last executing test programs: 714.99694ms ago: executing program 1 (id=2715): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket$inet_smc(0x2b, 0x1, 0x0) r2 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=0x0, &(0x7f0000000600)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r5 = socket$inet_smc(0x2b, 0x1, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4) 681.78671ms ago: executing program 1 (id=2718): pipe2$9p(&(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000000)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}, {@dioread_nolock}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7fffffff}}, {@nogrpid}, {@delalloc}, {@dioread_nolock}]}, 0x3, 0x50b, &(0x7f00000000c0)="$eJzs3E2IHFUeAPB/dc9Xsslmdjdkd7PZ3clmlx0MziSTaOYgSETBg4IYQT0OM5MQM8lIZgImROmAxKMEvItHrx68qpcgngSv8ShIIEguSRSxpbqr+mu653u6Hef3g55+VdVd7/3rvap+9d50B7BjjaR/kmr6TkTsi4hC6wtGqk8P71+ffnT/+nSUyuUzPySVtz1IlzPZbuIP2cJoIaLwblLf0GDh6rULU3Nzs5ez5fHFi2+OL1y99vj5oWzN5GTSt86g2uSXxvXg4Dvzh/7+/Ou3Xpyu7TnPrTGOzTISI+2KUvG/zc6sx/Y2pNddb3Rd2v7T6uqvnP/7ohjLVV6piyUDtlq5XC4Pdt5cKre6sWQNsG3FUK9LAPRG/kGf3v/mj3YdgYGt6X703L3T1RugNO6H2SPi35WV+ThIf8v97WYaiYjXSj9+mD5ii8YhAAAafX467wm29P+GqzMjP1+5/XT6/MdsDmU4Iv4UEX+OiL9ExP6IKEbEgYj4a0T8rWX/6bbyMvmPtCzX8q9NQhXublKobaX9v6eyua30UZ/7qqWGi9nS3oi8wzx7LDsmo9E/ePb83OzxZfL44tlv3u+0rbH/lz7SMuR9wawcd/taBuhmphan1hftUvduRBzsq8Y/WOv/Jn0RSTYTUKy99uAa9jvckD7/2MeHagv9za9bOf6Kctt5tE2YZyp/FPH/av2XohJ/frDrOSZN85MXp87Nnpu9NDE5efLE8VNPTjwxPhRzs8fG01ZwrG0eX31986VO+a8Y/6fftb7luVOfnWmql41I6393Q/uPfP62Hv9wEpHU5msX1p7HzW/f63hPk8b/0yrbf37ype1/IHmlks7vS9+aWly8fDxiIHlh6fqJ+t7y5fQ5StX4R4/U439Yu/8qVK5x+ZH4R0SkjfifEfGvqN4hpmU/HBH/iYgjy8T/5TP/fWO5+FfR/rdMGv9MNMdfrfmm+q/P13dKJNncYNOmgUgTxQuH7zzqcPFY3fXvZCU1mq1pf/1Lmi4RnUqaf9qla37Z8NEDAACA7aEQEXsaxpL2RKEwNlYdA9ofuwtz8wuLR8/OX7k0k26LGI7+Qj7SVR0P7k/y8c/hhuWJluUT2bjxB8VdleWx6fm5mZ5GDgxUzvmkMBbxarHh/E99vzlDzMBvme9rwc613PmfduIP3OpiYYCuWv3n/+23t7QgQNc1nP+dvuFfWsf/fQHbgPt/oG7lH/pxzYDtr+xchh1tTef/UT8CCL8nffFyLV3oaUmAbtP/hx1pxe/1byhRHmy/aSiWvjiGlt9hMVabe19TXLva5NWTRNqz6knuu9bzrvzXFDq+Jgpr2+FgNK8ZWE2dRiStTfTsBo9G6fLCuQP1xp//3MsGj3M5+1/5za7BT5rP0/zXc7rQbLp6GQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgyvwYAAP//QWvRoQ==") (fail_nth: 1) creat(0x0, 0x0) 659.72543ms ago: executing program 0 (id=2720): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x3765, 0x0, 0x0, 0x41100, 0x15, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r2}, 0x10) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="6bb08f9f4f07eb15df259151159ffbe55638", @ANYRES32=0x0, @ANYBLOB="0800020000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1d}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0xfeff, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r7, 0x0, 0x9}, 0x18) syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00') r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000400001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300009ea10000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='mm_page_alloc\x00', r8}, 0x18) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3ff}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_emit_ethernet(0x15, &(0x7f0000000300)=ANY=[], 0x0) r9 = gettid() process_vm_writev(r9, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, 0x0, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) syz_emit_ethernet(0x6e, &(0x7f0000000100)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7d0, {0x0, 0x6, "8cb02b", 0x0, 0x2f, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @local, [@srh={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}]}}}}}}}, 0x0) 566.260652ms ago: executing program 1 (id=2721): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x4000, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a30000000002c000000030a01010000000000000000020000000900010073797a30000000000900030073797a32000000003a000000030a0300000000000000000002000000090001"], 0xa0}}, 0x8040) 449.990664ms ago: executing program 0 (id=2722): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0xc4, 0x30, 0x1, 0x4000000, 0x0, {0x0, 0x0, 0x6a00}, [{0xb0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000, 0x0, 0x4}, 0x3, r4}}]}, {0x4, 0xa}, {0xc}, {0xffac, 0x8, {0x0, 0x2}}}}, @m_mpls={0x5c, 0x2, 0x0, 0x0, {{0x9}, {0x30}, {0x4}, {0xc}, {0xc}}}]}]}, 0xc4}}, 0x0) 418.389184ms ago: executing program 1 (id=2724): gettid() readv(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/155, 0x9b}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000020000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff0000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r0}, 0x10) munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='pwc_handler_exit\x00'}, 0x18) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="2e00000038000511d25a80698c63940d0124fc602f6e35", 0x17}], 0x1, 0x0, 0x0, 0x39c}, 0x0) r2 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xa00008, &(0x7f0000000140)={[{@min_batch_time={'min_batch_time', 0x3d, 0xd}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@noblock_validity}]}, 0x1, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y") name_to_handle_at(r2, 0x0, 0x0, 0x0, 0x1200) r3 = getpgrp(0x0) prctl$PR_SCHED_CORE(0x3e, 0x4, r3, 0x0, &(0x7f00000003c0)) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) 376.414225ms ago: executing program 0 (id=2726): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r0 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000d3b420207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@ipv6_newrule={0x30, 0x20, 0x1, 0x0, 0x0, {0xa, 0x20, 0x20, 0x0, 0x0, 0x0, 0x0, 0x8}, [@FRA_SRC={0x14, 0x2, @private0}]}, 0x30}}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3, 0x0, 0xffffffffffffffff}, 0x18) socket$kcm(0x21, 0x2, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 343.101425ms ago: executing program 1 (id=2729): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket$inet_smc(0x2b, 0x1, 0x0) r2 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=0x0, &(0x7f0000000600)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r5 = socket$inet_smc(0x2b, 0x1, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4) 321.336626ms ago: executing program 4 (id=2730): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000008c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x4000000002000}, 0x18) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x801, 0x84) r3 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', 0x0}) sendmsg$can_bcm(r3, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d6fe682c6100000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="d0c6ffff03"], 0x20000600}}, 0x0) 293.927896ms ago: executing program 1 (id=2732): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='setgroups\x00') r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r4 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req3={0x2, 0x4, 0x5, 0x10, 0x5, 0x1, 0x101}, 0x1c) recvmmsg$unix(r4, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000980)=""/4096, 0x1000}], 0x1}}], 0x1, 0x400122a0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) perf_event_open(&(0x7f0000000200)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0xb00, 0x8404, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0xc04, 0x9, 0x0, 0x5, 0xfffffffffffffffc, 0x5, 0x2, 0x0, 0x40, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r3}, &(0x7f0000000500), &(0x7f00000005c0)=r4}, 0x9) close_range(r0, 0xffffffffffffffff, 0x0) 293.486206ms ago: executing program 2 (id=2733): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x3765, 0x0, 0x0, 0x41100, 0x15, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r2}, 0x10) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="6bb08f9f4f07eb15df259151159ffbe55638", @ANYRES32=0x0, @ANYBLOB="0800020000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1d}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0xfeff, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r7, 0x0, 0x9}, 0x18) syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00') r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000400001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300009ea10000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='mm_page_alloc\x00', r8}, 0x18) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3ff}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_emit_ethernet(0x15, &(0x7f0000000300)=ANY=[], 0x0) r9 = gettid() process_vm_writev(r9, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, 0x0, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000100)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7d0, {0x0, 0x6, "8cb02b", 0x0, 0x2f, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @local, [@srh={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}]}}}}}}}, 0x0) 288.991876ms ago: executing program 0 (id=2734): r0 = socket(0x10, 0x3, 0x6) ioprio_set$pid(0x2, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN") bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) (async) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000001680)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r2, 0x4, &(0x7f00000016c0)='^*/\xcc\x00', &(0x7f0000001700)='./file0\x00', 0xffffffffffffffff) sendfile(r1, r1, 0x0, 0x800000009) (async) sendfile(r1, r1, 0x0, 0x800000009) r3 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) (async) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) 242.680736ms ago: executing program 4 (id=2736): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x9, 0x8, 0x20002, 0x1ff, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) mkdir(&(0x7f0000000200)='./file0\x00', 0x50) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000300), 0x80, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB, @ANYRESDEC=0x0]) 242.351027ms ago: executing program 0 (id=2737): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xfc, 0x7ffc1ffb}]}) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001500)={0x14, 0xc, &(0x7f00000014c0)=ANY=[@ANYRESOCT=r1, @ANYRES32=r2, @ANYRESHEX=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{r2}, &(0x7f0000000000), &(0x7f0000000040)='%pi6 \x00'}, 0x20) syz_open_procfs$pagemap(0x0, &(0x7f00000002c0)) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3, 0xffffffffffffffff}, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4, 0x2}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0xb, 0xfffffffffffffffe}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x11, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r10, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r11 = dup(r10) write$P9_RLERRORu(r11, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r11, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r11, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x21004a, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r10, @ANYBLOB=',cache=fscache,\x00']) lstat(&(0x7f0000000580)='./file0\x00', 0x0) r12 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r12, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r12, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r8, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r7}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00'}, 0x10) 241.970827ms ago: executing program 3 (id=2738): pipe2(&(0x7f0000001cc0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r1}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x9fc3c531d14a6e27, 0x200001a9, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x12, 0xc, &(0x7f0000000200)=ANY=[], &(0x7f0000000100)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000380)='mm_page_alloc\x00', r2}, 0x10) mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x400, &(0x7f0000000a40)=ANY=[@ANYBLOB=',debug=0x0000007,version=9p20\\++},%{!(6,afid=0x000000003f5689cf,nodevmap,fscache,afid=0x0000000000000f9c,msize=0x00', @ANYRESDEC]) r3 = syz_open_procfs$pagemap(0x0, &(0x7f00000002c0)) ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x42, 0x5c}) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r7, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c00000010001fff109e00008000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000440012800b00010067656e6576650000340002800500030003000000060005004e20000005000400ab000000050009000100000005000a0001000000050009000100000008000a00", @ANYRES32=r7], 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x0) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) socketpair(0x1e, 0x6, 0x2, &(0x7f00000000c0)) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r8, 0xc0a85320, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x6e2, 0x3900, 0x1, 0x0, 0xe00) write$cgroup_int(0xffffffffffffffff, 0x0, 0x25) 230.696127ms ago: executing program 2 (id=2739): r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00', r2}, 0x18) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]}) bpf$MAP_CREATE(0x0, 0x0, 0x50) epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x4) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x1, 0x0, 0x0, 0x64}}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r4}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="01000000300200000400000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001"], 0x38}}, 0x20000000) 219.589497ms ago: executing program 4 (id=2740): gettid() readv(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/155, 0x9b}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000020000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff0000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r0}, 0x10) munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='pwc_handler_exit\x00'}, 0x18) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="2e00000038000511d25a80698c63940d0124fc602f6e35", 0x17}], 0x1, 0x0, 0x0, 0x39c}, 0x0) r2 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xa00008, &(0x7f0000000140)={[{@min_batch_time={'min_batch_time', 0x3d, 0xd}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@noblock_validity}]}, 0x1, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y") name_to_handle_at(r2, 0x0, 0x0, 0x0, 0x1200) r3 = getpgrp(0x0) prctl$PR_SCHED_CORE(0x3e, 0x4, r3, 0x0, &(0x7f00000003c0)) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) 156.654758ms ago: executing program 2 (id=2741): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, 0x0) mount$bpf(0x0, &(0x7f0000000380)='./file0\x00', 0x0, 0x40020, &(0x7f0000000840)=ANY=[@ANYBLOB]) 156.209578ms ago: executing program 4 (id=2742): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket$inet_smc(0x2b, 0x1, 0x0) r2 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=0x0, &(0x7f0000000600)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r5 = socket$inet_smc(0x2b, 0x1, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f0000000100)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1b}, 0x3}, 0x0, 0x0, 0x1}) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x1e, 0x0, 0x0) 147.063868ms ago: executing program 2 (id=2743): io_uring_setup(0x36, &(0x7f0000000340)={0x0, 0x94f9, 0x407, 0x0, 0x253}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0x103, 0x84, 0x1}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000100)={0x1d, r4}, 0x18) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, r4, 0x2, {0x0, 0xff}, 0xfe}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r2, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) 127.894838ms ago: executing program 3 (id=2744): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000008c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x4000000002000}, 0x18) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r4, &(0x7f0000000000), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', 0x0}) sendmsg$can_bcm(r4, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d6fe682c6100000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="d0c6ffff03"], 0x20000600}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000540)={'vxcan1\x00', 0x0}) sendmsg$can_bcm(r4, &(0x7f0000000480)={&(0x7f0000000380)={0x1d, r6, 0x0, 0x4000}, 0x10, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[], 0x80}, 0x1, 0x0, 0x0, 0x4000}, 0x4044001) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r7, 0x6, 0x24, &(0x7f0000000c00), &(0x7f0000002000)=0x2) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r9}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) sendto$inet6(r3, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c) 88.876139ms ago: executing program 3 (id=2745): bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000900)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES64=0x0, @ANYBLOB="0000000000008da4b70800000400396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) unshare(0x20800) sendmmsg$inet(r1, &(0x7f0000006440)=[{{&(0x7f0000002a40)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}}], 