last executing test programs: 1.975701193s ago: executing program 1 (id=986): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18) syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r4}, &(0x7f0000001c00), &(0x7f0000001c40)=r5}, 0x20) syz_clone(0xc0126080, 0x0, 0x1100, 0x0, 0x0, 0x0) 1.684474798s ago: executing program 2 (id=997): prlimit64(0x0, 0x0, &(0x7f0000000700)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpid() r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f00000005c0)=ANY=[@ANYRESDEC=r0], &(0x7f0000000740)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0x200000000}, 0x18) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000160a0103000000000000000002000000540003804000038014000100626f6e645f736c6176655f300000000014000100736974300000000000000000000000000400010073697430000000000000000000000000080002400000000008000140000000000900020073797a31000000000900010073797a30"], 0xa8}, 0x1, 0x0, 0x0, 0x8000}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0xfffffffc, 0x0, 0x0, 0x40f00, 0x5a, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f00000004c0)=ANY=[@ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x0, 0x52}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400}) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x97, &(0x7f00000001c0)=""/151}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000"], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, 0x0, &(0x7f00000000c0)='\x00', 0x0, 0x2}, 0x48) fallocate(r6, 0x0, 0x0, 0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r9, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYRES8=r4, @ANYRESHEX=r2, @ANYRES32=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x19}, 0x94) 1.646635061s ago: executing program 4 (id=998): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000580)=ANY=[@ANYRESDEC=r0, @ANYRESOCT=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = socket$packet(0x11, 0x3, 0x300) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4) syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="e43f6642531e", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe000, 0x2, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x1, 0x1, 0x10, 0x0, @void}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x1, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x2000, &(0x7f0000000000)='%', 0x0, 0xd01, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5, 0x0, 0x2}, 0x18) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000002c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100d0000000fbdbdf25010000001800018014000200766574683100000000000000000000001c0002800c00018008000100030000000c000180080001"], 0x48}, 0x1, 0x0, 0x0, 0x840}, 0x4008800) socket$nl_generic(0x10, 0x3, 0x10) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7a0a00ff000000007110bc00000000009510000000000000"], &(0x7f0000000480)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f00000005c0)='fib_table_lookup\x00', r8}, 0x18) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r1}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.601128564s ago: executing program 4 (id=999): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) r2 = openat$incfs(0xffffffffffffffff, &(0x7f0000000140)='.log\x00', 0x4000, 0x4) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000200)={r1, 0x4, 0x30}, &(0x7f0000000300)=0xc) semop(0x0, &(0x7f0000000180)=[{0x0, 0x203}, {}], 0x2) semctl$GETPID(0x0, 0x1, 0xb, &(0x7f0000000080)=""/169) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000080), 0x64, 0x50a, &(0x7f0000000200)="$eJzs3c9rHG0dAPDvbLK1adM3edWDvmCttpIW7W7S2DZ4qAqip4Ja7zUmmxCyyYbspm1C0RT/AEFEBU968SL4BwhS8OJRhIKeFRVFtNWDB+3I7s6mabqbbNttNs1+PvBknmd+7Pd5NszsPDMPMwEMrHPZ9GmappciYiwr57IU281UX+/J4/tz9ZREmt76RxJJNq/1WUk2PZ1tdjIivvqliG8kL8atbm4tz5bLpfWsXKytrBWrm1uXl1ZmF0uLpdXp6alrM9dnrs5M9qSdZyLixhf+8v3v/PSLN375qbt/vP23i9+sV2s0W767HS9peL+FzabnG9/F7g3WXzHYUZTPUsNIuzWGXpjz4A3XCQCA9urn+O+PiI9HxKUYi6H9T2cBAACAt1D62dH4bxKRtneiw3wAAADgLZJrjIFNcoVsLMBo5HKFQnMM7wfjVK5cqdY+uVDZWJ1vjpUdj3xuYalcmszGCo9HPqmXpxr5Z+Ure8rTEfFuRHxvbKRRLsxVyvP9vvgBAAAAA+L0nv7/v8ea/X8AAADgmBnvdwUAAACAN07/HwAAAI4//X8AAAA41r5882Y9pa33X8/f2dxYrty5PF+qLhdWNuYKc5X1tcJipbLYeGbfykGfV65U1j4dqxv3irVStVasbm7dXqlsrNZuLz33CmwAAADgEL370Ye/TyJi+zMjjVR3ortNu1wNOKqGd3JJNm2zW//hneb0z4dUKeBQDPW7AkDfDPe7AkDf5PtdAaDvkgOWdxy885ts+rHe1gcAAOi9iQ93vv+f23fL7f0XA0eenRgGl/v/MLga9/+7HcnrZAGOlbwzABh4r33//0Bp+lIVAgAAem60kZJcIbu8Nxq5XKEQcabxWoB8srBULk1GxDsR8bux/Pvq5anGlsmBfQYAAAAAAAAAAAAAAAAAAAAAAAAAoClNk0gBAACAYy0i99fkV81n+U+MXRjde33gRPKfscheEXr3R7d+cG+2Vlufqs//58782g+z+Vf6cQUDAAAABsJLvcC/1U9v9eMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJeePL4/10qHGffvn4+I8Xbxh+NkY3oy8hFx6l9JDO/aLhcRQz2IP1L/86F28ZN6tXZC7o2ftLZ9TdsP9o0f49m30C7+6R7Eh0H2sH78+Vy7/S8X5xrT9vvfcMRz5VfV+fgXO8e/oQ77/5kuY7z36OfFjvEfRLw33P7404qfdIh/vsv4X//a1lanZemPIyba/v4kz8Uq1lbWitXNrctLK7OLpcXS6vT01LWZ6zNXZyaLC0vlUva3bYzvfuQXT/dr/6kO8ccPaP+FLtv/v0f3Hn+gmc23i3/xfJv4v/5JtsaL8Vu/fZ/I8vXlE638djO/29mf/fbsfu2f79D+g/7/F7ts/6WvfPtPXa4KAByC6ubW8my5XFo/tpl6L/0IVEPmCGa+1dMPTNM0re9Tr/E5SRyFr6WR6feRCQAA6LVnJ/39rgkAAAAAAAAAAAAAAAAAAAAMrsN4nNjemNs7uaQXj9AGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiJ/wcAAP//UW7ZFw==") bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/icmp6\x00') fchdir(r3) r4 = inotify_init() inotify_add_watch(r4, &(0x7f0000000000)='./file1\x00', 0x8000041e) 1.294795221s ago: executing program 4 (id=1001): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000580)=ANY=[@ANYRESDEC=r0, @ANYRESOCT=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r3 = socket$packet(0x11, 0x3, 0x300) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4) syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="e43f6642531e", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe000, 0x2, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x1, 0x1, 0x10, 0x0, @void}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x1, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x2000, &(0x7f0000000000)='%', 0x0, 0xd01, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5, 0x0, 0x2}, 0x18) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000002c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100d0000000fbdbdf25010000001800018014000200766574683100000000000000000000001c0002800c0001800800010003000000"], 0x48}, 0x1, 0x0, 0x0, 0x840}, 0x4008800) socket$nl_generic(0x10, 0x3, 0x10) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7a0a00ff000000007110bc00000000009510000000000000"], &(0x7f0000000480)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f00000005c0)='fib_table_lookup\x00', r8}, 0x18) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r1}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.031273703s ago: executing program 4 (id=1004): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYRESDEC=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x400}, 0x100002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00'}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r4, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) r7 = getpid() r8 = syz_pidfd_open(r7, 0x0) r9 = pidfd_getfd(r8, r8, 0x0) setns(r9, 0x66020000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r10, 0x0, 0x6}, 0x18) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r11, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000680)={0x2, &(0x7f0000000640)=[{0x1, 0x1, 0xa, 0x6}, {0xcf, 0x9, 0x6, 0x401}]}) sendmsg$NFT_BATCH(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000aac020000060a0b040000000000000000020000003c020480380201800a0001006d6174636800000028020280080002400000000114020300d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a5778bd4f724ee4ca57f2527aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedcf65b8b005623d90772b8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbad362baa26f43f12f831fd221926d6536eeff641db46920ae0e48f3ff5de599714ba6510ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37cd51f65a92d883f8901add03b650c9ec182fb565a4d657ebba9d6a5eb426b22d5933b72362e6ec327fb679aa8034b8b3b6680ad138be47652a3e77981187d2921cebfc1639aa280e3d38dba9b1af49ceded79c78a2d656b3a3e946e17e6257def6679f70f11aa01a2d906aecf4dbc7d1a332a8932ed719ce7eecb5450f494f944b3f6b637502ddba609c6e45dcfad1db7c7dda3e2c8d5ddcf27132985442e9b8df16f96c82e72e3e2491856d07756b9f08000100627066000900010073797a30000000000900020073797a32"], 0x2d4}, 0x1, 0x0, 0x0, 0x2000}, 0x4048010) r12 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021181500001e0a05010000000000000000070000000900020073797a31000000000900010073797a3000000000ec140380300000802c000180250001"], 0x159c}}, 0x0) 970.449408ms ago: executing program 1 (id=1005): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000f0000000000000c00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10) socket$kcm(0xa, 0x2, 0x0) socket$kcm(0x2, 0x2, 0x73) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x4000, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r3, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x33}, @void}}}, 0x1c}}, 0x4000054) 951.473539ms ago: executing program 3 (id=1007): mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x600000, 0x6, &(0x7f0000a00000/0x600000)=nil) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2000, 0x116) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) mount_setattr(r0, &(0x7f0000000040)='./file0\x00', 0x8000, &(0x7f00000000c0)={0x11bb65b53bfab777, 0x2, 0x100000, {r1}}, 0x20) r2 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/rt_acct\x00') r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="b80000001300e99926bd700000000000fe8000000000000000000000000000aae000000100000000000000000000000000000000000000010a0000100c000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00000000000000000100000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000001010000000000"], 0xb8}}, 0x0) r4 = socket(0x18, 0x800, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x5f}, 0x18) connect$pppoe(r4, &(0x7f0000000100)={0x18, 0x0, {0x2, @multicast, 'vxcan1\x00'}}, 0x1e) sendfile(r4, r2, 0x0, 0x8) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r6}, 0x10) r7 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000002c0)={0xffffffffffffffff}, 0x4) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRESHEX=r6], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r8}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000400)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000340)={'sit0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x80, 0x7800, 0x5, 0x4, {{0x6, 0x4, 0x0, 0x1d, 0x18, 0x64, 0x0, 0x6, 0x4, 0x0, @empty, @loopback, {[@end, @noop]}}}}}) setsockopt$inet6_IPV6_PKTINFO(r1, 0x29, 0x32, &(0x7f0000000380)={@dev={0xfe, 0x80, '\x00', 0xe}, r9}, 0x14) set_robust_list(&(0x7f0000000280)={0x0, 0x401}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) mbind(&(0x7f0000c75000/0x2000)=nil, 0x2000, 0x4, 0x0, 0x0, 0x1) 884.884455ms ago: executing program 4 (id=1008): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='mm_page_alloc\x00', r0, 0x0, 0x7}, 0x18) r1 = socket$kcm(0x21, 0x2, 0x2) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x8000, &(0x7f0000000740), 0x1, 0x53f, &(0x7f0000001040)="$eJzs3c9vI1cdAPDvTOLN/khJChygEqWiRbsF1kkato04FJAQnCoBRVyXkDhRFCdeJU67iSqaij8ACSGoxAVOXJD4A5BQL9wRUiW4I0AgVLZwAKntoBmPdxOvnQSt7ZGSz0d663kz4/l+33j98p5nZAdwYT0VETciYiIino2ImXJ9WpY47JR8v3fvvbaSlySy7OV3kkjKdd1jTZWP18qnXY6Ib34t4rvJw3F39w82l5vNxk5Zn2tvJe9l2cHNja3l9cZ6Y3txceH5pReWbi3NP0rz9roLsxHx4lf++uMf/OKrL/7mc6/+6fbfb3wvT+u/WfZ69LRjmDpNrxXnomsyInZGEawik0ULO25VnAsAACfLx/sfjohPFeP/mZgoRnMAAADAeZJ9cTreSyIyAAAA4NxKI2I6krRe3u87HWlar3fu4f1oXE2brd32Z9dae9ur+baI2ailaxvNxnx578Bs1JK8vlDeY9utP9dTX4yIxyPiRzNXinp9pdVcrfrDDwAAALggrvXM//8905n/Fw4rTg4AAAAYntmqEwAAAABGzvwfAAAAzj/zfwAAADjXvv7SS3nJur9/vfrK/t5m65Wbq43dzfrW3kp9pbVzp77eaq0X39m3ddrxmq3Wnc/H9t7duXZjtz23u39we6u1t92+vXHsJ7ABAACAMXr8k2/9MYmIwy9cKUruUrmtFpFNHN15sooMgVFJ/5+d/zK6PIDxO/r3/Ur/XZJx5QKMlyE9XFy1qhMAKnfaIH/gzTu/G34uAADAaFz/+ODr/++sVZoaMGLl9f/ERT64eCbOstPU6PMAxq9z/e+DrKPqbIBxqp00AjApgHMvHc71/1NuJUx0KAAAULHpoiRpvZwHTEea1usRjxU/C1BL1jaajfmI+FBE/GGmNpXXF4pnJkbzAAAAAAAAAAAAAAAAAAAAAAAAAHBGWZZEBgAAAJxrEenfur/MdX3mmenezwcuJf+ZKR4j4tWfvvyTu8vt9s5Cvv6f99e33yzXP1fFJxgAAABAr+48vTuPBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBhevfeayvdMs64//hyRMz2iz8Zl4vHy1GLiKv/SmLyyPOSiJgYQvzDNyLiY/3iJ3laMVtmcSz+pYg0Iq4MK37f839C/OjEvzaE+HCRvZX3P1/q9/5L46nisf/7b7Isj2pw/5fe7/8mBvR/jw06aO149Ym3fzU3MP4bEU9M9u9/uvGT/Hh94j99xjZ+51sHB4O2ZT+PuN6v/0uOx5prb92Z290/uLmxtbzeWG9sLy4uPL/0wtKtpfm5tY1mo/y3b4wffuLXHzyovf9Q+6+e0P8W7R9w/p85oc1TR5bff/vuvY90FntemajFz7LsxtP9X//CZx6O3/3b9+lyr7yen8P0zW/3zeXJX/7+yUF55u1fHdD+y6e0/8YJ7T/q2W98/89n3BUAGIPd/YPN5WazsWOh4oWkHPE+ynG6n4iMPud83Fn1GWskkcTmcnMqjm1arj6xzsLr5aux3Oy+24Z05N+W/1VGmfy4OyIAAGDkHgz6e7c8uADjOjMAAAAAAAAAAAAAAAAAAACM1qlfAzZoUxoRZ/w6sd6Yh9U0FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgRP8LAAD//85dztw=") sendmsg$kcm(r1, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0xffff, 0x2, 0x10, {0x2, 0x4e24, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe342"], 0x10b8}, 0x200008c0) 882.325155ms ago: executing program 3 (id=1010): r0 = socket$tipc(0x1e, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x1}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = socket$netlink(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fbdbdf250f00000005002f000100000005002a0001000000050029000100000008000300", @ANYRES32=r2], 0x54}, 0x1, 0x0, 0x0, 0x24004040}, 0x24008824) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r4 = socket$tipc(0x1e, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYRES32=0x1, @ANYBLOB="00fdffffffffffff4d57ef5f05"], 0x48) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) socket$tipc(0x1e, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) 815.493361ms ago: executing program 0 (id=1012): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000020700000a4c000000090a010400000000000000000a0000040900010073797a310000000008000a40fffffffc08000549000000020900020073797a3100000000080003400000011c08000640ffffff00140000001100010000000000000000000700000a"], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x5}) close_range(r2, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000005c0)="8d0e", 0x2, 0xfffffffffffffffd) keyctl$update(0x2, r3, &(0x7f0000000680), 0x0) setresuid(0xee01, 0xee00, 0x0) getresuid(&(0x7f00000002c0), &(0x7f0000000080)=0x0, &(0x7f00000000c0)) setfsuid(0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) r5 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000b00)=@newqdisc={0x4c, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x8, 0x200, 0x8, 0x6, 0x8, 0x8}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4c841}, 0x44080) setresuid(0xffffffffffffffff, r4, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002c00)=ANY=[@ANYRESOCT=0x0, @ANYBLOB="4f656739667bb6850feec4436f72bb475b86f6a2e4f7643610fc0e5668a855da18ceced01da38cd1ae28e5037ee22faaa9674e7a2d00ac3d0aea224f7878c32f3dffdefc577569899c80c13e2db70da8893f0b1bc542467581f63414db0124b39c823b19fc4a3a49e887ed6fe4913a1ab077a4ad54fb14b188457752b2bbcf3f7aa42ee16712defc788601da84a1554b335ed845f247daba88dd42fa011db13b97afce10a85779c8968146b4b6e81b78a3e2ba383a7ba82c8d95a3173d5f2f3661f7a1866ec6df85c0e48fe6d29b6990711d124b1311c58b82d3d1ce307375b97d5567e801d8d1d72a03177b45a3fb9b2df51c926fd2ed4e6982c4a41ff171351a7a49b3b98494c45feb99586a7ed8e23ce5de87cae883995faaddec31b616b40a7706baa02d28285a1a6a3e552127e077477ab161decb41b54af04d2b76ff68046c03a4ab11e2931f198a9ec94ecefddbcebbe5e594e67950cbe12f840968cb0067ac42a200530e2115f8d07b4aead5aa65ef1131e7a83f6db7c375e813831d2069f6d4570f5fb8c0158ead6c0b452e95e0ef180ec2d90609d90fb32a6cce35ddd084dd1c444f6990460cae52ed478fe4c5cdac51b7c5644c190da57a0411880a2fa6020930dacc03d0719b5bd8dfaa9c0c5effe40e312a5d207310b9a0d6d1f9d185e0a731f671750aaa4e050e65cfca55f5968025e49e5bea70bf7d5df77bea070747590e78cab174c910db81f8f5a1cf79d99356f94c3cfe6f0d291192f1dc9eaaec772a5e43a720bce04c88318e500dd392596b3f5a93083abb0679967c2337955d5781baae023b63e99ec1fa0e0d036e54ab0e1ae3066a9f35c63da31d62420721619b19f568140e50a14050c451f70990390737630b2f6c6079d12502a478350db4beb8576853ba415817bd2d856ee323d5044c6aa3e2640626303a822d73dc478d774b7686cb173c6a37155775e9eb4a1f63bad05fc45ae7af76a1e4121fdecaf78c00aeeb3a89f236b51ec1ffaeddfafe1de163117b2323572b18594ecaeec611c30ba9b15efaf7b20feb0a2fd116782882eb7f4eb704ab6cb64afd7e98669dedfaed7a1fa19f27a898d59a5ea53f42c3013a055f558b076f0bb75aec4256e79f73dcba31cce441a992a2040eeeeabefd3cb5e01678efed54c141aee3b8f6d56b2b42695daa83805f0114c37240ca043045d02431c7e083da10f6158956b727d940d37acfa0c30ab39f20e00241cad10ae43479a045003f07b8f45b3c58b1a9bd6230917e766ec181a0b19c4a1e2a97ec7f006da258a0e5b75780c29988138f35b8986b832d802e55f42d1650e959c1db74f19b4167fa9b45d30216bf212b8e4b7272dbe65895d632994c4b4a013010b19fcb6d65afb07105b9d33f2bf68335095dd6a179a028902e9c59ae3a3ee3fc88ebc91482c01225648044c8dab4ae33bc77eb7cc55a665799b4462fc24c45b754b25e3a942d47192bb921e0c904a849729dce3ed6d0f1e7df4fb553664b413af6d09e39daa4dc9ee180639bd594cf91eff4ad2beac0c7f4fcba900c04d94e77fa4fca9e54cd6a00dd567dffcb7a872313a80f8298fad8bc05d20597e5022f4a7ed38d0f783eaeec1c4690fd7ead2d41fb6828dc995d264dc7394645690fea0b14fdbcc399b932753a171cd5d4df7b8219a62e03a905413fa7b2668dc507ddbf9d509c9fd62362476cf9128f59570abb5cf46959b050b89bdc9698530dc8b2649582d67e0b52b80ea7589cf0c47f0fe5cf69f734c11ff00889c3e759ae0f19593956c87984dda64ec0691e872116857174d4624fdf9afc7c5c79d8bab2c6fecd9677484b40204216cd3a99584ea1163d4455614a741e1f7dcf4a7b218ea7fea6675301e0b9faf44813f8a9041e541153fe017a4f98d59c8fadcd8a936deb0cf713da74fce3ef6c34ab46b70fa56a773c71e8cae93ff3f41399b2f0dba40abc4a254dae6fd7240248c7bc2df2da3beacebd5a8dbedb5d80577fbf4a9feb686b2b7eb1493e55884a7a0f09e829fd60e556375766196e1c3991774fdb8f159ee4abc7e9ca5fcb89891b4f9dc8efe37c2fb6ff70ca6b409a2d16e68cd915d1232814a0916e0a9fb190c054d1f1d5abbf7270c7c51455f47a1439ae58f4e70eef17fb65cfd7998c6204a8600a8580e1c19e4e11d2c24ba7050cfc43ed7f6e707bd860e56570a4b7da3642505e9097dbdd55494008532ea3d6f674b01a86e35a7fb1c8dd10c3c6f924902437a38aa61712dc08043df57a80e28a23e56da6e3420251993fc715fd0faafa000ff29664471b1fc96eff573a57494605e8f1767a5ceb22cbefd0235f16860d20cdbb92bae04c532ee8f38c8540c90ce2977d10943d1b76e09f5c946762b8fb61d7e35a2033bbfa5a202bdc33ff1c7d4634a016ec034bd7dfa501f6bae7d91d16e7f54fa6099dc2f754d76b635aa4458eee5435adf213c7ad898c8043aaee874a5c778958c2fe65247dc86e0767c6ff58fa9a165ae596cb876d8389ae0e26ef4f51cb2ec9c78a7130a293d3809fcea1ab5bc6974a87be813c9ead71986f094c78f6557dd9c57b3634554fbf20f4707612d8e8b29e608e42eacc17865e815be49dcc4d0a4a6269658132d44484e5ea2d1ae81efc38b6306b165fccb77a5827314a8d03f4c8f9c873c56da217f5970c27567ae8ac482b46e9b540b64a975a9960143f824ac41b73286621501a987d3604dc6a48dc2161dff2ba82ead4458034121fda40822fe84e6f74e11aab2c3cfe47a92e6277c70c3fb20e359427bf226b51298decb0bc567a8848c870eb36aedcecb6c9d8d1f3b1c6e8e745034643885cec0d4b1c460fe8dce28508164a5ca12a460609a71675c12e2ae3d6c607c390b2400e61e2c413bbcaec02dfd49df8cb47b7679f2c5b4468ab36391a6cf39f0929e9f04923b67bc7b77580ad6918b1339d1f3305cf6b4efcee8fd6c6c35a5fd28531cae3c9be5d5dd2fe09b0e06c7bd9959593f6c13419397a65ca51096ed0e6ea928d246d9fddfa547f7ce821185e7f642474380d726544d128592bdd46cfcfcd4e77b50a80882580902abe94e5ee6e500e112ec665a444cd3b0576e41614bd0e5b3c80f4eff3333ee8f6f8786455280b58f78c8123c4313ae8af3cf717bbd637ff579cc4c7bee32b08200d8cce7e0969713a1b03660ca778467718ebd002bdbbfcba725c93b14005f4d1dbd189860c943e848a5cb0832b5fbd81e19c7ead159c8b1ee964c74931bb884b0fb2f906e00ef975ae78cec75f92a99204d58f84d2e85e9f5ceed364e22aa38b1085d04e434fb7d8457fd0a98e8e65ff0d2dadc2a0bae77caa8f272d4d62120d9f34cbc225d1dd2b64f924a3f428596c8d3a8e7aa1c9e4e75f248bfca3abaa075e24890d9e8896ee54bcb8279c7b901e295aba8768ccdd1acab5e637e07b067da9eafe3b4045e0266068a8e017676b5c4145f3664a53eedb5e3810c80eaa4e6ddabb68fcfeea28435a7c2da5249e5447c2b0f2bd7c5956e5fb81491d8da5ff555154edafc7fe8e7940490df205cce149d7582429186a7eb1bc65c88280d0df67c733834e38c19867024e7df49132c077bbb0170abb1eb419c50c8b99d19bd39f9b8cc9bbac5c46ba80602cd488e3cabee036721c72313787615e342541e7da7203ef0b3d61bf9f27782de2842aca11e88f57c959aa2f5d02f48c8fb98670146d16588a4eede7c0f123c005e95c7846e8d3a6f85b7466df3f0d290ddf6de02b39