T8155] [ 105.357210][ T8155] __dump_stack+0x1d/0x30 [ 105.357230][ T8155] dump_stack_lvl+0xe8/0x140 [ 105.357294][ T8155] dump_stack+0x15/0x1b [ 105.357307][ T8155] should_fail_ex+0x265/0x280 [ 105.357327][ T8155] ? netdevice_event+0x2ae/0x610 [ 105.357399][ T8155] should_failslab+0x8c/0xb0 [ 105.357416][ T8155] __kmalloc_cache_noprof+0x4c/0x320 [ 105.357459][ T8155] ? __pfx_netdevice_event+0x10/0x10 [ 105.357512][ T8155] netdevice_event+0x2ae/0x610 [ 105.357533][ T8155] ? __pfx_del_netdev_ips+0x10/0x10 [ 105.357614][ T8155] ? __pfx_pass_all_filter+0x10/0x10 [ 105.357633][ T8155] ? __pfx_netdevice_event+0x10/0x10 [ 105.357654][ T8155] raw_notifier_call_chain+0x6c/0x1b0 [ 105.357762][ T8155] ? call_netdevice_notifiers_info+0x9c/0x100 [ 105.357816][ T8155] call_netdevice_notifiers_info+0xae/0x100 [ 105.357841][ T8155] unregister_netdevice_many_notify+0xd9d/0x1690 [ 105.357869][ T8155] unregister_netdevice_queue+0x1f5/0x220 [ 105.357931][ T8155] __tun_detach+0x7db/0xad0 [ 105.357948][ T8155] ? __pfx_tun_chr_close+0x10/0x10 [ 105.357972][ T8155] tun_chr_close+0x5a/0x100 [ 105.358036][ T8155] __fput+0x29b/0x650 [ 105.358057][ T8155] fput_close_sync+0x6e/0x120 [ 105.358117][ T8155] __x64_sys_close+0x56/0xf0 [ 105.358146][ T8155] x64_sys_call+0x2738/0x2ff0 [ 105.358164][ T8155] do_syscall_64+0xd2/0x200 [ 105.358187][ T8155] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 105.358215][ T8155] ? clear_bhb_loop+0x40/0x90 [ 105.358298][ T8155] ? clear_bhb_loop+0x40/0x90 [ 105.358316][ T8155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.358337][ T8155] RIP: 0033:0x7fd8e48fe9a9 [ 105.358353][ T8155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.358432][ T8155] RSP: 002b:00007fd8e2f5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 105.358448][ T8155] RAX: ffffffffffffffda RBX: 00007fd8e4b25fa0 RCX: 00007fd8e48fe9a9 [ 105.358459][ T8155] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 105.358472][ T8155] RBP: 00007fd8e2f5f090 R08: 0000000000000000 R09: 0000000000000000 [ 105.358485][ T8155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.358497][ T8155] R13: 0000000000000000 R14: 00007fd8e4b25fa0 R15: 00007ffd26b264c8 [ 105.358515][ T8155] [ 105.359260][ T8155] tipc: Disabling bearer [ 105.716409][ T8163] loop3: detected capacity change from 0 to 1024 [ 105.735228][ T8165] xt_TCPMSS: Only works on TCP SYN packets [ 105.751167][ T8163] ext4 filesystem being mounted at /346/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.808615][ T8173] pim6reg1: entered promiscuous mode [ 105.814095][ T8173] pim6reg1: entered allmulticast mode [ 105.869719][ T8175] loop3: detected capacity change from 0 to 1024 [ 105.901047][ T8179] loop1: detected capacity change from 0 to 1024 [ 105.922842][ T8175] netlink: 'syz.3.1591': attribute type 1 has an invalid length. [ 105.936580][ T8181] blktrace: Concurrent blktraces are not allowed on loop0 [ 105.938007][ T8175] 8021q: adding VLAN 0 to HW filter on device bond11 [ 105.961258][ T8175] 8021q: adding VLAN 0 to HW filter on device batadv11 [ 105.964039][ T8179] netlink: 'syz.1.1592': attribute type 1 has an invalid length. [ 105.970170][ T8175] bond11: (slave batadv11): making interface the new active one [ 105.987166][ T8175] bond11: (slave batadv11): Enslaving as an active interface with an up link [ 106.011666][ T8179] 8021q: adding VLAN 0 to HW filter on device bond8 [ 106.036618][ T8179] 8021q: adding VLAN 0 to HW filter on device batadv8 [ 106.045249][ T8179] bond8: (slave batadv8): making interface the new active one [ 106.054818][ T8179] bond8: (slave batadv8): Enslaving as an active interface with an up link [ 106.102140][ T8193] blktrace: Concurrent blktraces are not allowed on loop8 [ 106.124674][ T8196] serio: Serial port ptm0 [ 106.135845][ T8198] loop3: detected capacity change from 0 to 1024 [ 106.163871][ T8204] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.175166][ T8198] ext4 filesystem being mounted at /350/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.232308][ T8204] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.243322][ T8212] lo speed is unknown, defaulting to 1000 [ 106.293908][ T8204] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.358058][ T8230] blktrace: Concurrent blktraces are not allowed on loop0 [ 106.368346][ T8204] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.383319][ T8234] FAULT_INJECTION: forcing a failure. [ 106.383319][ T8234] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 106.396490][ T8234] CPU: 1 UID: 0 PID: 8234 Comm: syz.1.1612 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 106.396518][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.396530][ T8234] Call Trace: [ 106.396536][ T8234] [ 106.396619][ T8234] __dump_stack+0x1d/0x30 [ 106.396636][ T8234] dump_stack_lvl+0xe8/0x140 [ 106.396652][ T8234] dump_stack+0x15/0x1b [ 106.396665][ T8234] should_fail_ex+0x265/0x280 [ 106.396689][ T8234] should_fail+0xb/0x20 [ 106.396720][ T8234] should_fail_usercopy+0x1a/0x20 [ 106.396746][ T8234] _copy_from_user+0x1c/0xb0 [ 106.396847][ T8234] ___sys_sendmsg+0xc1/0x1d0 [ 106.396879][ T8234] __x64_sys_sendmsg+0xd4/0x160 [ 106.396958][ T8234] x64_sys_call+0x191e/0x2ff0 [ 106.396976][ T8234] do_syscall_64+0xd2/0x200 [ 106.397001][ T8234] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 106.397078][ T8234] ? clear_bhb_loop+0x40/0x90 [ 106.397099][ T8234] ? clear_bhb_loop+0x40/0x90 [ 106.397120][ T8234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.397207][ T8234] RIP: 0033:0x7f1ade52e9a9 [ 106.397221][ T8234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.397238][ T8234] RSP: 002b:00007f1adcb97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 106.397257][ T8234] RAX: ffffffffffffffda RBX: 00007f1ade755fa0 RCX: 00007f1ade52e9a9 [ 106.397270][ T8234] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 106.397345][ T8234] RBP: 00007f1adcb97090 R08: 0000000000000000 R09: 0000000000000000 [ 106.397356][ T8234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.397367][ T8234] R13: 0000000000000000 R14: 00007f1ade755fa0 R15: 00007ffe8c577908 [ 106.397385][ T8234] [ 106.414528][ T8238] program syz.0.1614 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 106.454020][ T8241] loop1: detected capacity change from 0 to 1024 [ 106.595861][ T8204] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.612044][ T8204] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.625897][ T8241] ext4 filesystem being mounted at /335/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.626855][ T8204] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.648134][ T8204] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.694732][ T29] kauditd_printk_skb: 467 callbacks suppressed [ 106.694836][ T29] audit: type=1400 audit(1753850061.521:8412): avc: denied { mount } for pid=8250 comm="syz.0.1620" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 106.723487][ T29] audit: type=1400 audit(1753850061.521:8413): avc: denied { mounton } for pid=8250 comm="syz.0.1620" path="/345/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 106.754420][ T8253] loop0: detected capacity change from 0 to 512 [ 106.775301][ T29] audit: type=1326 audit(1753850061.591:8414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8256 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ade52e9a9 code=0x7ffc0000 [ 106.799219][ T29] audit: type=1326 audit(1753850061.591:8415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8256 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ade52e9a9 code=0x7ffc0000 [ 106.822765][ T29] audit: type=1326 audit(1753850061.591:8416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8256 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7f1ade52e9a9 code=0x7ffc0000 [ 106.846138][ T29] audit: type=1326 audit(1753850061.591:8417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8256 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ade52e9a9 code=0x7ffc0000 [ 106.869669][ T29] audit: type=1326 audit(1753850061.591:8418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8256 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1ade52e9a9 code=0x7ffc0000 [ 106.893027][ T29] audit: type=1326 audit(1753850061.591:8419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8256 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ade52e9a9 code=0x7ffc0000 [ 106.916431][ T29] audit: type=1326 audit(1753850061.591:8420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8256 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1ade52e9a9 code=0x7ffc0000 [ 106.939766][ T29] audit: type=1326 audit(1753850061.591:8421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8256 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ade52e9a9 code=0x7ffc0000 [ 106.999158][ T8272] blktrace: Concurrent blktraces are not allowed on loop4 [ 107.018339][ T8276] blktrace: Concurrent blktraces are not allowed on loop0 [ 107.077761][ T8285] loop1: detected capacity change from 0 to 1024 [ 107.082251][ T8289] loop2: detected capacity change from 0 to 1024 [ 107.114370][ T8285] netlink: 'syz.1.1629': attribute type 1 has an invalid length. [ 107.136842][ T8285] 8021q: adding VLAN 0 to HW filter on device bond9 [ 107.154620][ T8285] 8021q: adding VLAN 0 to HW filter on device batadv9 [ 107.163811][ T8285] bond9: (slave batadv9): making interface the new active one [ 107.172862][ T8285] bond9: (slave batadv9): Enslaving as an active interface with an up link [ 107.196351][ T8303] serio: Serial port ptm0 [ 107.205611][ T8289] netlink: 'syz.2.1630': attribute type 1 has an invalid length. [ 107.227897][ T8289] 8021q: adding VLAN 0 to HW filter on device bond9 [ 107.257901][ T8289] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.268226][ T8289] bond9: (slave batadv0): making interface the new active one [ 107.282497][ T8289] bond9: (slave batadv0): Enslaving as an active interface with an up link [ 107.304790][ T8316] blktrace: Concurrent blktraces are not allowed on loop6 [ 107.343810][ T8322] FAULT_INJECTION: forcing a failure. [ 107.343810][ T8322] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 107.357053][ T8322] CPU: 1 UID: 0 PID: 8322 Comm: syz.3.1643 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 107.357108][ T8322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 107.357119][ T8322] Call Trace: [ 107.357123][ T8322] [ 107.357130][ T8322] __dump_stack+0x1d/0x30 [ 107.357149][ T8322] dump_stack_lvl+0xe8/0x140 [ 107.357166][ T8322] dump_stack+0x15/0x1b [ 107.357181][ T8322] should_fail_ex+0x265/0x280 [ 107.357200][ T8322] should_fail+0xb/0x20 [ 107.357216][ T8322] should_fail_usercopy+0x1a/0x20 [ 107.357265][ T8322] _copy_from_user+0x1c/0xb0 [ 107.357289][ T8322] ___sys_sendmsg+0xc1/0x1d0 [ 107.357319][ T8322] __x64_sys_sendmsg+0xd4/0x160 [ 107.357386][ T8322] x64_sys_call+0x191e/0x2ff0 [ 107.357402][ T8322] do_syscall_64+0xd2/0x200 [ 107.357421][ T8322] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 107.357460][ T8322] ? clear_bhb_loop+0x40/0x90 [ 107.357476][ T8322] ? clear_bhb_loop+0x40/0x90 [ 107.357492][ T8322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.357508][ T8322] RIP: 0033:0x7fd8e48fe9a9 [ 107.357521][ T8322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.357576][ T8322] RSP: 002b:00007fd8e2f5f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 107.357592][ T8322] RAX: ffffffffffffffda RBX: 00007fd8e4b25fa0 RCX: 00007fd8e48fe9a9 [ 107.357649][ T8322] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 107.357659][ T8322] RBP: 00007fd8e2f5f090 R08: 0000000000000000 R09: 0000000000000000 [ 107.357669][ T8322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.357678][ T8322] R13: 0000000000000000 R14: 00007fd8e4b25fa0 R15: 00007ffd26b264c8 [ 107.357693][ T8322] [ 107.535888][ T9] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 107.544126][ T9] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 107.608557][ T8337] loop4: detected capacity change from 0 to 1024 [ 107.644773][ T8337] netlink: 'syz.4.1648': attribute type 1 has an invalid length. [ 107.660582][ T8337] 8021q: adding VLAN 0 to HW filter on device bond3 [ 107.680114][ T8337] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 107.694192][ T8337] bond3: (slave batadv3): making interface the new active one [ 107.704233][ T8337] bond3: (slave batadv3): Enslaving as an active interface with an up link [ 107.748895][ T8353] can: request_module (can-proto-3) failed. [ 107.779891][ T8353] loop4: detected capacity change from 0 to 2048 [ 107.791374][ T8359] can: request_module (can-proto-3) failed. [ 107.804696][ T8359] loop2: detected capacity change from 0 to 2048 [ 107.911589][ T8366] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 107.934200][ T8366] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 107.946753][ T8366] EXT4-fs (loop4): This should not happen!! Data will be lost [ 107.946753][ T8366] [ 107.956448][ T8366] EXT4-fs (loop4): Total free blocks count 0 [ 107.962543][ T8366] EXT4-fs (loop4): Free/Dirty block details [ 107.962714][ T8367] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, [ 107.968504][ T8366] EXT4-fs (loop4): free_blocks=2415919104 [ 107.968519][ T8366] EXT4-fs (loop4): dirty_blocks=2224 [ 107.976793][ T8367] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 107.982463][ T8366] EXT4-fs (loop4): Block reservation details [ 107.996359][ T8367] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 107.996496][ T8366] EXT4-fs (loop4): i_reserved_data_blocks=139 [ 108.002510][ T8367] EXT4-fs (loop2): This should not happen!! Data will be lost [ 108.002510][ T8367] [ 108.030807][ T8367] EXT4-fs (loop2): Total free blocks count 0 [ 108.036833][ T8367] EXT4-fs (loop2): Free/Dirty block details [ 108.042747][ T8367] EXT4-fs (loop2): free_blocks=2415919104 [ 108.048632][ T8367] EXT4-fs (loop2): dirty_blocks=2400 [ 108.053958][ T8367] EXT4-fs (loop2): Block reservation details [ 108.060037][ T8367] EXT4-fs (loop2): i_reserved_data_blocks=150 [ 108.164746][ T31] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 108.177146][ T31] EXT4-fs (loop4): This should not happen!! Data will be lost [ 108.177146][ T31] [ 108.213599][ T8381] FAULT_INJECTION: forcing a failure. [ 108.213599][ T8381] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 108.226729][ T8381] CPU: 0 UID: 0 PID: 8381 Comm: syz.0.1662 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 108.226757][ T8381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.226769][ T8381] Call Trace: [ 108.226776][ T8381] [ 108.226783][ T8381] __dump_stack+0x1d/0x30 [ 108.226804][ T8381] dump_stack_lvl+0xe8/0x140 [ 108.226823][ T8381] dump_stack+0x15/0x1b [ 108.226904][ T8381] should_fail_ex+0x265/0x280 [ 108.226928][ T8381] should_fail+0xb/0x20 [ 108.226948][ T8381] should_fail_usercopy+0x1a/0x20 [ 108.227036][ T8381] _copy_to_user+0x20/0xa0 [ 108.227066][ T8381] simple_read_from_buffer+0xb5/0x130 [ 108.227094][ T8381] proc_fail_nth_read+0x100/0x140 [ 108.227175][ T8381] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 108.227195][ T8381] vfs_read+0x19d/0x6f0 [ 108.227222][ T8381] ? __rcu_read_unlock+0x4f/0x70 [ 108.227317][ T8381] ? __fget_files+0x184/0x1c0 [ 108.227336][ T8381] ksys_read+0xda/0x1a0 [ 108.227362][ T8381] __x64_sys_read+0x40/0x50 [ 108.227387][ T8381] x64_sys_call+0x27bc/0x2ff0 [ 108.227447][ T8381] do_syscall_64+0xd2/0x200 [ 108.227470][ T8381] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 108.227493][ T8381] ? clear_bhb_loop+0x40/0x90 [ 108.227513][ T8381] ? clear_bhb_loop+0x40/0x90 [ 108.227533][ T8381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.227661][ T8381] RIP: 0033:0x7fe62f33d3bc [ 108.227678][ T8381] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 108.227696][ T8381] RSP: 002b:00007fe62d9a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 108.227715][ T8381] RAX: ffffffffffffffda RBX: 00007fe62f565fa0 RCX: 00007fe62f33d3bc [ 108.227726][ T8381] RDX: 000000000000000f RSI: 00007fe62d9a70a0 RDI: 0000000000000004 [ 108.227739][ T8381] RBP: 00007fe62d9a7090 R08: 0000000000000000 R09: 0000000000000000 [ 108.227786][ T8381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.227799][ T8381] R13: 0000000000000000 R14: 00007fe62f565fa0 R15: 00007ffed0e39038 [ 108.227817][ T8381] [ 108.238532][ T8383] C: renamed from team_slave_0 (while UP) [ 108.350396][ T8389] loop1: detected capacity change from 0 to 1024 [ 108.447458][ T31] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 108.448256][ T8383] netlink: 'syz.4.1661': attribute type 3 has an invalid length. [ 108.459779][ T31] EXT4-fs (loop2): This should not happen!! Data will be lost [ 108.459779][ T31] [ 108.477292][ T8383] __nla_validate_parse: 10 callbacks suppressed [ 108.477305][ T8383] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1661'. [ 108.487870][ T8389] netlink: 'syz.1.1665': attribute type 1 has an invalid length. [ 108.494761][ T8383] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 108.523989][ T8389] 8021q: adding VLAN 0 to HW filter on device bond10 [ 108.546792][ T8397] 8021q: adding VLAN 0 to HW filter on device batadv10 [ 108.555701][ T8397] bond10: (slave batadv10): making interface the new active one [ 108.563537][ T8385] FAULT_INJECTION: forcing a failure. [ 108.563537][ T8385] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 108.576633][ T8385] CPU: 0 UID: 0 PID: 8385 Comm: syz.0.1663 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 108.576662][ T8385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.576673][ T8385] Call Trace: [ 108.576679][ T8385] [ 108.576721][ T8385] __dump_stack+0x1d/0x30 [ 108.576739][ T8385] dump_stack_lvl+0xe8/0x140 [ 108.576755][ T8385] dump_stack+0x15/0x1b [ 108.576769][ T8385] should_fail_ex+0x265/0x280 [ 108.576859][ T8385] should_fail+0xb/0x20 [ 108.576886][ T8385] should_fail_usercopy+0x1a/0x20 [ 108.576911][ T8385] _copy_to_user+0x20/0xa0 [ 108.577001][ T8385] simple_read_from_buffer+0xb5/0x130 [ 108.577025][ T8385] proc_fail_nth_read+0x100/0x140 [ 108.577043][ T8385] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 108.577060][ T8385] vfs_read+0x19d/0x6f0 [ 108.577114][ T8385] ? __rcu_read_unlock+0x4f/0x70 [ 108.577135][ T8385] ? __fget_files+0x184/0x1c0 [ 108.577155][ T8385] ksys_read+0xda/0x1a0 [ 108.577248][ T8385] __x64_sys_read+0x40/0x50 [ 108.577279][ T8385] x64_sys_call+0x27bc/0x2ff0 [ 108.577297][ T8385] do_syscall_64+0xd2/0x200 [ 108.577372][ T8385] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 108.577396][ T8385] ? clear_bhb_loop+0x40/0x90 [ 108.577417][ T8385] ? clear_bhb_loop+0x40/0x90 [ 108.577439][ T8385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.577566][ T8385] RIP: 0033:0x7fe62f33d3bc [ 108.577582][ T8385] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 108.577600][ T8385] RSP: 002b:00007fe62d9a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 108.577620][ T8385] RAX: ffffffffffffffda RBX: 00007fe62f565fa0 RCX: 00007fe62f33d3bc [ 108.577632][ T8385] RDX: 000000000000000f RSI: 00007fe62d9a70a0 RDI: 0000000000000003 [ 108.577643][ T8385] RBP: 00007fe62d9a7090 R08: 0000000000000000 R09: 0000000000000000 [ 108.577656][ T8385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.577668][ T8385] R13: 0000000000000000 R14: 00007fe62f565fa0 R15: 00007ffed0e39038 [ 108.577703][ T8385] [ 108.790788][ T8397] bond10: (slave batadv10): Enslaving as an active interface with an up link [ 108.816958][ T8401] serio: Serial port ptm0 [ 108.837293][ T8404] loop3: detected capacity change from 0 to 1024 [ 108.848714][ T8404] EXT4-fs: Ignoring removed nobh option [ 108.854376][ T8404] EXT4-fs: Ignoring removed nobh option [ 108.859947][ T8404] EXT4-fs: Ignoring removed bh option [ 108.881597][ T8413] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.887051][ T8410] can: request_module (can-proto-3) failed. [ 108.907672][ T8410] loop0: detected capacity change from 0 to 2048 [ 108.941485][ T8413] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.957670][ T8418] lo speed is unknown, defaulting to 1000 [ 108.974049][ T8413] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.043794][ T8413] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.069579][ T8422] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 109.096557][ T8427] loop3: detected capacity change from 0 to 1024 [ 109.105914][ T8422] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1792 with error 28 [ 109.118498][ T8422] EXT4-fs (loop0): This should not happen!! Data will be lost [ 109.118498][ T8422] [ 109.126209][ T8427] ext4 filesystem being mounted at /362/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 109.128255][ T8422] EXT4-fs (loop0): Total free blocks count 0 [ 109.144739][ T8422] EXT4-fs (loop0): Free/Dirty block details [ 109.148851][ T8427] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 1: comm syz.3.1675: lblock 1 mapped to illegal pblock 