0x1, 0x8090) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000a00)={r0, 0x58, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000a40)='/sys/power/freeze_filesystems', 0x100, 0x30) bpf$PROG_LOAD(0x5, &(0x7f00000020c0)={0x1e, 0x4, &(0x7f0000000640)=@framed={{0x18, 0x0, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0xffffffff}, [@ldst={0x2, 0x0, 0x2, 0x6, 0x9, 0x80, 0x1}]}, &(0x7f00000006c0)='syzkaller\x00', 0x8, 0x1000, &(0x7f00000010c0)=""/4096, 0x40f00, 0x66, '\x00', r4, @fallback=0x26, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x5, &(0x7f0000000ac0)=[r0, r0, r0], &(0x7f0000000b00)=[{0x3, 0x4, 0xf, 0x1}, {0x1, 0x1, 0x8, 0x5}, {0x4, 0x1, 0xe, 0x7}, {0x1, 0x1, 0x2, 0x9}, {0x0, 0x5, 0xd, 0x9}], 0x10, 0x9}, 0x94) r6 = dup(r3) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r6) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_enter\x00', r8}, 0x10) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000440)=""/173) sendmsg$NL80211_CMD_LEAVE_IBSS(r6, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="0000000f", @ANYRES16=r7, @ANYBLOB="010026bd7000fedbdf252c0000000c0099000600000020000000"], 0x20}, 0x1, 0x0, 0x0, 0x15}, 0x20040000) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000600)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000005c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="1c010000", @ANYRES16=r7, @ANYBLOB="010027bd7000fcdbdf2567000000080001000800000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990001000000190000000800c300150000006e00c500c132a0014b6032a4997b88a5bfab124a0224ed7b87f583117c0be57a30ddb3699ad99e08da1c4ad9447ddf547d189d969ed78b22f9c06163dbbb76c428da859155ac596fc4b59412fa6d0a6eaeaf5a24269330403d6a6b24be22b2b9454338738bcef14300e19b0c028000000800c300800200000800c300060000005a00c500777fc576be4726a5f689f559cba51f2549b6321607135e78b77e50060ad5b77f05f91e6989d6312878943c086f4f15393f04ff916f85d84fed821b313202d57065c2bf9a1d9f82a9d18f1558ed891caaba98d072bbe800000500c5001f000000"], 0x11c}, 0x1, 0x0, 0x0, 0x40}, 0x4) r9 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x508, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x16}, {}, {}, {}, {}, {}, {0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x10}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x7}, {}, {}, {}, {0x0, 0x0, 0x0, 0xffff8acc}]}}, @common=@hl={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@private, 'veth1_macvtap\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x568) 88.245569ms ago: executing program 4 (id=2746): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000008c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x4000000002000}, 0x18) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x801, 0x84) r3 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', 0x0}) sendmsg$can_bcm(r3, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d6fe682c6100000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="d0c6ffff03"], 0x20000600}}, 0x0) 68.804659ms ago: executing program 3 (id=2747): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r0 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000d3b420207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@ipv6_newrule={0x30, 0x20, 0x1, 0x0, 0x0, {0xa, 0x20, 0x20, 0x0, 0x0, 0x0, 0x0, 0x8}, [@FRA_SRC={0x14, 0x2, @private0}]}, 0x30}}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3, 0x0, 0xffffffffffffffff}, 0x18) socket$kcm(0x21, 0x2, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 39.98985ms ago: executing program 2 (id=2748): prctl$PR_SET_NAME(0xf, &(0x7f0000000440)='\x00\x00\xe9\xde\x903\xea\x86\xd6\xb8\x03M\xb1\xd2\x00\x00?\xf7\x82\xe5\xc1l\x92(\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00i\x00\x00\x00\x00\x1f,\x91\xcf\x04\xa8\b\xdb\xb8@*N\xf1\xc1\\\xed\xff\xee0\xc5\xab\x19OKpDf\xf3\xa2z\xc5b0\xa4\x19{d7\xec\xd8\xa8B\xe9G\xda\xa8\x06\x00P\xd9t\xde\x83]\x12\xad\xd6v^\xf1\x14\xe8\x04\xcb\x918\x90\xbe\xad\x86sd\x82\xdd+\xf5\xd2%\x95\xbd\xed0q\xf1.\x8f3\xed\x8b\x05\x1e\xc6\x98\xc1\x99H+z,_v\xfaD\x01\xf2\x9fn\xef\"\xb0A\xf9\xc7\xd4\xed\x8cXS\xd8\xcb\x03T_\xb4\xd3\x12\xf5V \x86\xc6i\x9daT\x19\xf4v\xf2\xf2hH\xb5\xe9\xb4\x88\xf8') r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0xfffffffff7ffffe9}, 0x18) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x41, 0x0) link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') mount(&(0x7f00000000c0), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x700, &(0x7f0000000040)='trans=rdma,') 32.52173ms ago: executing program 3 (id=2749): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r3, {0x10, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.9127ms ago: executing program 4 (id=2750): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000024000180060005004e230000060001000200000008000300ac1414aa0800060001"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) 1.62572ms ago: executing program 2 (id=2751): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x9, 0x8, 0x20002, 0x1ff, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) mkdir(&(0x7f0000000200)='./file0\x00', 0x50) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000300), 0x80, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',acc', @ANYRESDEC=0x0]) 1.24095ms ago: executing program 3 (id=2752): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'veth1_to_batadv\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c00000010000305000000000000000000006dc4", @ANYRES32=0x0, @ANYBLOB="8b18010000000000240012800b0001006d61637365630000140002800500080000000000050007000000000008000500", @ANYRES32=r1], 0x4c}}, 0x4004000) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000080)=0x14) socket$netlink(0x10, 0x3, 0x0) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'veth1_to_batadv\x00'}) (async) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c00000010000305000000000000000000006dc4", @ANYRES32=0x0, @ANYBLOB="8b18010000000000240012800b0001006d61637365630000140002800500080000000000050007000000000008000500", @ANYRES32=r1], 0x4c}}, 0x4004000) (async) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000080)=0x14) (async) 0s ago: executing program 0 (id=2753): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff5]}, 0x8, 0x0) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/155, 0x9b}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000020000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff0000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r1}, 0x10) munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='pwc_handler_exit\x00', r0}, 0x18) r2 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="2e00000038000511d25a80698c63940d0124fc602f6e35", 0x17}], 0x1, 0x0, 0x0, 0x39c}, 0x0) r3 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xa00008, &(0x7f0000000140)={[{@min_batch_time={'min_batch_time', 0x3d, 0xd}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@noblock_validity}]}, 0x1, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y") name_to_handle_at(r3, 0x0, 0x0, 0x0, 0x1200) r4 = getpgrp(0x0) prctl$PR_SCHED_CORE(0x3e, 0x4, r4, 0x0, &(0x7f00000003c0)) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r5, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) kernel console output (not intermixed with test programs): 96.072127][ T8756] x64_sys_call+0x2bd5/0x2fb0 [ 96.072144][ T8756] do_syscall_64+0xd2/0x200 [ 96.072158][ T8756] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 96.072178][ T8756] ? clear_bhb_loop+0x40/0x90 [ 96.072195][ T8756] ? clear_bhb_loop+0x40/0x90 [ 96.072271][ T8756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.072287][ T8756] RIP: 0033:0x7f7d9f41e929 [ 96.072300][ T8756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.072314][ T8756] RSP: 002b:00007f7d9da87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 96.072332][ T8756] RAX: ffffffffffffffda RBX: 00007f7d9f645fa0 RCX: 00007f7d9f41e929 [ 96.072343][ T8756] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006 [ 96.072353][ T8756] RBP: 00007f7d9f4a0b39 R08: 0000000000000004 R09: 0000000000000000 [ 96.072363][ T8756] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 96.072373][ T8756] R13: 0000000000000000 R14: 00007f7d9f645fa0 R15: 00007ffe48813a68 [ 96.072388][ T8756] [ 96.072395][ T8756] Mem-Info: [ 96.073994][ T6246] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:17: Failed to release dquot type 0 [ 96.084800][ T8756] active_anon:9716 inactive_anon:3 isolated_anon:0 [ 96.084800][ T8756] active_file:6794 inactive_file:2231 isolated_file:0 [ 96.084800][ T8756] unevictable:0 dirty:277 writeback:0 [ 96.084800][ T8756] slab_reclaimable:3037 slab_unreclaimable:14986 [ 96.084800][ T8756] mapped:32671 shmem:3169 pagetables:1406 [ 96.084800][ T8756] sec_pagetables:0 bounce:0 [ 96.084800][ T8756] kernel_misc_reclaimable:0 [ 96.084800][ T8756] free:1607616 free_pcp:23613 free_cma:0 [ 96.084892][ T8756] Node 0 active_anon:38864kB inactive_anon:12kB active_file:27176kB inactive_file:8924kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:130684kB dirty:1108kB writeback:0kB shmem:12676kB writeback_tmp:0kB kernel_stack:3696kB pagetables:5624kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 96.084942][ T8756] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 96.140509][ T8746] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.145275][ T8756] lowmem_reserve[]: 0 2882 7860 7860 [ 96.145307][ T8756] Node 0 DMA32 free:2947824kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951352kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:0kB free_cma:0kB [ 96.150374][ T8746] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.2144: Invalid inode table block 1 in block_group 0 [ 96.154536][ T8756] lowmem_reserve[]: 0 0 4978 4978 [ 96.154568][ T8756] Node 0 [ 96.160519][ T8746] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 96.163952][ T8756] Normal free:3467280kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39096kB inactive_anon:12kB active_file:27176kB inactive_file:8924kB unevictable:0kB writepending:1108kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:90364kB local_pcp:19744kB free_cma:0kB [ 96.168337][ T8746] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.2144: mark_inode_dirty error [ 96.172830][ T8756] lowmem_reserve[]: 0 0 0 [ 96.212884][ T8746] loop4: detected capacity change from 0 to 512 [ 96.217245][ T8756] 0 [ 96.217258][ T8756] Node 0 DMA: 0*4kB 0*8kB [ 96.228976][ T8746] EXT4-fs: Ignoring removed orlov option [ 96.247172][ T8756] 0*16kB 0*32kB 0*64kB [ 96.295386][ T8746] EXT4-fs (loop4): bad block size 65536 [ 96.566108][ T8756] 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 96.574887][ T8756] Node 0 DMA32: 4*4kB (M) 4*8kB (M) 4*16kB (M) 2*32kB (M) 5*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947824kB [ 96.591062][ T8756] Node 0 Normal: 0*4kB 2*8kB (ME) 2*16kB (ME) 0*32kB 2*64kB (ME) 1*128kB (M) 44*256kB (UME) 37*512kB (ME) 22*1024kB (ME) 9*2048kB (UM) 828*4096kB (UM) = 3462960kB [ 96.607551][ T8756] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 96.616838][ T8756] 12043 total pagecache pages [ 96.621498][ T8756] 1 pages in swap cache [ 96.625663][ T8756] Free swap = 123580kB [ 96.629816][ T8756] Total swap = 124996kB [ 96.634053][ T8756] 2097051 pages RAM [ 96.637859][ T8756] 0 pages HighMem/MovableOnly [ 96.642660][ T8756] 80813 pages reserved [ 96.842098][ T8806] all: renamed from lo (while UP) [ 96.865515][ T8811] 9pnet_fd: Insufficient options for proto=fd [ 96.875324][ T8811] futex_wake_op: syz.2.2169 tries to shift op by -1; fix this program [ 96.907923][ T8812] bridge_slave_0: left allmulticast mode [ 96.913651][ T8812] bridge_slave_0: left promiscuous mode [ 96.919403][ T8812] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.924173][ T8815] 9pnet_fd: Insufficient options for proto=fd [ 96.934560][ T8812] bridge_slave_1: left allmulticast mode [ 96.940212][ T8812] bridge_slave_1: left promiscuous mode [ 96.941416][ T8815] futex_wake_op: syz.0.2170 tries to shift op by -1; fix this program [ 96.945966][ T8812] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.968241][ T8812] bond0: (slave bond_slave_0): Releasing backup interface [ 96.978169][ T8812] bond0: (slave bond_slave_1): Releasing backup interface [ 96.990671][ T8812] team0: Port device team_slave_0 removed [ 96.998822][ T8812] team0: Port device team_slave_1 removed [ 97.021178][ T10] srz1: Port: 1 Link DOWN [ 97.030060][ T3381] syz!: Port: 1 Link DOWN [ 97.065223][ T8818] loop4: detected capacity change from 0 to 1024 [ 97.075189][ T8818] EXT4-fs: inline encryption not supported [ 97.081046][ T8818] EXT4-fs: Ignoring removed i_version option [ 97.087906][ T8818] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 97.100628][ T8818] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.2171: lblock 2 mapped to illegal pblock 2 (length 1) [ 97.114924][ T8818] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.2171: lblock 0 mapped to illegal pblock 48 (length 1) [ 97.118055][ T8823] all: renamed from lo [ 97.130269][ T8818] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2171: Failed to acquire dquot type 0 [ 97.144641][ T8818] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 97.161325][ T8818] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2171: mark_inode_dirty error [ 97.172823][ T8818] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 97.183148][ T8818] EXT4-fs (loop4): 1 orphan inode deleted [ 97.189235][ T8818] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.201502][ T1947] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:7: lblock 1 mapped to illegal pblock 1 (length 1) [ 97.216803][ T1947] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 0 [ 97.235057][ T8818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.249335][ T8818] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.2171: Invalid inode table block 1 in block_group 0 [ 97.262267][ T8818] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 97.271852][ T8818] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.2171: mark_inode_dirty error [ 97.319367][ T8840] FAULT_INJECTION: forcing a failure. [ 97.319367][ T8840] name failslab, interval 1, probability 0, space 0, times 0 [ 97.332404][ T8840] CPU: 1 UID: 0 PID: 8840 Comm: syz.0.2181 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 97.332432][ T8840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 97.332442][ T8840] Call Trace: [ 97.332487][ T8840] [ 97.332492][ T8840] __dump_stack+0x1d/0x30 [ 97.332510][ T8840] dump_stack_lvl+0xe8/0x140 [ 97.332526][ T8840] dump_stack+0x15/0x1b [ 97.332539][ T8840] should_fail_ex+0x265/0x280 [ 97.332623][ T8840] should_failslab+0x8c/0xb0 [ 97.332643][ T8840] kmem_cache_alloc_lru_noprof+0x55/0x310 [ 97.332665][ T8840] ? shmem_alloc_inode+0x34/0x50 [ 97.332681][ T8840] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 97.332717][ T8840] shmem_alloc_inode+0x34/0x50 [ 97.332736][ T8840] alloc_inode+0x40/0x170 [ 97.332767][ T8840] new_inode+0x1d/0xe0 [ 97.332786][ T8840] shmem_get_inode+0x244/0x750 [ 97.332806][ T8840] __shmem_file_setup+0x113/0x210 [ 97.332862][ T8840] shmem_file_setup+0x3b/0x50 [ 97.332951][ T8840] __se_sys_memfd_create+0x2c3/0x590 [ 97.332980][ T8840] __x64_sys_memfd_create+0x31/0x40 [ 97.333113][ T8840] x64_sys_call+0x122f/0x2fb0 [ 97.333133][ T8840] do_syscall_64+0xd2/0x200 [ 97.333148][ T8840] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 97.333173][ T8840] ? clear_bhb_loop+0x40/0x90 [ 97.333201][ T8840] ? clear_bhb_loop+0x40/0x90 [ 97.333219][ T8840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.333235][ T8840] RIP: 0033:0x7f7d9f41e929 [ 97.333318][ T8840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.333334][ T8840] RSP: 002b:00007f7d9da86e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 97.333390][ T8840] RAX: ffffffffffffffda RBX: 000000000000043d RCX: 00007f7d9f41e929 [ 97.333402][ T8840] RDX: 00007f7d9da86ef0 RSI: 0000000000000000 RDI: 00007f7d9f4a14cc [ 97.333415][ T8840] RBP: 0000200000000900 R08: 00007f7d9da86bb7 R09: 00007f7d9da86e40 [ 97.333426][ T8840] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000 [ 97.333436][ T8840] R13: 00007f7d9da86ef0 R14: 00007f7d9da86eb0 R15: 00002000000003c0 [ 97.333453][ T8840] [ 97.870772][ T8873] lo speed is unknown, defaulting to 1000 [ 98.014640][ T8874] vlan0: entered allmulticast mode [ 98.019936][ T8874] veth1: entered allmulticast mode [ 98.057080][ T8877] loop4: detected capacity change from 0 to 512 [ 98.130944][ T8868] lo