402a3359c259308313ba69f3a7dae4c47451c393368879e0110b377fde12fc3d87420ced2588ffe3e93603e3267052cd41034ad0c07110c4f01ec506b315701c3cadc0ccfcdfe6e59d93514a427374a076488b4fe691784cb0f95a28faa41b3d68db0f7221a0ce8ef36de68defb5ff2a339824bd7d15754483c0d2327395f69fddbd46937a267bac77210a0d4fbbd6554bdd47415c93fd185cf242b1327929b8ef20053f151316419ae9d1bdd3b94a1096b347a0f2abb4e27f471f0fff9104d74aaeb57c86e36b538ac86bdc9d875ff35dd3f1c8f95d7911830bdf22891f9cedba18ddd5eee9b4e75ea50fba1843f2f50a94069fea7905aa55eb0936a5e4c3559bcdacd86a6ddb8eb7dcf06d7117722f0ed0af054120f98c72e61f4b1d4a65f54a45a006e2ee61be5fe2b4c60e4311096b3405ada70d05a97211635146387df1020cc56fa29e9d74bd14c1b92e0d82fd56cb286295e0c64609288ff5f6ec7bd3c400552ad87d7fcc086820f7a38ac245972362783fffbb9843d9a5c708f533a81532d464035d3bd5ac2ca1e99adef138e5d02390e66801d9e588e918b79e29b010b4da452b84d758948998675087c0ec69e2dd82986bf911c2e3065e63d20f9c6584630f9e8025f42b8c3a24dce0dadc306fd8cde6049427b8534aebac7cef2626e121298a91c47c5f010070554997579dd12299f4a20279f4ea3ee156ece28e82d44fb2fc3134860b81bf92196fa3a38c0eea1e09a2f43dedec0132544c89751f190e10c4e14771ba546b4a152f33f44c139e4a363ff1564aee9b3a3722b12761f682f29468fe286a77fac0c98c215197fa6839d681ddaa9ecbf42f9a5a46c3288924eabcc564da00731b37cfdbb1ef2488938cb3515d91d740e8ff09a0c84987a41088013ee2a5ce47bdcb385ac375ab5f0395d613212cf4723255ff0bfb2ee6a69d1f70cd4d9e6d37d32b8c2c3ea0f89c04c0d7a3d18752eeb1920b6bc529c77955ff2267faec7ea971f51462fd43348941e02413c4a8b5fdbfadb9d280b899760252f362b10c49c2609aa782d23a046d227dbd87a9206ea2b233e97e028777a31138ad0be39c62c6a8119ba1fc7942ca74425eb013b3cd2b90bf231e47ee52418b700275f57f0558c89fbab43fe74911e2076e3df2cb7d9976f469b21ded0d2ae98c33eb2750fb5aa9b37e2a18bcbc67956d6c9a12531473ae9fa48ce1bd1e44d3d3a7b21094878f3866460d8a5493d88f660bb552d6c11fbe398235d1fc35c58f767a150fbc738c06f6421ba9347e8d51b89506e854b632980304b54cc58171cfa5337388df40b52b6162810952f90e083200361357c6fc2dc91808ff03a04ec7dc3d5670daf073e6551ccdb05c4c2af194fede003ec623717aeb480a127608ed443e60e970d457e7598cab0a6689bc06e8bbf53b979432db1839d133e3efdeb34e0294e03eaa070902baa96a6c695525aaa4a61ca68069250be3ab3d61fea5d912c383a43f40084f6c9ffefa775d2a0e7275979dadd35044751ca9da66c86a3b6c9832b952cc7d09cb3e0109bbbf30c3de2e36651c3a393b009f61b89a900c1a919fa0201ed4d405c80f482f6ecc0862dd759ceffd8188c18db3d083aa6ea1e8534752270d2a2c69d469b5291d0fd30fc6b66b6c5aab0fc63e19f4430b2a0180e520932f52ccb1f2618f2607e3c0eaaba527101e26ab35e5c6bba94431db1ef9c4f8641114cae233fca4caf8248c34da7b2d9ae8471ad872eff5e51738015db2f2d3e083ce8584eea9d5aebdb6727a9dc458608cdde206ace66487daf00c26dc76b60893a9ce675e684477712b7ff49f8af2d41c322d5c99146e7fd332e5bf5448119e939b4ff15f3a6de1ef72ea3f86fe26872b5a3d00b5093f20b693ed607d02d426a3e67034eaecf8eee4dfd3eae8f8f4425328f47eb0f34a4188815ed16870e912d2c7e3e24bd7a19cdafa65044f7842b254ee49659329e6563681af577965526a1cf55649277c41f2b7ccbb51a956903a1ea4a7a121d3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r7, @fallback=0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r8}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r10 = io_uring_setup(0x1612, &(0x7f0000000200)={0x0, 0x0, 0x3040}) io_uring_register$IORING_REGISTER_BUFFERS2(r10, 0xf, &(0x7f0000001580)={0x1, 0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000040)=""/155, 0x9b}], &(0x7f00000012c0)=[0x2]}, 0x20) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) 806.476652ms ago: executing program 3 (id=1013): r0 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x18) connect$netlink(r1, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) sendmsg$nl_route(r1, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000021000f0000f901000000000002"], 0x1c}}, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) 782.589554ms ago: executing program 2 (id=1014): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000f0000000000000c00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r4, &(0x7f0000001240)=""/102400, 0x200000, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000940)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc68, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000380)='kfree\x00', r6}, 0x18) socket$kcm(0x2, 0x2, 0x73) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000480)={0x0, 0x4000, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r7, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x33}, @void}}}, 0x1c}}, 0x4000054) 767.251485ms ago: executing program 1 (id=1015): r0 = socket(0x400000000010, 0x3, 0x0) write(r0, &(0x7f0000000040)="3a03000019002551075c0165ff0ffc02802000030004000500e1000c1e0309000800a000", 0x33a) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) memfd_create(0x0, 0x7) ioctl$PTP_PIN_SETFUNC2(0xffffffffffffffff, 0x40603d10, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r2, &(0x7f0000000400), &(0x7f0000000440)=""/236}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f00000005c0)={0x58, r3, 0x4, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xfffffff6, 0x7d}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0xc, 0x1, 0x3, 0x0, {0xf1ff, 0x1, 0x0, 0x3fa, 0x0, 0x0, 0x1, 0x1}, 0x1, 0x9, 0xc}}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x4004094}, 0x80) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) 708.58627ms ago: executing program 0 (id=1016): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000002000000000001000000181100000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x18) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010012000000010000001a0000000c00018008000100", @ANYRES32=r1], 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) 705.21405ms ago: executing program 4 (id=1017): bpf$TOKEN_CREATE(0x24, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_pidfd_open(r0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00', r2, 0x0, 0x415}, 0x18) unshare(0x64000600) 695.803711ms ago: executing program 3 (id=1018): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x80, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x54, 0x3, 0x0, 0x1, [{0x50, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x44, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x3}]}}}, {0x14, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x4}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf8}}, 0x0) 666.876233ms ago: executing program 3 (id=1019): r0 = syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f0000000580)='./file0\x00', 0x80, &(0x7f00000004c0)={[{@abort}, {@quota}, {@journal_dev={'journal_dev', 0x3d, 0x4}}]}, 0x1, 0x557, &(0x7f0000000c40)="$eJzs3d9rW1UcAPDvvV02u1U78Qfq00DHlLG0Wzekb+uDj5Np8VFqSbNSmjalSeda+rCB7woKiiKoT3v3VUT8A3wW0X9AEVccnW+V2yTd1iUxm66ZvZ8P3OScew79ntPke5J7uZcEkFvHsoc04vmIuJhEDN/RdiCajcca/TY31ku3NtZLSWxtTf6RRBIRNzfWS63+SfP5SERcjYjnIuL7QsTJ9N64tdW1+elKpbzcrI/UF5ZGaqtrp+YWpmfLs+XFsfFz42Pjr46fHfvP5jo5Nf7G8Z9eT75NJl67+fnbN5I4H0PNtjvn0ZM2c2qn8T8pxPld+8/eV7BHX9LvAfBABpp5XoiIZ2I4BppZD+x/W4citoCcSuQ/5FTre0B2/Nva9vL7x+8TjQOQLO7mxvqBzZ34BxrnJuKx7WOTw38mdx2ZZMebR/dyoOxLV69FxPWDjcpd7/+k+f57cKM99XLmpJ++m2i8UPeuf+nO+hNt1p+h1rnTf6m1/m021r/SZpv4Ax3Wv4s9xlgc/+HZjvGvRbzQNn6yEz9pEz+NiHd6jD/59W9fdWrb+jLiRLSP35J0Pz88cmmuUh5tPLaN8f6bo9e7zf9wh/jnu8w/27fU4/zjrad+vtol/ssvdn/928UfjIgPegz/y6cfvtepLYs/02H+3eJn+77oMf7xV76Z6LErAAAAAAAAAABwH9Lta9mStLhTTtNisXEP79NxOK1Ua/WTl6orizONa96ORiFtXWk13KgnWf1083rcVv3MrvpYRDwZER8NDG7Xi6VqZabfkwcAAAAAAAAAAAAAAAAAAIBHxJFd9//fHGjc/w/khJ/8hvyS/5Bf8h/yS/5Dfsl/yK9W/h/q8ziAvefzH/Krl/wf3INxAHvP5z/kl/yH/JL/AAAAAAAAAAAAAAAAAAAAAAAAAADwUFy8cCHbtm5trJey+szl1ZX56uVTM+XafHFhpVQsVZeXirPV6mylXCxVF/7p71Wq1aVzsbhyZaRertVHaqtrUwvVlcX61NzC9Gx5qlzYk1kBAAAAAAAAAAAAAAAAAADA/8vQ9pakxYhIt8tpWixGPB4RR6OQXJqrlEcj4omI+HGgcCirn+73oAEAAAAAAAAAAAAAAAAAAGCfqa2uzU9XKuXlDoXBZr9ufRQUFPZboc8LEwAAAAAAAAAAAAAAAAAA5NDtm377PRIAAAAAAAAAAAAAAAAAAADIs/TXJCKy7cTwS0O7Ww8mfw1sP0fEu59Nfnxlul5fPp3tv7Gzv/5Jc/+Zfowf6FUrT1t5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANxWW12bn65UyssPsdDvOQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8iL8DAAD//yoh0LQ=") syz_open_dev$loop(&(0x7f0000000500), 0x3, 0x0) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x73, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000011c0)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095000000000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18) write$qrtrtun(r1, &(0x7f0000000300)="ca0e808bb35bda", 0x7) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x9}}, 0x40) r4 = fspick(r0, &(0x7f0000000340)='./file0\x00', 0x1) fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f0000000480)='\x00', &(0x7f0000000b40)="b1ccc518e90b8585321b5d911c1ac09a423e3ff556d870511fba53244e68d2abfde288b6f0d29856a71808d6fe01cc200d58701822d05e45cbde6689eb1bbcbe1e778774bfd7ae2700ff0324582581e5225808d16ad7c60f3c411cd749d933e7ab53ec216ee969aa012c0182f125fe5f68d4599918a33f9ed7a44cde72bdace51a708d12012fce9a56a778b7bc8fcf9c7fe9bea5b0929944ffb4dd1afe4c948cc941996e67505d53376239c07d6acb465fd02ace9639289cfe6755862a4b3855e1a01b", 0xc3) bpf$TOKEN_CREATE(0x24, &(0x7f0000000240)={0x0, r0}, 0x8) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x12, 0x1, &(0x7f0000000180)=ANY=[@ANYBLOB="852000100300a882"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000f00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000eab60492eaf203b762ef78ecf276e7bf62c5000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10) r8 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={r5, 0x0, 0xf0, 0x29, &(0x7f00000005c0)="9d9ff75024b277a48f66cbfc646073de8b19c0a6ba669b2c58c11a88314c257769a96994b5f887638632c212d6e1d34d2f8518a3011af657e744bbd8616d5be2a068415fd58bdb5cced88ae6538c058dfe44b59b6fa7e8a2b79d938a58a22d3cf0a0fb36e7ec5aea06b66ae89737bed5c93252918ab884c33a2173ea4f6de055b2ab43dd8f38acf1ae0b93770e9f06d6d3b6663fe7b6befb0c4b0099f468d0712da5125677c1f35415114f021e9986cb66ad56694cac4278ab298c588a0bc3d1339a075c4fefc212cebc7b90f73f5576fb0ebef612e77f160a770047256eac27340fe1d8c8af003ccff4816200f263e0", &(0x7f0000000840)=""/41, 0x5d, 0x0, 0xda, 0x38, &(0x7f0000001280)="8bcd3c699bbf116a2d00e1a20196954f265d0b6a195f39005365843250ea37b04a6afbe75d5df0c1573e5e4385cad2694a04518ed5c76a3d96e496bfab07cc47e75691366612ab200a6b7cec9714b90ac8d091721725cb4598cd6f082da167985eeb767b03c7fbe9c2762a99d6e98bba20de7176e6bb65abcc593d2b24b2d9b40bed29ae5759555287e76244a83c3cbd6ca872b5d12e97973dd4b5743dae1543af7c9b85e6ed80717c13c324464999d0622cd80630cd7e231b8ecf65b89de32b07c12f110e75eff80f72ff6ff89dccf9d2c90295c46db5505da2", &(0x7f0000000800)="e7e401570bed75b81d3add7c4a8d45070684d678e9af9a607891ecc96e160c0c8f409d91de78ca760f58198c14731a85ad893746235aa711", 0x1, 0x0, 0xa}, 0x50) r9 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r9, 0x84, 0x6d, &(0x7f0000000080)={0x0, 0x1c, "dd2e817ac74906fd835ef5af27a317afff105169002a824cfec24919"}, &(0x7f0000000100)=0x24) r10 = fcntl$dupfd(r8, 0x0, r8) ioctl$SG_IO(r10, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r5}, 0x18) timer_create(0x2, 0x0, &(0x7f0000000000)) r11 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r11, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) r12 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000001ec0), 0x800, 0x0) poll(&(0x7f0000001f80)=[{r12, 0x18100}], 0x1, 0x7fffffff) read$msr(r12, &(0x7f0000000000)=""/212, 0xd4) socket$vsock_stream(0x28, 0x1, 0x0) 621.088167ms ago: executing program 0 (id=1020): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)=ANY=[@ANYBLOB="14efff001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc680000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a31000000003c0003803800008008000340000000022c0007800a0001006c696d69740000001c0002800c00024000000000000000050c00014000000000000000041400"], 0xcc}, 0x1, 0x0, 0x0, 0x24000850}, 0x40) 534.146144ms ago: executing program 0 (id=1021): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000180)={r0, &(0x7f0000000240)="6931ab50ea4f", &(0x7f0000000380)=""/176, 0x50ab3169}, 0x20) 434.223303ms ago: executing program 2 (id=1022): r0 = socket(0x1000000000000010, 0x80802, 0x0) bind$netlink(r0, &(0x7f0000000440)={0x10, 0x0, 0x0, 0x10004400}, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000200000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36b26fb0b71d0e6adfefcf1d8f7faf75e0f226bd99eea7960717142fa9ea4318123741c4a0e168c1886d0d4d94f2f4e345c652fbc16ee988e6e0dc8cedf3ce99fbfbf9b0a4def23d410f6296b32a334388107200759cda9036b4e369a9e152ddcc7f05a5f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c3b35967deabe802f5ab3e89bd6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ececb0cd2b6d357b85a0218ce740068725837074e098ee207d2f73902fbcfcf49822775985bf32d715f5888b24efa000000000000ffffffdf000000000000000000000089a7b9b00000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52faf449c3bfd09000000b91ab219efdebb7b3de8f67581cf796a1d4223b9ff7ffcad3f6c962b9f292324b7ab7f91a31cf41ab11f12fb1e0a494034127de7c6592df1a6c64d8f20a67745409e011f1264d43e153b3d34899f40159e800ea2474b544035a30b23bcee46762c2093bcc9eae5dff5adbdee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d337c56abf1128744bab6677fcb78e313841ec309baed0495f06d058a75fa4c81e5c9f42d9383e41d277b10392a912ffaf6f658f3fadd16286744f839c3f128f8f92d0992239eafce5c1b3f97a297c9e49a0c3510ef74080e6d1e0c8a868a353409e34d3e82279637598f37ad380a447483cac394c7bbdcd0e3b1c39b6e00916de48a4e70f03cc4146a77af02c1d4cef5379da860aed8477dfa8ceefb405005c6977c78cdbf37704ec73755539280b064bda154910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06cd58b61799257ab55ff413c86ba9affb12ec757c7234c270246c87a901160e6c07bc6cf8809c3a0d46ff7f008000000000ad1e1f493354b2822b98371d000000167d78e65b90eba0768e825972ea3b774a1467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4c51b3fa00675cd1b66c5fd9c26a54d43fa050645bd9109b7e7131421c0f39113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e3344b155cc20f49e298727340e97cdefb40e56e9cfad973347d0de7ba4754ff231a1b033d8f931ba3442b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2ef79b8d4c2ff030000000000000007b82e6044f643068cd47ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c99220002af8c5e53d52c83ac3fa7c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942fe0bc9f2a1a7506d35e5b439edeb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0b6c91996d65da6c24a702a86c814459f3cdaaf99000000000000000000bfb32c826563c518d0ad23bc83ba3f3757210a057eff7615c868bd7d74233da1a3b56d4e04a7ec4792b1c4cffddbbdcfdd23ab5268f1b3d08ebb8ce498cbaaf5aaab812201d1aba3d70471fcd9b466569f3ef72f39d87fcccab514fc02b70be8629c9b73ce7bc4be7f8be71cb7b2d0a4acff8f6abe7dbad64dfa44966945d93c33b038ce0d890f851811e387723a25dda119f64b35e71c5400000000000000000000000000000034c751ebdf3f20a95b817ea3df3d6c0002a41783058e56c70afe8016b3dd9dc7785b36e609f173cc6b893ecd138289709839747837d6a6283b3452c57a5d44cacd363589845637071320921d22c1663964eddec902fc7cc33158bc306d8c3bdae8108a23d2dc96a5cdb518f58832ec0906aaec43659c79c8ad37b0f961f3beaa3e02f7762c5dd633d13b5e487e996597b2ab42c898b7dd8390e13b395aacce4683e55bcfe8c17615257364365fd48bd77da79e52ce9adfe6dca9c42c4d719347f39ef006c2df747ee6adb7cd04faf05c36de72354c64ebaf28a3de18607ebc4b70f50f71dae565749568a23319232dc213342fb472e98c9a412199ce7976bee5eaf40e60cb3fbe8b92dae5008e92d17d05ce74ffffe74ae71d5b8bd43a4e0bf0390335aa489689f5e3a4ac5adca96caab658b43cd499d95d3876c220d147ad1d0e626621d88f1370982f663793cac52ea0d14e595ff1f56427a0a813bb3b84d31d021eeea8faeff25bb66f5940d08a5509a66fc43962bcb2f7415bc38e355e80ec935aa6fe2d74bd475d89449fb46320fee40faff2fd005549fe6a042bd95decfde5e166971935f4cfd9c9e5bfd2d803644f4e5b7e6dc1a7a35df7134e2fad79269bf24bea4eb0213068e3054d9e4a8d1a9eb032cb390e2016d0ce10549728cb4732dc5adab16fa19ac70780b29e079be27c95d3dd2bd91a584c46d84d430fc6ea31ce0ba62fa27be9f6bc435203da7c3a5d68bf4dd4f81cbfaa1c87a15b9272853c9837db930952dca667194b71815a9eb49b495360dcdf31e0e560857d0541a916d6b5469ac1b36babc5a91e1d58925f20d9d5f8a0da3c30711b0d101cabceffbe072be69613ea0003c6e9bb5cd2413c8ddc17cfa319cf7aaeed0ffb07a08f8fb439f709dfe0732fe42192819870bdd87d5f612ade03540a28be446095269d9ea5a60bba1f2462f9921f2a731dbcf1d03964ea1e4f79514914d37877f57617b60fa2b58aa694fcb023024653c4b73efb12a57ffc6f8943262b77be933051e12bd4d768a422ea652d45b04a9c43b5c97fc3edea7002d51a0a74889334ee"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x29}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000000)=r1, 0x4) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, 0x0) 288.259105ms ago: executing program 1 (id=1023): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x20000400) r2 = syz_io_uring_setup(0x83f, &(0x7f00000000c0)={0x0, 0x119, 0x100, 0x3, 0xf3}, &(0x7f0000000140), &(0x7f0000000400)) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) close_range(r2, 0xffffffffffffffff, 0x2) 287.775886ms ago: executing program 2 (id=1024): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000600"/23], 0x48) r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0), 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', 0xffffffffffffffff, 0x0, 0x80}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000004640000000e0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000380003803400008028000180230001"], 0xf0}, 0x1, 0x0, 0x0, 0x80}, 0x0) 164.855686ms ago: executing program 3 (id=1025): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfd, 0x0, 0x7ffc9ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) setpriority(0x1, 0x0, 0xe8) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f00000000c0), 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4c001}, 0x4004110) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e24, @broadcast}}, 0x7f, 0x6, 0x9, 0x8, 0x44f}, &(0x7f0000000040)=0x98) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x9, 0x3c0d}, &(0x7f0000000200)=0x8) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r6) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x200000, @empty, 0x1}, 0x1c) listen(r7, 0x0) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) accept(r7, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000680)={r4, 0xb9d3, 0x0, 0x2, 0xc, 0x2, 0x384, 0x3, {r5, @in={{0x2, 0x4e21, @remote}}, 0x74, 0x0, 0x8, 0x2, 0xe}}, &(0x7f00000002c0)=0xb0) sendmsg$can_bcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) 164.343746ms ago: executing program 0 (id=1026): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x144}, 0x1, 0x0, 0x0, 0x612fc0b6c779297b}, 0x0) 123.411589ms ago: executing program 1 (id=1027): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xf5cef14389cfd0e5, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRES64=r0], &(0x7f0000000040)='syzkaller\x00', 0x2000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x1c44, &(0x7f0000000240)={0x0, 0x58fc, 0x0, 0x3, 0xbd7f7fff}, &(0x7f0000000440)=0x0, &(0x7f0000000000)=0x0) rt_sigaction(0x1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f00000002c0)) syz_clone3(&(0x7f00000006c0)={0x102102180, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_MKDIRAT={0x25, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000002780)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x1}) io_uring_enter(r2, 0x5535, 0x3acd, 0x22, 0x0, 0x0) 90.191372ms ago: executing program 0 (id=1028): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='mm_page_alloc\x00', r0, 0x0, 0x7}, 0x18) r1 = socket$kcm(0x21, 0x2, 0x2) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x8000, &(0x7f0000000740), 0x1, 0x53f, &(0x7f0000001040)="$eJzs3c9vI1cdAPDvTOLN/khJChygEqWiRbsF1kkato04FJAQnCoBRVyXkDhRFCdeJU67iSqaij8ACSGoxAVOXJD4A5BQL9wRUiW4I0AgVLZwAKntoBmPdxOvnQSt7ZGSz0d663kz4/l+33j98p5nZAdwYT0VETciYiIino2ImXJ9WpY47JR8v3fvvbaSlySy7OV3kkjKdd1jTZWP18qnXY6Ib34t4rvJw3F39w82l5vNxk5Zn2tvJe9l2cHNja3l9cZ6Y3txceH5pReWbi3NP0rz9roLsxHx4lf++uMf/OKrL/7mc6/+6fbfb3wvT+u/WfZ69LRjmDpNrxXnomsyInZGEawik0ULO25VnAsAACfLx/sfjohPFeP/mZgoRnMAAADAeZJ9cTreSyIyAAAA4NxKI2I6krRe3u87HWlar3fu4f1oXE2brd32Z9dae9ur+baI2ailaxvNxnx578Bs1JK8vlDeY9utP9dTX4yIxyPiRzNXinp9pdVcrfrDDwAAALggrvXM//8905n/Fw4rTg4AAAAYntmqEwAAAABGzvwfAAAAzj/zfwAAADjXvv7SS3nJur9/vfrK/t5m65Wbq43dzfrW3kp9pbVzp77eaq0X39m3ddrxmq3Wnc/H9t7duXZjtz23u39we6u1t92+vXHsJ7ABAACAMXr8k2/9MYmIwy9cKUruUrmtFpFNHN15sooMgVFJ/5+d/zK6PIDxO/r3/Ur/XZJx5QKMlyE9XFy1qhMAKnfaIH/gzTu/G34uAADAaFz/+ODr/++sVZoaMGLl9f/ERT64eCbOstPU6PMAxq9z/e+DrKPqbIBxqp00AjApgHMvHc71/1NuJUx0KAAAULHpoiRpvZwHTEea1usRjxU/C1BL1jaajfmI+FBE/GGmNpXXF4pnJkbzAAAAAAAAAAAAAAAAAAAAAAAAAHBGWZZEBgAAAJxrEenfur/MdX3mmenezwcuJf+ZKR4j4tWfvvyTu8vt9s5Cvv6f99e33yzXP1fFJxgAAABAr+48vTuPBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBhevfeayvdMs64//hyRMz2iz8Zl4vHy1GLiKv/SmLyyPOSiJgYQvzDNyLiY/3iJ3laMVtmcSz+pYg0Iq4MK37f839C/OjEvzaE+HCRvZX3P1/q9/5L46nisf/7b7Isj2pw/5fe7/8mBvR/jw06aO149Ym3fzU3MP4bEU9M9u9/uvGT/Hh94j99xjZ+51sHB4O2ZT+PuN6v/0uOx5prb92Z290/uLmxtbzeWG9sLy4uPL/0wtKtpfm5tY1mo/y3b4wffuLXHzyovf9Q+6+e0P8W7R9w/p85oc1TR5bff/vuvY90FntemajFz7LsxtP9X//CZx6O3/3b9+lyr7yen8P0zW/3zeXJX/7+yUF55u1fHdD+y6e0/8YJ7T/q2W98/89n3BUAGIPd/YPN5WazsWOh4oWkHPE+ynG6n4iMPud83Fn1GWskkcTmcnMqjm1arj6xzsLr5aux3Oy+24Z05N+W/1VGmfy4OyIAAGDkHgz6e7c8uADjOjMAAAAAAAAAAAAAAAAAAACM1qlfAzZoUxoRZ/w6sd6Yh9U0FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgRP8LAAD//85dztw=") sendmsg$kcm(r1, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0xffff, 