1 (length 15) [ 109.150631][ T8422] EXT4-fs (loop0): free_blocks=2415919104 [ 109.150647][ T8422] EXT4-fs (loop0): dirty_blocks=1808 [ 109.150657][ T8422] EXT4-fs (loop0): Block reservation details [ 109.150668][ T8422] EXT4-fs (loop0): i_reserved_data_blocks=113 [ 109.188517][ T8427] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 109.192989][ T8413] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.200929][ T8427] EXT4-fs (loop3): This should not happen!! Data will be lost [ 109.200929][ T8427] [ 109.245814][ T8413] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.246141][ T144] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 109.257464][ T8413] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.266287][ T144] EXT4-fs (loop0): This should not happen!! Data will be lost [ 109.266287][ T144] [ 109.287465][ T8413] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.359020][ T8449] pim6reg1: entered promiscuous mode [ 109.364400][ T8449] pim6reg1: entered allmulticast mode [ 109.368139][ T8451] loop3: detected capacity change from 0 to 2048 [ 109.403706][ T8455] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 109.410144][ T8455] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 109.505809][ T8468] IPv6: Can't replace route, no match found [ 109.531010][ T8468] loop3: detected capacity change from 0 to 1024 [ 109.537978][ T8468] EXT4-fs: Ignoring removed bh option [ 109.543490][ T8468] EXT4-fs: inline encryption not supported [ 109.549502][ T8468] ext4: Unknown parameter 'smackfsroot' [ 109.557503][ T8468] rdma_op ffff888109a2bd80 conn xmit_rdma 0000000000000000 [ 109.579744][ T8468] loop3: detected capacity change from 0 to 2048 [ 109.594017][ T8474] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1694'. [ 109.612131][ T8474] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1694'. [ 109.697133][ T8489] loop1: detected capacity change from 0 to 512 [ 109.704110][ T8489] EXT4-fs: Ignoring removed mblk_io_submit option [ 109.722430][ T8489] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 109.738098][ T8489] EXT4-fs (loop1): 1 truncate cleaned up [ 109.738506][ T8491] pim6reg1: entered promiscuous mode [ 109.749137][ T8491] pim6reg1: entered allmulticast mode [ 109.762368][ T8489] FAULT_INJECTION: forcing a failure. [ 109.762368][ T8489] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.775447][ T8489] CPU: 1 UID: 0 PID: 8489 Comm: syz.1.1699 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 109.775539][ T8489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 109.775550][ T8489] Call Trace: [ 109.775557][ T8489] [ 109.775564][ T8489] __dump_stack+0x1d/0x30 [ 109.775585][ T8489] dump_stack_lvl+0xe8/0x140 [ 109.775605][ T8489] dump_stack+0x15/0x1b [ 109.775679][ T8489] should_fail_ex+0x265/0x280 [ 109.775704][ T8489] should_fail+0xb/0x20 [ 109.775725][ T8489] should_fail_usercopy+0x1a/0x20 [ 109.775762][ T8489] strncpy_from_user+0x25/0x230 [ 109.775778][ T8489] ? kmem_cache_alloc_noprof+0x186/0x310 [ 109.775878][ T8489] ? getname_flags+0x80/0x3b0 [ 109.775897][ T8489] getname_flags+0xae/0x3b0 [ 109.775915][ T8489] __x64_sys_unlink+0x21/0x40 [ 109.775938][ T8489] x64_sys_call+0x2dc0/0x2ff0 [ 109.776003][ T8489] do_syscall_64+0xd2/0x200 [ 109.776028][ T8489] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 109.776053][ T8489] ? clear_bhb_loop+0x40/0x90 [ 109.776070][ T8489] ? clear_bhb_loop+0x40/0x90 [ 109.776089][ T8489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.776106][ T8489] RIP: 0033:0x7f1ade52e9a9 [ 109.776121][ T8489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.776138][ T8489] RSP: 002b:00007f1adcb97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 109.776155][ T8489] RAX: ffffffffffffffda RBX: 00007f1ade755fa0 RCX: 00007f1ade52e9a9 [ 109.776239][ T8489] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 109.776297][ T8489] RBP: 00007f1adcb97090 R08: 0000000000000000 R09: 0000000000000000 [ 109.776310][ T8489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.776358][ T8489] R13: 0000000000000000 R14: 00007f1ade755fa0 R15: 00007ffe8c577908 [ 109.776377][ T8489] [ 109.994835][ T8481] FAULT_INJECTION: forcing a failure. [ 109.994835][ T8481] name failslab, interval 1, probability 0, space 0, times 0 [ 110.007623][ T8481] CPU: 0 UID: 0 PID: 8481 Comm: syz.3.1695 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 110.007697][ T8481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 110.007707][ T8481] Call Trace: [ 110.007711][ T8481] [ 110.007717][ T8481] __dump_stack+0x1d/0x30 [ 110.007735][ T8481] dump_stack_lvl+0xe8/0x140 [ 110.007800][ T8481] dump_stack+0x15/0x1b [ 110.007817][ T8481] should_fail_ex+0x265/0x280 [ 110.007840][ T8481] ? alloc_netdev_mqs+0x829/0xab0 [ 110.007861][ T8481] should_failslab+0x8c/0xb0 [ 110.007912][ T8481] __kmalloc_cache_noprof+0x4c/0x320 [ 110.007936][ T8481] alloc_netdev_mqs+0x829/0xab0 [ 110.008037][ T8481] rtnl_create_link+0x239/0x710 [ 110.008133][ T8481] rtnl_newlink_create+0x14c/0x620 [ 110.008159][ T8481] ? security_capable+0x83/0x90 [ 110.008193][ T8481] ? netlink_ns_capable+0x86/0xa0 [ 110.008211][ T8481] rtnl_newlink+0xf29/0x12d0 [ 110.008239][ T8481] ? search_extable+0x53/0x80 [ 110.008303][ T8481] ? strncpy_from_user+0x17d/0x230 [ 110.008339][ T8481] ? strncpy_from_user+0x17d/0x230 [ 110.008408][ T8481] ? fixup_exception+0x72e/0xd00 [ 110.008445][ T8481] ? __rcu_read_unlock+0x4f/0x70 [ 110.008466][ T8481] ? avc_has_perm_noaudit+0x1b1/0x200 [ 110.008498][ T8481] ? cred_has_capability+0x210/0x280 [ 110.008557][ T8481] ? selinux_capable+0x31/0x40 [ 110.008586][ T8481] ? security_capable+0x83/0x90 [ 110.008610][ T8481] ? ns_capable+0x7d/0xb0 [ 110.008673][ T8481] ? __pfx_rtnl_newlink+0x10/0x10 [ 110.008702][ T8481] rtnetlink_rcv_msg+0x5fe/0x6d0 [ 110.008743][ T8481] netlink_rcv_skb+0x120/0x220 [ 110.008819][ T8481] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 110.008905][ T8481] rtnetlink_rcv+0x1c/0x30 [ 110.008926][ T8481] netlink_unicast+0x5a8/0x680 [ 110.008946][ T8481] netlink_sendmsg+0x58b/0x6b0 [ 110.008971][ T8481] ? __pfx_netlink_sendmsg+0x10/0x10 [ 110.009030][ T8481] __sock_sendmsg+0x142/0x180 [ 110.009060][ T8481] ____sys_sendmsg+0x31e/0x4e0 [ 110.009088][ T8481] ___sys_sendmsg+0x17b/0x1d0 [ 110.009134][ T8481] __x64_sys_sendmsg+0xd4/0x160 [ 110.009157][ T8481] x64_sys_call+0x191e/0x2ff0 [ 110.009208][ T8481] do_syscall_64+0xd2/0x200 [ 110.009228][ T8481] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 110.009249][ T8481] ? clear_bhb_loop+0x40/0x90 [ 110.009270][ T8481] ? clear_bhb_loop+0x40/0x90 [ 110.009368][ T8481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.009388][ T8481] RIP: 0033:0x7fd8e48fe9a9 [ 110.009403][ T8481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.009493][ T8481] RSP: 002b:00007fd8e2f5f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 110.009513][ T8481] RAX: ffffffffffffffda RBX: 00007fd8e4b25fa0 RCX: 00007fd8e48fe9a9 [ 110.009564][ T8481] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000006 [ 110.009575][ T8481] RBP: 00007fd8e2f5f090 R08: 0000000000000000 R09: 0000000000000000 [ 110.009587][ T8481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 110.009600][ T8481] R13: 0000000000000000 R14: 00007fd8e4b25fa0 R15: 00007ffd26b264c8 [ 110.009617][ T8481] [ 110.363926][ T8503] loop1: detected capacity change from 0 to 1024 [ 110.399733][ T8503] netlink: 'syz.1.1705': attribute type 1 has an invalid length. [ 110.423010][ T8505] loop2: detected capacity change from 0 to 1024 [ 110.426102][ T8503] 8021q: adding VLAN 0 to HW filter on device bond11 [ 110.452553][ T8503] 8021q: adding VLAN 0 to HW filter on device batadv11 [ 110.462097][ T8503] bond11: (slave batadv11): making interface the new active one [ 110.479097][ T8505] netlink: 'syz.2.1706': attribute type 1 has an invalid length. [ 110.485919][ T8503] bond11: (slave batadv11): Enslaving as an active interface with an up link [ 110.528187][ T8505] 8021q: adding VLAN 0 to HW filter on device bond10 [ 110.562414][ T8505] 8021q: adding VLAN 0 to HW filter on device batadv9 [ 110.571079][ T8505] bond10: (slave batadv9): making interface the new active one [ 110.580178][ T8505] bond10: (slave batadv9): Enslaving as an active interface with an up link [ 110.628588][ T8531] loop4: detected capacity change from 0 to 2048 [ 110.689814][ T8533] loop2: detected capacity change from 0 to 512 [ 110.696639][ T8533] journal_path: Lookup failure for './file0/../file0' [ 110.697322][ T8536] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.703451][ T8533] EXT4-fs: error: could not find journal device path [ 110.761187][ T8531] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 110.780683][ T8531] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1438 with error 28 [ 110.793232][ T8531] EXT4-fs (loop4): This should not happen!! Data will be lost [ 110.793232][ T8531] [ 110.802964][ T8531] EXT4-fs (loop4): Total free blocks count 0 [ 110.809068][ T8531] EXT4-fs (loop4): Free/Dirty block details [ 110.815029][ T8531] EXT4-fs (loop4): free_blocks=2415919104 [ 110.820961][ T8531] EXT4-fs (loop4): dirty_blocks=1440 [ 110.826424][ T8531] EXT4-fs (loop4): Block reservation details [ 110.832477][ T8531] EXT4-fs (loop4): i_reserved_data_blocks=90 [ 110.905001][ T8554] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.952543][ T8560] netlink: 200 bytes leftover after parsing attributes in process `syz.4.1721'. [ 110.988122][ T8564] blktrace: Concurrent blktraces are not allowed on loop8 [ 111.009474][ T8554] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.028475][ T8561] lo speed is unknown, defaulting to 1000 [ 111.079719][ T8554] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.168107][ T8554] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.197784][ T8575] loop3: detected capacity change from 0 to 2048 [ 111.250555][ T8583] loop4: detected capacity change from 0 to 1024 [ 111.280697][ T8583] ext4 filesystem being mounted at /275/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 111.304852][ T8588] pim6reg1: entered promiscuous mode [ 111.310246][ T8588] pim6reg1: entered allmulticast mode [ 111.352342][ T8590] FAULT_INJECTION: forcing a failure. [ 111.352342][ T8590] name failslab, interval 1, probability 0, space 0, times 0 [ 111.365001][ T8590] CPU: 1 UID: 0 PID: 8590 Comm: syz.4.1733 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 111.365080][ T8590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.365087][ T8590] Call Trace: [ 111.365091][ T8590] [ 111.365095][ T8590] __dump_stack+0x1d/0x30 [ 111.365183][ T8590] dump_stack_lvl+0xe8/0x140 [ 111.365201][ T8590] dump_stack+0x15/0x1b [ 111.365210][ T8590] should_fail_ex+0x265/0x280 [ 111.365230][ T8590] should_failslab+0x8c/0xb0 [ 111.365247][ T8590] __kmalloc_node_track_caller_noprof+0xa4/0x410 [ 111.365296][ T8590] ? make_vfsuid+0x49/0xa0 [ 111.365307][ T8590] ? v9fs_session_init+0x4b/0xde0 [ 111.365322][ T8590] kstrdup+0x3e/0xd0 [ 111.365334][ T8590] v9fs_session_init+0x4b/0xde0 [ 111.365411][ T8590] ? __rcu_read_unlock+0x4f/0x70 [ 111.365424][ T8590] ? avc_has_perm_noaudit+0x1b1/0x200 [ 111.365440][ T8590] ? should_fail_ex+0xdb/0x280 [ 111.365466][ T8590] ? v9fs_mount+0x51/0x5c0 [ 111.365481][ T8590] ? should_failslab+0x8c/0xb0 [ 111.365492][ T8590] ? __kmalloc_cache_noprof+0x189/0x320 [ 111.365535][ T8590] v9fs_mount+0x67/0x5c0 [ 111.365550][ T8590] ? selinux_capable+0x31/0x40 [ 111.365566][ T8590] ? __pfx_v9fs_mount+0x10/0x10 [ 111.365625][ T8590] legacy_get_tree+0x78/0xd0 [ 111.365641][ T8590] vfs_get_tree+0x54/0x1d0 [ 111.365659][ T8590] do_new_mount+0x207/0x5e0 [ 111.365747][ T8590] ? security_capable+0x83/0x90 [ 111.365763][ T8590] path_mount+0x4a4/0xb20 [ 111.365848][ T8590] ? user_path_at+0x109/0x130 [ 111.365866][ T8590] __se_sys_mount+0x28f/0x2e0 [ 111.365904][ T8590] __x64_sys_mount+0x67/0x80 [ 111.365934][ T8590] x64_sys_call+0x2b4d/0x2ff0 [ 111.365946][ T8590] do_syscall_64+0xd2/0x200 [ 111.366026][ T8590] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 111.366120][ T8590] ? clear_bhb_loop+0x40/0x90 [ 111.366132][ T8590] ? clear_bhb_loop+0x40/0x90 [ 111.366221][ T8590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.366232][ T8590] RIP: 0033:0x7efedadce9a9 [ 111.366242][ T8590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.366252][ T8590] RSP: 002b:00007efed9437038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 111.366263][ T8590] RAX: ffffffffffffffda RBX: 00007efedaff5fa0 RCX: 00007efedadce9a9 [ 111.366314][ T8590] RDX: 00002000000002c0 RSI: 0000200000000080 RDI: 0000000000000000 [ 111.366321][ T8590] RBP: 00007efed9437090 R08: 0000200000000240 R09: 0000000000000000 [ 111.366328][ T8590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 111.366335][ T8590] R13: 0000000000000000 R14: 00007efedaff5fa0 R15: 00007ffde196a418 [ 111.366345][ T8590] [ 111.462609][ T8592] blktrace: Concurrent blktraces are not allowed on loop6 [ 111.545309][ T8597] can: request_module (can-proto-3) failed. [ 111.684954][ T8599] loop4: detected capacity change from 0 to 2048 [ 111.715944][ T8603] lo speed is unknown, defaulting to 1000 [ 111.850786][ T8603] loop3: detected capacity change from 0 to 256 [ 111.869100][ T8599] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 111.892177][ T8599] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 558 with error 28 [ 111.904658][ T8599] EXT4-fs (loop4): This should not happen!! Data will be lost [ 111.904658][ T8599] [ 111.914342][ T8599] EXT4-fs (loop4): Total free blocks count 0 [ 111.920396][ T8599] EXT4-fs (loop4): Free/Dirty block details [ 111.926294][ T8599] EXT4-fs (loop4): free_blocks=2415919104 [ 111.932113][ T8599] EXT4-fs (loop4): dirty_blocks=1712 [ 111.937396][ T8599] EXT4-fs (loop4): Block reservation details [ 111.943490][ T8599] EXT4-fs (loop4): i_reserved_data_blocks=107 [ 112.047312][ T12] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 112.059750][ T12] EXT4-fs (loop4): This should not happen!! Data will be lost [ 112.059750][ T12] [ 112.084298][ T8619] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1742'. [ 112.147698][ T8608] lo speed is unknown, defaulting to 1000 [ 112.268549][ T8626] blktrace: Concurrent blktraces are not allowed on loop6 [ 112.289937][ T29] kauditd_printk_skb: 497 callbacks suppressed [ 112.289953][ T29] audit: type=1326 audit(1753850067.081:8919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8625 comm="syz.3.1746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8e48fe9a9 code=0x7ffc0000 [ 112.319647][ T29] audit: type=1326 audit(1753850067.081:8920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8625 comm="syz.3.1746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8e48fe9a9 code=0x7ffc0000 [ 112.343139][ T29] audit: type=1326 audit(1753850067.081:8921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8625 comm="syz.3.1746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fd8e48fe9a9 code=0x7ffc0000 [ 112.366735][ T29] audit: type=1326 audit(1753850067.081:8922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8625 comm="syz.3.1746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8e48fe9a9 code=0x7ffc0000 [ 112.390220][ T29] audit: type=1326 audit(1753850067.081:8923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8625 comm="syz.3.1746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8e48fe9a9 code=0x7ffc0000 [ 112.413662][ T29] audit: type=1326 audit(1753850067.091:8924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8625 comm="syz.3.1746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fd8e48fe9a9 code=0x7ffc0000 [ 112.437104][ T29] audit: type=1326 audit(1753850067.091:8925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8625 comm="syz.3.1746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8e48fe9a9 code=0x7ffc0000 [ 112.460611][ T29] audit: type=1326 audit(1753850067.091:8926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8625 comm="syz.3.1746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fd8e48fe9a9 code=0x7ffc0000 [ 112.484031][ T29] audit: type=1326 audit(1753850067.091:8927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8625 comm="syz.3.1746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8e48fe9a9 code=0x7ffc0000 [ 112.507467][ T29] audit: type=1326 audit(1753850067.091:8928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8625 comm="syz.3.1746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fd8e48fe9a9 code=0x7ffc0000 [ 112.585233][ T8629] can: request_module (can-proto-3) failed. [ 112.627270][ T8629] loop0: detected capacity change from 0 to 2048 [ 112.682620][ T8636] loop3: detected capacity change from 0 to 1024 [ 112.698296][ T8636] EXT4-fs: Ignoring removed nobh option [ 112.703968][ T8636] EXT4-fs: Ignoring removed bh option [ 112.730343][ T8636] netlink: 'syz.3.1750': attribute type 3 has an invalid length. [ 112.835051][ T8642] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 112.857020][ T8642] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1720 with error 28 [ 112.869815][ T8642] EXT4-fs (loop0): This should not happen!! Data will be lost [ 112.869815][ T8642] [ 112.879503][ T8642] EXT4-fs (loop0): Total free blocks count 0 [ 112.885489][ T8642] EXT4-fs (loop0): Free/Dirty block details [ 112.891425][ T8642] EXT4-fs (loop0): free_blocks=2415919104 [ 112.897139][ T8642] EXT4-fs (loop0): dirty_blocks=1728 [ 112.902519][ T8642] EXT4-fs (loop0): Block reservation details [ 112.908520][ T8642] EXT4-fs (loop0): i_reserved_data_blocks=108 [ 112.962293][ T51] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 112.974668][ T51] EXT4-fs (loop0): This should not happen!! Data will be lost [ 112.974668][ T51] [ 113.003528][ T8645] FAULT_INJECTION: forcing a failure. [ 113.003528][ T8645] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 113.016875][ T8645] CPU: 1 UID: 0 PID: 8645 Comm: syz.4.1743 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 113.016910][ T8645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.016922][ T8645] Call Trace: [ 113.016930][ T8645] [ 113.016936][ T8645] __dump_stack+0x1d/0x30 [ 113.016954][ T8645] dump_stack_lvl+0xe8/0x140 [ 113.016972][ T8645] dump_stack+0x15/0x1b [ 113.017043][ T8645] should_fail_ex+0x265/0x280 [ 113.017069][ T8645] should_fail_alloc_page+0xf2/0x100 [ 113.017143][ T8645] __alloc_frozen_pages_noprof+0xff/0x360 [ 113.017176][ T8645] alloc_pages_mpol+0xb3/0x250 [ 113.017205][ T8645] vma_alloc_folio_noprof+0x1aa/0x300 [ 113.017286][ T8645] do_wp_page+0x673/0x2400 [ 113.017303][ T8645] ? __rcu_read_lock+0x37/0x50 [ 113.017370][ T8645] handle_mm_fault+0x77d/0x2be0 [ 113.017390][ T8645] ? mas_walk+0xf2/0x120 [ 113.017419][ T8645] do_user_addr_fault+0x636/0x1090 [ 113.017512][ T8645] ? fpregs_assert_state_consistent+0xb4/0xe0 [ 113.017567][ T8645] exc_page_fault+0x62/0xa0 [ 113.017664][ T8645] asm_exc_page_fault+0x26/0x30 [ 113.017680][ T8645] RIP: 0033:0x7efedac90ca3 [ 113.017692][ T8645] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 113.017709][ T8645] RSP: 002b:00007efed94364a0 EFLAGS: 00010202 [ 113.017725][ T8645] RAX: 0000000000000400 RBX: 00007efed9436540 RCX: 00007efed1017000 [ 113.017736][ T8645] RDX: 00007efed94366e0 RSI: 0000000000000069 RDI: 00007efed94365e0 [ 113.017760][ T8645] RBP: 00000000000000f9 R08: 0000000000000008 R09: 00000000000000a5 [ 113.017771][ T8645] R10: 00000000000000be R11: 00007efed9436540 R12: 0000000000000001 [ 113.017805][ T8645] R13: 00007efedae6c880 R14: 0000000000000020 R15: 00007efed94365e0 [ 113.017877][ T8645] [ 113.017886][ T8645] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 113.214924][ T8645] loop4: detected capacity change from 0 to 1024 [ 113.222282][ T8645] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 113.240451][ T8647] loop3: detected capacity change from 0 to 1024 [ 113.247821][ T8645] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #3: block 1: comm syz.4.1743: lblock 1 mapped to illegal pblock 1 (length 1) [ 113.270671][ T8645] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1743: Failed to acquire dquot type 0 [ 113.284758][ T8645] EXT4-fs error (device loop4): ext4_free_blocks:6587: comm syz.4.1743: Freeing blocks not in datazone - block = 0, count = 4096 [ 113.297984][ T8647] ext4 filesystem being mounted at /387/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 113.311644][ T8661] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1752'. [ 113.316819][ T8645] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.1743: Invalid inode bitmap blk 0 in block_group 0 [ 113.332192][ T8647] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 1: comm syz.3.1751: lblock 1 mapped to illegal pblock 1 (length 15) [ 113.334397][ T31] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 113.361832][ T8645] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 113.372537][ T8647] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 113.376249][ T31] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:1: Failed to release dquot type 0 [ 113.384908][ T8647] EXT4-fs (loop3): This should not happen!! Data will be lost [ 113.384908][ T8647] [ 113.396354][ T8645] EXT4-fs (loop4): 1 orphan inode deleted [ 113.412244][ T8657] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1755'. [ 113.464590][ T8669] can: request_module (can-proto-3) failed. [ 113.488409][ T8669] loop3: detected capacity change from 0 to 2048 [ 113.539054][ T8685] loop4: detected capacity change from 0 to 2048 [ 113.553662][ T8683] can: request_module (can-proto-3) failed. [ 113.569536][ T8683] loop2: detected capacity change from 0 to 2048 [ 113.645490][ T8689] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 113.651766][ T8685] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 113.660395][ T8689] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1560 with error 28 [ 113.687602][ T8689] EXT4-fs (loop3): This should not happen!! Data will be lost [ 113.687602][ T8689] [ 113.697339][ T8689] EXT4-fs (loop3): Total free blocks count 0 [ 113.699471][ T8698] loop0: detected capacity change from 0 to 512 [ 113.703439][ T8689] EXT4-fs (loop3): Free/Dirty block details [ 113.715471][ T8689] EXT4-fs (loop3): free_blocks=2415919104 [ 113.721202][ T8689] EXT4-fs (loop3): dirty_blocks=1568 [ 113.726639][ T8689] EXT4-fs (loop3): Block reservation details [ 113.732652][ T8689] EXT4-fs (loop3): i_reserved_data_blocks=98 [ 113.744446][ T8699] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 113.753102][ T8685] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 62 with max blocks 582 with error 28 [ 113.768353][ T8699] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 992 with error 28 [ 113.771750][ T8685] EXT4-fs (loop4): This should not happen!! Data will be lost [ 113.771750][ T8685] [ 113.771764][ T8685] EXT4-fs (loop4): Total free blocks count 0 [ 113.784164][ T8699] EXT4-fs (loop2): This should not happen!! Data will be lost [ 113.784164][ T8699] [ 113.793737][ T8685] EXT4-fs (loop4): Free/Dirty block details [ 113.799714][ T8699] EXT4-fs (loop2): Total free blocks count 0 [ 113.799727][ T8699] EXT4-fs (loop2): Free/Dirty block details [ 113.799737][ T8699] EXT4-fs (loop2): free_blocks=2415919104 [ 113.799748][ T8699] EXT4-fs (loop2): dirty_blocks=1008 [ 113.799758][ T8699] EXT4-fs (loop2): Block reservation details [ 113.799767][ T8699] EXT4-fs (loop2): i_reserved_data_blocks=63 [ 113.808528][ T8698] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1766: bg 0: block 131: padding at end of block bitmap is not set [ 113.809388][ T8685] EXT4-fs (loop4): free_blocks=2415919104 [ 113.819282][ T8698] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 113.821242][ T8685] EXT4-fs (loop4): dirty_blocks=656 [ 113.821296][ T8685] EXT4-fs (loop4): Block reservation details [ 113.821307][ T8685] EXT4-fs (loop4): i_reserved_data_blocks=41 [ 113.849105][ T8698] EXT4-fs (loop0): 1 truncate cleaned up [ 113.915631][ T144] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 113.928090][ T144] EXT4-fs (loop2): This should not happen!! Data will be lost [ 113.928090][ T144] [ 113.958514][ T144] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 113.971064][ T144] EXT4-fs (loop3): This should not happen!! Data will be lost [ 113.971064][ T144] [ 113.997323][ T8703] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1767'. [ 114.032820][ T8712] loop3: detected capacity change from 0 to 2048 [ 114.094853][ T8723] loop2: detected capacity change from 0 to 512 [ 114.112693][ T8723] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1774: bg 0: block 131: padding at end of block bitmap is not set [ 114.127442][ T8723] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 114.136623][ T8723] EXT4-fs (loop2): 1 truncate cleaned up [ 114.145267][ T8712] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 114.160864][ T8712] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1630 with error 28 [ 114.173451][ T8712] EXT4-fs (loop3): This should not happen!! Data will be lost [ 114.173451][ T8712] [ 114.183204][ T8712] EXT4-fs (loop3): Total free blocks count 0 [ 114.189241][ T8712] EXT4-fs (loop3): Free/Dirty block details [ 114.189478][ T8723] FAULT_INJECTION: forcing a failure. [ 114.189478][ T8723] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 114.195177][ T8712] EXT4-fs (loop3): free_blocks=2415919104 [ 114.208275][ T8723] CPU: 0 UID: 0 PID: 8723 Comm: syz.2.1774 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 114.208303][ T8723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.208314][ T8723] Call Trace: [ 114.208321][ T8723] [ 114.208329][ T8723] __dump_stack+0x1d/0x30 [ 114.208358][ T8723] dump_stack_lvl+0xe8/0x140 [ 114.208376][ T8723] dump_stack+0x15/0x1b [ 114.208393][ T8723] should_fail_ex+0x265/0x280 [ 114.208417][ T8723] should_fail+0xb/0x20 [ 114.208436][ T8723] should_fail_usercopy+0x1a/0x20 [ 114.208498][ T8723] _copy_from_user+0x1c/0xb0 [ 114.208528][ T8723] restore_altstack+0x4b/0x2d0 [ 114.208551][ T8723] ? __set_task_blocked+0x23a/0x2a0 [ 114.208641][ T8723] __ia32_sys_rt_sigreturn+0xdc/0x350 [ 114.208686][ T8723] ? _raw_spin_unlock_irq+0x26/0x50 [ 114.208715][ T8723] ? signal_setup_done+0x266/0x290 [ 114.208761][ T8723] ? xfd_validate_state+0x45/0xf0 [ 114.208789][ T8723] ? fpu__clear_user_states+0x63/0x1e0 [ 114.208860][ T8723] ? fpregs_mark_activate+0x66/0x140 [ 114.208885][ T8723] ? fpu__clear_user_states+0x63/0x1e0 [ 114.208913][ T8723] ? arch_do_signal_or_restart+0x2f3/0x480 [ 114.208946][ T8723] ? __rcu_read_unlock+0x4f/0x70 [ 114.208969][ T8723] x64_sys_call+0x2d3c/0x2ff0 [ 114.208989][ T8723] do_syscall_64+0xd2/0x200 [ 114.209012][ T8723] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 114.209094][ T8723] ? clear_bhb_loop+0x40/0x90 [ 114.209114][ T8723] ? clear_bhb_loop+0x40/0x90 [ 114.209135][ T8723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.209154][ T8723] RIP: 0033:0x7f17872aab89 [ 114.209169][ T8723] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 114.209187][ T8723] RSP: 002b:00007f1785976a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 114.209261][ T8723] RAX: ffffffffffffffda RBX: 00007f1787535fa0 RCX: 00007f17872aab89 [ 114.209296][ T8723] RDX: 00007f1785976a80 RSI: 00007f1785976bb0 RDI: 0000000000000021 [ 114.209308][ T8723] RBP: 00007f1785977090 R08: 0000000000000000 R09: 0000000000000000 [ 114.209389][ T8723] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 114.209401][ T8723] R13: 0000000000000000 R14: 00007f1787535fa0 R15: 00007ffd0b883da8 [ 114.209438][ T8723] [ 114.307734][ T8731] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 114.310100][ T8712] EXT4-fs (loop3): dirty_blocks=1632 [ 114.310116][ T8712] EXT4-fs (loop3): Block reservation details [ 114.310126][ T8712] EXT4-fs (loop3): i_reserved_data_blocks=102 [ 114.474208][ T8733] lo speed is unknown, defaulting to 1000 [ 114.538012][ T8728] loop7: detected capacity change from 0 to 16384 [ 114.594879][ T8740] loop3: detected capacity change from 0 to 2048 [ 114.625994][ T8554] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.647870][ T8554] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.680890][ T8742] loop2: detected capacity change from 0 to 2048 [ 114.708371][ T8554] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.732955][ T8740] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 114.769475][ T8554] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.809757][ T8740] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1114 with error 28 [ 114.822355][ T8740] EXT4-fs (loop3): This should not happen!! Data will be lost [ 114.822355][ T8740] [ 114.832145][ T8740] EXT4-fs (loop3): Total free blocks count 0 [ 114.838217][ T8740] EXT4-fs (loop3): Free/Dirty block details [ 114.844240][ T8740] EXT4-fs (loop3): free_blocks=2415919104 [ 114.850016][ T8740] EXT4-fs (loop3): dirty_blocks=1120 [ 114.855312][ T8740] EXT4-fs (loop3): Block reservation details [ 114.861330][ T8740] EXT4-fs (loop3): i_reserved_data_blocks=70 [ 114.954424][ T8753] loop2: detected capacity change from 0 to 512 [ 114.978156][ T8753] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=8753 comm=syz.2.1781 [ 115.009887][ T8763] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1783'. [ 115.083171][ T8771] SELinux: failed to load policy [ 115.142496][ T8771] loop2: detected capacity change from 0 to 512 [ 115.164034][ T8771] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 115.185867][ T8771] EXT4-fs (loop2): mount failed [ 115.211619][ T8779] loop1: detected capacity change from 0 to 1024 [ 115.224781][ T8779] netlink: 'syz.1.1790': attribute type 1 has an invalid length. [ 115.236835][ T8779] 8021q: adding VLAN 0 to HW filter on device bond12 [ 115.248787][ T8779] 8021q: adding VLAN 0 to HW filter on device batadv12 [ 115.257707][ T8779] bond12: (slave batadv12): making interface the new active one [ 115.266989][ T8779] bond12: (slave batadv12): Enslaving as an active interface with an up link [ 115.297063][ T8786] loop1: detected capacity change from 0 to 1024 [ 115.316390][ T8786] netlink: 'syz.1.1792': attribute type 1 has an invalid length. [ 115.330261][ T8786] 8021q: adding VLAN 0 to HW filter on device bond13 [ 115.346941][ T8786] 8021q: adding VLAN 0 to HW filter on device batadv13 [ 115.355422][ T8786] bond13: (slave batadv13): making interface the new active one [ 115.364220][ T8786] bond13: (slave batadv13): Enslaving as an active interface with an up link [ 115.401542][ T8792] loop1: detected capacity change from 0 to 2048 [ 115.486929][ T8797] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.531092][ T8797] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.557964][ T8798] lo speed is unknown, defaulting to 1000 [ 115.599732][ T8797] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.641273][ T8797] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.976861][ T8805] can: request_module (can-proto-3) failed. [ 116.007942][ T8805] loop3: detected capacity change from 0 to 2048 [ 116.045492][ T8811] loop0: detected capacity change from 0 to 2048 [ 116.057785][ T8815] can: request_module (can-proto-3) failed. [ 116.091145][ T8815] loop4: detected capacity change from 0 to 2048 [ 116.143572][ T8811] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 116.219797][ T8811] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1400 