speed is unknown, defaulting to 1000 [ 98.526384][ T8877] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 98.623733][ T8877] EXT4-fs (loop4): 1 truncate cleaned up [ 98.630142][ T8877] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.659281][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.676743][ T29] kauditd_printk_skb: 312 callbacks suppressed [ 98.676754][ T29] audit: type=1326 audit(1751499073.414:4583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 98.706377][ T29] audit: type=1326 audit(1751499073.414:4584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 98.729784][ T29] audit: type=1326 audit(1751499073.414:4585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 98.872801][ T29] audit: type=1326 audit(1751499073.489:4586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 98.896273][ T29] audit: type=1326 audit(1751499073.489:4587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 98.919682][ T29] audit: type=1326 audit(1751499073.489:4588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 98.943087][ T29] audit: type=1326 audit(1751499073.489:4589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 98.966500][ T29] audit: type=1326 audit(1751499073.489:4590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 98.989894][ T29] audit: type=1326 audit(1751499073.489:4591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 99.013383][ T29] audit: type=1326 audit(1751499073.489:4592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 99.067990][ T8895] Cannot find add_set index 0 as target [ 99.171317][ T8920] loop3: detected capacity change from 0 to 1024 [ 99.181099][ T8920] EXT4-fs: inline encryption not supported [ 99.187014][ T8920] EXT4-fs: Ignoring removed i_version option [ 99.194106][ T8920] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 99.214162][ T8920] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 2: comm syz.3.2216: lblock 2 mapped to illegal pblock 2 (length 1) [ 99.229435][ T8920] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 48: comm syz.3.2216: lblock 0 mapped to illegal pblock 48 (length 1) [ 99.243920][ T8920] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.2216: Failed to acquire dquot type 0 [ 99.255399][ T8920] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 99.265359][ T8920] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.2216: mark_inode_dirty error [ 99.276960][ T8920] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 99.287838][ T8920] EXT4-fs (loop3): 1 orphan inode deleted [ 99.294103][ T8920] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.307420][ T1947] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:7: lblock 1 mapped to illegal pblock 1 (length 1) [ 99.321751][ T1947] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 0 [ 99.333991][ T8920] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.343502][ T8920] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2216: Invalid inode table block 1 in block_group 0 [ 99.356985][ T8920] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 99.366495][ T8920] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz.3.2216: mark_inode_dirty error [ 99.591922][ T8944] futex_wake_op: syz.0.2226 tries to shift op by -1; fix this program [ 99.601434][ T8944] __nla_validate_parse: 21 callbacks suppressed [ 99.601443][ T8944] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2226'. [ 99.893061][ T3381] page_pool_release_retry() stalled pool shutdown: id 27, 1 inflight 60 sec [ 100.103678][ T8955] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 100.113736][ T8954] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2230'. [ 100.187020][ T8957] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2231'. [ 100.466916][ T8974] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=8974 comm=syz.1.2237 [ 100.479827][ T8967] loop3: detected capacity change from 0 to 1024 [ 100.519181][ T8967] EXT4-fs: inline encryption not supported [ 100.525060][ T8967] EXT4-fs: Ignoring removed i_version option [ 100.565222][ T8974] netlink: 'syz.1.2237': attribute type 83 has an invalid length. [ 100.586394][ T8967] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 100.643336][ T8967] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 2: comm syz.3.2236: lblock 2 mapped to illegal pblock 2 (length 1) [ 100.657745][ T8982] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 100.683741][ T8967] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 48: comm syz.3.2236: lblock 0 mapped to illegal pblock 48 (length 1) [ 100.706026][ T8980] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2241'. [ 100.724659][ T8967] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.2236: Failed to acquire dquot type 0 [ 100.756007][ T8967] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 100.774642][ T8967] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.2236: mark_inode_dirty error [ 100.787047][ T8967] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 100.797810][ T8967] EXT4-fs (loop3): 1 orphan inode deleted [ 100.804671][ T8967] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.817200][ T2329] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:10: lblock 1 mapped to illegal pblock 1 (length 1) [ 100.836511][ T2329] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:10: Failed to release dquot type 0 [ 100.849113][ T8989] FAULT_INJECTION: forcing a failure. [ 100.849113][ T8989] name failslab, interval 1, probability 0, space 0, times 0 [ 100.861817][ T8989] CPU: 0 UID: 0 PID: 8989 Comm: syz.1.2243 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 100.861924][ T8989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 100.861934][ T8989] Call Trace: [ 100.861940][ T8989] [ 100.861946][ T8989] __dump_stack+0x1d/0x30 [ 100.861965][ T8989] dump_stack_lvl+0xe8/0x140 [ 100.861995][ T8989] dump_stack+0x15/0x1b [ 100.862013][ T8989] should_fail_ex+0x265/0x280 [ 100.862069][ T8989] should_failslab+0x8c/0xb0 [ 100.862149][ T8989] __kmalloc_node_noprof+0xa9/0x410 [ 100.862177][ T8989] ? alloc_slab_obj_exts+0x31/0x80 [ 100.862205][ T8989] alloc_slab_obj_exts+0x31/0x80 [ 100.862226][ T8989] __memcg_slab_post_alloc_hook+0x23f/0x580 [ 100.862333][ T8989] kmem_cache_alloc_node_noprof+0x22c/0x320 [ 100.862356][ T8989] ? __alloc_skb+0x101/0x320 [ 100.862402][ T8989] __alloc_skb+0x101/0x320 [ 100.862427][ T8989] alloc_skb_with_frags+0x7d/0x470 [ 100.862457][ T8989] sock_alloc_send_pskb+0x43a/0x4f0 [ 100.862499][ T8989] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 100.862523][ T8989] unix_stream_sendmsg+0x5ca/0x8e0 [ 100.862549][ T8989] ? selinux_socket_sendmsg+0x175/0x1b0 [ 100.862586][ T8989] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 100.862610][ T8989] __sock_sendmsg+0x145/0x180 [ 100.862661][ T8989] sock_sendmsg+0xc1/0x130 [ 100.862687][ T8989] splice_to_socket+0x5fe/0x9a0 [ 100.862735][ T8989] ? rw_verify_area+0x8d/0x160 [ 100.862824][ T8989] ? __pfx_splice_to_socket+0x10/0x10 [ 100.862852][ T8989] do_splice+0x974/0x10b0 [ 100.862884][ T8989] ? proc_fail_nth_write+0x12d/0x160 [ 100.862962][ T8989] ? __rcu_read_unlock+0x4f/0x70 [ 100.863015][ T8989] ? __fget_files+0x184/0x1c0 [ 100.863033][ T8989] __se_sys_splice+0x26c/0x3a0 [ 100.863064][ T8989] __x64_sys_splice+0x78/0x90 [ 100.863159][ T8989] x64_sys_call+0xb0a/0x2fb0 [ 100.863175][ T8989] do_syscall_64+0xd2/0x200 [ 100.863191][ T8989] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 100.863237][ T8989] ? clear_bhb_loop+0x40/0x90 [ 100.863259][ T8989] ? clear_bhb_loop+0x40/0x90 [ 100.863279][ T8989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.863296][ T8989] RIP: 0033:0x7f94c0f8e929 [ 100.863360][ T8989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.863379][ T8989] RSP: 002b:00007f94bf5d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 100.863398][ T8989] RAX: ffffffffffffffda RBX: 00007f94c11b6080 RCX: 00007f94c0f8e929 [ 100.863409][ T8989] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000006 [ 100.863421][ T8989] RBP: 00007f94bf5d6090 R08: 00000000000408c8 R09: 000000000000000e [ 100.863431][ T8989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.863441][ T8989] R13: 0000000000000001 R14: 00007f94c11b6080 R15: 00007fff70e06188 [ 100.863476][ T8989] [ 101.152320][ T8967] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.161694][ T8967] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2236: Invalid inode table block 1 in block_group 0 [ 101.175803][ T8967] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 101.185460][ T8967] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz.3.2236: mark_inode_dirty error [ 101.205032][ T8993] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2245'. [ 101.209330][ T8967] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2236'. [ 101.230989][ T8967] loop3: detected capacity change from 0 to 512 [ 101.238759][ T8967] EXT4-fs: Ignoring removed orlov option [ 101.246402][ T8967] EXT4-fs (loop3): bad block size 65536 [ 101.295574][ T8997] lo speed is unknown, defaulting to 1000 [ 101.319100][ T9001] 9pnet_fd: Insufficient options for proto=fd [ 101.335252][ T9001] futex_wake_op: syz.3.2249 tries to shift op by -1; fix this program [ 101.345913][ T9001] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2249'. [ 101.390722][ T9007] netlink: 'syz.3.2251': attribute type 1 has an invalid length. [ 101.403950][ T9007] 8021q: adding VLAN 0 to HW filter on device bond1 [ 101.443562][ T9012] loop3: detected capacity change from 0 to 1024 [ 101.466206][ T9012] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.487865][ T9018] pimreg: entered allmulticast mode [ 101.493541][ T9018] pimreg: left allmulticast mode [ 101.562997][ T9021] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2255'. [ 101.575503][ T9021] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 101.587066][ T9021] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.594195][ T9021] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.625799][ T9025] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 101.730934][ T9040] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2262'. [ 101.746330][ T9035] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2261'. [ 101.800291][ T9048] siw: device registration error -23 [ 102.272650][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.377165][ T9099] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 102.386268][ T9099] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 102.395169][ T9099] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 102.404009][ T9099] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 102.412941][ T9099] geneve2: entered allmulticast mode [ 102.426039][ T9099] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 102.492445][ T9111] FAULT_INJECTION: forcing a failure. [ 102.492445][ T9111] name failslab, interval 1, probability 0, space 0, times 0 [ 102.505142][ T9111] CPU: 1 UID: 0 PID: 9111 Comm: syz.3.2292 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 102.505170][ T9111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 102.505196][ T9111] Call Trace: [ 102.505202][ T9111] [ 102.505207][ T9111] __dump_stack+0x1d/0x30 [ 102.505225][ T9111] dump_stack_lvl+0xe8/0x140 [ 102.505310][ T9111] dump_stack+0x15/0x1b [ 102.505324][ T9111] should_fail_ex+0x265/0x280 [ 102.505350][ T9111] ? selinux_bpf_prog_load+0x36/0xf0 [ 102.505433][ T9111] should_failslab+0x8c/0xb0 [ 102.505457][ T9111] __kmalloc_cache_noprof+0x4c/0x320 [ 102.505504][ T9111] selinux_bpf_prog_load+0x36/0xf0 [ 102.505528][ T9111] security_bpf_prog_load+0x54/0xa0 [ 102.505563][ T9111] bpf_prog_load+0xe6b/0x1070 [ 102.505651][ T9111] ? security_bpf+0x2b/0x90 [ 102.505666][ T9111] __sys_bpf+0x51d/0x790 [ 102.505775][ T9111] __x64_sys_bpf+0x41/0x50 [ 102.505797][ T9111] x64_sys_call+0x2478/0x2fb0 [ 102.505819][ T9111] do_syscall_64+0xd2/0x200 [ 102.505870][ T9111] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 102.505951][ T9111] ? clear_bhb_loop+0x40/0x90 [ 102.505970][ T9111] ? clear_bhb_loop+0x40/0x90 [ 102.505987][ T9111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.506003][ T9111] RIP: 0033:0x7fbff436e929 [ 102.506063][ T9111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.506078][ T9111] RSP: 002b:00007fbff29d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 102.506095][ T9111] RAX: ffffffffffffffda RBX: 00007fbff4595fa0 RCX: 00007fbff436e929 [ 102.506105][ T9111] RDX: 0000000000000094 RSI: 0000200000000440 RDI: 0000000000000005 [ 102.506115][ T9111] RBP: 00007fbff29d7090 R08: 0000000000000000 R09: 0000000000000000 [ 102.506126][ T9111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 102.506138][ T9111] R13: 0000000000000001 R14: 00007fbff4595fa0 R15: 00007ffd178c7fe8 [ 102.506154][ T9111] [ 102.878916][ T9143] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.886182][ T9143] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.914316][ T9141] loop4: detected capacity change from 0 to 1024 [ 102.992660][ T9141] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 103.003662][ T9141] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 103.016185][ T9154] lo speed is unknown, defaulting to 1000 [ 103.050775][ T9141] JBD2: no valid journal superblock found [ 103.056542][ T9141] EXT4-fs (loop4): Could not load journal inode [ 103.076118][ T9166] loop3: detected capacity change from 0 to 1024 [ 103.089899][ T9166] EXT4-fs: inline encryption not supported [ 103.095842][ T9166] EXT4-fs: Ignoring removed i_version option [ 103.118475][ T9166] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 103.139461][ T9166] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 2: comm syz.3.2313: lblock 2 mapped to illegal pblock 2 (length 1) [ 103.169316][ T9166] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 48: comm syz.3.2313: lblock 0 mapped to illegal pblock 48 (length 1) [ 103.233225][ T9166] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.2313: Failed to acquire dquot type 0 [ 103.320372][ T9166] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 103.335744][ T9166] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.2313: mark_inode_dirty error [ 103.357115][ T9184] 9pnet_fd: Insufficient options for proto=fd [ 103.370606][ T9166] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 103.383204][ T9184] futex_wake_op: syz.2.2319 tries to shift op by -1; fix this program [ 103.391912][ T9166] EXT4-fs (loop3): 1 orphan inode deleted [ 103.399384][ T9166] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.411906][ T2329] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:10: lblock 1 mapped to illegal pblock 1 (length 1) [ 103.430975][ T2329] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:10: Failed to release dquot type 0 [ 103.453138][ T9185] syzkaller1: entered promiscuous mode [ 103.458792][ T9185] syzkaller1: entered allmulticast mode [ 103.499764][ T9166] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.526619][ T9166] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2313: Invalid inode table block 1 in block_group 0 [ 103.554065][ T9166] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 103.566137][ T9187] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 103.574950][ T9187] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 103.583667][ T9187] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 103.592491][ T9187] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 103.603881][ T9166] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz.3.2313: mark_inode_dirty error [ 103.620199][ T9187] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 103.629155][ T9187] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 103.638123][ T9187] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 103.647059][ T9187] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 103.661457][ T9166] loop3: detected capacity change from 0 to 512 [ 103.674748][ T9166] EXT4-fs: Ignoring removed orlov option [ 103.689853][ T3309] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 103.700774][ T3309] CPU: 1 UID: 0 PID: 3309 Comm: syz-executor Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 103.700802][ T3309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 103.700814][ T3309] Call Trace: [ 103.700889][ T3309] [ 103.700895][ T3309] __dump_stack+0x1d/0x30 [ 103.700917][ T3309] dump_stack_lvl+0xe8/0x140 [ 103.700937][ T3309] dump_stack+0x15/0x1b [ 103.700955][ T3309] dump_header+0x81/0x220 [ 103.701028][ T3309] oom_kill_process+0x334/0x3f0 [ 103.701053][ T3309] out_of_memory+0x979/0xb80 [ 103.701083][ T3309] try_charge_memcg+0x5e6/0x9e0 [ 103.701110][ T3309] charge_memcg+0x51/0xc0 [ 103.701152][ T3309] mem_cgroup_swapin_charge_folio+0xcc/0x150 [ 103.701182][ T3309] __read_swap_cache_async+0x1df/0x350 [ 103.701269][ T3309] swap_cluster_readahead+0x376/0x3e0 [ 103.701310][ T3309] swapin_readahead+0xde/0x6f0 [ 103.701338][ T3309] ? __filemap_get_folio+0x4f7/0x6b0 [ 103.701405][ T3309] ? next_uptodate_folio+0x81c/0x890 [ 103.701433][ T3309] ? kvm_sched_clock_read+0x11/0x20 [ 103.701463][ T3309] ? swap_cache_get_folio+0x77/0x200 [ 103.701594][ T3309] do_swap_page+0x301/0x2430 [ 103.701614][ T3309] ? __set_next_task_fair+0x5b/0x150 [ 103.701635][ T3309] ? tracing_record_taskinfo_sched_switch+0x71/0x260 [ 103.701709][ T3309] ? finish_task_switch+0xad/0x2b0 [ 103.701733][ T3309] ? __pfx_default_wake_function+0x10/0x10 [ 103.701808][ T3309] handle_mm_fault+0x9a5/0x2be0 [ 103.701830][ T3309] ? mas_walk+0xf2/0x120 [ 103.701864][ T3309] do_user_addr_fault+0x636/0x1090 [ 103.701945][ T3309] ? fpregs_restore_userregs+0xe2/0x1d0 [ 103.702034][ T3309] ? switch_fpu_return+0xe/0x20 [ 103.702056][ T3309] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 103.702077][ T3309] exc_page_fault+0x62/0xa0 [ 103.702139][ T3309] asm_exc_page_fault+0x26/0x30 [ 103.702159][ T3309] RIP: 0033:0x7f960c4b11a5 [ 103.702171][ T3309] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e 43 1c 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74 [ 103.702228][ T3309] RSP: 002b:00007fff5731d558 EFLAGS: 00010246 [ 103.702243][ T3309] RAX: 0000000000000000 RBX: 000000000000039c RCX: 00007f960c4b11a3 [ 103.702255][ T3309] RDX: 00007fff5731d570 RSI: 0000000000000000 RDI: 0000000000000000 [ 103.702266][ T3309] RBP: 00007fff5731d5dc R08: 00000000028eed8d R09: 0000000000000000 [ 103.702278][ T3309] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388 [ 103.702323][ T3309] R13: 00000000000927c0 R14: 0000000000018c66 R15: 00007fff5731d630 [ 103.702339][ T3309] [ 103.949709][ T3309] memory: usage 307200kB, limit 307200kB, failcnt 1220 [ 103.956594][ T3309] memory+swap: usage 307588kB, limit 9007199254740988kB, failcnt 0 [ 103.964726][ T3309] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 103.972167][ T3309] Memory cgroup stats for /syz4: [ 103.976844][ T9166] EXT4-fs (loop3): bad block size 65536 [ 103.979952][ T29] kauditd_printk_skb: 361 callbacks suppressed [ 103.979964][ T29] audit: type=1326 audit(1751499846.659:4945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000 [ 103.990783][ T3309] cache 0 [ 103.997491][ T29] audit: type=1326 audit(1751499846.670:4946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000 [ 104.017113][ T3309] rss 0 [ 104.024980][ T29] audit: type=1326 audit(1751499846.701:4947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000 [ 104.043419][ T3309] shmem 0 [ 104.046059][ T29] audit: type=1326 audit(1751499846.701:4948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000 [ 104.046211][ T29] audit: type=1326 audit(1751499846.701:4949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000 [ 104.069474][ T3309] mapped_file 53248 [ 104.069483][ T3309] dirty 0 [ 104.069489][ T3309] writeback 0 [ 104.072484][ T29] audit: type=1326 audit(1751499846.701:4950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000 [ 104.095955][ T3309] workingset_refault_anon 340 [ 104.119183][ T29] audit: type=1326 audit(1751499846.701:4951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000 [ 104.122959][ T3309] workingset_refault_file 609 [ 104.125876][ T29] audit: type=1326 audit(1751499846.701:4952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000 [ 104.129179][ T3309] swap 397312 [ 104.152489][ T29] audit: type=1326 audit(1751499846.701:4953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000 [ 104.157148][ T3309] swapcached 0 [ 104.180474][ T29] audit: type=1326 audit(1751499846.701:4954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000 [ 104.185142][ T3309] pgpgin 72552 [ 104.185150][ T3309] pgpgout 72552 [ 104.269081][ T3309] pgfault 114530 [ 104.272654][ T3309] pgmajfault 215 [ 104.276253][ T3309] inactive_anon 0 [ 104.279924][ T3309] active_anon 0 [ 104.283374][ T3309] inactive_file 0 [ 104.287073][ T3309] active_file 0 [ 104.290690][ T3309] unevictable 0 [ 104.294363][ T3309] hierarchical_memory_limit 314572800 [ 104.299776][ T3309] hierarchical_memsw_limit 9223372036854771712 [ 104.306154][ T3309] total_cache 0 [ 104.309636][ T3309] total_rss 0 [ 104.312953][ T3309] total_shmem 0 [ 104.316447][ T3309] total_mapped_file 53248 [ 104.320840][ T3309] total_dirty 0 [ 104.324358][ T3309] total_writeback 0 [ 104.328198][ T3309] total_workingset_refault_anon 340 [ 104.333393][ T3309] total_workingset_refault_file 609 [ 104.338665][ T3309] total_swap 397312 [ 104.342470][ T3309] total_swapcached 0 [ 104.346386][ T3309] total_pgpgin 72552 [ 104.350281][ T3309] total_pgpgout 72552 [ 104.354285][ T3309] total_pgfault 114530 [ 104.358391][ T3309] total_pgmajfault 215 [ 104.362569][ T3309] total_inactive_anon 0 [ 104.366741][ T3309] total_active_anon 0 [ 104.370786][ T3309] total_inactive_file 0 [ 104.374967][ T3309] total_active_file 0 [ 104.378936][ T3309] total_unevictable 0 [ 104.382895][ T3309] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.2300,pid=9125,uid=0 [ 104.397480][ T3309] Memory cgroup out of memory: Killed process 9125 (syz.4.2300) total-vm:95800kB, anon-rss:936kB, file-rss:22472kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 104.515532][ T9215] 9pnet_fd: Insufficient options for proto=fd [ 104.535366][ T9215] futex_wake_op: syz.0.2330 tries to shift op by -1; fix this program [ 104.560914][ T9219] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (133) [ 104.744739][ T9241] 9pnet_fd: Insufficient options for proto=fd [ 104.753137][ T9232] __nla_validate_parse: 24 callbacks suppressed [ 104.753190][ T9232] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2338'. [ 104.787682][ T9244] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2340'. [ 104.789838][ T9246] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2342'. [ 104.860767][ T9254] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2344'. [ 104.922821][ T9267] FAULT_INJECTION: forcing a failure. [ 104.922821][ T9267] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 104.936025][ T9267] CPU: 1 UID: 0 PID: 9267 Comm: syz.0.2350 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 104.936048][ T9267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 104.936058][ T9267] Call Trace: [ 104.936113][ T9267] [ 104.936120][ T9267] __dump_stack+0x1d/0x30 [ 104.936140][ T9267] dump_stack_lvl+0xe8/0x140 [ 104.936156][ T9267] dump_stack+0x15/0x1b [ 104.936178][ T9267] should_fail_ex+0x265/0x280 [ 104.936208][ T9267] should_fail+0xb/0x20 [ 104.936307][ T9267] should_fail_usercopy+0x1a/0x20 [ 104.936327][ T9267] _copy_from_iter+0xcf/0xe40 [ 104.936345][ T9267] ? alloc_pages_mpol+0x201/0x250 [ 104.936363][ T9267] copy_page_from_iter+0x178/0x2a0 [ 104.936448][ T9267] tun_get_user+0x5f0/0x2500 [ 104.936539][ T9267] ? ref_tracker_alloc+0x1f2/0x2f0 [ 104.936595][ T9267] tun_chr_write_iter+0x15e/0x210 [ 104.936609][ T9267] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 104.936634][ T9267] vfs_write+0x4a0/0x8e0 [ 104.936671][ T9267] ksys_write+0xda/0x1a0 [ 104.936695][ T9267] __x64_sys_write+0x40/0x50 [ 104.936717][ T9267] x64_sys_call+0x2cdd/0x2fb0 [ 104.936737][ T9267] do_syscall_64+0xd2/0x200 [ 104.936765][ T9267] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 104.936824][ T9267] ? clear_bhb_loop+0x40/0x90 [ 104.936837][ T9267] ? clear_bhb_loop+0x40/0x90 [ 104.936848][ T9267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.936860][ T9267] RIP: 0033:0x7f7d9f41d3df [ 104.936869][ T9267] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 104.936999][ T9267] RSP: 002b:00007f7d9da87000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 104.937010][ T9267] RAX: ffffffffffffffda RBX: 00007f7d9f645fa0 RCX: 00007f7d9f41d3df [ 104.937038][ T9267] RDX: 0000000000000033 RSI: 00002000000000c0 RDI: 00000000000000c8 [ 104.937045][ T9267] RBP: 00007f7d9da87090 R08: 0000000000000000 R09: 0000000000000000 [ 104.937052][ T9267] R10: 0000000000000033 R11: 0000000000000293 R12: 0000000000000001 [ 104.937058][ T9267] R13: 0000000000000000 R14: 00007f7d9f645fa0 R15: 00007ffe48813a68 [ 104.937069][ T9267] [ 105.162845][ T9271] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2349'. [ 105.167203][ T9270] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2344'. [ 105.201786][ T9270] bridge0: entered promiscuous mode [ 105.208290][ T9276] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2353'. [ 105.217086][ T9270] bridge0: port 1(macvlan2) entered blocking state [ 105.223807][ T9270] bridge0: port 1(macvlan2) entered disabled state [ 105.234886][ T9270] macvlan2: entered allmulticast mode [ 105.240297][ T9270] bridge0: entered allmulticast mode [ 105.250210][ T9278] 9pnet_fd: Insufficient options for proto=fd [ 105.256763][ T9270] macvlan2: left allmulticast mode [ 105.261962][ T9270] bridge0: left allmulticast mode [ 105.267617][ T9270] bridge0: left promiscuous mode [ 105.429395][ T9302] FAULT_INJECTION: forcing a failure. [ 105.429395][ T9302] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 105.442491][ T9302] CPU: 1 UID: 0 PID: 9302 Comm: syz.1.2364 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 105.442515][ T9302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 105.442525][ T9302] Call Trace: [ 105.442530][ T9302] [ 105.442601][ T9302] __dump_stack+0x1d/0x30 [ 105.442619][ T9302] dump_stack_lvl+0xe8/0x140 [ 105.442637][ T9302] dump_stack+0x15/0x1b [ 105.442705][ T9302] should_fail_ex+0x265/0x280 [ 105.442735][ T9302] should_fail+0xb/0x20 [ 105.442834][ T9302] should_fail_usercopy+0x1a/0x20 [ 105.442864][ T9302] _copy_from_iter+0xcf/0xe40 [ 105.442931][ T9302] ? __build_skb_around+0x1a0/0x200 [ 105.443012][ T9302] ? __alloc_skb+0x223/0x320 [ 105.443039][ T9302] netlink_sendmsg+0x471/0x6b0 [ 105.443075][ T9302] ? __pfx_netlink_sendmsg+0x10/0x10 [ 105.443093][ T9302] __sock_sendmsg+0x145/0x180 [ 105.443118][ T9302] ____sys_sendmsg+0x31e/0x4e0 [ 105.443153][ T9302] ___sys_sendmsg+0x17b/0x1d0 [ 105.443279][ T9302] __x64_sys_sendmsg+0xd4/0x160 [ 105.443308][ T9302] x64_sys_call+0x2999/0x2fb0 [ 105.443329][ T9302] do_syscall_64+0xd2/0x200 [ 105.443348][ T9302] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 105.443435][ T9302] ? clear_bhb_loop+0x40/0x90 [ 105.443456][ T9302] ? clear_bhb_loop+0x40/0x90 [ 105.443547][ T9302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.443568][ T9302] RIP: 0033:0x7f94c0f8e929 [ 105.443584][ T9302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.443661][ T9302] RSP: 002b:00007f94bf5f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 105.443677][ T9302] RAX: ffffffffffffffda RBX: 00007f94c11b5fa0 RCX: 00007f94c0f8e929 [ 105.443688][ T9302] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000006 [ 105.443698][ T9302] RBP: 00007f94bf5f7090 R08: 0000000000000000 R09: 0000000000000000 [ 105.443708][ T9302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.443740][ T9302] R13: 0000000000000000 R14: 00007f94c11b5fa0 R15: 00007fff70e06188 [ 105.443760][ T9302] [ 105.470728][ T9303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2362'. [ 105.756641][ T9314] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2369'. [ 105.867937][ T9332] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 105.968624][ T9341] loop4: detected capacity change from 0 to 1024 [ 105.975567][ T9341] EXT4-fs: inline encryption not supported [ 105.981451][ T9341] EXT4-fs: Ignoring removed i_version option [ 105.994337][ T9344] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2380'. [ 106.009263][ T9341] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 106.034358][ T9341] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.2379: lblock 2 mapped to illegal pblock 2 (length 1) [ 106.051807][ T9341] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.2379: lblock 0 mapped to illegal pblock 48 (length 1) [ 106.066226][ T9341] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2379: Failed to acquire dquot type 0 [ 106.088293][ T9341] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 106.098964][ T9341] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2379: mark_inode_dirty error [ 106.110929][ T9341] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 106.121474][ T9341] EXT4-fs (loop4): 1 orphan inode deleted [ 106.128514][ T9341] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.149448][ T6246] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:17: lblock 1 mapped to illegal pblock 1 (length 1) [ 106.219425][ T6246] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:17: Failed to release dquot type 0 [ 106.225533][ T9355] lo speed is unknown, defaulting to 1000 [ 106.237624][ T9341] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.248229][ T9341] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.2379: Invalid inode table block 1 in block_group 0 [ 106.262095][ T9341] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 106.294232][ T9341] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.2379: mark_inode_dirty error [ 106.356144][ T9341] loop4: detected capacity change from 0 to 512 [ 106.363978][ T9341] EXT4-fs: Ignoring removed orlov option [ 106.374703][ T9341] EXT4-fs (loop4): bad block size 65536 [ 106.415801][ T9371] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 106.435961][ T9373] syzkaller1: entered promiscuous mode [ 106.441475][ T9373] syzkaller1: entered allmulticast mode [ 106.449276][ T9373] FAULT_INJECTION: forcing a failure. [ 106.449276][ T9373] name failslab, interval 1, probability 0, space 0, times 0 [ 106.461922][ T9373] CPU: 1 UID: 0 PID: 9373 Comm: syz.4.2387 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 106.461999][ T9373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.462010][ T9373] Call Trace: [ 106.462015][ T9373] [ 106.462022][ T9373] __dump_stack+0x1d/0x30 [ 106.462044][ T9373] dump_stack_lvl+0xe8/0x140 [ 106.462064][ T9373] dump_stack+0x15/0x1b [ 106.462081][ T9373] should_fail_ex+0x265/0x280 [ 106.462166][ T9373] should_failslab+0x8c/0xb0 [ 106.462186][ T9373] __kmalloc_node_track_caller_noprof+0xa4/0x410 [ 106.462217][ T9373] ? sidtab_sid2str_get+0xa0/0x130 [ 106.462238][ T9373] kmemdup_noprof+0x2b/0x70 [ 106.462338][ T9373] sidtab_sid2str_get+0xa0/0x130 [ 106.462362][ T9373] security_sid_to_context_core+0x1eb/0x2e0 [ 106.462388][ T9373] security_sid_to_context+0x27/0x40 [ 106.462406][ T9373] selinux_lsmprop_to_secctx+0x67/0xf0 [ 106.462425][ T9373] security_lsmprop_to_secctx+0x43/0x80 [ 106.462487][ T9373] audit_log_task_context+0x77/0x190 [ 106.462579][ T9373] audit_log_task+0xf4/0x250 [ 106.462608][ T9373] audit_seccomp+0x61/0x100 [ 106.462634][ T9373] ? __seccomp_filter+0x68c/0x10d0 [ 106.462687][ T9373] __seccomp_filter+0x69d/0x10d0 [ 106.462780][ T9373] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 106.462809][ T9373] ? vfs_write+0x75e/0x8e0 [ 106.462858][ T9373] __secure_computing+0x82/0x150 [ 106.462881][ T9373] syscall_trace_enter+0xcf/0x1e0 [ 106.462973][ T9373] do_syscall_64+0xac/0x200 [ 106.462988][ T9373] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 106.463013][ T9373] ? clear_bhb_loop+0x40/0x90 [ 106.463034][ T9373] ? clear_bhb_loop+0x40/0x90 [ 106.463112][ T9373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.463163][ T9373] RIP: 0033:0x7f960c47e929 [ 106.463178][ T9373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.463277][ T9373] RSP: 002b:00007f960aae7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 106.463294][ T9373] RAX: ffffffffffffffda RBX: 00007f960c6a5fa0 RCX: 00007f960c47e929 [ 106.463305][ T9373] RDX: 00000000000000ca RSI: 0000200000000480 RDI: 0000000000000004 [ 106.463315][ T9373] RBP: 00007f960aae7090 R08: 0000000000000000 R09: 0000000000000000 [ 106.463327][ T9373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.463336][ T9373] R13: 0000000000000000 R14: 00007f960c6a5fa0 R15: 00007fff5731d218 [ 106.463353][ T9373] [ 106.834988][ T9384] 9pnet_fd: Insufficient options for proto=fd [ 106.857937][ T9384] futex_wake_op: syz.4.2393 tries to shift op by -1; fix this program [ 106.942257][ T9399] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 106.990601][ T9404] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 107.029373][ T9404] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.036691][ T9404] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.114102][ T9417] loop4: detected capacity change from 0 to 512 [ 107.117170][ T9419] vlan0: entered allmulticast mode [ 107.129258][ T9414] FAULT_INJECTION: forcing a failure. [ 107.129258][ T9414] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 107.142346][ T9414] CPU: 0 UID: 0 PID: 9414 Comm: syz.3.2408 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 107.142372][ T9414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 107.142384][ T9414] Call Trace: [ 107.142390][ T9414] [ 107.142396][ T9414] __dump_stack+0x1d/0x30 [ 107.142416][ T9414] dump_stack_lvl+0xe8/0x140 [ 107.142473][ T9414] dump_stack+0x15/0x1b [ 107.142535][ T9414] should_fail_ex+0x265/0x280 [ 107.142580][ T9414] should_fail+0xb/0x20 [ 107.142604][ T9414] should_fail_usercopy+0x1a/0x20 [ 107.142726][ T9414] _copy_from_user+0x1c/0xb0 [ 107.142744][ T9414] do_sock_getsockopt+0xf1/0x240 [ 107.142771][ T9414] __x64_sys_getsockopt+0x11e/0x1a0 [ 107.142877][ T9414] x64_sys_call+0x12aa/0x2fb0 [ 107.142966][ T9414] do_syscall_64+0xd2/0x200 [ 107.142982][ T9414] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 107.143003][ T9414] ? clear_bhb_loop+0x40/0x90 [ 107.143045][ T9414] ? clear_bhb_loop+0x40/0x90 [ 107.143068][ T9414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.143097][ T9414] RIP: 0033:0x7fbff436e929 [ 107.143163][ T9414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.143178][ T9414] RSP: 002b:00007fbff29d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 107.143194][ T9414] RAX: ffffffffffffffda RBX: 00007fbff4595fa0 RCX: 00007fbff436e929 [ 107.143205][ T9414] RDX: 000000000000001f RSI: 0000000000000001 RDI: 0000000000000007 [ 107.143218][ T9414] RBP: 00007fbff29d7090 R08: 00002000000003c0 R09: 0000000000000000 [ 107.143229][ T9414] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 107.143239][ T9414] R13: 0000000000000000 R14: 00007fbff4595fa0 R15: 00007ffd178c7fe8 [ 107.143277][ T9414] [ 107.345223][ T9417] EXT4-fs (loop4): 1 orphan inode deleted [ 107.354918][ T9417] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.367589][ T51] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 1 [ 107.379992][ T9417] ext4 filesystem being mounted at /434/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.426324][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.463738][ T9432] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 107.668890][ T9443] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 107.827756][ T9449] FAULT_INJECTION: forcing a failure. [ 107.827756][ T9449] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 107.840844][ T9449] CPU: 0 UID: 0 PID: 9449 Comm: syz.2.2421 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 107.840868][ T9449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 107.840961][ T9449] Call Trace: [ 107.840967][ T9449] [ 107.840975][ T9449] __dump_stack+0x1d/0x30 [ 107.840997][ T9449] dump_stack_lvl+0xe8/0x140 [ 107.841016][ T9449] dump_stack+0x15/0x1b [ 107.841031][ T9449] should_fail_ex+0x265/0x280 [ 107.841088][ T9449] should_fail+0xb/0x20 [ 107.841110][ T9449] should_fail_usercopy+0x1a/0x20 [ 107.841139][ T9449] _copy_from_user+0x1c/0xb0 [ 107.841160][ T9449] rtc_dev_ioctl+0x7ce/0xb60 [ 107.841328][ T9449] ? __pfx_rtc_dev_ioctl+0x10/0x10 [ 107.841355][ T9449] __se_sys_ioctl+0xce/0x140 [ 107.841384][ T9449] __x64_sys_ioctl+0x43/0x50 [ 107.841410][ T9449] x64_sys_call+0x19a8/0x2fb0 [ 107.841445][ T9449] do_syscall_64+0xd2/0x200 [ 107.841461][ T9449] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 107.841518][ T9449] ? clear_bhb_loop+0x40/0x90 [ 107.841535][ T9449] ? clear_bhb_loop+0x40/0x90 [ 107.841555][ T9449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.841576][ T9449] RIP: 0033:0x7fcded5ae929 [ 107.841658][ T9449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.841674][ T9449] RSP: 002b:00007fcdebc17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 107.841690][ T9449] RAX: ffffffffffffffda RBX: 00007fcded7d5fa0 RCX: 00007fcded5ae929 [ 107.841700][ T9449] RDX: 0000200000000040 RSI: 0000000040187013 RDI: 0000000000000003 [ 107.841710][ T9449] RBP: 00007fcdebc17090 R08: 0000000000000000 R09: 0000000000000000 [ 107.841720][ T9449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.841731][ T9449] R13: 0000000000000000 R14: 00007fcded7d5fa0 R15: 00007ffccbb75b88 [ 107.841799][ T9449] [ 108.087402][ T9457] debugfs: Bad value for 'mode' [ 108.120038][ T9458] loop4: detected capacity change from 0 to 1024 [ 108.150481][ T9458] EXT4-fs: inline encryption not supported [ 108.156373][ T9458] EXT4-fs: Ignoring removed i_version option [ 108.172440][ T9458] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 108.203310][ T9458] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.2425: lblock 2 mapped to illegal pblock 2 (length 1) [ 108.224478][ T9458] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.2425: lblock 0 mapped to illegal pblock 48 (length 1) [ 108.255826][ T9458] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2425: Failed to acquire dquot type 0 [ 108.273071][ T9458] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 108.290458][ T9458] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2425: mark_inode_dirty error [ 108.311503][ T9458] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 108.351133][ T9458] EXT4-fs (loop4): 1 orphan inode deleted [ 108.367153][ T6246] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:17: lblock 1 mapped to illegal pblock 1 (length 1) [ 108.386520][ T9458] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.412871][ T6246] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:17: Failed to release dquot type 0 [ 108.515352][ T9458] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.524686][ T9458] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.2425: Invalid inode table block 1 in block_group 0 [ 108.551381][ T9458] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 109.179002][ T9479] loop3: detected capacity change from 0 to 2048 [ 109.330927][ T9487] futex_wake_op: syz.2.2437 tries to shift op by -1; fix this program [ 109.408428][ T9489] debugfs: Bad value for 'mode' [ 109.510351][ T9495] __nla_validate_parse: 11 callbacks suppressed [ 109.510367][ T9495] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2441'. [ 109.528892][ T9458] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.2425: mark_inode_dirty error [ 109.569349][ T9479] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.581990][ T9458] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2425'. [ 109.623708][ T9458] loop4: detected capacity change from 0 to 512 [ 109.646825][ T29] kauditd_printk_skb: 267 callbacks suppressed [ 109.646837][ T29] audit: type=1326 audit(1751501388.651:5214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000 [ 109.647224][ T9458] EXT4-fs: Ignoring removed orlov option [ 109.689565][ T29] audit: type=1326 audit(1751501388.693:5215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000 [ 109.713130][ T29] audit: type=1326 audit(1751501388.693:5216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000 [ 109.736373][ T29] audit: type=1326 audit(1751501388.693:5217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000 [ 109.759787][ T29] audit: type=1326 audit(1751501388.693:5218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000 [ 109.783185][ T29] audit: type=1326 audit(1751501388.693:5219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000 [ 109.806512][ T29] audit: type=1326 audit(1751501388.693:5220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000 [ 109.829944][ T29] audit: type=1326 audit(1751501388.693:5221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000 [ 109.853467][ T29] audit: type=1326 audit(1751501388.693:5222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000 [ 109.876906][ T29] audit: type=1326 audit(1751501388.693:5223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000 [ 109.919135][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.941118][ T9458] EXT4-fs (loop4): bad block size 65536 [ 110.065324][ T9506] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2445'. [ 110.121404][ T9520] debugfs: Bad value for 'mode' [ 110.877770][ T9542] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2457'. [ 111.742929][ T9546] FAULT_INJECTION: forcing a failure. [ 111.742929][ T9546] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.756083][ T9546] CPU: 1 UID: 0 PID: 9546 Comm: syz.2.2460 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 111.756203][ T9546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.756213][ T9546] Call Trace: [ 111.756219][ T9546] [ 111.756225][ T9546] __dump_stack+0x1d/0x30 [ 111.756243][ T9546] dump_stack_lvl+0xe8/0x140 [ 111.756259][ T9546] dump_stack+0x15/0x1b [ 111.756323][ T9546] should_fail_ex+0x265/0x280 [ 111.756353][ T9546] should_fail+0xb/0x20 [ 111.756380][ T9546] should_fail_usercopy+0x1a/0x20 [ 111.756447][ T9546] _copy_to_user+0x20/0xa0 [ 111.756511][ T9546] simple_read_from_buffer+0xb5/0x130 [ 111.756537][ T9546] proc_fail_nth_read+0x100/0x140 [ 111.756599][ T9546] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 111.756625][ T9546] vfs_read+0x1a0/0x6f0 [ 111.756769][ T9546] ? kmem_cache_free+0xdf/0x300 [ 111.756828][ T9546] ? putname+0xda/0x100 [ 111.756848][ T9546] ksys_read+0xda/0x1a0 [ 111.756874][ T9546] __x64_sys_read+0x40/0x50 [ 111.756925][ T9546] x64_sys_call+0x2d77/0x2fb0 [ 111.756996][ T9546] do_syscall_64+0xd2/0x200 [ 111.757011][ T9546] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 111.757032][ T9546] ? clear_bhb_loop+0x40/0x90 [ 111.757053][ T9546] ? clear_bhb_loop+0x40/0x90 [ 111.757075][ T9546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.757134][ T9546] RIP: 0033:0x7fcded5ad33c [ 111.757147][ T9546] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 111.757163][ T9546] RSP: 002b:00007fcdebc17030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 111.757183][ T9546] RAX: ffffffffffffffda RBX: 00007fcded7d5fa0 RCX: 00007fcded5ad33c [ 111.757196][ T9546] RDX: 000000000000000f RSI: 00007fcdebc170a0 RDI: 0000000000000003 [ 111.757268][ T9546] RBP: 00007fcdebc17090 R08: 0000000000000000 R09: 0000000000000000 [ 111.757281][ T9546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.757293][ T9546] R13: 0000000000000000 R14: 00007fcded7d5fa0 R15: 00007ffccbb75b88 [ 111.757377][ T9546] [ 112.016739][ T9552] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2462'. [ 112.026091][ T9552] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 112.046011][ T9550] loop4: detected capacity change from 0 to 512 [ 112.060368][ T9554] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2463'. [ 112.074609][ T9550] EXT4-fs (loop4): filesystem is read-only [ 112.088291][ T9550] EXT4-fs (loop4): filesystem is read-only [ 112.094204][ T9550] EXT4-fs (loop4): orphan cleanup on readonly fs [ 112.101731][ T9550] EXT4-fs error (device loop4): ext4_orphan_get:1419: comm syz.4.2461: bad orphan inode 16 [ 112.128857][ T9550] ext4_test_bit(bit=15, block=3) = 0 [ 112.135324][ T9550] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 112.153675][ T9559] loop3: detected capacity change from 0 to 1024 [ 112.162437][ T9559] EXT4-fs: inline encryption not supported [ 112.168379][ T9559] EXT4-fs: Ignoring removed i_version option [ 112.184965][ T9550] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2461'. [ 112.199602][ T9559] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 112.224184][ T9559] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 2: comm syz.3.2465: lblock 2 mapped to illegal pblock 2 (length 1) [ 112.243342][ T9559] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 48: comm syz.3.2465: lblock 0 mapped to illegal pblock 48 (length 1) [ 112.258104][ T9550] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2461'. [ 112.290400][ T9559] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.2465: Failed to acquire dquot type 0 [ 112.293250][ T9564] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2467'. [ 112.311454][ T9559] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 112.312407][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.332786][ T9559] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.2465: mark_inode_dirty error [ 112.347516][ T9564] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 112.358344][ T9559] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 112.384048][ T9559] EXT4-fs (loop3): 1 orphan inode deleted [ 112.403250][ T51] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1) [ 112.422230][ T9559] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.456523][ T51] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 0 [ 112.479342][ T9559] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.489727][ T9559] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2465: Invalid inode table block 1 in block_group 0 [ 112.504592][ T9559] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 112.528055][ T9559] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz.3.2465: mark_inode_dirty error [ 112.548717][ T9574] lo speed is unknown, defaulting to 1000 [ 112.574701][ T9559] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2465'. [ 112.607123][ T9559] loop3: detected capacity change from 0 to 512 [ 112.614439][ T9559] EXT4-fs: Ignoring removed orlov option [ 112.621333][ T9559] EXT4-fs (loop3): bad block size 65536 [ 112.730394][ T9576] siw: device registration error -23 [ 112.803736][ T9589] futex_wake_op: syz.1.2477 tries to shift op by -1; fix this program [ 112.953558][ T9597] futex_wake_op: syz.1.2480 tries to shift op by -1; fix this program [ 113.098939][ T9614] FAULT_INJECTION: forcing a failure. [ 113.098939][ T9614] name failslab, interval 1, probability 0, space 0, times 0 [ 113.111587][ T9614] CPU: 0 UID: 0 PID: 9614 Comm: syz.2.2486 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 113.111614][ T9614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.111625][ T9614] Call Trace: [ 113.111631][ T9614] [ 113.111712][ T9614] __dump_stack+0x1d/0x30 [ 113.111731][ T9614] dump_stack_lvl+0xe8/0x140 [ 113.111747][ T9614] dump_stack+0x15/0x1b [ 113.111762][ T9614] should_fail_ex+0x265/0x280 [ 113.111815][ T9614] ? alloc_pipe_info+0xae/0x350 [ 113.111832][ T9614] should_failslab+0x8c/0xb0 [ 113.111854][ T9614] __kmalloc_cache_noprof+0x4c/0x320 [ 113.111885][ T9614] alloc_pipe_info+0xae/0x350 [ 113.111971][ T9614] splice_direct_to_actor+0x592/0x680 [ 113.112045][ T9614] ? __pfx_direct_splice_actor+0x10/0x10 [ 113.112150][ T9614] ? selinux_file_permission+0x2f0/0x320 [ 113.112175][ T9614] do_splice_direct+0xda/0x150 [ 113.112246][ T9614] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 113.112337][ T9614] do_sendfile+0x380/0x650 [ 113.112363][ T9614] __x64_sys_sendfile64+0x105/0x150 [ 113.112386][ T9614] x64_sys_call+0xb39/0x2fb0 [ 113.112447][ T9614] do_syscall_64+0xd2/0x200 [ 113.112463][ T9614] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 113.112487][ T9614] ? clear_bhb_loop+0x40/0x90 [ 113.112596][ T9614] ? clear_bhb_loop+0x40/0x90 [ 113.112617][ T9614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.112637][ T9614] RIP: 0033:0x7fcded5ae929 [ 113.112671][ T9614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.112688][ T9614] RSP: 002b:00007fcdebc17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 113.112739][ T9614] RAX: ffffffffffffffda RBX: 00007fcded7d5fa0 RCX: 00007fcded5ae929 [ 113.112752][ T9614] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000006 [ 113.112762][ T9614] RBP: 00007fcdebc17090 R08: 0000000000000000 R09: 0000000000000000 [ 113.112772][ T9614] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 113.112782][ T9614] R13: 0000000000000000 R14: 00007fcded7d5fa0 R15: 00007ffccbb75b88 [ 113.112808][ T9614] [ 113.330388][ T9617] loop4: detected capacity change from 0 to 1024 [ 113.338301][ T9617] EXT4-fs: inline encryption not supported [ 113.344233][ T9617] EXT4-fs: Ignoring removed i_version option [ 113.366339][ T9617] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 113.393296][ T9617] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.2488: lblock 2 mapped to illegal pblock 2 (length 1) [ 113.408035][ T9617] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.2488: lblock 0 mapped to illegal pblock 48 (length 1) [ 113.469433][ T9617] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2488: Failed to acquire dquot type 0 [ 113.485063][ T9617] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 113.496638][ T9617] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2488: mark_inode_dirty error [ 113.528372][ T9617] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 113.539928][ T9617] EXT4-fs (loop4): 1 orphan inode deleted [ 113.546086][ T9617] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.559237][ T6248] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:19: lblock 1 mapped to illegal pblock 1 (length 1) [ 113.585218][ T6248] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:19: Failed to release dquot type 0 [ 113.628080][ T9617] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.635264][ T9641] futex_wake_op: syz.3.2498 tries to shift op by -1; fix this program [ 113.637478][ T9617] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.2488: Invalid inode table block 1 in block_group 0 [ 113.660067][ T9617] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 113.684117][ T9617] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.2488: mark_inode_dirty error [ 113.729898][ T9617] loop4: detected capacity change from 0 to 512 [ 113.738477][ T9617] EXT4-fs: Ignoring removed orlov option [ 113.746947][ T9617] EXT4-fs (loop4): bad block size 65536 [ 113.790727][ T9651] 9pnet_fd: Insufficient options for proto=fd [ 113.952461][ T9682] 9pnet_fd: Insufficient options for proto=fd [ 114.593716][ T9704] loop3: detected capacity change from 0 to 512 [ 114.602609][ T9704] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 114.613212][ T9704] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.2525: invalid block [ 114.625372][ T9704] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2525: invalid indirect mapped block 4294967295 (level 1) [ 114.640720][ T9704] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2525: invalid indirect mapped block 4294967295 (level 1) [ 114.655146][ T9704] EXT4-fs (loop3): 2 truncates cleaned up [ 114.662045][ T9704] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.681439][ T29] kauditd_printk_skb: 157 callbacks suppressed [ 114.681452][ T29] audit: type=1326 audit(113.694:5375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbff43658e7 code=0x7ffc0000 [ 114.753432][ T29] audit: type=1326 audit(113.757:5376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbff430ab19 code=0x7ffc0000 [ 114.776256][ T29] audit: type=1326 audit(113.757:5377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbff43658e7 code=0x7ffc0000 [ 114.798948][ T29] audit: type=1326 audit(113.757:5378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbff430ab19 code=0x7ffc0000 [ 114.821724][ T29] audit: type=1326 audit(113.757:5379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbff43658e7 code=0x7ffc0000 [ 114.844424][ T29] audit: type=1326 audit(113.757:5380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbff430ab19 code=0x7ffc0000 [ 114.867117][ T29] audit: type=1326 audit(113.757:5381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbff43658e7 code=0x7ffc0000 [ 114.889874][ T29] audit: type=1326 audit(113.757:5382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbff430ab19 code=0x7ffc0000 [ 114.912550][ T29] audit: type=1326 audit(113.757:5383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbff43658e7 code=0x7ffc0000 [ 114.935429][ T29] audit: type=1326 audit(113.757:5384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbff430ab19 code=0x7ffc0000 [ 115.044318][ T9713] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 115.068499][ T9709] 9pnet_fd: Insufficient options for proto=fd [ 115.083374][ T9704] siw: device registration error -23 [ 115.213474][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.329067][ T9735] FAULT_INJECTION: forcing a failure. [ 115.329067][ T9735] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 115.342146][ T9735] CPU: 0 UID: 0 PID: 9735 Comm: syz.1.2537 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 115.342176][ T9735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.342186][ T9735] Call Trace: [ 115.342192][ T9735] [ 115.342199][ T9735] __dump_stack+0x1d/0x30 [ 115.342291][ T9735] dump_stack_lvl+0xe8/0x140 [ 115.342309][ T9735] dump_stack+0x15/0x1b [ 115.342323][ T9735] should_fail_ex+0x265/0x280 [ 115.342354][ T9735] should_fail+0xb/0x20 [ 115.342378][ T9735] should_fail_usercopy+0x1a/0x20 [ 115.342437][ T9735] _copy_to_user+0x20/0xa0 [ 115.342523][ T9735] simple_read_from_buffer+0xb5/0x130 [ 115.342549][ T9735] proc_fail_nth_read+0x100/0x140 [ 115.342580][ T9735] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 115.342686][ T9735] vfs_read+0x1a0/0x6f0 [ 115.342774][ T9735] ? __rcu_read_unlock+0x4f/0x70 [ 115.342795][ T9735] ? __fget_files+0x184/0x1c0 [ 115.342813][ T9735] ksys_read+0xda/0x1a0 [ 115.342859][ T9735] __x64_sys_read+0x40/0x50 [ 115.342916][ T9735] x64_sys_call+0x2d77/0x2fb0 [ 115.342935][ T9735] do_syscall_64+0xd2/0x200 [ 115.342950][ T9735] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 115.342972][ T9735] ? clear_bhb_loop+0x40/0x90 [ 115.342992][ T9735] ? clear_bhb_loop+0x40/0x90 [ 115.343010][ T9735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.343027][ T9735] RIP: 0033:0x7f94c0f8d33c [ 115.343043][ T9735] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 115.343061][ T9735] RSP: 002b:00007f94bf5f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 115.343134][ T9735] RAX: ffffffffffffffda RBX: 00007f94c11b5fa0 RCX: 00007f94c0f8d33c [ 115.343207][ T9735] RDX: 000000000000000f RSI: 00007f94bf5f70a0 RDI: 0000000000000005 [ 115.343220][ T9735] RBP: 00007f94bf5f7090 R08: 0000000000000000 R09: 0000000000000000 [ 115.343233][ T9735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 115.343244][ T9735] R13: 0000000000000000 R14: 00007f94c11b5fa0 R15: 00007fff70e06188 [ 115.343260][ T9735] [ 115.585108][ T9740] 9pnet_fd: Insufficient options for proto=fd [ 115.626138][ T9746] loop3: detected capacity change from 0 to 1024 [ 115.637795][ T9746] EXT4-fs: inline encryption not supported [ 115.643692][ T9746] EXT4-fs: Ignoring removed i_version option [ 115.653905][ T9746] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 115.667920][ T9746] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 2: comm syz.3.2542: lblock 2 mapped to illegal pblock 2 (length 1) [ 115.682634][ T9746] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 48: comm syz.3.2542: lblock 0 mapped to illegal pblock 48 (length 1) [ 115.702290][ T9746] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.2542: Failed to acquire dquot type 0 [ 115.715707][ T9746] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 115.735318][ T9746] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.2542: mark_inode_dirty error [ 115.748395][ T9746] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 115.759935][ T9746] EXT4-fs (loop3): 1 orphan inode deleted [ 115.766724][ T9746] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.781125][ T9766] FAULT_INJECTION: forcing a failure. [ 115.781125][ T9766] name failslab, interval 1, probability 0, space 0, times 0 [ 115.781257][ T6248] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:19: lblock 1 mapped to illegal pblock 1 (length 1) [ 115.793748][ T9766] CPU: 0 UID: 0 PID: 9766 Comm: syz.0.2549 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 115.793846][ T9766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.793859][ T9766] Call Trace: [ 115.793908][ T9766] [ 115.793915][ T9766] __dump_stack+0x1d/0x30 [ 115.793953][ T9766] dump_stack_lvl+0xe8/0x140 [ 115.793971][ T9766] dump_stack+0x15/0x1b [ 115.793987][ T9766] should_fail_ex+0x265/0x280 [ 115.794040][ T9766] should_failslab+0x8c/0xb0 [ 115.794062][ T9766] __kvmalloc_node_noprof+0x123/0x4e0 [ 115.794088][ T9766] ? nf_tables_newset+0xdde/0x14e0 [ 115.794134][ T9766] nf_tables_newset+0xdde/0x14e0 [ 115.794240][ T9766] nfnetlink_rcv+0xb96/0x1690 [ 115.794287][ T9766] netlink_unicast+0x59e/0x670 [ 115.794317][ T9766] netlink_sendmsg+0x58b/0x6b0 [ 115.794410][ T9766] ? __pfx_netlink_sendmsg+0x10/0x10 [ 115.794429][ T9766] __sock_sendmsg+0x145/0x180 [ 115.794452][ T9766] ____sys_sendmsg+0x31e/0x4e0 [ 115.794564][ T9766] ___sys_sendmsg+0x17b/0x1d0 [ 115.794677][ T9766] __x64_sys_sendmsg+0xd4/0x160 [ 115.794710][ T9766] x64_sys_call+0x2999/0x2fb0 [ 115.794738][ T9766] do_syscall_64+0xd2/0x200 [ 115.794755][ T9766] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 115.794808][ T9766] ? clear_bhb_loop+0x40/0x90 [ 115.794829][ T9766] ? clear_bhb_loop+0x40/0x90 [ 115.794868][ T9766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.794888][ T9766] RIP: 0033:0x7f7d9f41e929 [ 115.794902][ T9766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.794919][ T9766] RSP: 002b:00007f7d9da87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 115.794938][ T9766] RAX: ffffffffffffffda RBX: 00007f7d9f645fa0 RCX: 00007f7d9f41e929 [ 115.794975][ T9766] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005 [ 115.794987][ T9766] RBP: 00007f7d9da87090 R08: 0000000000000000 R09: 0000000000000000 [ 115.795046][ T9766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 115.795058][ T9766] R13: 0000000000000000 R14: 00007f7d9f645fa0 R15: 00007ffe48813a68 [ 115.795074][ T9766] [ 115.812608][ T9771] SELinux: security_context_str_to_sid (staf) failed with errno=-22 [ 115.826065][ T9772] 9pnet_fd: Insufficient options for proto=fd [ 115.831217][ T6248] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:19: Failed to release dquot type 0 [ 115.969444][ T9778] lo speed is unknown, defaulting to 1000 [ 115.986447][ T9746] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.071528][ T9746] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2542: Invalid inode table block 1 in block_group 0 [ 116.084718][ T9746] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 116.094866][ T9746] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz.3.2542: mark_inode_dirty error [ 116.109851][ T9783] blktrace: Concurrent blktraces are not allowed on loop8 [ 116.140501][ T9746] __nla_validate_parse: 8 callbacks suppressed [ 116.140581][ T9746] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2542'. [ 116.155302][ T9793] FAULT_INJECTION: forcing a failure. [ 116.155302][ T9793] name failslab, interval 1, probability 0, space 0, times 0 [ 116.168413][ T9793] CPU: 1 UID: 0 PID: 9793 Comm: syz.0.2560 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 116.168436][ T9793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.168493][ T9793] Call Trace: [ 116.168499][ T9793] [ 116.168506][ T9793] __dump_stack+0x1d/0x30 [ 116.168528][ T9793] dump_stack_lvl+0xe8/0x140 [ 116.168547][ T9793] dump_stack+0x15/0x1b [ 116.168606][ T9793] should_fail_ex+0x265/0x280 [ 116.168637][ T9793] ? tcp_sendmsg_fastopen+0x172/0x520 [ 116.168738][ T9793] should_failslab+0x8c/0xb0 [ 116.168902][ T9793] __kmalloc_cache_noprof+0x4c/0x320 [ 116.168931][ T9793] tcp_sendmsg_fastopen+0x172/0x520 [ 116.168959][ T9793] tcp_sendmsg_locked+0x27be/0x2cc0 [ 116.168983][ T9793] ? mntput_no_expire+0x6f/0x3c0 [ 116.169010][ T9793] ? mntput+0x4b/0x80 [ 116.169063][ T9793] ? __rcu_read_unlock+0x4f/0x70 [ 116.169086][ T9793] ? avc_has_perm_noaudit+0x1b1/0x200 [ 116.169114][ T9793] ? avc_has_perm+0xd3/0x150 [ 116.169136][ T9793] ? _raw_spin_unlock_bh+0x36/0x40 [ 116.169157][ T9793] ? __pfx_tcp_sendmsg+0x10/0x10 [ 116.169225][ T9793] tcp_sendmsg+0x2f/0x50 [ 116.169261][ T9793] inet6_sendmsg+0x76/0xd0 [ 116.169277][ T9793] __sock_sendmsg+0x8b/0x180 [ 116.169307][ T9793] __sys_sendto+0x268/0x330 [ 116.169344][ T9793] __x64_sys_sendto+0x76/0x90 [ 116.169373][ T9793] x64_sys_call+0x2eb6/0x2fb0 [ 116.169477][ T9793] do_syscall_64+0xd2/0x200 [ 116.169492][ T9793] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 116.169554][ T9793] ? clear_bhb_loop+0x40/0x90 [ 116.169575][ T9793] ? clear_bhb_loop+0x40/0x90 [ 116.169597][ T9793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.169673][ T9793] RIP: 0033:0x7f7d9f41e929 [ 116.169689][ T9793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.169708][ T9793] RSP: 002b:00007f7d9da87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 116.169725][ T9793] RAX: ffffffffffffffda RBX: 00007f7d9f645fa0 RCX: 00007f7d9f41e929 [ 116.169739][ T9793] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 116.169752][ T9793] RBP: 00007f7d9da87090 R08: 00002000000001c0 R09: 000000000000001c [ 116.169765][ T9793] R10: 0000000020000045 R11: 0000000000000246 R12: 0000000000000001 [ 116.169814][ T9793] R13: 0000000000000000 R14: 00007f7d9f645fa0 R15: 00007ffe48813a68 [ 116.169830][ T9793] [ 116.410783][ T9746] loop3: detected capacity change from 0 to 512 [ 116.420053][ T9746] EXT4-fs: Ignoring removed orlov option [ 116.427255][ T9746] EXT4-fs (loop3): bad block size 65536 [ 116.444215][ T9799] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2562'. [ 116.461793][ T9803] SELinux: security_context_str_to_sid (sta) failed with errno=-22 [ 116.501411][ T9807] loop4: detected capacity change from 0 to 512 [ 116.516725][ T9807] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 116.544726][ T9807] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.2566: invalid block [ 116.560749][ T9810] infiniband syz2: set active [ 116.565567][ T9810] infiniband syz2: added veth0_to_bond [ 116.584758][ T9807] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2566: invalid indirect mapped block 4294967295 (level 1) [ 116.598861][ T9810] RDS/IB: syz2: added [ 116.609914][ T9810] smc: adding ib device syz2 with port count 1 [ 116.616202][ T9810] smc: ib device syz2 port 1 has pnetid [ 116.630814][ T9807] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2566: invalid indirect mapped block 4294967295 (level 1) [ 116.655756][ T9807] EXT4-fs (loop4): 2 truncates cleaned up [ 116.665372][ T9807] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.686435][ T9820] netlink: 27 bytes leftover after parsing attributes in process `syz.0.2568'. [ 116.791622][ T9807] siw: device registration error -23 [ 116.797196][ T9833] lo speed is unknown, defaulting to 1000 [ 116.855594][ T9838] SELinux: security_context_str_to_sid (sta) failed with errno=-22 [ 116.879637][ T9840] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2576'. [ 116.895045][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.928048][ T9844] FAULT_INJECTION: forcing a failure. [ 116.928048][ T9844] name failslab, interval 1, probability 0, space 0, times 0 [ 116.929603][ T9847] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2578'. [ 116.940797][ T9844] CPU: 0 UID: 0 PID: 9844 Comm: syz.2.2579 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 116.940893][ T9844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.940905][ T9844] Call Trace: [ 116.940910][ T9844] [ 116.940917][ T9844] __dump_stack+0x1d/0x30 [ 116.940938][ T9844] dump_stack_lvl+0xe8/0x140 [ 116.940957][ T9844] dump_stack+0x15/0x1b [ 116.940973][ T9844] should_fail_ex+0x265/0x280 [ 116.941021][ T9844] should_failslab+0x8c/0xb0 [ 116.941043][ T9844] kmem_cache_alloc_noprof+0x50/0x310 [ 116.941067][ T9844] ? audit_log_start+0x365/0x6c0 [ 116.941130][ T9844] audit_log_start+0x365/0x6c0 [ 116.941192][ T9844] audit_seccomp+0x48/0x100 [ 116.941228][ T9844] ? __seccomp_filter+0x68c/0x10d0 [ 116.941257][ T9844] __seccomp_filter+0x69d/0x10d0 [ 116.941286][ T9844] __secure_computing+0x82/0x150 [ 116.941308][ T9844] syscall_trace_enter+0xcf/0x1e0 [ 116.941405][ T9844] do_syscall_64+0xac/0x200 [ 116.941422][ T9844] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 116.941444][ T9844] ? clear_bhb_loop+0x40/0x90 [ 116.941519][ T9844] ? clear_bhb_loop+0x40/0x90 [ 116.941539][ T9844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.941559][ T9844] RIP: 0033:0x7fcded5ad33c [ 116.941573][ T9844] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 116.941628][ T9844] RSP: 002b:00007fcdebc17030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 116.941667][ T9844] RAX: ffffffffffffffda RBX: 00007fcded7d5fa0 RCX: 00007fcded5ad33c [ 116.941679][ T9844] RDX: 000000000000000f RSI: 00007fcdebc170a0 RDI: 0000000000000005 [ 116.941691][ T9844] RBP: 00007fcdebc17090 R08: 0000000000000000 R09: 0000000000000000 [ 116.941703][ T9844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.941715][ T9844] R13: 0000000000000000 R14: 00007fcded7d5fa0 R15: 00007ffccbb75b88 [ 116.941733][ T9844] [ 117.192947][ T9860] FAULT_INJECTION: forcing a failure. [ 117.192947][ T9860] name failslab, interval 1, probability 0, space 0, times 0 [ 117.205683][ T9860] CPU: 1 UID: 0 PID: 9860 Comm: syz.3.2584 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 117.205713][ T9860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 117.205725][ T9860] Call Trace: [ 117.205732][ T9860] [ 117.205740][ T9860] __dump_stack+0x1d/0x30 [ 117.205761][ T9860] dump_stack_lvl+0xe8/0x140 [ 117.205820][ T9860] dump_stack+0x15/0x1b [ 117.205837][ T9860] should_fail_ex+0x265/0x280 [ 117.205863][ T9860] should_failslab+0x8c/0xb0 [ 117.205882][ T9860] kmem_cache_alloc_noprof+0x50/0x310 [ 117.205974][ T9860] ? dst_alloc+0xbd/0x100 [ 117.206067][ T9860] dst_alloc+0xbd/0x100 [ 117.206091][ T9860] ? ip_vs_sip_hashkey_raw+0xd2/0x330 [ 117.206144][ T9860] ip_route_output_key_hash_rcu+0xf16/0x1440 [ 117.206171][ T9860] ? ip_route_output_key_hash_rcu+0x12d1/0x1440 [ 117.206199][ T9860] ip_route_output_key_hash+0x7a/0xb0 [ 117.206222][ T9860] __ip4_datagram_connect+0x4cc/0x7b0 [ 117.206328][ T9860] __ip6_datagram_connect+0xe7/0x7e0 [ 117.206358][ T9860] ? _raw_spin_unlock_bh+0x36/0x40 [ 117.206384][ T9860] ip6_datagram_connect_v6_only+0x52/0x80 [ 117.206410][ T9860] inet_dgram_connect+0x122/0x1c0 [ 117.206511][ T9860] ? __pfx_inet_dgram_connect+0x10/0x10 [ 117.206547][ T9860] __sys_connect+0x1ef/0x2b0 [ 117.206619][ T9860] __x64_sys_connect+0x3f/0x50 [ 117.206665][ T9860] x64_sys_call+0x1daa/0x2fb0 [ 117.206722][ T9860] do_syscall_64+0xd2/0x200 [ 117.206740][ T9860] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 117.206763][ T9860] ? clear_bhb_loop+0x40/0x90 [ 117.206780][ T9860] ? clear_bhb_loop+0x40/0x90 [ 117.206830][ T9860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.206851][ T9860] RIP: 0033:0x7fbff436e929 [ 117.206867][ T9860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.206884][ T9860] RSP: 002b:00007fbff29d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 117.206904][ T9860] RAX: ffffffffffffffda RBX: 00007fbff4595fa0 RCX: 00007fbff436e929 [ 117.207065][ T9860] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000003 [ 117.207077][ T9860] RBP: 00007fbff29d7090 R08: 0000000000000000 R09: 0000000000000000 [ 117.207089][ T9860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.207175][ T9860] R13: 0000000000000000 R14: 00007fbff4595fa0 R15: 00007ffd178c7fe8 [ 117.207197][ T9860] [ 117.219914][ T9862] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 117.372109][ T9869] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2586'. [ 117.375324][ T9862] IPv6: NLM_F_CREATE should be set when creating new route [ 117.380392][ T9870] loop3: detected capacity change from 0 to 512 [ 117.523577][ T9878] futex_wake_op: syz.0.2589 tries to shift op by -1; fix this program [ 117.532918][ T9878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2589'. [ 117.615424][ T9870] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 117.647225][ T9875] syzkaller0: entered promiscuous mode [ 117.652800][ T9875] syzkaller0: entered allmulticast mode [ 117.668637][ T9870] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.2588: invalid block [ 117.683168][ T9890] netlink: 'syz.0.2590': attribute type 10 has an invalid length. [ 117.731539][ T9884] lo speed is unknown, defaulting to 1000 [ 117.740821][ T9870] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2588: invalid indirect mapped block 4294967295 (level 1) [ 117.792217][ T9901] FAULT_INJECTION: forcing a failure. [ 117.792217][ T9901] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 117.805332][ T9901] CPU: 1 UID: 0 PID: 9901 Comm: syz.1.2594 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 117.805358][ T9901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 117.805369][ T9901] Call Trace: [ 117.805373][ T9901] [ 117.805379][ T9901] __dump_stack+0x1d/0x30 [ 117.805501][ T9901] dump_stack_lvl+0xe8/0x140 [ 117.805516][ T9901] dump_stack+0x15/0x1b [ 117.805528][ T9901] should_fail_ex+0x265/0x280 [ 117.805551][ T9901] should_fail+0xb/0x20 [ 117.805571][ T9901] should_fail_usercopy+0x1a/0x20 [ 117.805599][ T9901] _copy_from_iter+0xcf/0xe40 [ 117.805622][ T9901] ? __build_skb_around+0x1a0/0x200 [ 117.805704][ T9901] ? __alloc_skb+0x223/0x320 [ 117.805727][ T9901] netlink_sendmsg+0x471/0x6b0 [ 117.805743][ T9901] ? __pfx_netlink_sendmsg+0x10/0x10 [ 117.805757][ T9901] __sock_sendmsg+0x145/0x180 [ 117.805776][ T9901] ____sys_sendmsg+0x31e/0x4e0 [ 117.805841][ T9901] ___sys_sendmsg+0x17b/0x1d0 [ 117.805874][ T9901] __x64_sys_sendmsg+0xd4/0x160 [ 117.805930][ T9901] x64_sys_call+0x2999/0x2fb0 [ 117.805945][ T9901] do_syscall_64+0xd2/0x200 [ 117.805959][ T9901] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 117.806013][ T9901] ? clear_bhb_loop+0x40/0x90 [ 117.806102][ T9901] ? clear_bhb_loop+0x40/0x90 [ 117.806118][ T9901] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.806214][ T9901] RIP: 0033:0x7f94c0f8e929 [ 117.806225][ T9901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.806239][ T9901] RSP: 002b:00007f94bf5f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 117.806275][ T9901] RAX: ffffffffffffffda RBX: 00007f94c11b5fa0 RCX: 00007f94c0f8e929 [ 117.806285][ T9901] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000006 [ 117.806294][ T9901] RBP: 00007f94bf5f7090 R08: 0000000000000000 R09: 0000000000000000 [ 117.806304][ T9901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.806313][ T9901] R13: 0000000000000000 R14: 00007f94c11b5fa0 R15: 00007fff70e06188 [ 117.806328][ T9901] [ 118.017903][ T9870] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2588: invalid indirect mapped block 4294967295 (level 1) [ 118.071077][ T9870] EXT4-fs (loop3): 2 truncates cleaned up [ 118.085018][ T9870] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.100480][ T9905] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2595'. [ 118.109411][ T9905] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2595'. [ 118.118461][ T9905] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2595'. [ 118.169142][ T9870] siw: device registration error -23 [ 118.190220][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.229470][ T9917] debugfs: Bad value for 'mode' [ 118.261830][ T9921] loop4: detected capacity change from 0 to 1024 [ 118.271818][ T9921] EXT4-fs: inline encryption not supported [ 118.277806][ T9921] EXT4-fs: Ignoring removed i_version option [ 118.291321][ T9921] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 118.304002][ T9921] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.2600: lblock 2 mapped to illegal pblock 2 (length 1) [ 118.321031][ T9921] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.2600: lblock 0 mapped to illegal pblock 48 (length 1) [ 118.336675][ T9921] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2600: Failed to acquire dquot type 0 [ 118.370551][ T9932] FAULT_INJECTION: forcing a failure. [ 118.370551][ T9932] name failslab, interval 1, probability 0, space 0, times 0 [ 118.374324][ T9921] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 118.383191][ T9932] CPU: 1 UID: 0 PID: 9932 Comm: syz.3.2604 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 118.383217][ T9932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.383229][ T9932] Call Trace: [ 118.383235][ T9932] [ 118.383242][ T9932] __dump_stack+0x1d/0x30 [ 118.383293][ T9932] dump_stack_lvl+0xe8/0x140 [ 118.383311][ T9932] dump_stack+0x15/0x1b [ 118.383327][ T9932] should_fail_ex+0x265/0x280 [ 118.383357][ T9932] should_failslab+0x8c/0xb0 [ 118.383423][ T9932] kmem_cache_alloc_lru_noprof+0x55/0x310 [ 118.383448][ T9932] ? shmem_alloc_inode+0x34/0x50 [ 118.383465][ T9932] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 118.383480][ T9932] shmem_alloc_inode+0x34/0x50 [ 118.383528][ T9932] alloc_inode+0x40/0x170 [ 118.383557][ T9932] new_inode+0x1d/0xe0 [ 118.383575][ T9932] shmem_get_inode+0x244/0x750 [ 118.383595][ T9932] __shmem_file_setup+0x113/0x210 [ 118.383645][ T9932] shmem_file_setup+0x3b/0x50 [ 118.383671][ T9932] __se_sys_memfd_create+0x2c3/0x590 [ 118.383701][ T9932] __x64_sys_memfd_create+0x31/0x40 [ 118.383804][ T9932] x64_sys_call+0x122f/0x2fb0 [ 118.383824][ T9932] do_syscall_64+0xd2/0x200 [ 118.383841][ T9932] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 118.383865][ T9932] ? clear_bhb_loop+0x40/0x90 [ 118.383934][ T9932] ? clear_bhb_loop+0x40/0x90 [ 118.384002][ T9932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.384022][ T9932] RIP: 0033:0x7fbff436e929 [ 118.384037][ T9932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.384054][ T9932] RSP: 002b:00007fbff29d6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 118.384118][ T9932] RAX: ffffffffffffffda RBX: 00000000000002f0 RCX: 00007fbff436e929 [ 118.384130][ T9932] RDX: 00007fbff29d6ef0 RSI: 0000000000000000 RDI: 00007fbff43f14cc [ 118.384142][ T9932] RBP: 0000200000000f80 R08: 00007fbff29d6bb7 R09: 00007fbff29d6e40 [ 118.384154][ T9932] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000 [ 118.384166][ T9932] R13: 00007fbff29d6ef0 R14: 00007fbff29d6eb0 R15: 0000200000000040 [ 118.384185][ T9932] [ 118.603970][ T9921] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2600: mark_inode_dirty error [ 118.615537][ T9921] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 118.627528][ T9921] EXT4-fs (loop4): 1 orphan inode deleted [ 118.633678][ T9921] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.646389][ T31] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 118.675713][ T31] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:1: Failed to release dquot type 0 [ 118.710738][ T9921] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.721788][ T9958] debugfs: Bad value for 'mode' [ 118.733393][ T9957] FAULT_INJECTION: forcing a failure. [ 118.733393][ T9957] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 118.746540][ T9957] CPU: 1 UID: 0 PID: 9957 Comm: syz.3.2612 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 118.746567][ T9957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.746601][ T9957] Call Trace: [ 118.746606][ T9957] [ 118.746612][ T9957] __dump_stack+0x1d/0x30 [ 118.746631][ T9957] dump_stack_lvl+0xe8/0x140 [ 118.746651][ T9957] dump_stack+0x15/0x1b [ 118.746669][ T9957] should_fail_ex+0x265/0x280 [ 118.746733][ T9957] should_fail+0xb/0x20 [ 118.746826][ T9957] should_fail_usercopy+0x1a/0x20 [ 118.746856][ T9957] _copy_to_user+0x20/0xa0 [ 118.746873][ T9957] simple_read_from_buffer+0xb5/0x130 [ 118.746898][ T9957] proc_fail_nth_read+0x100/0x140 [ 118.747008][ T9957] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 118.747032][ T9957] vfs_read+0x1a0/0x6f0 [ 118.747118][ T9957] ? __rcu_read_unlock+0x4f/0x70 [ 118.747136][ T9957] ? __fget_files+0x184/0x1c0 [ 118.747156][ T9957] ksys_read+0xda/0x1a0 [ 118.747215][ T9957] __x64_sys_read+0x40/0x50 [ 118.747243][ T9957] x64_sys_call+0x2d77/0x2fb0 [ 118.747306][ T9957] do_syscall_64+0xd2/0x200 [ 118.747324][ T9957] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 118.747356][ T9957] ? clear_bhb_loop+0x40/0x90 [ 118.747378][ T9957] ? clear_bhb_loop+0x40/0x90 [ 118.747471][ T9957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.747488][ T9957] RIP: 0033:0x7fbff436d33c [ 118.747500][ T9957] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 118.747515][ T9957] RSP: 002b:00007fbff29d7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 118.747532][ T9957] RAX: ffffffffffffffda RBX: 00007fbff4595fa0 RCX: 00007fbff436d33c [ 118.747546][ T9957] RDX: 000000000000000f RSI: 00007fbff29d70a0 RDI: 0000000000000004 [ 118.747559][ T9957] RBP: 00007fbff29d7090 R08: 0000000000000000 R09: 0000000000000000 [ 118.747626][ T9957] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 118.747639][ T9957] R13: 0000000000000000 R14: 00007fbff4595fa0 R15: 00007ffd178c7fe8 [ 118.747659][ T9957] [ 118.747917][ T9921] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.2600: Invalid inode table block 1 in block_group 0 [ 118.965610][ T9921] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 118.976189][ T9921] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.2600: mark_inode_dirty error [ 119.021254][ T9921] loop4: detected capacity change from 0 to 512 [ 119.027980][ T9921] EXT4-fs: Ignoring removed orlov option [ 119.044757][ T9921] EXT4-fs (loop4): bad block size 65536 [ 119.057993][ T9975] netem: change failed [ 119.084350][ T9979] FAULT_INJECTION: forcing a failure. [ 119.084350][ T9979] name failslab, interval 1, probability 0, space 0, times 0 [ 119.097014][ T9979] CPU: 1 UID: 0 PID: 9979 Comm: syz.2.2623 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 119.097036][ T9979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 119.097045][ T9979] Call Trace: [ 119.097051][ T9979] [ 119.097056][ T9979] __dump_stack+0x1d/0x30 [ 119.097108][ T9979] dump_stack_lvl+0xe8/0x140 [ 119.097172][ T9979] dump_stack+0x15/0x1b [ 119.097185][ T9979] should_fail_ex+0x265/0x280 [ 119.097210][ T9979] should_failslab+0x8c/0xb0 [ 119.097291][ T9979] __kmalloc_noprof+0xa5/0x3e0 [ 119.097311][ T9979] ? pfkey_add+0xf28/0x12e0 [ 119.097346][ T9979] pfkey_add+0xf28/0x12e0 [ 119.097374][ T9979] pfkey_sendmsg+0x715/0x900 [ 119.097539][ T9979] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 119.097562][ T9979] __sock_sendmsg+0x145/0x180 [ 119.097582][ T9979] ____sys_sendmsg+0x31e/0x4e0 [ 119.097616][ T9979] ___sys_sendmsg+0x17b/0x1d0 [ 119.097649][ T9979] __x64_sys_sendmsg+0xd4/0x160 [ 119.097697][ T9979] x64_sys_call+0x2999/0x2fb0 [ 119.097713][ T9979] do_syscall_64+0xd2/0x200 [ 119.097728][ T9979] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 119.097748][ T9979] ? clear_bhb_loop+0x40/0x90 [ 119.097785][ T9979] ? clear_bhb_loop+0x40/0x90 [ 119.097802][ T9979] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.097853][ T9979] RIP: 0033:0x7fcded5ae929 [ 119.097866][ T9979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.097879][ T9979] RSP: 002b:00007fcdebc17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 119.097893][ T9979] RAX: ffffffffffffffda RBX: 00007fcded7d5fa0 RCX: 00007fcded5ae929 [ 119.097902][ T9979] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006 [ 119.097911][ T9979] RBP: 00007fcdebc17090 R08: 0000000000000000 R09: 0000000000000000 [ 119.097920][ T9979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 119.097929][ T9979] R13: 0000000000000000 R14: 00007fcded7d5fa0 R15: 00007ffccbb75b88 [ 119.098024][ T9979] [ 119.315722][ T9981] siw: device registration error -23 [ 119.354375][ T9982] FAULT_INJECTION: forcing a failure. [ 119.354375][ T9982] name failslab, interval 1, probability 0, space 0, times 0 [ 119.367051][ T9982] CPU: 0 UID: 0 PID: 9982 Comm: syz.3.2620 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 119.367073][ T9982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 119.367082][ T9982] Call Trace: [ 119.367088][ T9982] [ 119.367095][ T9982] __dump_stack+0x1d/0x30 [ 119.367114][ T9982] dump_stack_lvl+0xe8/0x140 [ 119.367128][ T9982] dump_stack+0x15/0x1b [ 119.367141][ T9982] should_fail_ex+0x265/0x280 [ 119.367169][ T9982] should_failslab+0x8c/0xb0 [ 119.367189][ T9982] __kmalloc_noprof+0xa5/0x3e0 [ 119.367210][ T9982] ? memcg_list_lru_alloc+0x195/0x490 [ 119.367237][ T9982] memcg_list_lru_alloc+0x195/0x490 [ 119.367266][ T9982] __memcg_slab_post_alloc_hook+0x1a7/0x580 [ 119.367293][ T9982] kmem_cache_alloc_lru_noprof+0x229/0x310 [ 119.367313][ T9982] ? shmem_alloc_inode+0x34/0x50 [ 119.367329][ T9982] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 119.367345][ T9982] shmem_alloc_inode+0x34/0x50 [ 119.367359][ T9982] alloc_inode+0x40/0x170 [ 119.367383][ T9982] new_inode+0x1d/0xe0 [ 119.367397][ T9982] shmem_get_inode+0x244/0x750 [ 119.367412][ T9982] __shmem_file_setup+0x158/0x210 [ 119.367435][ T9982] shmem_zero_setup+0x63/0xd0 [ 119.367458][ T9982] mmap_region+0xee5/0x1580 [ 119.367490][ T9982] do_mmap+0x9b3/0xbe0 [ 119.367516][ T9982] vm_mmap_pgoff+0x17a/0x2e0 [ 119.367538][ T9982] ksys_mmap_pgoff+0xc2/0x310 [ 119.367560][ T9982] ? __x64_sys_mmap+0x49/0x70 [ 119.367577][ T9982] x64_sys_call+0x1602/0x2fb0 [ 119.367594][ T9982] do_syscall_64+0xd2/0x200 [ 119.367608][ T9982] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 119.367628][ T9982] ? clear_bhb_loop+0x40/0x90 [ 119.367646][ T9982] ? clear_bhb_loop+0x40/0x90 [ 119.367663][ T9982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.367680][ T9982] RIP: 0033:0x7fbff436e929 [ 119.367694][ T9982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.367708][ T9982] RSP: 002b:00007fbff29b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 119.367723][ T9982] RAX: ffffffffffffffda RBX: 00007fbff4596080 RCX: 00007fbff436e929 [ 119.367732][ T9982] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000 [ 119.367741][ T9982] RBP: 00007fbff29b6090 R08: ffffffffffffffff R09: 0000000000001000 [ 119.367750][ T9982] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000001 [ 119.367758][ T9982] R13: 0000000000000000 R14: 00007fbff4596080 R15: 00007ffd178c7fe8 [ 119.367772][ T9982] [ 119.639829][ T9993] debugfs: Bad value for 'mode' [ 119.661953][ T9995] loop4: detected capacity change from 0 to 512 [ 119.672862][ T9995] ext4: Unknown parameter 'euid' [ 119.686955][ T9995] netlink: 'syz.4.2631': attribute type 39 has an invalid length. [ 