0x2, 0x10, {0x2, 0x4e24, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61"], 0x10b8}, 0x200008c0) 53.253535ms ago: executing program 2 (id=1029): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cgroup.controllers\x00', 0x0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000000000000000000000e0000002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000100)={0x59d, 0xffff, 0x203, 0x9, 0xe8, 0x3, 0x2, 0x1b91, 0x0}, &(0x7f00000001c0)=0x20) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000280)={r4, 0x1}, 0xffffffffffffffe6) sendto$inet6(r3, &(0x7f00000005c0)="f5", 0x1, 0x4000010, &(0x7f0000000800)={0xa, 0x4e23, 0xffffbffc, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x5, &(0x7f0000000080)=0x7, 0x4) getsockopt$inet6_tcp_int(r5, 0x6, 0x5, 0x0, &(0x7f00000000c0)) connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x1, @rand_addr=' \x01\x00'}, 0x1c) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000500)={'sit0\x00', &(0x7f0000000440)={'ip_vti0\x00', 0x0, 0x80, 0x20, 0xfffffffe, 0x5, {{0x22, 0x4, 0x1, 0x6, 0x88, 0x67, 0x0, 0x8, 0x2f, 0x0, @local, @broadcast, {[@rr={0x7, 0xb, 0xf6, [@loopback, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @rr={0x7, 0xf, 0x8a, [@rand_addr=0x64010102, @local, @loopback]}, @generic={0x7, 0x9, "f9d3424686ac44"}, @cipso={0x86, 0x34, 0x2, [{0x0, 0x10, "e745769753e75f0996d4bc4b2e77"}, {0x0, 0x7, "187da12bca"}, {0x5, 0x8, "f113473ac1e3"}, {0x0, 0xf, "ffe6b7b3fbe63cc9c526fcc017"}]}, @timestamp_prespec={0x44, 0x14, 0x62, 0x3, 0x4, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xfffffff8}, {@loopback, 0xffff}]}, @end, @ssrr={0x89, 0x7, 0x42, [@empty]}]}}}}}) sendmsg$nl_route(r0, &(0x7f0000000640)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x84044408}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)=@ipv6_newaddr={0x2c, 0x14, 0x20, 0x70bd2d, 0x25dfdbff, {0xa, 0x1, 0x2c, 0xfe, r6}, [@IFA_ADDRESS={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x40840) r7 = socket$inet_sctp(0x2, 0x5, 0x84) r8 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f00000000c0)={0x7, 0x3, 0x2, 0x5, r9}, &(0x7f0000000140)=0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f00000002c0)={r9}, 0x6) 852.77µs ago: executing program 1 (id=1030): r0 = socket$tipc(0x1e, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x1}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = socket$netlink(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fbdbdf250f00000005002f000100000005002a0001000000050029000100000008000300", @ANYRES32=r2], 0x54}, 0x1, 0x0, 0x0, 0x24004040}, 0x24008824) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r4 = socket$tipc(0x1e, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYRES32=0x1, @ANYBLOB="00fdffffffffffff4d57ef5f05"], 0x48) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) socket$tipc(0x1e, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={r5, 0x7, 0x104, 0xfffffffe}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) 0s ago: executing program 2 (id=1031): socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='blkio.bfq.empty_time\x00', 0x26e1, 0x0) close(0xffffffffffffffff) connect$pppoe(r0, &(0x7f0000000240)={0x18, 0x0, {0x1, @empty, 'syzkaller0\x00'}}, 0x1e) socket$inet6_sctp(0xa, 0x1, 0x84) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x58e, &(0x7f0000000180), 0x1, 0x451, &(0x7f0000000780)="$eJzs289vFFUcAPDvTFug/LAV8Qc/1CoaG3+0tKBy8KLRxIMmJl7wWNtCkIUaWhMhRNEYPBoS78ajiX+BJ70Y9WTiVe+GhBguoqc1szvD/mC3tMu2g+znkwx9b+YN7333zdt9M283gIE1kf2TROyMiN8jYqyebS0wUf9z/dqF+X+uXZhPolp9+6+kVu7vaxfmi6LFeTvyzGQakX6WxP4O9S6fO39qrlJZPJvnp1dOvz+9fO78cydPz51YPLF4Zvbo0SOHZ158Yfb5vsR5b9bWfR8tHdj7+juX35w/dvndn78dKuJvi6NPJlY7+GS12ufqyrWrKZ0Ml9gQ1iUbA1l3jdTG/1gMRaPzxuK1T0ttHLChqrkuhy9WgbtYEmW3AChH8UGf3f8W2+bNPsp39eX6DVAW9/V8qx8ZjjQvM9J2f9tPExFx7OK/X2VbbMxzCACAFt9n859nO83/0nigqdw9+drQeL6Wsjsi7ouIPRFxf0St7IMR8dA6629fJLl5/pNe6SmwNcrmfy/la1ut879i9hfjQ3luVy3+keT4ycriofw1mYyRrVl+ZpU6fnj1ty+6HWue/2VbVn8xF8zbcWV4a+s5C3Mrc7cTc7Orn0TsG+4Uf3JjJSCJiL0Rsa/HOk4+/c2BbsduHf8q+rDOVP064ql6/1+MtvgLyerrk9PborJ4aLq4Km72y6+X3upW/23F3wdZ/2/veP3fiH88aV6vXV5/HZf++LzrPc1UT9d/Y8eW/O+HcysrZ2citiRv1BvdvH+2cW6RL8pn8U8e7Dz+d0fjldgfEdlF/HBEPBIRj+Z991hEPB4RB9viar6//umVJ97rFv+d0P8Lbf0/3lqkrf8biS3RvqdzYujUj9+1/o+N5Nre/47UUpP5nrW8/62lXb1dzQAAAPD/k0bEzkjSqRvp0XRqqv4d/j2xPa0sLa88c3zpgzML9d8IjMdIWjzpGmt6HjqT39YX+dm2/OH8ufGXQ6O1/NT8UmWh7OBhwO24afyntfGf+XOo7NYBG87vtWBwNY3/pMx2AJvP5z8MLuMfBleH8T9aRjuAzdfp8//jEtoBbL628W/ZDwaI+38YXMY/DK7m8e8LADAwlkfj1j+S75TYFr2cJXHXJCK9I5rRn0TS4yhYa2Jn2QGuP1H2OxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB//BcAAP//pgHvrg==") prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]}) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff0000fcffbea100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b705000008000000850000008d106360e0ab84932020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18) personality(0x4000000) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) brk(0x800000000000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r3, &(0x7f0000000080)=""/109, 0x6d) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./bus\x00', 0x1000848, &(0x7f0000000080)=ANY=[], 0x3, 0x358, &(0x7f0000000140)="$eJzs3T9oJFUYAPBvbza7uYMzKYRDQRjtBA2XiIVWCUcODrdRWfxTiIuXU8nGgywu5orsxUYsBRtBK60stLC4WgRF7CxsPUFOxUKvO/BwZHdnk9nsJrfN5gz3+xXLl/e+b957mSE7+TMvry7H+sWZuHTz5o2YnS1FefncctwqxXwkMXA1RlXGtAEAx8OtLIu/s74JS0pTnhIAMGW99//XTxda3v32sPzMuz8AHHv59/8nD86oHtx1eSpTAgCmbOTn/48MdVeGf9VfLvxVAABwXD3/0svPrNQinkvT2YiN99r1dj2e3utfuRRvRjPW4mzMxe2I/o1C96XUez1/obZ6Nk3TTvw2H/VuRbsesdFp1/t3CitJr74aizEX83l9freRZVly/qva6mLaExFXO73xY6PUrs/EqXz8n0/FWixFGveP1EdcqK0upfkB6huD+k7ETswOFtGd/0LMxY+vxeVoxsXo1g5ua2qr24tpei6rDdW369VeXt/s0Z0QAAAAAAAAAAAAAAAAAAAAAADuCQvprvnd/W+yvf17FhbG9Pf2x+nX5/sD7fT3B8qqWWTZX+88Xn8/iaH9gfbvz9Oul+PE3V06AAAAAAAAAAAAAAAAAAAA/G+0tirRaDbXNltbV9aLQWeztXUiIrotb33/xTcnYzRnXPDZRzE4YDkfo5CT5k1X1htZMqjKkqGcPEi6gw9aPr+2O+NiTnV3FePmM39wV6PZPP3wrx/vtTyUDI78715OEuNXmuybRjHYuK8/pTt+osYFS3fIuZ5l2UHl26+MVkUpojzhiZs4yLrBdzfeeOCJ1pkney1fZ32PPjb3wvUPP/1jvdHsjhy9M1jZbN3O1hv5x+MvtoODpHD9lKIflIpXQvmw8p3hlkby058vPvjBD5ONnhVb3h6Tk/SX8+X+rko/6E5zX9fJcWPNjLn4pxCc+WS5cW37l98nrSp8kbBRBwAAAAAAAAAAAAAAAAAAHInCs+K5/GHfmcOqnnp2+jMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKOz9///C8HOSMskwT+dGO2qrm22Iip3e5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANzj/gsAAP//lFltjA==") r4 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a) mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) getdents64(r4, &(0x7f0000002f40)=""/4098, 0x1002) lseek(r3, 0x3, 0x1) timer_create(0xfffffffd, 0x0, &(0x7f0000000040)=0x0) timer_settime(r5, 0x0, &(0x7f00000006c0)={{}, {0x0, 0x989680}}, 0x0) timer_gettime(r5, &(0x7f0000000800)) timer_settime(r5, 0x0, &(0x7f00000001c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, &(0x7f0000000580)) socket$kcm(0x10, 0x400000002, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f910", 0x11}], 0x1}, 0x0) kernel console output (not intermixed with test programs): 4236] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 41.252080][ T4236] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.263: invalid indirect mapped block 4294967295 (level 0) [ 41.282655][ T4242] syzkaller1: entered promiscuous mode [ 41.288155][ T4242] syzkaller1: entered allmulticast mode [ 41.302899][ T4236] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.263: invalid indirect mapped block 4294967295 (level 1) [ 41.338289][ T4236] EXT4-fs (loop4): 1 orphan inode deleted [ 41.344192][ T4236] EXT4-fs (loop4): 1 truncate cleaned up [ 41.359270][ T4236] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.385105][ T4236] EXT4-fs error (device loop4): ext4_lookup:1787: inode #15: comm syz.4.263: iget: bad extra_isize 46 (inode size 256) [ 41.426951][ T4245] netlink: 28 bytes leftover after parsing attributes in process `syz.2.267'. [ 41.449447][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.452863][ T4245] can0: slcan on ttyS3. [ 41.480383][ T4250] ieee802154 phy0 wpan0: encryption failed: -22 [ 41.523420][ T4253] syzkaller1: entered promiscuous mode [ 41.529080][ T4253] syzkaller1: entered allmulticast mode [ 41.535817][ T4245] can0 (unregistered): slcan off ttyS3. [ 41.551552][ T4245] Falling back ldisc for ttyS3. [ 41.591375][ T4268] loop2: detected capacity change from 0 to 512 [ 41.631317][ T4268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.646496][ T4268] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.663422][ T4268] random: crng reseeded on system resumption [ 41.762595][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.805469][ T4302] loop4: detected capacity change from 0 to 512 [ 41.830108][ T4302] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 41.876486][ T4302] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.278: invalid indirect mapped block 4294967295 (level 0) [ 41.900558][ T4302] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.278: invalid indirect mapped block 4294967295 (level 1) [ 41.930693][ T4302] EXT4-fs (loop4): 1 orphan inode deleted [ 41.936438][ T4302] EXT4-fs (loop4): 1 truncate cleaned up [ 41.960444][ T4302] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.019775][ T4302] EXT4-fs error (device loop4): ext4_lookup:1787: inode #15: comm syz.4.278: iget: bad extra_isize 46 (inode size 256) [ 42.051428][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.102280][ T4316] syzkaller1: entered promiscuous mode [ 42.107768][ T4316] syzkaller1: entered allmulticast mode [ 42.121134][ T4318] loop0: detected capacity change from 0 to 512 [ 42.142950][ T4318] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 42.150922][ T4318] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 42.159245][ T4318] System zones: 0-1, 15-15, 18-18, 34-34 [ 42.165096][ T4318] EXT4-fs (loop0): orphan cleanup on readonly fs [ 42.171491][ T4318] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 42.186070][ T4318] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 42.193340][ T4318] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.284: bg 0: block 40: padding at end of block bitmap is not set [ 42.208155][ T4318] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 42.218058][ T4318] EXT4-fs (loop0): 1 truncate cleaned up [ 42.224290][ T4318] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 42.263134][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.297028][ T4336] ieee802154 phy0 wpan0: encryption failed: -22 [ 42.610317][ T29] kauditd_printk_skb: 625 callbacks suppressed [ 42.610333][ T29] audit: type=1326 audit(1755601411.373:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4360 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d102febe9 code=0x7ffc0000 [ 42.659091][ T4363] loop1: detected capacity change from 0 to 512 [ 42.682917][ T4365] ieee802154 phy0 wpan0: encryption failed: -22 [ 42.694782][ T29] audit: type=1326 audit(1755601411.373:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4360 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d102febe9 code=0x7ffc0000 [ 42.718140][ T29] audit: type=1326 audit(1755601411.373:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4360 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d102febe9 code=0x7ffc0000 [ 42.741459][ T29] audit: type=1326 audit(1755601411.413:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4360 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d102febe9 code=0x7ffc0000 [ 42.764886][ T29] audit: type=1326 audit(1755601411.453:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4360 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7f7d102febe9 code=0x7ffc0000 [ 42.788215][ T29] audit: type=1326 audit(1755601411.453:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4360 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d102febe9 code=0x7ffc0000 [ 42.806853][ T4363] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 42.811578][ T29] audit: type=1326 audit(1755601411.453:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4360 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d102febe9 code=0x7ffc0000 [ 42.819474][ T4363] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 42.842776][ T29] audit: type=1326 audit(1755601411.453:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4360 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7d102febe9 code=0x7ffc0000 [ 42.851652][ T4363] System zones: [ 42.873968][ T29] audit: type=1326 audit(1755601411.453:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4360 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d102febe9 code=0x7ffc0000 [ 42.877542][ T4363] 0-1, 15-15 [ 42.900798][ T29] audit: type=1326 audit(1755601411.453:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4360 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d102febe9 code=0x7ffc0000 [ 42.927396][ T4363] , 18-18, 34-34 [ 43.002898][ T4363] EXT4-fs (loop1): orphan cleanup on readonly fs [ 43.025592][ T4363] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 43.040210][ T4363] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 43.112961][ T4363] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.302: bg 0: block 40: padding at end of block bitmap is not set [ 43.171837][ T4363] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 43.190791][ T4363] EXT4-fs (loop1): 1 truncate cleaned up [ 43.206070][ T4363] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 43.208895][ T4386] loop3: detected capacity change from 0 to 512 [ 43.260309][ T4386] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 43.293621][ T4386] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.309: invalid indirect mapped block 4294967295 (level 0) [ 43.314163][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.338669][ T4386] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.309: invalid indirect mapped block 4294967295 (level 1) [ 43.398697][ T4386] EXT4-fs (loop3): 1 orphan inode deleted [ 43.404484][ T4386] EXT4-fs (loop3): 1 truncate cleaned up [ 43.410645][ T4386] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.430042][ T4386] EXT4-fs error (device loop3): ext4_lookup:1787: inode #15: comm syz.3.309: iget: bad extra_isize 46 (inode size 256) [ 43.471763][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.484802][ T4397] ieee802154 phy0 wpan0: encryption failed: -22 [ 43.553352][ T4401] syzkaller1: entered promiscuous mode [ 43.558985][ T4401] syzkaller1: entered allmulticast mode [ 43.631974][ T4415] netlink: 'syz.2.321': attribute type 27 has an invalid length. [ 43.731113][ T4422] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 43.733036][ T4415] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.738425][ T4422] vhci_hcd: default hub control req: 2314 v0008 i0002 l0 [ 43.745659][ T4415] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.811767][ T4415] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 43.835402][ T4415] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 43.928245][ T379] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.003846][ T379] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.008760][ T4432] ieee802154 phy0 wpan0: encryption failed: -22 [ 44.028132][ T379] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.065849][ T379] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.104768][ T4442] loop2: detected capacity change from 0 to 512 [ 44.112046][ T4442] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 44.125323][ T4442] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.332: invalid indirect mapped block 4294967295 (level 0) [ 44.140492][ T4442] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.332: invalid indirect mapped block 4294967295 (level 1) [ 44.156173][ T4442] EXT4-fs (loop2): 1 orphan inode deleted [ 44.161953][ T4442] EXT4-fs (loop2): 1 truncate cleaned up [ 44.168894][ T4442] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.189524][ T4442] EXT4-fs error (device loop2): ext4_lookup:1787: inode #15: comm syz.2.332: iget: bad extra_isize 46 (inode size 256) [ 44.288940][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.389681][ T4450] loop0: detected capacity change from 0 to 512 [ 44.405176][ T4454] serio: Serial port ttyS3 [ 44.432281][ T4450] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.452738][ T4458] syzkaller1: entered promiscuous mode [ 44.455316][ T4450] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 44.458222][ T4458] syzkaller1: entered allmulticast mode [ 44.507093][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.949826][ T4495] __nla_validate_parse: 14 callbacks suppressed [ 44.949839][ T4495] netlink: 8 bytes leftover after parsing attributes in process `syz.4.352'. [ 45.106284][ T4503] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4503 comm=syz.4.356 [ 45.250418][ T4515] loop1: detected capacity change from 0 to 2048 [ 45.257556][ T4522] ieee802154 phy0 wpan0: encryption failed: -22 [ 45.293623][ T4527] loop4: detected capacity change from 0 to 512 [ 45.302109][ T4515] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.360658][ T4534] loop3: detected capacity change from 0 to 1024 [ 45.368077][ T4527] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.386209][ T4538] syzkaller1: entered promiscuous mode [ 45.390308][ T4534] ext3: Bad value for 'mb_optimize_scan' [ 45.391809][ T4538] syzkaller1: entered allmulticast mode [ 45.409998][ T4534] netlink: 8 bytes leftover after parsing attributes in process `syz.3.368'. [ 45.418928][ T4527] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.451315][ T4527] random: crng reseeded on system resumption [ 45.465968][ T4534] netlink: 24 bytes leftover after parsing attributes in process `syz.3.368'. [ 45.487018][ T4534] netlink: 12 bytes leftover after parsing attributes in process `syz.3.368'. [ 45.539982][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.589406][ T4543] loop0: detected capacity change from 0 to 2048 [ 45.596425][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.663923][ T4543] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.686655][ T4543] FAULT_INJECTION: forcing a failure. [ 45.686655][ T4543] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 45.699779][ T4543] CPU: 1 UID: 0 PID: 4543 Comm: syz.0.373 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(voluntary) [ 45.699805][ T4543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 45.699816][ T4543] Call Trace: [ 45.699822][ T4543] [ 45.699828][ T4543] __dump_stack+0x1d/0x30 [ 45.699898][ T4543] dump_stack_lvl+0xe8/0x140 [ 45.699915][ T4543] dump_stack+0x15/0x1b [ 45.699929][ T4543] should_fail_ex+0x265/0x280 [ 45.699949][ T4543] should_fail+0xb/0x20 [ 45.699965][ T4543] should_fail_usercopy+0x1a/0x20 [ 45.700034][ T4543] _copy_from_iter+0xcf/0xe40 [ 45.700056][ T4543] ? __build_skb_around+0x1a0/0x200 [ 45.700084][ T4543] ? __alloc_skb+0x223/0x320 [ 45.700114][ T4543] netlink_sendmsg+0x471/0x6b0 [ 45.700275][ T4543] ? __pfx_netlink_sendmsg+0x10/0x10 [ 45.700297][ T4543] __sock_sendmsg+0x142/0x180 [ 45.700324][ T4543] sock_write_iter+0x165/0x1b0 [ 45.700353][ T4543] ? __pfx_sock_write_iter+0x10/0x10 [ 45.700386][ T4543] vfs_write+0x52a/0x960 [ 45.700412][ T4543] ksys_write+0xda/0x1a0 [ 45.700434][ T4543] __x64_sys_write+0x40/0x50 [ 45.700494][ T4543] x64_sys_call+0x27fe/0x2ff0 [ 