with error 28 [ 116.232395][ T8811] EXT4-fs (loop0): This should not happen!! Data will be lost [ 116.232395][ T8811] [ 116.234684][ T8829] FAULT_INJECTION: forcing a failure. [ 116.234684][ T8829] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 116.242043][ T8811] EXT4-fs (loop0): Total free blocks count 0 [ 116.242059][ T8811] EXT4-fs (loop0): Free/Dirty block details [ 116.242069][ T8811] EXT4-fs (loop0): free_blocks=2415919104 [ 116.242098][ T8811] EXT4-fs (loop0): dirty_blocks=1408 [ 116.242110][ T8811] EXT4-fs (loop0): Block reservation details [ 116.242121][ T8811] EXT4-fs (loop0): i_reserved_data_blocks=88 [ 116.290596][ T8829] CPU: 0 UID: 0 PID: 8829 Comm: syz.2.1803 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 116.290650][ T8829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.290661][ T8829] Call Trace: [ 116.290669][ T8829] [ 116.290675][ T8829] __dump_stack+0x1d/0x30 [ 116.290694][ T8829] dump_stack_lvl+0xe8/0x140 [ 116.290713][ T8829] dump_stack+0x15/0x1b [ 116.290756][ T8829] should_fail_ex+0x265/0x280 [ 116.290781][ T8829] should_fail+0xb/0x20 [ 116.290811][ T8829] should_fail_usercopy+0x1a/0x20 [ 116.290838][ T8829] copy_fpstate_to_sigframe+0x628/0x7d0 [ 116.290865][ T8829] ? copy_fpstate_to_sigframe+0xe6/0x7d0 [ 116.290966][ T8829] ? x86_task_fpu+0x36/0x60 [ 116.290987][ T8829] get_sigframe+0x34d/0x490 [ 116.291071][ T8829] ? get_signal+0xdc8/0xf70 [ 116.291104][ T8829] x64_setup_rt_frame+0xa8/0x580 [ 116.291126][ T8829] arch_do_signal_or_restart+0x27c/0x480 [ 116.291181][ T8829] exit_to_user_mode_loop+0x7a/0x100 [ 116.291205][ T8829] do_syscall_64+0x1d6/0x200 [ 116.291307][ T8829] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 116.291327][ T8829] ? clear_bhb_loop+0x40/0x90 [ 116.291344][ T8829] ? clear_bhb_loop+0x40/0x90 [ 116.291410][ T8829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.291431][ T8829] RIP: 0033:0x7f178730e9a9 [ 116.291447][ T8829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.291462][ T8829] RSP: 002b:00007f1785977038 EFLAGS: 00000246 ORIG_RAX: 0000000000000082 [ 116.291481][ T8829] RAX: fffffffffffffffc RBX: 00007f1787535fa0 RCX: 00007f178730e9a9 [ 116.291510][ T8829] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000200000000040 [ 116.291523][ T8829] RBP: 00007f1785977090 R08: 0000000000000000 R09: 0000000000000000 [ 116.291536][ T8829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.291548][ T8829] R13: 0000000000000000 R14: 00007f1787535fa0 R15: 00007ffd0b883da8 [ 116.291567][ T8829] [ 116.532019][ T8830] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 116.546899][ T8823] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 116.562003][ T8830] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1130 with error 28 [ 116.574560][ T8830] EXT4-fs (loop4): This should not happen!! Data will be lost [ 116.574560][ T8830] [ 116.584251][ T8823] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 116.584232][ T8830] EXT4-fs (loop4): Total free blocks count 0 [ 116.584278][ T8830] EXT4-fs (loop4): Free/Dirty block details [ 116.584290][ T8830] EXT4-fs (loop4): free_blocks=2415919104 [ 116.584303][ T8830] EXT4-fs (loop4): dirty_blocks=1136 [ 116.584315][ T8830] EXT4-fs (loop4): Block reservation details [ 116.584328][ T8830] EXT4-fs (loop4): i_reserved_data_blocks=71 [ 116.632411][ T8823] EXT4-fs (loop3): This should not happen!! Data will be lost [ 116.632411][ T8823] [ 116.642085][ T8823] EXT4-fs (loop3): Total free blocks count 0 [ 116.648063][ T8823] EXT4-fs (loop3): Free/Dirty block details [ 116.654001][ T8823] EXT4-fs (loop3): free_blocks=2415919104 [ 116.659842][ T8823] EXT4-fs (loop3): dirty_blocks=4992 [ 116.665131][ T8823] EXT4-fs (loop3): Block reservation details [ 116.671226][ T8823] EXT4-fs (loop3): i_reserved_data_blocks=312 [ 116.734302][ T51] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 116.746788][ T51] EXT4-fs (loop4): This should not happen!! Data will be lost [ 116.746788][ T51] [ 116.816443][ T51] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 3074 with max blocks 1916 with error 28 [ 116.829304][ T51] EXT4-fs (loop3): This should not happen!! Data will be lost [ 116.829304][ T51] [ 116.838685][ T8849] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1809'. [ 116.848079][ T8849] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1809'. [ 116.857370][ T8849] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1809'. [ 116.866259][ T8849] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1809'. [ 116.875711][ T8849] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1809'. [ 116.918991][ T8855] loop0: detected capacity change from 0 to 512 [ 116.926137][ T8855] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 116.942233][ T8855] ext4 filesystem being mounted at /380/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.954061][ T8855] FAULT_INJECTION: forcing a failure. [ 116.954061][ T8855] name failslab, interval 1, probability 0, space 0, times 0 [ 116.966757][ T8855] CPU: 0 UID: 0 PID: 8855 Comm: syz.0.1812 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 116.966795][ T8855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.966806][ T8855] Call Trace: [ 116.966812][ T8855] [ 116.966871][ T8855] __dump_stack+0x1d/0x30 [ 116.966934][ T8855] dump_stack_lvl+0xe8/0x140 [ 116.966952][ T8855] dump_stack+0x15/0x1b [ 116.966969][ T8855] should_fail_ex+0x265/0x280 [ 116.966993][ T8855] should_failslab+0x8c/0xb0 [ 116.967015][ T8855] __kvmalloc_node_noprof+0x123/0x4e0 [ 116.967105][ T8855] ? vmemdup_user+0x26/0xd0 [ 116.967128][ T8855] ? should_fail_usercopy+0x1a/0x20 [ 116.967153][ T8855] vmemdup_user+0x26/0xd0 [ 116.967172][ T8855] path_setxattrat+0x1b6/0x310 [ 116.967243][ T8855] __x64_sys_lsetxattr+0x71/0x90 [ 116.967317][ T8855] x64_sys_call+0x2877/0x2ff0 [ 116.967334][ T8855] do_syscall_64+0xd2/0x200 [ 116.967356][ T8855] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 116.967381][ T8855] ? clear_bhb_loop+0x40/0x90 [ 116.967401][ T8855] ? clear_bhb_loop+0x40/0x90 [ 116.967422][ T8855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.967490][ T8855] RIP: 0033:0x7fe62f33e9a9 [ 116.967584][ T8855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.967601][ T8855] RSP: 002b:00007fe62d9a7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 116.967619][ T8855] RAX: ffffffffffffffda RBX: 00007fe62f565fa0 RCX: 00007fe62f33e9a9 [ 116.967631][ T8855] RDX: 0000200000000280 RSI: 0000200000000300 RDI: 00002000000001c0 [ 116.967642][ T8855] RBP: 00007fe62d9a7090 R08: 0000000000000001 R09: 0000000000000000 [ 116.967727][ T8855] R10: 000000000000001e R11: 0000000000000246 R12: 0000000000000001 [ 116.967738][ T8855] R13: 0000000000000000 R14: 00007fe62f565fa0 R15: 00007ffed0e39038 [ 116.967755][ T8855] [ 117.179101][ T8859] loop3: detected capacity change from 0 to 256 [ 117.320160][ T8878] can: request_module (can-proto-3) failed. [ 117.333069][ T8878] loop3: detected capacity change from 0 to 2048 [ 117.456878][ T8882] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 117.472193][ T8882] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 117.484767][ T8882] EXT4-fs (loop3): This should not happen!! Data will be lost [ 117.484767][ T8882] [ 117.494504][ T8882] EXT4-fs (loop3): Total free blocks count 0 [ 117.500495][ T8882] EXT4-fs (loop3): Free/Dirty block details [ 117.506452][ T8882] EXT4-fs (loop3): free_blocks=2415919104 [ 117.512210][ T8882] EXT4-fs (loop3): dirty_blocks=2544 [ 117.517493][ T8882] EXT4-fs (loop3): Block reservation details [ 117.523477][ T8882] EXT4-fs (loop3): i_reserved_data_blocks=159 [ 117.636185][ T29] kauditd_printk_skb: 270 callbacks suppressed [ 117.636198][ T29] audit: type=1326 audit(1753850072.461:9195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8890 comm="syz.4.1823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 117.666214][ T29] audit: type=1326 audit(1753850072.461:9196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8890 comm="syz.4.1823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 117.683437][ T8888] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1822'. [ 117.689683][ T29] audit: type=1326 audit(1753850072.461:9197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8890 comm="syz.4.1823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 117.722358][ T29] audit: type=1326 audit(1753850072.461:9198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8890 comm="syz.4.1823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 117.726145][ T8894] blktrace: Concurrent blktraces are not allowed on loop8 [ 117.745807][ T29] audit: type=1326 audit(1753850072.461:9199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8890 comm="syz.4.1823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 117.745936][ T29] audit: type=1326 audit(1753850072.461:9200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8890 comm="syz.4.1823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 117.745958][ T29] audit: type=1326 audit(1753850072.461:9201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8890 comm="syz.4.1823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 117.823442][ T29] audit: type=1326 audit(1753850072.461:9202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8890 comm="syz.4.1823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 117.846813][ T29] audit: type=1326 audit(1753850072.461:9203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8890 comm="syz.4.1823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 117.870286][ T29] audit: type=1326 audit(1753850072.461:9204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8890 comm="syz.4.1823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 117.943768][ T8898] loop2: detected capacity change from 0 to 1024 [ 117.961617][ T8898] ext4 filesystem being mounted at /375/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 117.975597][ T8898] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 1: comm syz.2.1825: lblock 1 mapped to illegal pblock 1 (length 15) [ 117.989888][ T8898] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 118.002300][ T8898] EXT4-fs (loop2): This should not happen!! Data will be lost [ 118.002300][ T8898] [ 118.094616][ T8908] blktrace: Concurrent blktraces are not allowed on loop0 [ 118.193173][ T8916] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1832'. [ 118.207335][ T8918] loop3: detected capacity change from 