119.794592][T10007] futex_wake_op: syz.0.2636 tries to shift op by -1; fix this program [ 119.841287][T10009] 9pnet_fd: Insufficient options for proto=fd [ 119.904242][ T29] kauditd_printk_skb: 548 callbacks suppressed [ 119.904257][ T29] audit: type=1400 audit(119.177:5925): avc: denied { connect } for pid=10010 comm="syz.1.2638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 120.139898][ T29] audit: type=1400 audit(119.429:5926): avc: denied { create } for pid=10042 comm="syz.2.2653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 120.159033][ T29] audit: type=1400 audit(119.429:5927): avc: denied { write } for pid=10042 comm="syz.2.2653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 120.424894][T10060] FAULT_INJECTION: forcing a failure. [ 120.424894][T10060] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 120.438190][T10060] CPU: 1 UID: 0 PID: 10060 Comm: syz.3.2659 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 120.438216][T10060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 120.438307][T10060] Call Trace: [ 120.438313][T10060] [ 120.438319][T10060] __dump_stack+0x1d/0x30 [ 120.438337][T10060] dump_stack_lvl+0xe8/0x140 [ 120.438355][T10060] dump_stack+0x15/0x1b [ 120.438399][T10060] should_fail_ex+0x265/0x280 [ 120.438430][T10060] should_fail+0xb/0x20 [ 120.438455][T10060] should_fail_usercopy+0x1a/0x20 [ 120.438530][T10060] _copy_from_user+0x1c/0xb0 [ 120.438548][T10060] ___sys_sendmsg+0xc1/0x1d0 [ 120.438628][T10060] __x64_sys_sendmsg+0xd4/0x160 [ 120.438656][T10060] x64_sys_call+0x2999/0x2fb0 [ 120.438715][T10060] do_syscall_64+0xd2/0x200 [ 120.438730][T10060] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 120.438825][T10060] ? clear_bhb_loop+0x40/0x90 [ 120.438842][T10060] ? clear_bhb_loop+0x40/0x90 [ 120.438883][T10060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.438904][T10060] RIP: 0033:0x7fbff436e929 [ 120.438939][T10060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.438956][T10060] RSP: 002b:00007fbff29d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 120.438973][T10060] RAX: ffffffffffffffda RBX: 00007fbff4595fa0 RCX: 00007fbff436e929 [ 120.438984][T10060] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003 [ 120.438994][T10060] RBP: 00007fbff29d7090 R08: 0000000000000000 R09: 0000000000000000 [ 120.439024][T10060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.439037][T10060] R13: 0000000000000000 R14: 00007fbff4595fa0 R15: 00007ffd178c7fe8 [ 120.439056][T10060] [ 121.227039][T10086] __nla_validate_parse: 12 callbacks suppressed [ 121.227055][T10086] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2669'. [ 121.276120][T10091] FAULT_INJECTION: forcing a failure. [ 121.276120][T10091] name failslab, interval 1, probability 0, space 0, times 0 [ 121.279947][T10084] syzkaller0: entered promiscuous mode [ 121.288938][T10091] CPU: 1 UID: 0 PID: 10091 Comm: syz.2.2671 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 121.288965][T10091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 121.288977][T10091] Call Trace: [ 121.288983][T10091] [ 121.288990][T10091] __dump_stack+0x1d/0x30 [ 121.289011][T10091] dump_stack_lvl+0xe8/0x140 [ 121.289103][T10091] dump_stack+0x15/0x1b [ 121.289119][T10091] should_fail_ex+0x265/0x280 [ 121.289148][T10091] should_failslab+0x8c/0xb0 [ 121.289169][T10091] kmem_cache_alloc_node_noprof+0x57/0x320 [ 121.289201][T10091] ? __alloc_skb+0x101/0x320 [ 121.289228][T10091] __alloc_skb+0x101/0x320 [ 121.289254][T10091] netlink_alloc_large_skb+0xba/0xf0 [ 121.289336][T10091] netlink_sendmsg+0x3cf/0x6b0 [ 121.289374][T10091] ? __pfx_netlink_sendmsg+0x10/0x10 [ 121.289392][T10091] __sock_sendmsg+0x145/0x180 [ 121.289416][T10091] ____sys_sendmsg+0x31e/0x4e0 [ 121.289513][T10091] ___sys_sendmsg+0x17b/0x1d0 [ 121.289554][T10091] __x64_sys_sendmsg+0xd4/0x160 [ 121.289633][T10091] x64_sys_call+0x2999/0x2fb0 [ 121.289730][T10091] do_syscall_64+0xd2/0x200 [ 121.289746][T10091] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 121.289771][T10091] ? clear_bhb_loop+0x40/0x90 [ 121.289791][T10091] ? clear_bhb_loop+0x40/0x90 [ 121.289882][T10091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.289902][T10091] RIP: 0033:0x7fcded5ae929 [ 121.289973][T10091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.289990][T10091] RSP: 002b:00007fcdebc17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 121.290008][T10091] RAX: ffffffffffffffda RBX: 00007fcded7d5fa0 RCX: 00007fcded5ae929 [ 121.290020][T10091] RDX: 0000000004008800 RSI: 0000200000000840 RDI: 0000000000000005 [ 121.290031][T10091] RBP: 00007fcdebc17090 R08: 0000000000000000 R09: 0000000000000000 [ 121.290043][T10091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 121.290064][T10091] R13: 0000000000000000 R14: 00007fcded7d5fa0 R15: 00007ffccbb75b88 [ 121.290088][T10091] [ 121.336754][T10089] loop4: detected capacity change from 0 to 2048 [ 121.341093][T10084] syzkaller0: entered allmulticast mode [ 121.345184][ T29] audit: type=1326 audit(120.689:5928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 121.353480][T10093] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2672'. [ 121.356094][ T29] audit: type=1326 audit(120.689:5929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 121.356121][ T29] audit: type=1326 audit(120.689:5930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 121.356228][ T29] audit: type=1326 audit(120.689:5931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 121.360663][T10093] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2672'. [ 121.365858][ T29] audit: type=1326 audit(120.689:5932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 121.370622][T10093] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2672'. [ 121.375961][ T29] audit: type=1326 audit(120.689:5933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 121.431207][T10101] netlink: 'syz.2.2673': attribute type 21 has an invalid length. [ 121.449537][ T29] audit: type=1326 audit(120.689:5934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000 [ 121.477434][T10089] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.502317][T10101] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2673'. [ 121.649654][T10106] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2673'. [ 121.739383][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.767231][T10101] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5134 sclass=netlink_route_socket pid=10101 comm=syz.2.2673 [ 121.790823][T10112] lo speed is unknown, defaulting to 1000 [ 122.074897][T10139] 9pnet_fd: Insufficient options for proto=fd [ 122.187486][T10151] loop4: detected capacity change from 0 to 512 [ 122.194978][T10151] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 122.204746][T10151] EXT4-fs error (device loop4): ext4_orphan_get:1419: comm syz.4.2694: bad orphan inode 11 [ 122.221166][T10151] ext4_test_bit(bit=10, block=4) = 1 [ 122.226475][T10151] is_bad_inode(inode)=0 [ 122.230652][T10151] NEXT_ORPHAN(inode)=2080374784 [ 122.235499][T10151] max_ino=32 [ 122.238707][T10151] i_nlink=0 [ 122.249698][T10151] EXT4-fs (loop4): 1 truncate cleaned up [ 122.255845][T10151] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.309333][T10158] sctp: [Deprecated]: syz.1.2695 (pid 10158) Use of int in maxseg socket option. [ 122.309333][T10158] Use struct sctp_assoc_value instead [ 122.338767][T10159] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2694: bg 0: block 393: padding at end of block bitmap is not set [ 122.345698][T10161] 9pnet_fd: Insufficient options for proto=fd [ 122.377894][T10163] futex_wake_op: syz.1.2698 tries to shift op by -1; fix this program [ 122.467657][T10168] lo speed is unknown, defaulting to 1000 [ 122.612692][T10188] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 122.622232][T10188] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.725989][T10190] FAULT_INJECTION: forcing a failure. [ 122.725989][T10190] name failslab, interval 1, probability 0, space 0, times 0 [ 122.738690][T10190] CPU: 0 UID: 0 PID: 10190 Comm: syz.3.2705 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 122.738728][T10190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.738740][T10190] Call Trace: [ 122.738746][T10190] [ 122.738814][T10190] __dump_stack+0x1d/0x30 [ 122.738828][T10190] dump_stack_lvl+0xe8/0x140 [ 122.738839][T10190] dump_stack+0x15/0x1b [ 122.738867][T10190] should_fail_ex+0x265/0x280 [ 122.738884][T10190] should_failslab+0x8c/0xb0 [ 122.738897][T10190] kmem_cache_alloc_noprof+0x50/0x310 [ 122.738911][T10190] ? getname_flags+0x80/0x3b0 [ 122.738949][T10190] getname_flags+0x80/0x3b0 [ 122.738961][T10190] do_sys_openat2+0x60/0x110 [ 122.739040][T10190] __x64_sys_openat+0xf2/0x120 [ 122.739114][T10190] x64_sys_call+0x1af/0x2fb0 [ 122.739135][T10190] do_syscall_64+0xd2/0x200 [ 122.739145][T10190] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 122.739159][T10190] ? clear_bhb_loop+0x40/0x90 [ 122.739182][T10190] ? clear_bhb_loop+0x40/0x90 [ 122.739193][T10190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.739205][T10190] RIP: 0033:0x7fbff436e929 [ 122.739247][T10190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.739257][T10190] RSP: 002b:00007fbff29d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 122.739268][T10190] RAX: ffffffffffffffda RBX: 00007fbff4595fa0 RCX: 00007fbff436e929 [ 122.739275][T10190] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 122.739282][T10190] RBP: 00007fbff29d7090 R08: 0000000000000000 R09: 0000000000000000 [ 122.739289][T10190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.739295][T10190] R13: 0000000000000000 R14: 00007fbff4595fa0 R15: 00007ffd178c7fe8 [ 122.739306][T10190] [ 122.954746][T10194] FAULT_INJECTION: forcing a failure. [ 122.954746][T10194] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 122.967957][T10194] CPU: 1 UID: 0 PID: 10194 Comm: syz.3.2707 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 122.968008][T10194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.968020][T10194] Call Trace: [ 122.968026][T10194] [ 122.968033][T10194] __dump_stack+0x1d/0x30 [ 122.968124][T10194] dump_stack_lvl+0xe8/0x140 [ 122.968140][T10194] dump_stack+0x15/0x1b [ 122.968156][T10194] should_fail_ex+0x265/0x280 [ 122.968233][T10194] should_fail+0xb/0x20 [ 122.968259][T10194] should_fail_usercopy+0x1a/0x20 [ 122.968334][T10194] _copy_to_user+0x20/0xa0 [ 122.968353][T10194] simple_read_from_buffer+0xb5/0x130 [ 122.968383][T10194] proc_fail_nth_read+0x100/0x140 [ 122.968455][T10194] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 122.968538][T10194] vfs_read+0x1a0/0x6f0 [ 122.968636][T10194] ? __get_user_nocheck_8+0x20/0x20 [ 122.968663][T10194] ? ppp_ioctl+0x10c6/0x11c0 [ 122.968707][T10194] ksys_read+0xda/0x1a0 [ 122.968773][T10194] __x64_sys_read+0x40/0x50 [ 122.968818][T10194] x64_sys_call+0x2d77/0x2fb0 [ 122.968837][T10194] do_syscall_64+0xd2/0x200 [ 122.968855][T10194] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 122.968929][T10194] ? clear_bhb_loop+0x40/0x90 [ 122.968949][T10194] ? clear_bhb_loop+0x40/0x90 [ 122.969049][T10194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.969112][T10194] RIP: 0033:0x7fbff436d33c [ 122.969201][T10194] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 122.969271][T10194] RSP: 002b:00007fbff29d7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 122.969289][T10194] RAX: ffffffffffffffda RBX: 00007fbff4595fa0 RCX: 00007fbff436d33c [ 122.969303][T10194] RDX: 000000000000000f RSI: 00007fbff29d70a0 RDI: 0000000000000004 [ 122.969316][T10194] RBP: 00007fbff29d7090 R08: 0000000000000000 R09: 0000000000000000 [ 122.969328][T10194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.969340][T10194] R13: 0000000000000000 R14: 00007fbff4595fa0 R15: 00007ffd178c7fe8 [ 122.969430][T10194] [ 123.197078][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.305989][T10217] FAULT_INJECTION: forcing a failure. [ 123.305989][T10217] name failslab, interval 1, probability 0, space 0, times 0 [ 123.318706][T10217] CPU: 1 UID: 0 PID: 10217 Comm: syz.1.2718 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 123.318730][T10217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 123.318739][T10217] Call Trace: [ 123.318744][T10217] [ 123.318751][T10217] __dump_stack+0x1d/0x30 [ 123.318818][T10217] dump_stack_lvl+0xe8/0x140 [ 123.318904][T10217] dump_stack+0x15/0x1b [ 123.318917][T10217] should_fail_ex+0x265/0x280 [ 123.318946][T10217] ? __se_sys_memfd_create+0x1cc/0x590 [ 123.319030][T10217] should_failslab+0x8c/0xb0 [ 123.319049][T10217] __kmalloc_cache_noprof+0x4c/0x320 [ 123.319208][T10217] ? fput+0x8f/0xc0 [ 123.319227][T10217] __se_sys_memfd_create+0x1cc/0x590 [ 123.319253][T10217] __x64_sys_memfd_create+0x31/0x40 [ 123.319307][T10217] x64_sys_call+0x122f/0x2fb0 [ 123.319328][T10217] do_syscall_64+0xd2/0x200 [ 123.319344][T10217] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 123.319420][T10217] ? clear_bhb_loop+0x40/0x90 [ 123.319441][T10217] ? clear_bhb_loop+0x40/0x90 [ 123.319517][T10217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.319534][T10217] RIP: 0033:0x7f94c0f8e929 [ 123.319547][T10217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.319640][T10217] RSP: 002b:00007f94bf5f6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 123.319656][T10217] RAX: ffffffffffffffda RBX: 000000000000050b RCX: 00007f94c0f8e929 [ 123.319669][T10217] RDX: 00007f94bf5f6ef0 RSI: 0000000000000000 RDI: 00007f94c10114cc [ 123.319681][T10217] RBP: 00002000000000c0 R08: 00007f94bf5f6bb7 R09: 00007f94bf5f6e40 [ 123.319692][T10217] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000080 [ 123.319702][T10217] R13: 00007f94bf5f6ef0 R14: 00007f94bf5f6eb0 R15: 0000200000000000 [ 123.319717][T10217] [ 123.322433][T10218] 9pnet_fd: Insufficient options for proto=fd [ 123.382200][T10223] netlink: 26 bytes leftover after parsing attributes in process `syz.1.2721'. [ 123.487928][T10214] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2717'. [ 123.536303][T10226] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2722'. [ 123.545423][T10226] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2722'. [ 123.555590][T10226] netlink: 'syz.0.2722': attribute type 6 has an invalid length. [ 123.618287][T10236] netlink: 'syz.2.2727': attribute type 6 has an invalid length. [ 123.722952][T10262] 9pnet_fd: Insufficient options for proto=fd [ 123.776991][T10273] loop4: detected capacity change from 0 to 2048 [ 123.791317][T10273] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.804547][T10279] 9pnet: Unknown protocol version 9p20\++} [ 123.814358][T10266] netlink: 'syz.3.2738': attribute type 1 has an invalid length. [ 123.833360][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.991090][T10320] ================================================================== [ 123.999199][T10320] BUG: KCSAN: data-race in call_rcu / mas_state_walk [ 124.005877][T10320] [ 124.008189][T10320] write to 0xffff88810455da08 of 8 bytes by task 10318 on cpu 1: [ 124.015887][T10320] call_rcu+0x51/0x3f0 [ 124.019952][T10320] mas_wmb_replace+0xc6a/0x14a0 [ 124.024788][T10320] mas_wr_store_entry+0x1773/0x2b50 [ 124.030066][T10320] mas_store_prealloc+0x74d/0x9e0 [ 124.035085][T10320] vma_iter_store_new+0x1c5/0x200 [ 124.040097][T10320] vma_complete+0x125/0x580 [ 124.044584][T10320] __split_vma+0x5d9/0x650 [ 124.048990][T10320] vma_modify+0x3f2/0xc80 [ 124.053305][T10320] vma_modify_flags+0x101/0x130 [ 124.058140][T10320] mprotect_fixup+0x2cc/0x570 [ 124.062803][T10320] do_mprotect_pkey+0x6d6/0x980 [ 124.067644][T10320] __x64_sys_mprotect+0x48/0x60 [ 124.072480][T10320] x64_sys_call+0x2794/0x2fb0 [ 124.077144][T10320] do_syscall_64+0xd2/0x200 [ 124.081634][T10320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.087512][T10320] [ 124.089818][T10320] read to 0xffff88810455da08 of 8 bytes by task 10320 on cpu 0: [ 124.097431][T10320] mas_state_walk+0x3e9/0x650 [ 124.102099][T10320] mas_walk+0x30/0x120 [ 124.106160][T10320] lock_vma_under_rcu+0xa2/0x2f0 [ 124.111096][T10320] do_user_addr_fault+0x233/0x1090 [ 124.116206][T10320] exc_page_fault+0x62/0xa0 [ 124.120724][T10320] asm_exc_page_fault+0x26/0x30 [ 124.125567][T10320] [ 124.127876][T10320] value changed: 0x000055558f952fff -> 0xffff88810455d908 [ 124.134963][T10320] [ 124.137268][T10320] Reported by Kernel Concurrency Sanitizer on: [ 124.143402][T10320] CPU: 0 UID: 0 PID: 10320 Comm: syz.3.2752 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) [ 124.155888][T10320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 124.165932][T10320] ==================================================================