45.700514][ T4543] do_syscall_64+0xd2/0x200 [ 45.700563][ T4543] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 45.700587][ T4543] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 45.700612][ T4543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 45.700701][ T4543] RIP: 0033:0x7fc963e4ebe9 [ 45.700715][ T4543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 45.700733][ T4543] RSP: 002b:00007fc9628af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 45.700751][ T4543] RAX: ffffffffffffffda RBX: 00007fc964075fa0 RCX: 00007fc963e4ebe9 [ 45.700763][ T4543] RDX: 000000000000001b RSI: 00002000000000c0 RDI: 000000000000000a [ 45.700774][ T4543] RBP: 00007fc9628af090 R08: 0000000000000000 R09: 0000000000000000 [ 45.700786][ T4543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 45.700797][ T4543] R13: 00007fc964076038 R14: 00007fc964075fa0 R15: 00007ffc47b21ee8 [ 45.700849][ T4543] [ 45.703392][ T4561] loop1: detected capacity change from 0 to 512 [ 45.931333][ T4561] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 45.939439][ T4561] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 45.947740][ T4561] System zones: 0-1, 15-15, 18-18, 34-34 [ 45.953673][ T4561] EXT4-fs (loop1): orphan cleanup on readonly fs [ 45.960295][ T4561] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 45.974877][ T4561] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 45.986943][ T4561] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.379: bg 0: block 40: padding at end of block bitmap is not set [ 46.013903][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.023209][ T4561] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 46.033521][ T4561] EXT4-fs (loop1): 1 truncate cleaned up [ 46.039531][ T4561] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 46.075577][ T4575] syzkaller1: entered promiscuous mode [ 46.081091][ T4575] syzkaller1: entered allmulticast mode [ 46.091825][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.106412][ T4577] loop4: detected capacity change from 0 to 512 [ 46.137265][ T4577] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.160878][ T4584] ieee802154 phy0 wpan0: encryption failed: -22 [ 46.178914][ T4577] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.221188][ T4588] loop1: detected capacity change from 0 to 512 [ 46.251117][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.282598][ T4588] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.300090][ T4588] ext4 filesystem being mounted at /63/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.318594][ T4594] ieee802154 phy0 wpan0: encryption failed: -22 [ 46.357177][ T4588] random: crng reseeded on system resumption [ 46.372801][ T4600] process 'syz.4.393' launched './file1' with NULL argv: empty string added [ 46.382561][ T4602] loop2: detected capacity change from 0 to 512 [ 46.405957][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.422177][ T4606] loop4: detected capacity change from 0 to 512 [ 46.430649][ T4602] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 46.438545][ T4602] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 46.446743][ T4602] System zones: 0-1, 15-15, 18-18, 34-34 [ 46.452936][ T4602] EXT4-fs (loop2): orphan cleanup on readonly fs [ 46.463072][ T4606] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 46.471141][ T4606] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 46.480293][ T4602] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 46.494874][ T4602] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 46.501627][ T4606] System zones: 0-1, 15-15, 18-18, 34-34 [ 46.507410][ T4606] EXT4-fs (loop4): orphan cleanup on readonly fs [ 46.514306][ T4606] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 46.528897][ T4606] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 46.538564][ T4614] syzkaller1: entered promiscuous mode [ 46.544144][ T4614] syzkaller1: entered allmulticast mode [ 46.550853][ T4606] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.397: bg 0: block 40: padding at end of block bitmap is not set [ 46.572437][ T4602] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.395: bg 0: block 40: padding at end of block bitmap is not set [ 46.586588][ T4606] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 46.595543][ T4606] EXT4-fs (loop4): 1 truncate cleaned up [ 46.601355][ T4602] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 46.617413][ T4602] EXT4-fs (loop2): 1 truncate cleaned up [ 46.627433][ T4620] loop3: detected capacity change from 0 to 512 [ 46.662724][ T4620] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.747501][ T4637] loop1: detected capacity change from 0 to 512 [ 46.783937][ T4637] ext4 filesystem being mounted at /67/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.812613][ T4644] netlink: 36 bytes leftover after parsing attributes in process `syz.2.403'. [ 46.821591][ T4644] netlink: 16 bytes leftover after parsing attributes in process `syz.2.403'. [ 46.830464][ T4644] netlink: 36 bytes leftover after parsing attributes in process `syz.2.403'. [ 46.850070][ T4645] random: crng reseeded on system resumption [ 46.892712][ T4647] ieee802154 phy0 wpan0: encryption failed: -22 [ 46.911256][ T4644] netlink: 36 bytes leftover after parsing attributes in process `syz.2.403'. [ 46.980701][ T4653] syzkaller1: entered promiscuous mode [ 46.986195][ T4653] syzkaller1: entered allmulticast mode [ 47.103140][ T4656] loop4: detected capacity change from 0 to 512 [ 47.121627][ T4656] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 47.129564][ T4656] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 47.137698][ T4656] System zones: 0-1, 15-15, 18-18, 34-34 [ 47.150927][ T4656] EXT4-fs (loop4): orphan cleanup on readonly fs [ 47.157465][ T4656] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 47.172080][ T4656] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 47.178945][ T4656] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.413: bg 0: block 40: padding at end of block bitmap is not set [ 47.193847][ T4656] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 47.203804][ T4656] EXT4-fs (loop4): 1 truncate cleaned up [ 47.272465][ T4666] loop1: detected capacity change from 0 to 512 [ 47.296219][ T4666] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.443722][ T4681] ieee802154 phy0 wpan0: encryption failed: -22 [ 47.478321][ T4683] loop4: detected capacity change from 0 to 512 [ 47.502726][ T4683] ext4 filesystem being mounted at /85/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.540513][ T4683] random: crng reseeded on system resumption [ 47.568622][ T4687] syzkaller1: entered promiscuous mode [ 47.574323][ T4687] syzkaller1: entered allmulticast mode [ 47.666384][ T29] kauditd_printk_skb: 524 callbacks suppressed [ 47.666399][ T29] audit: type=1326 audit(1755601416.423:1978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4700 comm="syz.1.430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 47.696199][ T29] audit: type=1326 audit(1755601416.423:1979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4700 comm="syz.1.430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 47.719699][ T29] audit: type=1326 audit(1755601416.423:1980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4700 comm="syz.1.430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 47.720229][ T4702] loop4: detected capacity change from 0 to 512 [ 47.742992][ T29] audit: type=1326 audit(1755601416.423:1981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4700 comm="syz.1.430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 47.743018][ T29] audit: type=1326 audit(1755601416.423:1982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4700 comm="syz.1.430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 47.795898][ T29] audit: type=1326 audit(1755601416.423:1983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4700 comm="syz.1.430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 47.819192][ T29] audit: type=1326 audit(1755601416.423:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4700 comm="syz.1.430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 47.842561][ T29] audit: type=1326 audit(1755601416.423:1985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4700 comm="syz.1.430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 47.865833][ T29] audit: type=1326 audit(1755601416.423:1986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4700 comm="syz.1.430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 47.889160][ T29] audit: type=1326 audit(1755601416.423:1987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4700 comm="syz.1.430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 47.915997][ T4702] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.935387][ T4709] ieee802154 phy0 wpan0: encryption failed: -22 [ 48.401979][ T4729] loop2: detected capacity change from 0 to 1024 [ 48.427315][ T4729] ext3: Bad value for 'mb_optimize_scan' [ 48.538586][ T4729] netlink: 24 bytes leftover after parsing attributes in process `syz.2.441'. [ 48.599091][ T4729] netlink: 12 bytes leftover after parsing attributes in process `syz.2.441'. [ 48.608548][ T4732] syzkaller1: entered promiscuous mode [ 48.614097][ T4732] syzkaller1: entered allmulticast mode [ 48.640956][ T4739] loop2: detected capacity change from 0 to 512 [ 48.651044][ T4735] loop3: detected capacity change from 0 to 512 [ 48.659862][ T4739] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 48.667766][ T4739] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 48.676821][ T4735] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 48.695693][ T4739] System zones: 0-1, 15-15, 18-18, 34-34 [ 48.701853][ T4739] EXT4-fs (loop2): orphan cleanup on readonly fs [ 48.708507][ T4739] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 48.712459][ T4735] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.443: invalid indirect mapped block 4294967295 (level 0) [ 48.723058][ T4739] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 48.747690][ T4739] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.444: bg 0: block 40: padding at end of block bitmap is not set [ 48.762096][ T4739] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 48.771030][ T4739] EXT4-fs (loop2): 1 truncate cleaned up [ 48.780811][ T4735] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.443: invalid indirect mapped block 4294967295 (level 1) [ 48.811922][ T4735] EXT4-fs (loop3): 1 orphan inode deleted [ 48.817671][ T4735] EXT4-fs (loop3): 1 truncate cleaned up [ 49.142318][ T4765] Set syz1 is full, maxelem 65536 reached [ 49.204098][ T4770] syzkaller1: entered promiscuous mode [ 49.209712][ T4770] syzkaller1: entered allmulticast mode [ 49.327040][ T4782] loop4: detected capacity change from 0 to 512 [ 49.423973][ T4782] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 49.432056][ T4782] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 49.450201][ T4782] System zones: 0-1, 15-15, 18-18, 34-34 [ 49.457327][ T4782] EXT4-fs (loop4): orphan cleanup on readonly fs [ 49.467724][ T4782] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 49.482283][ T4782] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 49.631217][ T4782] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.462: bg 0: block 40: padding at end of block bitmap is not set [ 49.737688][ T4782] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 49.828827][ T4782] EXT4-fs (loop4): 1 truncate cleaned up [ 50.050159][ T4811] syzkaller1: entered promiscuous mode [ 50.055667][ T4811] syzkaller1: entered allmulticast mode [ 50.257856][ T4826] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 50.326627][ T4832] loop4: detected capacity change from 0 to 1024 [ 50.337430][ T4832] ext3: Bad value for 'mb_optimize_scan' [ 50.376719][ T4832] netlink: 24 bytes leftover after parsing attributes in process `syz.4.479'. [ 50.390790][ T4840] loop1: detected capacity change from 0 to 512 [ 50.398954][ T4840] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 50.412502][ T4840] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.484: invalid indirect mapped block 4294967295 (level 0) [ 50.427951][ T4840] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.484: invalid indirect mapped block 4294967295 (level 1) [ 50.443402][ T4840] EXT4-fs (loop1): 1 orphan inode deleted [ 50.449218][ T4840] EXT4-fs (loop1): 1 truncate cleaned up [ 50.462181][ T4845] netlink: 36 bytes leftover after parsing attributes in process `syz.0.483'. [ 50.466063][ T4844] syzkaller1: entered promiscuous mode [ 50.471097][ T4845] netlink: 16 bytes leftover after parsing attributes in process `syz.0.483'. [ 50.476554][ T4844] syzkaller1: entered allmulticast mode [ 50.485383][ T4845] netlink: 36 bytes leftover after parsing attributes in process `syz.0.483'. [ 50.507231][ T4845] netlink: 36 bytes leftover after parsing attributes in process `syz.0.483'. [ 50.507381][ T4840] EXT4-fs error (device loop1): ext4_lookup:1787: inode #15: comm syz.1.484: iget: bad extra_isize 46 (inode size 256) [ 50.561144][ T4849] netlink: 8 bytes leftover after parsing attributes in process `syz.1.487'. [ 51.184104][ T4866] loop3: detected capacity change from 0 to 512 [ 51.200000][ T4866] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 51.208081][ T4866] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 51.217156][ T4866] System zones: 0-1, 15-15, 18-18, 34-34 [ 51.223211][ T4866] EXT4-fs (loop3): orphan cleanup on readonly fs [ 51.231830][ T4866] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 51.246426][ T4866] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 51.259848][ T4866] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.493: bg 0: block 40: padding at end of block bitmap is not set [ 51.274054][ T4872] loop0: detected capacity change from 0 to 1024 [ 51.275988][ T4866] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 51.281887][ T4872] ext3: Bad value for 'mb_optimize_scan' [ 51.290734][ T4866] EXT4-fs (loop3): 1 truncate cleaned up [ 51.304122][ T4872] netlink: 24 bytes leftover after parsing attributes in process `syz.0.495'. [ 51.370388][ T4879] syzkaller1: entered promiscuous mode [ 51.375860][ T4879] syzkaller1: entered allmulticast mode [ 51.435642][ T4883] loop2: detected capacity change from 0 to 512 [ 51.446271][ T4883] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 51.469725][ T4883] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.500: invalid indirect mapped block 4294967295 (level 0) [ 51.484125][ T4883] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.500: invalid indirect mapped block 4294967295 (level 1) [ 51.498857][ T4883] EXT4-fs (loop2): 1 orphan inode deleted [ 51.504578][ T4883] EXT4-fs (loop2): 1 truncate cleaned up [ 51.515101][ T4883] EXT4-fs error (device loop2): ext4_lookup:1787: inode #15: comm syz.2.500: iget: bad extra_isize 46 (inode size 256) [ 51.644500][ T4900] netlink: 36 bytes leftover after parsing attributes in process `syz.1.504'. [ 51.653422][ T4900] netlink: 16 bytes leftover after parsing attributes in process `syz.1.504'. [ 51.662312][ T4900] netlink: 36 bytes leftover after parsing attributes in process `syz.1.504'. [ 51.897794][ T4914] loop3: detected capacity change from 0 to 512 [ 52.063126][ T4914] ext4 filesystem being mounted at /113/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.102633][ T4919] syzkaller1: entered promiscuous mode [ 52.108139][ T4919] syzkaller1: entered allmulticast mode [ 52.256609][ T4921] loop0: detected capacity change from 0 to 512 [ 52.265572][ T4921] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 52.280884][ T4921] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.515: invalid indirect mapped block 4294967295 (level 0) [ 52.297773][ T4921] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.515: invalid indirect mapped block 4294967295 (level 1) [ 52.323158][ T4921] EXT4-fs (loop0): 1 orphan inode deleted [ 52.328995][ T4921] EXT4-fs (loop0): 1 truncate cleaned up [ 52.339260][ T4921] EXT4-fs error (device loop0): ext4_lookup:1787: inode #15: comm syz.0.515: iget: bad extra_isize 46 (inode size 256) [ 52.436980][ T4938] loop3: detected capacity change from 0 to 512 [ 52.464647][ T4944] loop2: detected capacity change from 0 to 512 [ 52.477003][ T4938] ext4 filesystem being mounted at /119/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.505139][ T4944] ext4 filesystem being mounted at /115/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.524088][ T4938] random: crng reseeded on system resumption [ 52.553597][ T4944] random: crng reseeded on system resumption [ 52.701393][ T4961] loop4: detected capacity change from 0 to 512 [ 52.738920][ T4961] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 52.767496][ T29] kauditd_printk_skb: 378 callbacks suppressed [ 52.767508][ T29] audit: type=1326 audit(1755601421.523:2361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4968 comm="syz.0.535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 52.781678][ T4961] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.530: invalid indirect mapped block 4294967295 (level 0) [ 52.799719][ T29] audit: type=1326 audit(1755601421.533:2362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4968 comm="syz.0.535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 52.834171][ T29] audit: type=1326 audit(1755601421.533:2363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4968 comm="syz.0.535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 52.857597][ T29] audit: type=1326 audit(1755601421.533:2364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4968 comm="syz.0.535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 52.857773][ T4961] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.530: invalid indirect mapped block 4294967295 (level 1) [ 52.880925][ T29] audit: type=1326 audit(1755601421.533:2365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4968 comm="syz.0.535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 52.899571][ T4961] EXT4-fs (loop4): 1 orphan inode deleted [ 52.918102][ T29] audit: type=1326 audit(1755601421.533:2366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4968 comm="syz.0.535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 52.923799][ T4961] EXT4-fs (loop4): 1 truncate cleaned up [ 52.952633][ T29] audit: type=1326 audit(1755601421.533:2367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4968 comm="syz.0.535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 52.969859][ T4961] EXT4-fs error (device loop4): ext4_lookup:1787: inode #15: comm syz.4.530: iget: bad extra_isize 46 (inode size 256) [ 52.975937][ T29] audit: type=1326 audit(1755601421.533:2368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4968 comm="syz.0.535" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 53.011832][ T29] audit: type=1326 audit(1755601421.713:2369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4960 comm="syz.4.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d102febe9 code=0x7ffc0000 [ 53.035204][ T29] audit: type=1326 audit(1755601421.713:2370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4960 comm="syz.4.