0 to 2048 [ 118.285452][ T8918] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 118.308364][ T8918] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1176 with error 28 [ 118.320985][ T8918] EXT4-fs (loop3): This should not happen!! Data will be lost [ 118.320985][ T8918] [ 118.330755][ T8918] EXT4-fs (loop3): Total free blocks count 0 [ 118.336790][ T8918] EXT4-fs (loop3): Free/Dirty block details [ 118.342705][ T8918] EXT4-fs (loop3): free_blocks=2415919104 [ 118.348440][ T8918] EXT4-fs (loop3): dirty_blocks=1184 [ 118.353757][ T8918] EXT4-fs (loop3): Block reservation details [ 118.359798][ T8918] EXT4-fs (loop3): i_reserved_data_blocks=74 [ 118.418083][ T8925] pim6reg1: entered promiscuous mode [ 118.423529][ T8925] pim6reg1: entered allmulticast mode [ 118.483904][ T8931] dummy0: entered allmulticast mode [ 118.505439][ T8933] loop0: detected capacity change from 0 to 512 [ 118.510247][ T8934] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1836'. [ 118.533043][ T8933] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 118.539487][ T8933] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 118.568464][ T8937] loop0: detected capacity change from 0 to 764 [ 118.575775][ T8937] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 118.762289][ T8939] loop0: detected capacity change from 0 to 512 [ 118.780476][ T8939] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 118.788531][ T8939] EXT4-fs (loop0): orphan cleanup on readonly fs [ 118.796260][ T8939] EXT4-fs error (device loop0): ext4_do_update_inode:5563: inode #16: comm syz.0.1840: corrupted inode contents [ 118.808367][ T8939] EXT4-fs (loop0): Remounting filesystem read-only [ 118.815007][ T8939] EXT4-fs (loop0): 1 truncate cleaned up [ 118.820858][ T144] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 118.831605][ T144] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 118.842179][ T144] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 118.982235][ T8948] can: request_module (can-proto-3) failed. [ 118.996729][ T8948] loop2: detected capacity change from 0 to 2048 [ 119.034546][ T8797] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.046593][ T8797] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.057644][ T8797] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.069271][ T8797] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.102434][ T8955] loop1: detected capacity change from 0 to 1024 [ 119.117508][ T8953] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 119.132698][ T8953] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1552 with error 28 [ 119.141024][ T8955] netlink: 'syz.1.1844': attribute type 1 has an invalid length. [ 119.145194][ T8953] EXT4-fs (loop2): This should not happen!! Data will be lost [ 119.145194][ T8953] [ 119.162675][ T8953] EXT4-fs (loop2): Total free blocks count 0 [ 119.167271][ T8955] 8021q: adding VLAN 0 to HW filter on device bond14 [ 119.168640][ T8953] EXT4-fs (loop2): Free/Dirty block details [ 119.181513][ T8953] EXT4-fs (loop2): free_blocks=2415919104 [ 119.187240][ T8953] EXT4-fs (loop2): dirty_blocks=1568 [ 119.192609][ T8953] EXT4-fs (loop2): Block reservation details [ 119.198698][ T8953] EXT4-fs (loop2): i_reserved_data_blocks=98 [ 119.212025][ T8955] 8021q: adding VLAN 0 to HW filter on device batadv14 [ 119.221597][ T8955] bond14: (slave batadv14): making interface the new active one [ 119.235975][ T8955] bond14: (slave batadv14): Enslaving as an active interface with an up link [ 119.314987][ T8930] dummy0: left allmulticast mode [ 119.335662][ T8965] loop3: detected capacity change from 0 to 1024 [ 119.345072][ T8967] __nla_validate_parse: 3 callbacks suppressed [ 119.345142][ T8967] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1847'. [ 119.365429][ T8965] ext4 filesystem being mounted at /404/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 119.409385][ T8975] loop3: detected capacity change from 0 to 1024 [ 119.431043][ T8975] netlink: 'syz.3.1850': attribute type 1 has an invalid length. [ 119.445909][ T8975] 8021q: adding VLAN 0 to HW filter on device bond12 [ 119.467069][ T8975] 8021q: adding VLAN 0 to HW filter on device batadv12 [ 119.476325][ T8975] bond12: (slave batadv12): making interface the new active one [ 119.494424][ T8975] bond12: (slave batadv12): Enslaving as an active interface with an up link [ 119.727245][ T8998] loop4: detected capacity change from 0 to 2048 [ 119.808054][ T8998] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 119.823134][ T8998] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 119.835635][ T8998] EXT4-fs (loop4): This should not happen!! Data will be lost [ 119.835635][ T8998] [ 119.845351][ T8998] EXT4-fs (loop4): Total free blocks count 0 [ 119.851369][ T8998] EXT4-fs (loop4): Free/Dirty block details [ 119.857428][ T8998] EXT4-fs (loop4): free_blocks=2415919104 [ 119.863287][ T8998] EXT4-fs (loop4): dirty_blocks=2160 [ 119.868719][ T8998] EXT4-fs (loop4): Block reservation details [ 119.874774][ T8998] EXT4-fs (loop4): i_reserved_data_blocks=135 [ 119.937130][ T9008] loop2: detected capacity change from 0 to 2048 [ 119.951647][ T9010] loop0: detected capacity change from 0 to 1024 [ 119.992704][ T9010] netlink: 'syz.0.1863': attribute type 1 has an invalid length. [ 120.028644][ T9010] 8021q: adding VLAN 0 to HW filter on device bond6 [ 120.037664][ T9008] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 120.052635][ T9020] loop4: detected capacity change from 0 to 1024 [ 120.059920][ T9008] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1342 with error 28 [ 120.071820][ T9010] 8021q: adding VLAN 0 to HW filter on device batadv6 [ 120.072393][ T9008] EXT4-fs (loop2): This should not happen!! Data will be lost [ 120.072393][ T9008] [ 120.081878][ T9010] bond6: (slave batadv6): making interface the new active one [ 120.088838][ T9008] EXT4-fs (loop2): Total free blocks count 0 [ 120.097485][ T9010] bond6: (slave batadv6): Enslaving as an active interface with an up link [ 120.102157][ T9008] EXT4-fs (loop2): Free/Dirty block details [ 120.102170][ T9008] EXT4-fs (loop2): free_blocks=2415919104 [ 120.102181][ T9008] EXT4-fs (loop2): dirty_blocks=2048 [ 120.102191][ T9008] EXT4-fs (loop2): Block reservation details [ 120.133880][ T9008] EXT4-fs (loop2): i_reserved_data_blocks=128 [ 120.135939][ T9020] netlink: 'syz.4.1864': attribute type 1 has an invalid length. [ 120.181551][ T9020] 8021q: adding VLAN 0 to HW filter on device bond4 [ 120.200256][ T9024] 8021q: adding VLAN 0 to HW filter on device batadv4 [ 120.210437][ T9024] bond4: (slave batadv4): making interface the new active one [ 120.219410][ T9024] bond4: (slave batadv4): Enslaving as an active interface with an up link [ 120.247804][ T9027] blktrace: Concurrent blktraces are not allowed on loop0 [ 120.450996][ T9037] lo speed is unknown, defaulting to 1000 [ 120.511687][ T36] kernel write not supported for file /949/clear_refs (pid: 36 comm: kworker/1:1) [ 120.680157][ T9046] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1870'. [ 120.691141][ T9040] loop4: detected capacity change from 0 to 2048 [ 120.824445][ T9044] can: request_module (can-proto-3) failed. [ 120.845361][ T9047] loop1: detected capacity change from 0 to 2048 [ 120.853340][ T9051] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1869'. [ 120.862398][ T9051] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1869'. [ 120.862507][ T9049] loop0: detected capacity change from 0 to 2048 [ 120.871387][ T9051] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1869'. [ 120.896833][ T9051] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1869'. [ 120.896920][ T9040] Alternate GPT is invalid, using primary GPT. [ 120.905879][ T9051] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1869'. [ 120.912182][ T9040] loop4: p1 p2 p3 [ 120.921062][ T9051] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1869'. [ 120.934936][ T9046] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1870'. [ 120.968626][ T9051] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1869'. [ 121.003244][ T9049] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 121.026935][ T9049] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1462 with error 28 [ 121.039572][ T9049] EXT4-fs (loop0): This should not happen!! Data will be lost [ 121.039572][ T9049] [ 121.049207][ T9049] EXT4-fs (loop0): Total free blocks count 0 [ 121.055402][ T9049] EXT4-fs (loop0): Free/Dirty block details [ 121.061388][ T9049] EXT4-fs (loop0): free_blocks=2415919104 [ 121.067190][ T9049] EXT4-fs (loop0): dirty_blocks=1472 [ 121.072661][ T9049] EXT4-fs (loop0): Block reservation details [ 121.078645][ T9049] EXT4-fs (loop0): i_reserved_data_blocks=92 [ 121.158058][ T9047] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 121.183016][ T9047] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 121.195329][ T9047] EXT4-fs (loop1): This should not happen!! Data will be lost [ 121.195329][ T9047] [ 121.205060][ T9047] EXT4-fs (loop1): Total free blocks count 0 [ 121.211071][ T9047] EXT4-fs (loop1): Free/Dirty block details [ 121.216972][ T9047] EXT4-fs (loop1): free_blocks=2415919104 [ 121.222814][ T9047] EXT4-fs (loop1): dirty_blocks=4960 [ 121.228103][ T9047] EXT4-fs (loop1): Block reservation details [ 121.234200][ T9047] EXT4-fs (loop1): i_reserved_data_blocks=310 [ 121.284161][ T9072] loop4: detected capacity change from 0 to 1024 [ 121.317851][ T9072] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 121.359701][ T9072] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #3: block 1: comm syz.4.1874: lblock 1 mapped to illegal pblock 1 (length 1) [ 121.383732][ T9072] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1874: Failed to acquire dquot type 0 [ 121.395440][ T9072] EXT4-fs error (device loop4): ext4_free_blocks:6587: comm syz.4.1874: Freeing blocks not in datazone - block = 0, count = 4096 [ 121.413281][ T9072] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.1874: Invalid inode bitmap blk 0 in block_group 0 [ 121.428274][ T144] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 121.457721][ T9072] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 121.493974][ T144] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 0 [ 121.519578][ T9072] EXT4-fs (loop4): 1 orphan inode deleted [ 121.528205][ T144] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 3074 with max blocks 1872 with error 