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d102febe9 code=0x7ffc0000 [ 53.325736][ T5000] loop1: detected capacity change from 0 to 512 [ 53.384487][ T5000] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.442897][ T5000] random: crng reseeded on system resumption [ 53.632518][ T5014] loop1: detected capacity change from 0 to 1024 [ 53.652643][ T5014] ext4 filesystem being mounted at /96/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.663565][ T5016] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 53.668171][ T5014] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, [ 53.670990][ T5016] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 53.686350][ T5014] block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 53.695406][ T5014] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 35 with error 28 [ 53.702707][ T5016] FAULT_INJECTION: forcing a failure. [ 53.702707][ T5016] name failslab, interval 1, probability 0, space 0, times 0 [ 53.707707][ T5014] EXT4-fs (loop1): This should not happen!! Data will be lost [ 53.707707][ T5014] [ 53.720329][ T5016] CPU: 0 UID: 0 PID: 5016 Comm: syz.0.552 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(voluntary) [ 53.720358][ T5016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 53.720370][ T5016] Call Trace: [ 53.720376][ T5016] [ 53.720383][ T5016] __dump_stack+0x1d/0x30 [ 53.720441][ T5016] dump_stack_lvl+0xe8/0x140 [ 53.720459][ T5016] dump_stack+0x15/0x1b [ 53.720476][ T5016] should_fail_ex+0x265/0x280 [ 53.720496][ T5016] should_failslab+0x8c/0xb0 [ 53.720585][ T5016] kmem_cache_alloc_node_noprof+0x57/0x320 [ 53.720678][ T5016] ? __alloc_skb+0x101/0x320 [ 53.720709][ T5016] __alloc_skb+0x101/0x320 [ 53.720740][ T5016] rtmsg_ifinfo_build_skb+0x5f/0x1b0 [ 53.720762][ T5016] ? kvfree_call_rcu+0x29a/0x320 [ 53.720870][ T5016] ? __pfx_rtnetlink_event+0x10/0x10 [ 53.720896][ T5016] rtnetlink_event+0x18c/0x200 [ 53.720921][ T5016] raw_notifier_call_chain+0x6f/0x1b0 [ 53.720941][ T5016] ? call_netdevice_notifiers_info+0x9c/0x100 [ 53.721014][ T5016] call_netdevice_notifiers_info+0xae/0x100 [ 53.721069][ T5016] __netdev_upper_dev_unlink+0x17f/0x760 [ 53.721101][ T5016] ? ref_tracker_free+0x28d/0x3e0 [ 53.721119][ T5016] ? kfree+0x193/0x320 [ 53.721141][ T5016] ? batadv_hardif_disable_interface+0x5a3/0x990 [ 53.721206][ T5016] ? batadv_meshif_destroy_netlink+0x48/0x2e0 [ 53.721232][ T5016] ? rtnl_dellink+0x3ba/0x550 [ 53.721255][ T5016] ? rtnetlink_rcv_msg+0x5fe/0x6d0 [ 53.721333][ T5016] ? netlink_rcv_skb+0x123/0x220 [ 53.721351][ T5016] ? rtnetlink_rcv+0x1c/0x30 [ 53.721373][ T5016] ? netlink_unicast+0x5bd/0x690 [ 53.721455][ T5016] ? netlink_sendmsg+0x58b/0x6b0 [ 53.721474][ T5016] ? __sock_sendmsg+0x142/0x180 [ 53.721533][ T5016] ? ____sys_sendmsg+0x31e/0x4e0 [ 53.721552][ T5016] ? ___sys_sendmsg+0x17b/0x1d0 [ 53.721571][ T5016] ? __x64_sys_sendmsg+0xd4/0x160 [ 53.721591][ T5016] ? do_syscall_64+0xd2/0x200 [ 53.721616][ T5016] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.721749][ T5016] netdev_upper_dev_unlink+0x1d/0x30 [ 53.721879][ T5016] batadv_hardif_disable_interface+0x5fb/0x990 [ 53.721978][ T5016] ? __pfx_batadv_meshif_destroy_netlink+0x10/0x10 [ 53.722007][ T5016] batadv_meshif_destroy_netlink+0x48/0x2e0 [ 53.722034][ T5016] ? __pfx_batadv_meshif_destroy_netlink+0x10/0x10 [ 53.722085][ T5016] rtnl_dellink+0x3ba/0x550 [ 53.722127][ T5016] ? selinux_capable+0x31/0x40 [ 53.722206][ T5016] ? security_capable+0x83/0x90 [ 53.722228][ T5016] ? ns_capable+0x7d/0xb0 [ 53.722247][ T5016] ? __pfx_rtnl_dellink+0x10/0x10 [ 53.722272][ T5016] rtnetlink_rcv_msg+0x5fe/0x6d0 [ 53.722302][ T5016] netlink_rcv_skb+0x123/0x220 [ 53.722320][ T5016] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 53.722366][ T5016] rtnetlink_rcv+0x1c/0x30 [ 53.722389][ T5016] netlink_unicast+0x5bd/0x690 [ 53.722421][ T5016] netlink_sendmsg+0x58b/0x6b0 [ 53.722444][ T5016] ? __pfx_netlink_sendmsg+0x10/0x10 [ 53.722495][ T5016] __sock_sendmsg+0x142/0x180 [ 53.722520][ T5016] ____sys_sendmsg+0x31e/0x4e0 [ 53.722544][ T5016] ___sys_sendmsg+0x17b/0x1d0 [ 53.722653][ T5016] __x64_sys_sendmsg+0xd4/0x160 [ 53.722678][ T5016] x64_sys_call+0x191e/0x2ff0 [ 53.722708][ T5016] do_syscall_64+0xd2/0x200 [ 53.722732][ T5016] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 53.722756][ T5016] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 53.722780][ T5016] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.722856][ T5016] RIP: 0033:0x7fc963e4ebe9 [ 53.722875][ T5016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.722891][ T5016] RSP: 002b:00007fc9628af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.722909][ T5016] RAX: ffffffffffffffda RBX: 00007fc964075fa0 RCX: 00007fc963e4ebe9 [ 53.722921][ T5016] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 000000000000000a [ 53.722933][ T5016] RBP: 00007fc9628af090 R08: 0000000000000000 R09: 0000000000000000 [ 53.722945][ T5016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 53.722956][ T5016] R13: 00007fc964076038 R14: 00007fc964075fa0 R15: 00007ffc47b21ee8 [ 53.723013][ T5016] [ 53.736025][ T5016] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 53.742240][ T5014] EXT4-fs (loop1): Total free blocks count 0 [ 53.752354][ T5016] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 53.755606][ T5014] EXT4-fs (loop1): Free/Dirty block details [ 54.155322][ T5014] EXT4-fs (loop1): free_blocks=4293918720 [ 54.161055][ T5014] EXT4-fs (loop1): dirty_blocks=64 [ 54.166163][ T5014] EXT4-fs (loop1): Block reservation details [ 54.172141][ T5014] EXT4-fs (loop1): i_reserved_data_blocks=4 [ 54.186187][ T5022] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 54.198426][ T5022] EXT4-fs (loop1): This should not happen!! Data will be lost [ 54.198426][ T5022] [ 54.457655][ T1960] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 8: comm kworker/u8:9: lblock 40 mapped to illegal pblock 8 (length 8) [ 54.513104][ T5048] loop3: detected capacity change from 0 to 512 [ 54.545655][ T5050] loop1: detected capacity change from 0 to 512 [ 54.566469][ T5048] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 54.574405][ T5048] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 54.592945][ T5048] System zones: 0-1, 15-15, 18-18, 34-34 [ 54.605296][ T5048] EXT4-fs (loop3): orphan cleanup on readonly fs [ 54.618357][ T5048] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 54.633032][ T5048] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 54.650907][ T5048] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.562: bg 0: block 40: padding at end of block bitmap is not set [ 54.666456][ T5050] ext4 filesystem being mounted at /97/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.692701][ T5048] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 54.702912][ T5048] EXT4-fs (loop3): 1 truncate cleaned up [ 54.715420][ T5050] random: crng reseeded on system resumption [ 54.974665][ T5079] loop1: detected capacity change from 0 to 1024 [ 54.981699][ T5079] ext3: Bad value for 'mb_optimize_scan' [ 55.049516][ T5085] 9pnet: Could not find request transport: fd0x0000000000000004 [ 55.112361][ T5094] loop1: detected capacity change from 0 to 512 [ 55.131198][ T5094] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 55.139149][ T5094] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 55.147217][ T5094] System zones: 0-1, 15-15, 18-18, 34-34 [ 55.153270][ T5094] EXT4-fs (loop1): orphan cleanup on readonly fs [ 55.159928][ T5094] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 55.174530][ T5094] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 55.181704][ T5094] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.578: bg 0: block 40: padding at end of block bitmap is not set [ 55.196058][ T5094] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 55.204887][ T5094] EXT4-fs (loop1): 1 truncate cleaned up [ 55.484323][ T5109] loop0: detected capacity change from 0 to 1024 [ 55.491736][ T5109] ext3: Bad value for 'mb_optimize_scan' [ 55.501936][ T5109] __nla_validate_parse: 11 callbacks suppressed [ 55.501957][ T5109] netlink: 24 bytes leftover after parsing attributes in process `syz.0.583'. [ 55.525367][ T5109] netlink: 12 bytes leftover after parsing attributes in process `syz.0.583'. [ 55.589369][ T5117] netlink: 36 bytes leftover after parsing attributes in process `syz.1.585'. [ 55.598240][ T5117] netlink: 16 bytes leftover after parsing attributes in process `syz.1.585'. [ 55.607255][ T5117] netlink: 36 bytes leftover after parsing attributes in process `syz.1.585'. [ 55.619837][ T5117] netlink: 36 bytes leftover after parsing attributes in process `syz.1.585'. [ 55.629736][ T5115] netlink: 8 bytes leftover after parsing attributes in process `syz.0.586'. [ 55.653427][ T5119] loop3: detected capacity change from 0 to 512 [ 55.670408][ T5121] netlink: 8 bytes leftover after parsing attributes in process `syz.4.588'. [ 55.674641][ T5119] ext4 filesystem being mounted at /131/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.695516][ T5119] random: crng reseeded on system resumption [ 55.698907][ T5129] loop0: detected capacity change from 0 to 512 [ 55.730182][ T5129] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 55.738144][ T5129] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 55.746230][ T5129] System zones: 0-1, 15-15, 18-18, 34-34 [ 55.752246][ T5129] EXT4-fs (loop0): orphan cleanup on readonly fs [ 55.758770][ T5129] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 55.773319][ T5129] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 55.781213][ T5129] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.589: bg 0: block 40: padding at end of block bitmap is not set [ 55.795607][ T5129] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 55.804448][ T5129] EXT4-fs (loop0): 1 truncate cleaned up [ 55.891952][ T5139] netlink: 12 bytes leftover after parsing attributes in process `syz.0.591'. [ 56.133708][ T5154] loop3: detected capacity change from 0 to 512 [ 56.151807][ T5154] ext4 filesystem being mounted at /136/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 56.209300][ T5161] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 56.235343][ T5163] loop3: detected capacity change from 0 to 512 [ 56.249796][ T5163] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 56.257719][ T5163] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 56.265742][ T5163] System zones: 0-1, 15-15, 18-18, 34-34 [ 56.271937][ T5163] EXT4-fs (loop3): orphan cleanup on readonly fs [ 56.278481][ T5163] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 56.293034][ T5163] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 56.299972][ T5163] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.601: bg 0: block 40: padding at end of block bitmap is not set [ 56.314229][ T5163] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 56.323185][ T5163] EXT4-fs (loop3): 1 truncate cleaned up [ 56.439621][ T5175] netlink: 12 bytes leftover after parsing attributes in process `syz.2.603'. [ 56.575770][ T23] hid_parser_main: 19 callbacks suppressed [ 56.575830][ T23] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 56.610599][ T23] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 56.641385][ T5187] fido_id[5187]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 56.799606][ T5195] loop2: detected capacity change from 0 to 512 [ 56.862741][ T5195] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.107784][ T5206] loop0: detected capacity change from 0 to 512 [ 57.131295][ T5206] ext4 filesystem being mounted at /107/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.153042][ T5206] random: crng reseeded on system resumption [ 57.180976][ T5212] loop0: detected capacity change from 0 to 512 [ 57.188127][ T5212] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 57.201785][ T5212] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.616: invalid indirect mapped block 4294967295 (level 0) [ 57.216128][ T5212] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.616: invalid indirect mapped block 4294967295 (level 1) [ 57.231183][ T5212] EXT4-fs (loop0): 1 orphan inode deleted [ 57.236900][ T5212] EXT4-fs (loop0): 1 truncate cleaned up [ 57.248747][ T5212] EXT4-fs error (device loop0): ext4_lookup:1787: inode #15: comm syz.0.616: iget: bad extra_isize 46 (inode size 256) [ 57.298967][ T5218] loop0: detected capacity change from 0 to 1024 [ 57.305946][ T5218] ext3: Bad value for 'mb_optimize_scan' [ 57.349731][ T5222] loop0: detected capacity change from 0 to 512 [ 57.356331][ T5222] EXT4-fs: Ignoring removed oldalloc option [ 57.362464][ T5222] EXT4-fs (loop0): Invalid default hash set in the superblock [ 57.385345][ T5224] lo speed is unknown, defaulting to 1000 [ 57.393530][ T5224] lo speed is unknown, defaulting to 1000 [ 57.399558][ T5224] lo speed is unknown, defaulting to 1000 [ 57.405506][ T5224] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 57.413099][ T5224] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 57.437193][ T5224] lo speed is unknown, defaulting to 1000 [ 57.444239][ T5224] lo speed is unknown, defaulting to 1000 [ 57.452219][ T5224] lo speed is unknown, defaulting to 1000 [ 57.458336][ T5224] lo speed is unknown, defaulting to 1000 [ 57.465496][ T5224] lo speed is unknown, defaulting to 1000 [ 57.475891][ T5227] loop4: detected capacity change from 0 to 512 [ 57.591408][ T5242] loop1: detected capacity change from 0 to 256 [ 57.598019][ T5242] vfat: Unknown parameter 'ÿÿÿÿ' [ 57.605624][ T5242] SELinux: policydb version 531 does not match my version range 15-35 [ 57.614962][ T5242] SELinux: failed to load policy [ 57.624447][ T5244] loop2: detected capacity change from 0 to 512 [ 57.632870][ T5244] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 57.652686][ T5244] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.628: invalid indirect mapped block 4294967295 (level 0) [ 57.666956][ T5244] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.628: invalid indirect mapped block 4294967295 (level 1) [ 57.681441][ T5244] EXT4-fs (loop2): 1 orphan inode deleted [ 57.687231][ T5244] EXT4-fs (loop2): 1 truncate cleaned up [ 57.704649][ T5244] EXT4-fs error (device loop2): ext4_lookup:1787: inode #15: comm syz.2.628: iget: bad extra_isize 46 (inode size 256) [ 57.706637][ T5249] loop1: detected capacity change from 0 to 1024 [ 57.726439][ T5249] ext3: Bad value for 'mb_optimize_scan' [ 57.775223][ T5255] FAULT_INJECTION: forcing a failure. [ 57.775223][ T5255] name failslab, interval 1, probability 0, space 0, times 0 [ 57.787834][ T5255] CPU: 1 UID: 0 PID: 5255 Comm: syz.1.633 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(voluntary) [ 57.787861][ T5255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 57.787873][ T5255] Call Trace: [ 57.787880][ T5255] [ 57.787887][ T5255] __dump_stack+0x1d/0x30 [ 57.787990][ T5255] dump_stack_lvl+0xe8/0x140 [ 57.788063][ T5255] dump_stack+0x15/0x1b [ 57.788077][ T5255] should_fail_ex+0x265/0x280 [ 57.788096][ T5255] should_failslab+0x8c/0xb0 [ 57.788188][ T5255] kmem_cache_alloc_noprof+0x50/0x310 [ 57.788215][ T5255] ? alloc_empty_file+0x76/0x200 [ 57.788245][ T5255] alloc_empty_file+0x76/0x200 [ 57.788278][ T5255] alloc_file_pseudo+0xc6/0x160 [ 57.788391][ T5255] aio_setup_ring+0x133/0x760 [ 57.788432][ T5255] ioctx_alloc+0x2c4/0x4e0 [ 57.788455][ T5255] ? fput+0x8f/0xc0 [ 57.788485][ T5255] __se_sys_io_setup+0x6b/0x1b0 [ 57.788509][ T5255] __x64_sys_io_setup+0x31/0x40 [ 57.788605][ T5255] x64_sys_call+0x2eff/0x2ff0 [ 57.788626][ T5255] do_syscall_64+0xd2/0x200 [ 57.788652][ T5255] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 57.788674][ T5255] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 57.788740][ T5255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.788760][ T5255] RIP: 0033:0x7fea2dbcebe9 [ 57.788774][ T5255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.788790][ T5255] RSP: 002b:00007fea2c62f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 57.788809][ T5255] RAX: ffffffffffffffda RBX: 00007fea2ddf5fa0 RCX: 00007fea2dbcebe9 [ 57.788844][ T5255] RDX: 0000000000000000 RSI: 0000200000000680 RDI: 0000000000002004 [ 57.788856][ T5255] RBP: 00007fea2c62f090 R08: 0000000000000000 R09: 0000000000000000 [ 57.788891][ T5255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 57.788903][ T5255] R13: 00007fea2ddf6038 R14: 00007fea2ddf5fa0 R15: 00007ffefc32c688 [ 57.788987][ T5255] [ 58.004276][ T29] kauditd_printk_skb: 446 callbacks suppressed [ 58.004290][ T29] audit: type=1326 audit(1755601426.763:2811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5258 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 58.033834][ T29] audit: type=1326 audit(1755601426.763:2812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5258 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 58.057137][ T29] audit: type=1326 audit(1755601426.763:2813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5258 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 58.080503][ T29] audit: type=1326 audit(1755601426.763:2814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5258 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 58.103834][ T29] audit: type=1326 audit(1755601426.763:2815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5258 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 58.127340][ T29] audit: type=1326 audit(1755601426.763:2816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5258 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 58.150693][ T29] audit: type=1326 audit(1755601426.763:2817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5258 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 58.173964][ T29] audit: type=1326 audit(1755601426.763:2818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5258 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 58.197250][ T29] audit: type=1326 audit(1755601426.763:2819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5258 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 58.220520][ T29] audit: type=1326 audit(1755601426.763:2820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5258 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea2dbcebe9 code=0x7ffc0000 [ 58.354554][ T5267] team0 (unregistering): Port device team_slave_0 removed [ 58.361939][ T5269] loop4: detected capacity change from 0 to 512 [ 58.371533][ T5267] team0 (unregistering): Port device team_slave_1 removed [ 58.390179][ T5269] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 58.398084][ T5269] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 58.406323][ T5269] System zones: 0-1, 15-15, 18-18, 34-34 [ 58.413327][ T5269] EXT4-fs (loop4): orphan cleanup on readonly fs [ 58.422989][ T5269] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 58.437544][ T5269] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 58.444479][ T5269] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.639: bg 0: block 40: padding at end of block bitmap is not set [ 58.459068][ T5269] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 58.467840][ T5269] EXT4-fs (loop4): 1 truncate cleaned up [ 58.491061][ T5276] loop0: detected capacity change from 0 to 512 [ 58.498785][ T5276] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 58.510356][ T5276] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.641: invalid indirect mapped block 4294967295 (level 0) [ 58.530145][ T5276] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.641: invalid indirect mapped block 4294967295 (level 1) [ 58.544188][ T5279] loop4: detected capacity change from 0 to 1024 [ 58.549302][ T5276] EXT4-fs (loop0): 1 orphan inode deleted [ 58.552065][ T5279] ext3: Bad value for 'mb_optimize_scan' [ 58.556255][ T5276] EXT4-fs (loop0): 1 truncate cleaned up [ 58.595143][ T5281] wireguard0: entered promiscuous mode [ 58.598665][ T5276] EXT4-fs error (device loop0): ext4_lookup:1787: inode #15: comm syz.0.641: iget: bad extra_isize 46 (inode size 256) [ 58.600660][ T5281] wireguard0: entered allmulticast mode [ 58.655022][ T5289] loop4: detected capacity change from 0 to 1024 [ 58.663025][ T5289] EXT4-fs: Ignoring removed mblk_io_submit option [ 58.696797][ T5295] loop0: detected capacity change from 0 to 512 [ 58.703382][ T5295] EXT4-fs: Ignoring removed oldalloc option [ 58.710692][ T5295] EXT4-fs: Mount option(s) incompatible with ext2 [ 58.914285][ T5311] loop1: detected capacity change from 0 to 2048 [ 58.961376][ T5317] loop0: detected capacity change from 0 to 1024 [ 58.968003][ T5317] ext3: Bad value for 'mb_optimize_scan' [ 59.100834][ T5332] netlink: 'wÞ£ÿ': attribute type 9 has an invalid length. [ 59.134769][ T5334] $Hÿ: renamed from bond0 (while UP) [ 59.140500][ T5336] netlink: 'syz.0.661': attribute type 21 has an invalid length. [ 59.148241][ T5336] netlink: 'syz.0.661': attribute type 15 has an invalid length. [ 59.157924][ T5334] $Hÿ: entered promiscuous mode [ 59.163390][ T5334] bond_slave_0: entered promiscuous mode [ 59.169484][ T5334] bond_slave_1: entered promiscuous mode [ 59.206153][ T5334] loop1: detected capacity change from 0 to 8192 [ 59.327870][ T5345] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 59.337653][ T5345] Driver unsupported XDP return value 0 on prog (id 344) dev N/A, expect packet loss! [ 59.365733][ T5347] 9pnet_fd: Insufficient options for proto=fd [ 59.401406][ T5351] syzkaller0: entered promiscuous mode [ 59.406891][ T5351] syzkaller0: entered allmulticast mode [ 59.647772][ T5381] 9pnet_fd: Insufficient options for proto=fd [ 59.746580][ T5393] lo speed is unknown, defaulting to 1000 [ 59.849199][ T5401] lo speed is unknown, defaulting to 1000 [ 60.151601][ T5405] loop0: detected capacity change from 0 to 512 [ 60.170990][ T5405] ext4 filesystem being mounted at /130/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.192178][ T5405] random: crng reseeded on system resumption [ 60.297876][ T5423] syzkaller1: entered promiscuous mode [ 60.303533][ T5423] syzkaller1: entered allmulticast mode [ 60.415200][ T5426] 9pnet_fd: Insufficient options for proto=fd [ 60.491277][ T5433] loop1: detected capacity change from 0 to 2048 [ 60.618547][ T5440] loop2: detected capacity change from 0 to 512 [ 60.646021][ T5444] loop3: detected capacity change from 0 to 1024 [ 60.659060][ T5444] ext3: Bad value for 'mb_optimize_scan' [ 60.668486][ T5443] loop1: detected capacity change from 0 to 512 [ 60.685901][ T5444] __nla_validate_parse: 37 callbacks suppressed [ 60.685915][ T5444] netlink: 12 bytes leftover after parsing attributes in process `syz.3.699'. [ 60.725044][ T5443] ext4 filesystem being mounted at /144/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.735600][ T5440] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 60.766381][ T5440] EXT4-fs (loop2): orphan cleanup on readonly fs [ 60.778435][ T5440] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 60.794484][ T5443] random: crng reseeded on system resumption [ 60.794554][ T5440] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 60.807571][ T5440] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.697: bg 0: block 40: padding at end of block bitmap is not set [ 60.833453][ T5440] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 60.844168][ T5440] EXT4-fs (loop2): 1 truncate cleaned up [ 61.169624][ T5475] loop3: detected capacity change from 0 to 128 [ 61.222670][ T5475] syz.3.708: attempt to access beyond end of device [ 61.222670][ T5475] loop3: rw=0, sector=121, nr_sectors = 920 limit=128 [ 61.290396][ T5479] netlink: 36 bytes leftover after parsing attributes in process `syz.2.709'. [ 61.299358][ T5479] netlink: 16 bytes leftover after parsing attributes in process `syz.2.709'. [ 61.308235][ T5479] netlink: 36 bytes leftover after parsing attributes in process `syz.2.709'. [ 61.318964][ T5479] netlink: 36 bytes leftover after parsing attributes in process `syz.2.709'. [ 61.353326][ T5481] loop3: detected capacity change from 0 to 1024 [ 61.363927][ T5481] ext3: Bad value for 'mb_optimize_scan' [ 61.373742][ T5481] netlink: 12 bytes leftover after parsing attributes in process `syz.3.710'. [ 61.459693][ T5486] netlink: 8 bytes leftover after parsing attributes in process `syz.3.711'. [ 61.491464][ T5487] netlink: 8 bytes leftover after parsing attributes in process `syz.4.712'. [ 61.606169][ T5493] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5493 comm=syz.0.715 [ 61.618601][ T5493] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5493 comm=syz.0.715 [ 61.637733][ T5495] netlink: 64 bytes leftover after parsing attributes in process `syz.4.716'. [ 61.708749][ C0] hrtimer: interrupt took 44420 ns [ 61.769298][ T5497] lo speed is unknown, defaulting to 1000 [ 61.868081][ T5507] lo speed is unknown, defaulting to 1000 [ 61.958621][ T5515] FAULT_INJECTION: forcing a failure. [ 61.958621][ T5515] name failslab, interval 1, probability 0, space 0, times 0 [ 61.971389][ T5515] CPU: 0 UID: 0 PID: 5515 Comm: syz.0.721 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(voluntary) [ 61.971484][ T5515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 61.971497][ T5515] Call Trace: [ 61.971502][ T5515] [ 61.971508][ T5515] __dump_stack+0x1d/0x30 [ 61.971526][ T5515] dump_stack_lvl+0xe8/0x140 [ 61.971542][ T5515] dump_stack+0x15/0x1b [ 61.971665][ T5515] should_fail_ex+0x265/0x280 [ 61.971688][ T5515] should_failslab+0x8c/0xb0 [ 61.971720][ T5515] kmem_cache_alloc_node_noprof+0x57/0x320 [ 61.971792][ T5515] ? __alloc_skb+0x101/0x320 [ 61.971825][ T5515] ? ip6_pol_route+0x9ae/0xb40 [ 61.971849][ T5515] __alloc_skb+0x101/0x320 [ 61.971880][ T5515] alloc_skb_with_frags+0x7d/0x470 [ 61.971940][ T5515] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 61.971970][ T5515] ? fib6_rule_lookup+0x23f/0x470 [ 61.971989][ T5515] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 61.972122][ T5515] ? css_rstat_updated+0xb7/0x240 [ 61.972152][ T5515] ? xas_load+0x413/0x430 [ 61.972178][ T5515] sock_alloc_send_pskb+0x43a/0x4f0 [ 61.972205][ T5515] ? xfrm_lookup_with_ifid+0x10c2/0x1360 [ 61.972298][ T5515] rawv6_send_hdrinc+0x167/0xae0 [ 61.972320][ T5515] ? xas_load+0x413/0x430 [ 61.972345][ T5515] ? xfrm_lookup_route+0xd6/0x110 [ 61.972436][ T5515] rawv6_sendmsg+0xe23/0xf80 [ 61.972466][ T5515] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 61.972486][ T5515] inet_sendmsg+0xc5/0xd0 [ 61.972507][ T5515] __sock_sendmsg+0x102/0x180 [ 61.972535][ T5515] ____sys_sendmsg+0x345/0x4e0 [ 61.972606][ T5515] ___sys_sendmsg+0x17b/0x1d0 [ 61.972642][ T5515] __sys_sendmmsg+0x178/0x300 [ 61.972720][ T5515] __x64_sys_sendmmsg+0x57/0x70 [ 61.972742][ T5515] x64_sys_call+0x1c4a/0x2ff0 [ 61.972838][ T5515] do_syscall_64+0xd2/0x200 [ 61.972865][ T5515] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 61.972962][ T5515] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 61.972987][ T5515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.973009][ T5515] RIP: 0033:0x7fc963e4ebe9 [ 61.973024][ T5515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.973047][ T5515] RSP: 002b:00007fc9628af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 61.973066][ T5515] RAX: ffffffffffffffda RBX: 00007fc964075fa0 RCX: 00007fc963e4ebe9 [ 61.973079][ T5515] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000003 [ 61.973143][ T5515] RBP: 00007fc9628af090 R08: 0000000000000000 R09: 0000000000000000 [ 61.973155][ T5515] R10: 0000000000044080 R11: 0000000000000246 R12: 0000000000000001 [ 61.973168][ T5515] R13: 00007fc964076038 R14: 00007fc964075fa0 R15: 00007ffc47b21ee8 [ 61.973186][ T5515] [ 62.289863][ T5519] loop2: detected capacity change from 0 to 512 [ 62.314545][ T5519] ext4 filesystem being mounted at /144/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.314568][ T5522] loop1: detected capacity change from 0 to 1024 [ 62.334949][ T5522] ext3: Bad value for 'mb_optimize_scan' [ 62.414346][ T5531] loop0: detected capacity change from 0 to 512 [ 62.455222][ T5522] netlink: 12 bytes leftover after parsing attributes in process `syz.1.722'. [ 62.466625][ T5531] ext4 filesystem being mounted at /141/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.569776][ T5544] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 62.576350][ T5544] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 62.584113][ T5544] vhci_hcd vhci_hcd.0: Device attached [ 62.616103][ T5541] tipc: Started in network mode [ 62.621171][ T5541] tipc: Node identity ac1414aa, cluster identity 4711 [ 62.632411][ T5545] vhci_hcd: connection closed [ 62.632973][ T2054] vhci_hcd: stop threads [ 62.639337][ T5555] FAULT_INJECTION: forcing a failure. [ 62.639337][ T5555] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 62.641928][ T2054] vhci_hcd: release socket [ 62.654906][ T5555] CPU: 1 UID: 0 PID: 5555 Comm: syz.0.733 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(voluntary) [ 62.654940][ T5555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 62.654953][ T5555] Call Trace: [ 62.654958][ T5555] [ 62.654965][ T5555] __dump_stack+0x1d/0x30 [ 62.654986][ T5555] dump_stack_lvl+0xe8/0x140 [ 62.655072][ T5555] dump_stack+0x15/0x1b [ 62.655089][ T5555] should_fail_ex+0x265/0x280 [ 62.655109][ T5555] should_fail+0xb/0x20 [ 62.655126][ T5555] should_fail_usercopy+0x1a/0x20 [ 62.655149][ T5555] _copy_from_user+0x1c/0xb0 [ 62.655176][ T5555] do_tcp_setsockopt+0x41c/0x1670 [ 62.655210][ T5555] ? selinux_netlbl_socket_setsockopt+0x1f9/0x2d0 [ 62.655309][ T5555] tcp_setsockopt+0x51/0xb0 [ 62.655328][ T5555] sock_common_setsockopt+0x69/0x80 [ 62.655356][ T5555] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 62.655464][ T5555] smc_setsockopt+0x180/0x750 [ 62.655493][ T5555] ? __pfx_smc_setsockopt+0x10/0x10 [ 62.655520][ T5555] __sys_setsockopt+0x181/0x200 [ 62.655584][ T5555] __x64_sys_setsockopt+0x64/0x80 [ 62.655604][ T5555] x64_sys_call+0x20ec/0x2ff0 [ 62.655698][ T5555] do_syscall_64+0xd2/0x200 [ 62.655723][ T5555] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 62.655747][ T5555] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 62.655779][ T5555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.655800][ T5555] RIP: 0033:0x7fc963e4ebe9 [ 62.655814][ T5555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.655837][ T5555] RSP: 002b:00007fc9628af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 62.655855][ T5555] RAX: ffffffffffffffda RBX: 00007fc964075fa0 RCX: 00007fc963e4ebe9 [ 62.655867][ T5555] RDX: 0000000000000007 RSI: 0000000000000006 RDI: 0000000000000003 [ 62.655879][ T5555] RBP: 00007fc9628af090 R08: 0000000000000004 R09: 0000000000000000 [ 62.655890][ T5555] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001 [ 62.655954][ T5555] R13: 00007fc964076038 R14: 00007fc964075fa0 R15: 00007ffc47b21ee8 [ 62.655971][ T5555] [ 62.673023][ T5541] tipc: Enabled bearer , priority 10 [ 62.681822][ T2054] vhci_hcd: disconnect device [ 62.689596][ T5557] syzkaller1: entered promiscuous mode [ 62.884536][ T5557] syzkaller1: entered allmulticast mode [ 62.900371][ T5548] syzkaller0: entered promiscuous mode [ 62.905860][ T5548] syzkaller0: entered allmulticast mode [ 62.916376][ T5573] loop0: detected capacity change from 0 to 512 [ 62.949885][ T5573] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 62.957795][ T5573] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 62.983633][ T5573] System zones: 0-1, 15-15, 18-18, 34-34 [ 62.990159][ T5573] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.996542][ T5573] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 63.011148][ T5573] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 63.019813][ T5573] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.738: bg 0: block 40: padding at end of block bitmap is not set [ 63.038945][ T5573] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 63.054963][ T5573] EXT4-fs (loop0): 1 truncate cleaned up [ 63.108110][ T5594] loop1: detected capacity change from 0 to 1024 [ 63.115473][ T5594] ext3: Bad value for 'mb_optimize_scan' [ 63.126983][ T5602] loop0: detected capacity change from 0 to 512 [ 63.142484][ T5602] ext4 filesystem being mounted at /147/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.172740][ T5610] loop4: detected capacity change from 0 to 1024 [ 63.199091][ T5610] EXT4-fs: Ignoring removed bh option [ 63.211568][ T5610] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 63.229802][ T5610] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e840e118, mo2=0000] [ 63.237452][ T5618] loop2: detected capacity change from 0 to 512 [ 63.238152][ T5610] System zones: 0-1, 3-12 [ 63.257092][ T5610] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #3: block 1: comm syz.4.742: lblock 1 mapped to illegal pblock 1 (length 1) [ 63.273409][ T5610] __quota_error: 477 callbacks suppressed [ 63.273420][ T5610] Quota error (device loop4): write_blk: dquota write failed [ 63.286609][ T5610] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 63.290263][ T5618] ext4 filesystem being mounted at /148/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.297100][ T5610] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.742: Failed to acquire dquot type 0 [ 63.335989][ T5618] Quota error (device loop2): do_check_range: Getting block 4128768 out of range 0-5 [ 63.373858][ T5610] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.742: Freeing blocks not in datazone - block = 0, count = 4096 [ 63.388446][ T5610] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.742: Invalid inode bitmap blk 0 in block_group 0 [ 63.401677][ T1711] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 63.423135][ T1711] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 63.431636][ T1711] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:6: Failed to release dquot type 0 [ 63.439756][ T5610] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 63.461958][ T29] audit: type=1400 audit(1755601432.223:3295): avc: denied { mount } for pid=5630 comm="syz.0.746" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 63.493709][ T5610] EXT4-fs (loop4): 1 orphan inode deleted [ 63.501773][ T29] audit: type=1400 audit(1755601432.253:3296): avc: denied { unmount } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 63.511805][ T5603] batadv_slave_1: entered promiscuous mode [ 63.523151][ T29] audit: type=1400 audit(1755601432.273:3297): avc: denied { create } for pid=5599 comm="syz.4.742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 63.547222][ T29] audit: type=1400 audit(1755601432.273:3298): avc: denied { write } for pid=5599 comm="syz.4.742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 63.568592][ T5599] batadv_slave_1: left promiscuous mode [ 63.652694][ T29] audit: type=1326 audit(1755601432.413:3299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5650 comm="syz.0.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 63.676147][ T29] audit: type=1326 audit(1755601432.413:3300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5650 comm="syz.0.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 63.700386][ T3364] tipc: Node number set to 2886997162 [ 63.728536][ T5662] syzkaller1: entered promiscuous mode [ 63.734165][ T5662] syzkaller1: entered allmulticast mode [ 63.751799][ T5666] futex_wake_op: syz.0.753 tries to shift op by 36; fix this program [ 63.904454][ T5676] FAULT_INJECTION: forcing a failure. [ 63.904454][ T5676] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 63.917599][ T5676] CPU: 1 UID: 0 PID: 5676 Comm: syz.0.755 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(voluntary) [ 63.917670][ T5676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 63.917681][ T5676] Call Trace: [ 63.917687][ T5676] [ 63.917694][ T5676] __dump_stack+0x1d/0x30 [ 63.917716][ T5676] dump_stack_lvl+0xe8/0x140 [ 63.917735][ T5676] dump_stack+0x15/0x1b [ 63.917749][ T5676] should_fail_ex+0x265/0x280 [ 63.917841][ T5676] should_fail+0xb/0x20 [ 63.917855][ T5676] should_fail_usercopy+0x1a/0x20 [ 63.917884][ T5676] _copy_to_user+0x20/0xa0 [ 63.917914][ T5676] simple_read_from_buffer+0xb5/0x130 [ 63.917936][ T5676] proc_fail_nth_read+0x10e/0x150 [ 63.917965][ T5676] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 63.917989][ T5676] vfs_read+0x1a8/0x770 [ 63.918010][ T5676] ? __rcu_read_unlock+0x4f/0x70 [ 63.918030][ T5676] ? __fget_files+0x184/0x1c0 [ 63.918074][ T5676] ksys_read+0xda/0x1a0 [ 63.918098][ T5676] __x64_sys_read+0x40/0x50 [ 63.918120][ T5676] x64_sys_call+0x27bc/0x2ff0 [ 63.918141][ T5676] do_syscall_64+0xd2/0x200 [ 63.918230][ T5676] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 63.918331][ T5676] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 63.918357][ T5676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.918406][ T5676] RIP: 0033:0x7fc963e4d5fc [ 63.918492][ T5676] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 63.918510][ T5676] RSP: 002b:00007fc9628af030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 63.918527][ T5676] RAX: ffffffffffffffda RBX: 00007fc964075fa0 RCX: 00007fc963e4d5fc [ 63.918537][ T5676] RDX: 000000000000000f RSI: 00007fc9628af0a0 RDI: 0000000000000005 [ 63.918547][ T5676] RBP: 00007fc9628af090 R08: 0000000000000000 R09: 0000000000000000 [ 63.918558][ T5676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 63.918568][ T5676] R13: 00007fc964076038 R14: 00007fc964075fa0 R15: 00007ffc47b21ee8 [ 63.918639][ T5676] [ 64.129828][ T5677] lo speed is unknown, defaulting to 1000 [ 64.371419][ T5690] capability: warning: `syz.4.756' uses 32-bit capabilities (legacy support in use) [ 64.660244][ T5754] syzkaller1: entered promiscuous mode [ 64.665771][ T5754] syzkaller1: entered allmulticast mode [ 64.776489][ T5771] loop1: detected capacity change from 0 to 1024 [ 64.786226][ T5771] ext3: Bad value for 'mb_optimize_scan' [ 65.322455][ T5821] FAULT_INJECTION: forcing a failure. [ 65.322455][ T5821] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 65.335752][ T5821] CPU: 0 UID: 0 PID: 5821 Comm: syz.0.774 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(voluntary) [ 65.335821][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 65.335832][ T5821] Call Trace: [ 65.335836][ T5821] [ 65.335840][ T5821] __dump_stack+0x1d/0x30 [ 65.335853][ T5821] dump_stack_lvl+0xe8/0x140 [ 65.335863][ T5821] dump_stack+0x15/0x1b [ 65.335872][ T5821] should_fail_ex+0x265/0x280 [ 65.335939][ T5821] should_fail_alloc_page+0xf2/0x100 [ 65.335965][ T5821] __alloc_frozen_pages_noprof+0xff/0x360 [ 65.335997][ T5821] alloc_pages_mpol+0xb3/0x250 [ 65.336015][ T5821] alloc_pages_noprof+0x90/0x130 [ 65.336092][ T5821] pgd_alloc+0x51/0x2e0 [ 65.336105][ T5821] mm_init+0x377/0x7f0 [ 65.336125][ T5821] ? kmem_cache_alloc_noprof+0x220/0x310 [ 65.336196][ T5821] copy_mm+0x101/0x370 [ 65.336224][ T5821] copy_process+0xd08/0x2000 [ 65.336241][ T5821] kernel_clone+0x16c/0x5c0 [ 65.336254][ T5821] ? vfs_write+0x7e8/0x960 [ 65.336271][ T5821] __x64_sys_clone+0xe6/0x120 [ 65.336289][ T5821] x64_sys_call+0x119c/0x2ff0 [ 65.336300][ T5821] do_syscall_64+0xd2/0x200 [ 65.336325][ T5821] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 65.336338][ T5821] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 65.336352][ T5821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.336396][ T5821] RIP: 0033:0x7fc963e4ebe9 [ 65.336405][ T5821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.336451][ T5821] RSP: 002b:00007fc9628aefe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 65.336462][ T5821] RAX: ffffffffffffffda RBX: 00007fc964075fa0 RCX: 00007fc963e4ebe9 [ 65.336548][ T5821] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000022023400 [ 65.336561][ T5821] RBP: 00007fc9628af090 R08: 0000000000000000 R09: 0000000000000000 [ 65.336569][ T5821] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 65.336583][ T5821] R13: 00007fc964076038 R14: 00007fc964075fa0 R15: 00007ffc47b21ee8 [ 65.336593][ T5821] [ 65.583068][ T5825] syzkaller1: entered promiscuous mode [ 65.588583][ T5825] syzkaller1: entered allmulticast mode [ 65.700143][ T5836] __nla_validate_parse: 9 callbacks suppressed [ 65.700158][ T5836] netlink: 12 bytes leftover after parsing attributes in process `syz.3.781'. [ 65.792033][ T5843] netlink: 36 bytes leftover after parsing attributes in process `syz.1.782'. [ 65.801015][ T5843] netlink: 16 bytes leftover after parsing attributes in process `syz.1.782'. [ 65.809980][ T5843] netlink: 36 bytes leftover after parsing attributes in process `syz.1.782'. [ 65.823216][ T5843] netlink: 36 bytes leftover after parsing attributes in process `syz.1.782'. [ 65.823564][ T5844] loop3: detected capacity change from 0 to 512 [ 65.856316][ T5844] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 65.864336][ T5844] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 65.873548][ T5844] System zones: 0-1, 15-15, 18-18, 34-34 [ 65.879977][ T5844] EXT4-fs (loop3): orphan cleanup on readonly fs [ 65.886362][ T5844] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 65.900977][ T5844] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 65.912907][ T5844] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.783: bg 0: block 40: padding at end of block bitmap is not set [ 65.928128][ T5844] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 65.937186][ T5844] EXT4-fs (loop3): 1 truncate cleaned up [ 65.944462][ T5844] EXT4-fs mount: 90 callbacks suppressed [ 65.944472][ T5844] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 65.999931][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.000371][ T5855] syzkaller1: entered promiscuous mode [ 66.014404][ T5855] syzkaller1: entered allmulticast mode [ 66.047667][ T5859] netlink: 8 bytes leftover after parsing attributes in process `syz.3.790'. [ 66.106955][ T5860] lo speed is unknown, defaulting to 1000 [ 66.317525][ T5863] netlink: 8 bytes leftover after parsing attributes in process `syz.0.791'. [ 66.326389][ T5863] netlink: 8 bytes leftover after parsing attributes in process `syz.0.791'. [ 66.373659][ T5863] loop0: detected capacity change from 0 to 512 [ 66.446242][ T5866] loop3: detected capacity change from 0 to 1024 [ 66.456522][ T5866] ext3: Bad value for 'mb_optimize_scan' [ 66.469402][ T5866] netlink: 40 bytes leftover after parsing attributes in process `syz.3.793'. [ 66.493178][ T5863] EXT4-fs (loop0): 1 orphan inode deleted [ 66.500438][ T5866] netlink: 12 bytes leftover after parsing attributes in process `syz.3.793'. [ 66.501022][ T5863] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 66.524929][ T134] EXT4-fs error (device loop0): ext4_release_dquot:6973: comm kworker/u8:4: Failed to release dquot type 1 [ 66.530899][ T5863] ext4 filesystem being mounted at /165/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.576780][ T5863] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.590243][ T5875] mmap: syz.1.796 (5875) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 66.677815][ T5885] syzkaller1: entered promiscuous mode [ 66.683402][ T5885] syzkaller1: entered allmulticast mode [ 66.713983][ T5894] loop3: detected capacity change from 0 to 512 [ 66.730012][ T5894] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 66.766582][ T5894] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.803: invalid indirect mapped block 4294967295 (level 0) [ 66.781939][ T5894] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.803: invalid indirect mapped block 4294967295 (level 1) [ 66.796684][ T5894] EXT4-fs (loop3): 1 orphan inode deleted [ 66.802453][ T5894] EXT4-fs (loop3): 1 truncate cleaned up [ 66.808671][ T5894] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 66.827883][ T5897] loop2: detected capacity change from 0 to 1024 [ 66.835476][ T5897] ext3: Bad value for 'mb_optimize_scan' [ 66.858400][ T5894] EXT4-fs error (device loop3): ext4_lookup:1787: inode #15: comm syz.3.803: iget: bad extra_isize 46 (inode size 256) [ 66.942477][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.118265][ T5987] syzkaller1: entered promiscuous mode [ 67.123784][ T5987] syzkaller1: entered allmulticast mode [ 67.204074][ T5992] loop1: detected capacity change from 0 to 256 [ 67.219634][ T5992] vfat: Unknown parameter '' [ 67.344737][ T5995] atomic_op ffff88810a801d28 conn xmit_atomic 0000000000000000 [ 67.453104][ T6000] team1: entered promiscuous mode [ 67.458154][ T6000] team1: entered allmulticast mode [ 67.895201][ T6031] loop0: detected capacity change from 0 to 512 [ 67.920266][ T6031] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 67.928281][ T6031] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 67.937932][ T6031] System zones: 0-1, 15-15, 18-18, 34-34 [ 67.944989][ T6031] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.967196][ T6031] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 67.981877][ T6031] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 67.988800][ T6031] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.838: bg 0: block 40: padding at end of block bitmap is not set [ 68.005782][ T6031] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 68.017881][ T6031] EXT4-fs (loop0): 1 truncate cleaned up [ 68.024974][ T6031] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 68.058278][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.058337][ T6038] loop4: detected capacity change from 0 to 512 [ 68.084675][ T6038] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 68.119000][ T6038] ext4 filesystem being mounted at /149/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 68.155054][ T6048] loop3: detected capacity change from 0 to 1024 [ 68.161826][ T6048] ext3: Bad value for 'mb_optimize_scan' [ 68.266206][ T6062] loop3: detected capacity change from 0 to 512 [ 68.272714][ T6060] loop0: detected capacity change from 0 to 1024 [ 68.293275][ T6060] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 68.298406][ T6062] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 68.313255][ T6062] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 68.321280][ T29] kauditd_printk_skb: 599 callbacks suppressed [ 68.321291][ T29] audit: type=1326 audit(1755601437.063:3897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6059 comm="syz.0.848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 68.350765][ T29] audit: type=1326 audit(1755601437.063:3898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6059 comm="syz.0.848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 68.354423][ T6062] System zones: 0-1 [ 68.374074][ T29] audit: type=1326 audit(1755601437.073:3899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6059 comm="syz.0.848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 68.374182][ T29] audit: type=1326 audit(1755601437.073:3900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6059 comm="syz.0.848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 68.374205][ T29] audit: type=1326 audit(1755601437.073:3901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6059 comm="syz.0.848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 68.378035][ T6062] , 15-15 [ 68.401337][ T29] audit: type=1326 audit(1755601437.073:3902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6059 comm="syz.0.848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 68.424547][ T6062] , 18-18 [ 68.447727][ T29] audit: type=1326 audit(1755601437.073:3903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6059 comm="syz.0.848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 68.450670][ T6062] , 34-34 [ 68.473945][ T29] audit: type=1326 audit(1755601437.073:3904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6059 comm="syz.0.848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 68.477098][ T6062] EXT4-fs (loop3): orphan cleanup on readonly fs [ 68.500180][ T29] audit: type=1326 audit(1755601437.073:3905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6059 comm="syz.0.848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963e4ebe9 code=0x7ffc0000 [ 68.526904][ T6062] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 68.567973][ T6062] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 68.582547][ T6062] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 68.590272][ T6062] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.849: bg 0: block 40: padding at end of block bitmap is not set [ 68.605097][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.605649][ T6062] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 68.619166][ T6068] netlink: 'syz.1.851': attribute type 16 has an invalid length. [ 68.623960][ T6062] EXT4-fs (loop3): 1 truncate cleaned up [ 68.633285][ T6068] netlink: 'syz.1.851': attribute type 16 has an invalid length. [ 68.644517][ T6062] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 68.701007][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.710957][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.749884][ T6079] loop3: detected capacity change from 0 to 1024 [ 68.782752][ T6086] capability: warning: `syz.1.858' uses deprecated v2 capabilities in a way that may be insecure [ 68.794932][ T6079] ext3: Bad value for 'mb_optimize_scan' [ 68.841515][ T6090] sg_write: data in/out 49276/1 bytes for SCSI command 0x1c-- guessing data in; [ 68.841515][ T6090] program syz.2.860 not setting count and/or reply_len properly [ 68.893779][ T6099] SELinux: policydb string length 385875976 does not match expected length 8 [ 68.906924][ T6099] SELinux: failed to load policy [ 68.925412][ T6103] loop1: detected capacity change from 0 to 512 [ 68.941138][ T6103] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 68.949103][ T6103] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 68.960284][ T6103] System zones: 0-1, 15-15, 18-18, 34-34 [ 68.968268][ T6103] EXT4-fs (loop1): orphan cleanup on readonly fs [ 68.980160][ T6103] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 68.994828][ T6103] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 69.001978][ T6103] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.866: bg 0: block 40: padding at end of block bitmap is not set [ 69.018824][ T6103] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 69.028842][ T6103] EXT4-fs (loop1): 1 truncate cleaned up [ 69.035110][ T6103] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 69.060760][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.093731][ T6122] loop1: detected capacity change from 0 to 512 [ 69.100974][ T6122] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 69.113298][ T6122] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.873: invalid indirect mapped block 4294967295 (level 0) [ 69.137411][ T6122] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.873: invalid indirect mapped block 4294967295 (level 1) [ 69.151728][ T6122] EXT4-fs (loop1): 1 orphan inode deleted [ 69.157449][ T6122] EXT4-fs (loop1): 1 truncate cleaned up [ 69.163700][ T6122] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 69.182907][ T6122] EXT4-fs error (device loop1): ext4_lookup:1787: inode #15: comm syz.1.873: iget: bad extra_isize 46 (inode size 256) [ 69.216754][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.379950][ T6142] loop1: detected capacity change from 0 to 512 [ 69.390658][ T6142] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.395483][ T6145] loop4: detected capacity change from 0 to 512 [ 69.403381][ T6142] ext4 filesystem being mounted at /189/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 69.431783][ T6145] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.444351][ T6145] ext4 filesystem being mounted at /162/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 69.467771][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.485335][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.735991][ T6158] netlink: 'syz.0.887': attribute type 27 has an invalid length. [ 69.951628][ T6158] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.958922][ T6158] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.110061][ T6170] FAULT_INJECTION: forcing a failure. [ 70.110061][ T6170] name failslab, interval 1, probability 0, space 0, times 0 [ 70.122687][ T6170] CPU: 0 UID: 0 PID: 6170 Comm: syz.3.890 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(voluntary) [ 70.122716][ T6170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 70.122727][ T6170] Call Trace: [ 70.122731][ T6170] [ 70.122742][ T6170] __dump_stack+0x1d/0x30 [ 70.122759][ T6170] dump_stack_lvl+0xe8/0x140 [ 70.122784][ T6170] dump_stack+0x15/0x1b [ 70.122801][ T6170] should_fail_ex+0x265/0x280 [ 70.122888][ T6170] ? do_eventfd+0x5c/0x1b0 [ 70.122910][ T6170] should_failslab+0x8c/0xb0 [ 70.122948][ T6170] __kmalloc_cache_noprof+0x4c/0x320 [ 70.123008][ T6170] do_eventfd+0x5c/0x1b0 [ 70.123029][ T6170] __x64_sys_eventfd+0x20/0x30 [ 70.123048][ T6170] x64_sys_call+0x2e91/0x2ff0 [ 70.123066][ T6170] do_syscall_64+0xd2/0x200 [ 70.123120][ T6170] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 70.123167][ T6170] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 70.123188][ T6170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.123276][ T6170] RIP: 0033:0x7f01425febe9 [ 70.123291][ T6170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.123309][ T6170] RSP: 002b:00007f014101d038 EFLAGS: 00000246 ORIG_RAX: 000000000000011c [ 70.123332][ T6170] RAX: ffffffffffffffda RBX: 00007f0142826180 RCX: 00007f01425febe9 [ 70.123343][ T6170] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 70.123353][ T6170] RBP: 00007f014101d090 R08: 0000000000000000 R09: 0000000000000000 [ 70.123363][ T6170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 70.123373][ T6170] R13: 00007f0142826218 R14: 00007f0142826180 R15: 00007ffc5b3c8f48 [ 70.123389][ T6170] [ 70.317327][ T36] lo speed is unknown, defaulting to 1000 [ 70.323317][ T36] syz0: Port: 1 Link DOWN [ 70.357637][ T6160] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.429757][ T6160] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 70.448402][ T5954] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.457329][ T9] lo speed is unknown, defaulting to 1000 [ 70.463100][ T9] syz0: Port: 1 Link ACTIVE [ 70.475606][ T5954] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.495656][ T5982] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.512720][ T5982] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.634959][ T6187] FAULT_INJECTION: forcing a failure. [ 70.634959][ T6187] name failslab, interval 1, probability 0, space 0, times 0 [ 70.647645][ T6187] CPU: 1 UID: 0 PID: 6187 Comm: syz.1.898 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(voluntary) [ 70.647686][ T6187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 70.647699][ T6187] Call Trace: [ 70.647705][ T6187] [ 70.647712][ T6187] __dump_stack+0x1d/0x30 [ 70.647733][ T6187] dump_stack_lvl+0xe8/0x140 [ 70.647753][ T6187] dump_stack+0x15/0x1b [ 70.647773][ T6187] should_fail_ex+0x265/0x280 [ 70.647792][ T6187] should_failslab+0x8c/0xb0 [ 70.647938][ T6187] kmem_cache_alloc_noprof+0x50/0x310 [ 70.647971][ T6187] ? mm_alloc+0x2b/0xa0 [ 70.647992][ T6187] mm_alloc+0x2b/0xa0 [ 70.648151][ T6187] alloc_bprm+0x20e/0x350 [ 70.648173][ T6187] do_execveat_common+0x12e/0x750 [ 70.648214][ T6187] __x64_sys_execve+0x5c/0x70 [ 70.648232][ T6187] x64_sys_call+0x2716/0x2ff0 [ 70.648249][ T6187] do_syscall_64+0xd2/0x200 [ 70.648276][ T6187] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 70.648364][ T6187] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 70.648389][ T6187] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.648458][ T6187] RIP: 0033:0x7fea2dbcebe9 [ 70.648471][ T6187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.648499][ T6187] RSP: 002b:00007fea2c62f038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 70.648518][ T6187] RAX: ffffffffffffffda RBX: 00007fea2ddf5fa0 RCX: 00007fea2dbcebe9 [ 70.648531][ T6187] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 70.648601][ T6187] RBP: 00007fea2c62f090 R08: 0000000000000000 R09: 0000000000000000 [ 70.648611][ T6187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 70.648623][ T6187] R13: 00007fea2ddf6038 R14: 00007fea2ddf5fa0 R15: 00007ffefc32c688 [ 70.648639][ T6187] [ 70.839936][ T6188] __nla_validate_parse: 24 callbacks suppressed [ 70.839950][ T6188] netlink: 36 bytes leftover after parsing attributes in process `syz.0.896'. [ 70.855050][ T6188] netlink: 16 bytes leftover after parsing attributes in process `syz.0.896'. [ 70.863914][ T6188] netlink: 36 bytes leftover after parsing attributes in process `syz.0.896'. [ 70.891004][ T6195] netlink: 8 bytes leftover after parsing attributes in process `syz.2.899'. [ 70.911624][ T6195] bridge1: entered promiscuous mode [ 70.916851][ T6195] bridge1: entered allmulticast mode [ 70.928776][ T6188] netlink: 36 bytes leftover after parsing attributes in process `syz.0.896'. [ 71.024113][ T6205] netlink: 32 bytes leftover after parsing attributes in process `syz.1.904'. [ 71.145156][ T6218] loop4: detected capacity change from 0 to 512 [ 71.163970][ T6220] loop1: detected capacity change from 0 to 512 [ 71.173518][ T6218] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 71.181500][ T6218] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 71.189727][ T6218] System zones: 0-1, 15-15, 18-18, 34-34 [ 71.190767][ T6220] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 71.206419][ T6218] EXT4-fs (loop4): orphan cleanup on readonly fs [ 71.212837][ T6218] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 71.214837][ T6220] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.911: invalid indirect mapped block 4294967295 (level 0) [ 71.227437][ T6218] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 71.248114][ T6218] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.910: bg 0: block 40: padding at end of block bitmap is not set [ 71.249270][ T6220] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.911: invalid indirect mapped block 4294967295 (level 1) [ 71.262766][ T6218] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 71.277535][ T6220] EXT4-fs (loop1): 1 orphan inode deleted [ 71.285052][ T6218] EXT4-fs (loop4): 1 truncate cleaned up [ 71.290526][ T6220] EXT4-fs (loop1): 1 truncate cleaned up [ 71.292083][ T6220] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 71.296742][ T6218] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 71.330837][ T6220] EXT4-fs error (device loop1): ext4_lookup:1787: inode #15: comm syz.1.911: iget: bad extra_isize 46 (inode size 256) [ 71.353203][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.368064][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.443595][ T6229] loop0: detected capacity change from 0 to 512 [ 71.455661][ T6229] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 71.473085][ T6229] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.914: invalid indirect mapped block 4294967295 (level 0) [ 71.488478][ T6229] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.914: invalid indirect mapped block 4294967295 (level 1) [ 71.506488][ T6229] EXT4-fs (loop0): 1 orphan inode deleted [ 71.512255][ T6229] EXT4-fs (loop0): 1 truncate cleaned up [ 71.529401][ T6229] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 71.582183][ T6236] lo speed is unknown, defaulting to 1000 [ 71.634544][ T6229] EXT4-fs error (device loop0): ext4_lookup:1787: inode #15: comm syz.0.914: iget: bad extra_isize 46 (inode size 256) [ 71.757525][ T6240] netlink: 32 bytes leftover after parsing attributes in process `syz.3.917'. [ 71.779838][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.927270][ T6255] loop0: detected capacity change from 0 to 512 [ 71.958231][ T6254] loop2: detected capacity change from 0 to 512 [ 71.968006][ T6261] netlink: 8 bytes leftover after parsing attributes in process `syz.1.925'. [ 71.977411][ T6255] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 71.985343][ T6255] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 71.993727][ T6255] System zones: 0-1, 15-15, 18-18, 34-34 [ 71.994814][ T6254] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 71.999588][ T6255] EXT4-fs (loop0): orphan cleanup on readonly fs [ 72.015762][ T6255] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 72.030306][ T6255] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 72.037326][ T6255] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.923: bg 0: block 40: padding at end of block bitmap is not set [ 72.052686][ T6254] EXT4-fs (loop2): 1 truncate cleaned up [ 72.058473][ T6255] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 72.075292][ T6254] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.076787][ T6267] loop1: detected capacity change from 0 to 1024 [ 72.087504][ T6255] EXT4-fs (loop0): 1 truncate cleaned up [ 72.097447][ T6267] ext3: Bad value for 'mb_optimize_scan' [ 72.106435][ T6255] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 72.107739][ T6267] netlink: 24 bytes leftover after parsing attributes in process `syz.1.927'. [ 72.135566][ T6254] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.150078][ T6267] netlink: 12 bytes leftover after parsing attributes in process `syz.1.927'. [ 72.171139][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.185452][ T6271] loop1: detected capacity change from 0 to 