28 [ 121.541062][ T144] EXT4-fs (loop1): This should not happen!! Data will be lost [ 121.541062][ T144] [ 121.578426][ T9082] loop4: detected capacity change from 0 to 512 [ 121.586221][ T9082] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 121.604777][ T9084] blktrace: Concurrent blktraces are not allowed on loop2 [ 121.607034][ T9082] EXT4-fs (loop4): 1 orphan inode deleted [ 121.617759][ T9082] EXT4-fs (loop4): 1 truncate cleaned up [ 121.626927][ T9082] EXT4-fs error (device loop4): ext4_inlinedir_to_tree:1340: inode #12: block 7: comm syz.4.1880: path /308/file0/file0: bad entry in directory: directory entry overrun - offset=788, inode=13, rec_len=784, size=60 fake=0 [ 121.648562][ T9082] EXT4-fs (loop4): Remounting filesystem read-only [ 121.761599][ T9099] loop4: detected capacity change from 0 to 2048 [ 121.831601][ T9099] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 121.850637][ T9099] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 121.863196][ T9099] EXT4-fs (loop4): This should not happen!! Data will be lost [ 121.863196][ T9099] [ 121.872847][ T9099] EXT4-fs (loop4): Total free blocks count 0 [ 121.878874][ T9099] EXT4-fs (loop4): Free/Dirty block details [ 121.884871][ T9099] EXT4-fs (loop4): free_blocks=2415919104 [ 121.890613][ T9099] EXT4-fs (loop4): dirty_blocks=2464 [ 121.895895][ T9099] EXT4-fs (loop4): Block reservation details [ 121.901919][ T9099] EXT4-fs (loop4): i_reserved_data_blocks=154 [ 122.184324][ T9106] can: request_module (can-proto-3) failed. [ 122.204026][ T9106] loop2: detected capacity change from 0 to 2048 [ 122.218096][ T9104] loop4: detected capacity change from 0 to 1024 [ 122.240714][ T9104] ext4 filesystem being mounted at /314/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 122.341299][ T9114] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 122.356442][ T9114] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 122.368896][ T9114] EXT4-fs (loop2): This should not happen!! Data will be lost [ 122.368896][ T9114] [ 122.378631][ T9114] EXT4-fs (loop2): Total free blocks count 0 [ 122.384622][ T9114] EXT4-fs (loop2): Free/Dirty block details [ 122.390530][ T9114] EXT4-fs (loop2): free_blocks=2415919104 [ 122.396256][ T9114] EXT4-fs (loop2): dirty_blocks=2368 [ 122.401698][ T9114] EXT4-fs (loop2): Block reservation details [ 122.407666][ T9114] EXT4-fs (loop2): i_reserved_data_blocks=148 [ 122.558298][ T9128] loop3: detected capacity change from 0 to 1024 [ 122.600303][ T9128] netlink: 'syz.3.1895': attribute type 1 has an invalid length. [ 122.609462][ T9134] FAULT_INJECTION: forcing a failure. [ 122.609462][ T9134] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 122.622646][ T9134] CPU: 0 UID: 0 PID: 9134 Comm: syz.4.1894 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 122.622679][ T9134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.622690][ T9134] Call Trace: [ 122.622696][ T9134] [ 122.622703][ T9134] __dump_stack+0x1d/0x30 [ 122.622723][ T9134] dump_stack_lvl+0xe8/0x140 [ 122.622754][ T9134] dump_stack+0x15/0x1b [ 122.622767][ T9134] should_fail_ex+0x265/0x280 [ 122.622790][ T9134] should_fail+0xb/0x20 [ 122.622810][ T9134] should_fail_usercopy+0x1a/0x20 [ 122.622832][ T9134] _copy_from_user+0x1c/0xb0 [ 122.622886][ T9134] ___sys_sendmsg+0xc1/0x1d0 [ 122.622921][ T9134] __x64_sys_sendmsg+0xd4/0x160 [ 122.622946][ T9134] x64_sys_call+0x191e/0x2ff0 [ 122.623004][ T9134] do_syscall_64+0xd2/0x200 [ 122.623026][ T9134] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 122.623107][ T9134] ? clear_bhb_loop+0x40/0x90 [ 122.623127][ T9134] ? clear_bhb_loop+0x40/0x90 [ 122.623144][ T9134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.623214][ T9134] RIP: 0033:0x7efedadce9a9 [ 122.623229][ T9134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.623266][ T9134] RSP: 002b:00007efed9437038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 122.623285][ T9134] RAX: ffffffffffffffda RBX: 00007efedaff5fa0 RCX: 00007efedadce9a9 [ 122.623296][ T9134] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000000000000006 [ 122.623306][ T9134] RBP: 00007efed9437090 R08: 0000000000000000 R09: 0000000000000000 [ 122.623317][ T9134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.623343][ T9134] R13: 0000000000000000 R14: 00007efedaff5fa0 R15: 00007ffde196a418 [ 122.623358][ T9134] [ 122.631420][ T9128] 8021q: adding VLAN 0 to HW filter on device bond13 [ 122.717336][ T9142] loop1: detected capacity change from 0 to 2048 [ 122.738044][ T9138] 8021q: adding VLAN 0 to HW filter on device batadv13 [ 122.776561][ T29] kauditd_printk_skb: 300 callbacks suppressed [ 122.776576][ T29] audit: type=1326 audit(1753850077.591:9496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9139 comm="syz.4.1898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 122.781860][ T9138] bond13: (slave batadv13): making interface the new active one [ 122.787423][ T29] audit: type=1326 audit(1753850077.591:9497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9139 comm="syz.4.1898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 122.804748][ T9138] bond13: (slave batadv13): Enslaving as an active interface with an up link [ 122.806297][ T29] audit: type=1326 audit(1753850077.591:9498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9139 comm="syz.4.1898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 122.881479][ T9144] loop4: detected capacity change from 0 to 1024 [ 122.887232][ T29] audit: type=1326 audit(1753850077.591:9499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9139 comm="syz.4.1898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 122.914124][ T9144] ext4 filesystem being mounted at /316/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 122.919350][ T29] audit: type=1326 audit(1753850077.591:9500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9139 comm="syz.4.1898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 122.919377][ T29] audit: type=1326 audit(1753850077.591:9501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9139 comm="syz.4.1898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 122.919411][ T29] audit: type=1326 audit(1753850077.591:9502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9139 comm="syz.4.1898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 122.919475][ T29] audit: type=1326 audit(1753850077.591:9503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9139 comm="syz.4.1898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 122.919498][ T29] audit: type=1326 audit(1753850077.591:9504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9139 comm="syz.4.1898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 122.919521][ T29] audit: type=1326 audit(1753850077.591:9505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9139 comm="syz.4.1898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedadce9a9 code=0x7ffc0000 [ 123.055532][ T9142] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, [ 123.090749][ T9144] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 1: comm syz.4.1898: lblock 1 mapped to illegal pblock 1 (length 15) [ 123.100323][ T9142] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 123.109090][ T9144] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 123.134624][ T9142] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1456 with error 28 [ 123.143905][ T9144] EXT4-fs (loop4): This should not happen!! Data will be lost [ 123.143905][ T9144] [ 123.166630][ T9142] EXT4-fs (loop1): This should not happen!! Data will be lost [ 123.166630][ T9142] [ 123.176336][ T9142] EXT4-fs (loop1): Total free blocks count 0 [ 123.182445][ T9142] EXT4-fs (loop1): Free/Dirty block details [ 123.188391][ T9142] EXT4-fs (loop1): free_blocks=2415919104 [ 123.194159][ T9142] EXT4-fs (loop1): dirty_blocks=1472 [ 123.199480][ T9142] EXT4-fs (loop1): Block reservation details [ 123.205460][ T9142] EXT4-fs (loop1): i_reserved_data_blocks=92 [ 123.240356][ T9152] loop2: detected capacity change from 0 to 512 [ 123.268882][ T9152] EXT4-fs (loop2): #blocks per group too big: 466944 [ 123.459507][ T10] ================================================================== [ 123.467630][ T10] BUG: KCSAN: data-race in __filemap_add_folio / nr_blockdev_pages [ 123.475555][ T10] [ 123.477886][ T10] read-write to 0xffff8881005f3138 of 8 bytes by task 9153 on cpu 1: [ 123.485978][ T10] __filemap_add_folio+0x5b9/0x7d0 [ 123.491113][ T10] filemap_add_folio+0x98/0x1b0 [ 123.495985][ T10] page_cache_ra_unbounded+0x1f3/0x380 [ 123.501460][ T10] page_cache_async_ra+0x438/0x440 [ 123.506576][ T10] filemap_get_pages+0x510/0x1150 [ 123.511608][ T10] filemap_splice_read+0x333/0x6b0 [ 123.516751][ T10] splice_direct_to_actor+0x26f/0x680 [ 123.522134][ T10] do_splice_direct+0xda/0x150 [ 123.526913][ T10] do_sendfile+0x380/0x650 [ 123.531360][ T10] __x64_sys_sendfile64+0x105/0x150 [ 123.536566][ T10] x64_sys_call+0x2bb0/0x2ff0 [ 123.541245][ T10] do_syscall_64+0xd2/0x200 [ 123.543919][ T9164] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.545748][ T10] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.558662][ T10] [ 123.560986][ T10] read to 0xffff8881005f3138 of 8 bytes by task 10 on cpu 0: [ 123.568346][ T10] nr_blockdev_pages+0x7e/0xd0 [ 123.573120][ T10] si_meminfo+0x87/0xd0 [ 123.577277][ T10] update_defense_level+0x47/0x5c0 [ 123.582402][ T10] defense_work_handler+0x1f/0x80 [ 123.587432][ T10] process_scheduled_works+0x4cb/0x9d0 [ 123.592895][ T10] worker_thread+0x582/0x770 [ 123.597502][ T10] kthread+0x489/0x510 [ 123.601567][ T10] ret_from_fork+0xdd/0x150 [ 123.606065][ T10] ret_from_fork_asm+0x1a/0x30 [ 123.610823][ T10] [ 123.613141][ T10] value changed: 0x00000000000007e7 -> 0x00000000000007e9 [ 123.620235][ T10] [ 123.622543][ T10] Reported by Kernel Concurrency Sanitizer on: [ 123.628684][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) [ 123.640653][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 123.650700][ T10] Workqueue: events_long defense_work_handler [ 123.656770][ T10] ================================================================== [ 123.680697][ T9164] loop1: detected capacity change from 0 to 256 [ 123.691295][ T9164] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 123.911692][ T9165] loop4: detected capacity change from 0 to 1024 [ 123.920669][ T9165] ext4 filesystem being mounted at /318/file1 supports timestamps until 2038-01-19 (0x7fffffff)