512 [ 72.201649][ T6271] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 72.276922][ T6271] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.929: invalid indirect mapped block 4294967295 (level 0) [ 72.291873][ T6271] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.929: invalid indirect mapped block 4294967295 (level 1) [ 72.308065][ T6271] EXT4-fs (loop1): 1 orphan inode deleted [ 72.313817][ T6271] EXT4-fs (loop1): 1 truncate cleaned up [ 72.321210][ T6271] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.358244][ T6271] EXT4-fs error (device loop1): ext4_lookup:1787: inode #15: comm syz.1.929: iget: bad extra_isize 46 (inode size 256) [ 72.378060][ T6273] loop0: detected capacity change from 0 to 32768 [ 72.390322][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.433064][ T3556] loop0: p1 p3 < > [ 72.443230][ T6273] loop0: p1 p3 < > [ 72.489610][ T6290] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 72.524151][ T6295] loop1: detected capacity change from 0 to 512 [ 72.554955][ T6295] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 72.562921][ T6295] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 72.576023][ T6295] System zones: 0-1, 15-15, 18-18, 34-34 [ 72.582765][ T6295] EXT4-fs (loop1): orphan cleanup on readonly fs [ 72.589568][ T6295] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 72.604204][ T6295] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 72.620101][ T6295] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.938: bg 0: block 40: padding at end of block bitmap is not set [ 72.635169][ T6295] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 72.644853][ T6295] EXT4-fs (loop1): 1 truncate cleaned up [ 72.650844][ T6295] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 72.664545][ T6291] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 72.684171][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.711638][ T6300] loop4: detected capacity change from 0 to 1024 [ 72.724403][ T6300] ext3: Bad value for 'mb_optimize_scan' [ 72.796118][ T6310] loop3: detected capacity change from 0 to 512 [ 72.830820][ T6310] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 72.863975][ T6310] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.943: invalid indirect mapped block 4294967295 (level 0) [ 72.913084][ T6310] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.943: invalid indirect mapped block 4294967295 (level 1) [ 72.922622][ T6321] lo speed is unknown, defaulting to 1000 [ 72.946091][ T6310] EXT4-fs (loop3): 1 orphan inode deleted [ 72.951865][ T6310] EXT4-fs (loop3): 1 truncate cleaned up [ 72.971022][ T6310] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.021405][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x1 [ 73.028894][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 73.035546][ T6310] EXT4-fs error (device loop3): ext4_lookup:1787: inode #15: comm syz.3.943: iget: bad extra_isize 46 (inode size 256) [ 73.036289][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 73.056078][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 73.082656][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 73.090072][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 73.097462][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x2 [ 73.104975][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 73.112435][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 73.119941][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 73.166129][ T6340] loop1: detected capacity change from 0 to 1024 [ 73.168465][ T9] hid-generic 0000:0000:0000.0003: hidraw0: HID v8.00 Device [syz0] on syz0 [ 73.173604][ T6340] ext3: Bad value for 'mb_optimize_scan' [ 73.187655][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.310607][ T6350] loop4: detected capacity change from 0 to 1024 [ 73.318424][ T6352] FAULT_INJECTION: forcing a failure. [ 73.318424][ T6352] name failslab, interval 1, probability 0, space 0, times 0 [ 73.331246][ T6352] CPU: 0 UID: 0 PID: 6352 Comm: syz.1.959 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(voluntary) [ 73.331273][ T6352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 73.331330][ T6352] Call Trace: [ 73.331355][ T6352] [ 73.331362][ T6352] __dump_stack+0x1d/0x30 [ 73.331395][ T6352] dump_stack_lvl+0xe8/0x140 [ 73.331413][ T6352] dump_stack+0x15/0x1b [ 73.331429][ T6352] should_fail_ex+0x265/0x280 [ 73.331449][ T6352] ? __pfx_clsact_init+0x10/0x10 [ 73.331571][ T6352] ? clsact_init+0xff/0x6c0 [ 73.331594][ T6352] should_failslab+0x8c/0xb0 [ 73.331687][ T6352] __kmalloc_cache_noprof+0x4c/0x320 [ 73.331716][ T6352] ? lockdep_assert_cpus_held+0x9/0x10 [ 73.331739][ T6352] ? __pfx_clsact_init+0x10/0x10 [ 73.331847][ T6352] clsact_init+0xff/0x6c0 [ 73.331872][ T6352] ? __pfx_clsact_init+0x10/0x10 [ 73.331916][ T6352] qdisc_create+0x58e/0x9e0 [ 73.331954][ T6352] tc_modify_qdisc+0xa03/0x1420 [ 73.331991][ T6352] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 73.332098][ T6352] rtnetlink_rcv_msg+0x657/0x6d0 [ 73.332130][ T6352] netlink_rcv_skb+0x123/0x220 [ 73.332202][ T6352] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 73.332237][ T6352] rtnetlink_rcv+0x1c/0x30 [ 73.332319][ T6352] netlink_unicast+0x5bd/0x690 [ 73.332436][ T6352] netlink_sendmsg+0x58b/0x6b0 [ 73.332530][ T6352] ? __pfx_netlink_sendmsg+0x10/0x10 [ 73.332553][ T6352] __sock_sendmsg+0x142/0x180 [ 73.332594][ T6352] ____sys_sendmsg+0x31e/0x4e0 [ 73.332620][ T6352] ___sys_sendmsg+0x17b/0x1d0 [ 73.332656][ T6352] __x64_sys_sendmsg+0xd4/0x160 [ 73.332701][ T6352] x64_sys_call+0x191e/0x2ff0 [ 73.332779][ T6352] do_syscall_64+0xd2/0x200 [ 73.332807][ T6352] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 73.332834][ T6352] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 73.332860][ T6352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.332916][ T6352] RIP: 0033:0x7fea2dbcebe9 [ 73.332932][ T6352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.332952][ T6352] RSP: 002b:00007fea2c62f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 73.332973][ T6352] RAX: ffffffffffffffda RBX: 00007fea2ddf5fa0 RCX: 00007fea2dbcebe9 [ 73.332986][ T6352] RDX: 0000000000000000 RSI: 00002000000012c0 RDI: 0000000000000005 [ 73.333073][ T6352] RBP: 00007fea2c62f090 R08: 0000000000000000 R09: 0000000000000000 [ 73.333086][ T6352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 73.333099][ T6352] R13: 00007fea2ddf6038 R14: 00007fea2ddf5fa0 R15: 00007ffefc32c688 [ 73.333119][ T6352] [ 73.348789][ T29] kauditd_printk_skb: 790 callbacks suppressed [ 73.348803][ T29] audit: type=1400 audit(1755601442.103:4690): avc: denied { bind } for pid=6353 comm="syz.3.960" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 73.352242][ T6350] EXT4-fs: Ignoring removed nomblk_io_submit option [ 73.506759][ T29] audit: type=1326 audit(1755601442.263:4691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6358 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d50eebe9 code=0x7ffc0000 [ 73.522542][ T6350] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 73.523561][ T29] audit: type=1326 audit(1755601442.273:4692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6358 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f34d50eebe9 code=0x7ffc0000 [ 73.543195][ T6350] System zones: 0-1, 3-36 [ 73.546040][ T6350] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.551707][ T29] audit: type=1326 audit(1755601442.273:4693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6358 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d50eebe9 code=0x7ffc0000 [ 73.551732][ T29] audit: type=1326 audit(1755601442.273:4694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6358 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f34d50eebe9 code=0x7ffc0000 [ 73.592733][ T6355] loop3: detected capacity change from 0 to 1024 [ 73.594750][ T29] audit: type=1326 audit(1755601442.273:4695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6358 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d50eebe9 code=0x7ffc0000 [ 73.604543][ T6355] EXT4-fs: Ignoring removed nobh option [ 73.620278][ T29] audit: type=1326 audit(1755601442.273:4696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6358 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f34d50eebe9 code=0x7ffc0000 [ 73.620304][ T29] audit: type=1326 audit(1755601442.273:4697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6358 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d50eebe9 code=0x7ffc0000 [ 73.626947][ T6355] EXT4-fs: Ignoring removed bh option [ 73.650202][ T29] audit: type=1326 audit(1755601442.273:4698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6358 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d50eebe9 code=0x7ffc0000 [ 73.658297][ T6355] ext4: Unknown parameter 'pcr' [ 73.681445][ T29] audit: type=1326 audit(1755601442.273:4699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6358 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f34d50eebe9 code=0x7ffc0000 [ 73.928511][ T6373] loop0: detected capacity change from 0 to 512 [ 73.944524][ T6373] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 73.958316][ T6373] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.967: invalid indirect mapped block 4294967295 (level 0) [ 73.973143][ T6373] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.967: invalid indirect mapped block 4294967295 (level 1) [ 73.988078][ T6373] EXT4-fs (loop0): 1 orphan inode deleted [ 73.993858][ T6373] EXT4-fs (loop0): 1 truncate cleaned up [ 74.006814][ T6373] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.019237][ T6376] loop1: detected capacity change from 0 to 1024 [ 74.028041][ T6373] EXT4-fs error (device loop0): ext4_lookup:1787: inode #15: comm syz.0.967: iget: bad extra_isize 46 (inode size 256) [ 74.040939][ T6376] ext3: Bad value for 'mb_optimize_scan' [ 74.060650][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.155035][ T6396] FAULT_INJECTION: forcing a failure. [ 74.155035][ T6396] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 74.168151][ T6396] CPU: 1 UID: 0 PID: 6396 Comm: syz.0.976 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(voluntary) [ 74.168211][ T6396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 74.168280][ T6396] Call Trace: [ 74.168285][ T6396] [ 74.168291][ T6396] __dump_stack+0x1d/0x30 [ 74.168365][ T6396] dump_stack_lvl+0xe8/0x140 [ 74.168380][ T6396] dump_stack+0x15/0x1b [ 74.168394][ T6396] should_fail_ex+0x265/0x280 [ 74.168433][ T6396] should_fail+0xb/0x20 [ 74.168447][ T6396] should_fail_usercopy+0x1a/0x20 [ 74.168584][ T6396] _copy_to_user+0x20/0xa0 [ 74.168608][ T6396] simple_read_from_buffer+0xb5/0x130 [ 74.168626][ T6396] proc_fail_nth_read+0x10e/0x150 [ 74.168650][ T6396] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 74.168688][ T6396] vfs_read+0x1a8/0x770 [ 74.168710][ T6396] ? __rcu_read_unlock+0x4f/0x70 [ 74.168731][ T6396] ? __fget_files+0x184/0x1c0 [ 74.168753][ T6396] ksys_read+0xda/0x1a0 [ 74.168926][ T6396] __x64_sys_read+0x40/0x50 [ 74.168943][ T6396] x64_sys_call+0x27bc/0x2ff0 [ 74.168961][ T6396] do_syscall_64+0xd2/0x200 [ 74.168982][ T6396] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 74.169044][ T6396] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 74.169065][ T6396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.169082][ T6396] RIP: 0033:0x7fc963e4d5fc [ 74.169094][ T6396] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 74.169109][ T6396] RSP: 002b:00007fc9628af030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 74.169134][ T6396] RAX: ffffffffffffffda RBX: 00007fc964075fa0 RCX: 00007fc963e4d5fc [ 74.169144][ T6396] RDX: 000000000000000f RSI: 00007fc9628af0a0 RDI: 0000000000000007 [ 74.169208][ T6396] RBP: 00007fc9628af090 R08: 0000000000000000 R09: 0000000000000000 [ 74.169219][ T6396] R10: 000000000000009a R11: 0000000000000246 R12: 0000000000000001 [ 74.169229][ T6396] R13: 00007fc964076038 R14: 00007fc964075fa0 R15: 00007ffc47b21ee8 [ 74.169244][ T6396] [ 74.386825][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.484179][ T6410] loop4: detected capacity change from 0 to 512 [ 74.511246][ T6416] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 74.542656][ T6416] binfmt_misc: register: failed to install interpreter file ./file2 [ 74.542769][ T6410] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 74.558636][ T6410] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 74.638740][ T6410] System zones: 0-1, 15-15, 18-18, 34-34 [ 74.645280][ T6410] EXT4-fs (loop4): orphan cleanup on readonly fs [ 74.662304][ T6410] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 74.676999][ T6410] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 74.696842][ T6410] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.981: bg 0: block 40: padding at end of block bitmap is not set [ 74.736082][ T6410] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 74.782655][ T6431] lo speed is unknown, defaulting to 1000 [ 74.798807][ T6410] EXT4-fs (loop4): 1 truncate cleaned up [ 74.829587][ T6410] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 74.928827][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.982392][ T6454] loop4: detected capacity change from 0 to 512 [ 75.026180][ T6454] EXT4-fs (loop4): bad geometry: first data block 0 is beyond end of filesystem (0) [ 75.420778][ T6464] loop0: detected capacity change from 0 to 512 [ 75.438648][ T6464] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.1003: iget: bad extended attribute block 1 [ 75.472317][ T6464] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1003: couldn't read orphan inode 15 (err -117) [ 75.505865][ T6464] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.549073][ T6464] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.582523][ T6464] netlink: 'syz.0.1003': attribute type 10 has an invalid length. [ 75.666850][ T6476] loop4: detected capacity change from 0 to 512 [ 75.699376][ T6476] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 75.707314][ T6476] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 75.724942][ T6476] System zones: 0-1, 15-15, 18-18, 34-34 [ 75.731237][ T6476] EXT4-fs (loop4): orphan cleanup on readonly fs [ 75.737636][ T6476] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 75.752227][ T6476] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 75.767802][ T6476] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1008: bg 0: block 40: padding at end of block bitmap is not set [ 75.794867][ T6476] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 75.808379][ T6476] EXT4-fs (loop4): 1 truncate cleaned up [ 75.815038][ T6476] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 75.869499][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.890547][ T6498] __nla_validate_parse: 31 callbacks suppressed [ 75.890559][ T6498] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1014'. [ 75.930555][ T6501] loop3: detected capacity change from 0 to 1024 [ 76.047808][ T6501] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.068969][ T6501] ext4 filesystem being mounted at /204/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 76.154214][ T6514] lo speed is unknown, defaulting to 1000 [ 76.333511][ T6519] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1024'. [ 76.342489][ T6519] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1024'. [ 76.379804][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.512714][ T6529] loop0: detected capacity change from 0 to 512 [ 76.556155][ T6534] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1030'. [ 76.581481][ T6536] loop2: detected capacity change from 0 to 512 [ 76.581576][ T6534] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6534 comm=syz.1.1030 [ 76.601875][ T6529] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 76.609806][ T6529] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 76.620668][ T6529] System zones: 0-1, 15-15, 18-18, 34-34 [ 76.626666][ T6536] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 76.626685][ T6529] EXT4-fs (loop0): orphan cleanup on readonly fs [ 76.626761][ T6536] ================================================================== [ 76.626736][ T6529] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 76.626793][ T6536] BUG: KCSAN: data-race in data_alloc / data_push_tail [ 76.626813][ T6529] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 76.626837][ T6536] [ 76.626844][ T6536] write to 0xffffffff88e1df90 of 8 bytes by task 6529 on cpu 1: [ 76.626860][ T6536] data_alloc+0x203/0x2b0 [ 76.626889][ T6536] prb_reserve+0x808/0xaf0 [ 76.626918][ T6536] vprintk_store+0x56d/0x860 [ 76.626948][ T6536] vprintk_emit+0x178/0x650 [ 76.626966][ T6536] vprintk_default+0x26/0x30 [ 76.626986][ T6536] vprintk+0x1d/0x30 [ 76.627010][ T6536] _printk+0x79/0xa0 [ 76.627037][ T6536] __ext4_msg+0x18f/0x1a0 [ 76.627063][ T6536] ext4_orphan_cleanup+0x304/0xa00 [ 76.627081][ T6536] ext4_fill_super+0x3260/0x35d0 [ 76.627109][ T6536] get_tree_bdev_flags+0x291/0x300 [ 76.627132][ T6536] get_tree_bdev+0x1f/0x30 [ 76.627150][ T6536] ext4_get_tree+0x1c/0x30 [ 76.627179][ T6536] vfs_get_tree+0x54/0x1d0 [ 76.627203][ T6536] do_new_mount+0x207/0x5e0 [ 76.627226][ T6536] path_mount+0x4a4/0xb20 [ 76.627247][ T6536] __se_sys_mount+0x28f/0x2e0 [ 76.627276][ T6536] __x64_sys_mount+0x67/0x80 [ 76.627295][ T6536] x64_sys_call+0x2b4d/0x2ff0 [ 76.627315][ T6536] do_syscall_64+0xd2/0x200 [ 76.627344][ T6536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.627367][ T6536] [ 76.627372][ T6536] read to 0xffffffff88e1df90 of 8 bytes by task 6536 on cpu 0: [ 76.627388][ T6536] data_push_tail+0xfd/0x420 [ 76.627420][ T6536] data_alloc+0xbf/0x2b0 [ 76.627445][ T6536] prb_reserve+0x808/0xaf0 [ 76.627470][ T6536] vprintk_store+0x56d/0x860 [ 76.627499][ T6536] vprintk_emit+0x178/0x650 [ 76.627517][ T6536] vprintk_default+0x26/0x30 [ 76.627533][ T6536] vprintk+0x1d/0x30 [ 76.627553][ T6536] _printk+0x79/0xa0 [ 76.627578][ T6536] __ext4_msg+0x18f/0x1a0 [ 76.627604][ T6536] ext4_fill_super+0x1b61/0x35d0 [ 76.627630][ T6536] get_tree_bdev_flags+0x291/0x300 [ 76.627654][ T6536] get_tree_bdev+0x1f/0x30 [ 76.627676][ T6536] ext4_get_tree+0x1c/0x30 [ 76.627708][ T6536] vfs_get_tree+0x54/0x1d0 [ 76.627731][ T6536] do_new_mount+0x207/0x5e0 [ 76.627749][ T6536] path_mount+0x4a4/0xb20 [ 76.627766][ T6536] __se_sys_mount+0x28f/0x2e0 [ 76.627785][ T6536] __x64_sys_mount+0x67/0x80 [ 76.627803][ T6536] x64_sys_call+0x2b4d/0x2ff0 [ 76.627822][ T6536] do_syscall_64+0xd2/0x200 [ 76.627847][ T6536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.627871][ T6536] [ 76.627876][ T6536] value changed: 0x00000000ffffe0e5 -> 0x00000000ffffedda [ 76.627890][ T6536] [ 76.627895][ T6536] Reported by Kernel Concurrency Sanitizer on: [ 76.627908][ T6536] CPU: 0 UID: 0 PID: 6536 Comm: syz.2.1031 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(voluntary) [ 76.627934][ T6536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 76.627946][ T6536] ================================================================== [ 76.674739][ T6536] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.1031: invalid indirect mapped block 4294967295 (level 0) [ 76.680533][ T6529] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1028: bg 0: block 40: padding at end of block bitmap is not set [ 76.695017][ T6536] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.1031: invalid indirect mapped block 4294967295 (level 1) [ 76.709356][ T6529] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 76.717041][ T6536] EXT4-fs (loop2): 1 orphan inode deleted [ 76.732663][ T6529] EXT4-fs (loop0): 1 truncate cleaned up [ 76.734946][ T6536] EXT4-fs (loop2): 1 truncate cleaned up [ 76.735425][ T6536] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.762848][ T6529] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 76.870688][ T6536] EXT4-fs error (device loop2): ext4_lookup:1787: inode #15: comm syz.2.1031: iget: bad extra_isize 46 (inode size 256) [ 77.045315][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.066226][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.