last executing test programs: 3.414911854s ago: executing program 4 (id=5425): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000140)='ceph\x00', &(0x7f0000000180), &(0x7f0000000040), 0x1d4, r0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r4, 0x0) syz_emit_ethernet(0x9e, &(0x7f0000000080)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x68, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x1a, 0xc2, 0x0, 0x0, 0x0, {[@mptcp=@ack={0x1e, 0x13, 0x80, 0x1, "8c0cec4ba6136fae926d2232def5fb"}, @sack={0x5, 0x12, [0x0, 0x0, 0x0, 0x0]}, @exp_fastopen={0xfe, 0xd, 0xf989, "eeb3fef90baf70793c"}, @md5sig={0x13, 0x12, "7224407c80fe8a3616b4bf3400006cc8"}, @mptcp=@ack={0x1e, 0x9, 0x0, 0x4, "5882a08027"}, @exp_fastopen={0xfe, 0x4}]}}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000001c0)={0x8, 0x0}, 0x8) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r6, 0x0, 0x18}, 0xc) r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r7, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r8 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r9 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r9, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000440)=@secondary) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000500)=@chain={'key_or_keyring:', r9}) close(r1) 2.930529229s ago: executing program 3 (id=5439): sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x4044854) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a00000004000000040000000200000000000000", @ANYRES32, @ANYBLOB="eb70bbfc89e8e09fe5f879b3dd839b000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f786cff147e4bc819060678319a0e5534f5a0db52526c30000000000000000000000a63705b1a60525620acca06d57c055059df7651768310c9085c5f86be6ab819506961ad51f18b35fdc3fd4d0a0dbbdcd494ef168931f27748787bee95d739fef7ee67dd21c34647de82707e41d7db6d981a4fcf0bbd3d38ebb7a2489e28c6b28c0f70092ffb016b7766399555f3e6b538c2c862d17e53eaeb2036f9f0ab6e95e71bda4b5bbf53344264ad93bac1207b31d6e9c78181c7fe204c0b7582d1c762857f2a2e0c60f4a4855591a4f70f94df9629e470701103c40c8f6d3a3068091d62b58999e0a046f9509cb8ddc2a9ad4e0f1f85e5f076218b4b931acdff0c34fc5bdbad17ec481f1c9b17727c14e053e315d0d8d03c24ddaba65c5ce5b1aa04d1f767e25662b155d49460ec720d54044ac2856c11407835f341e2614bcae270000000001000000df7f736aab5d713240b2f40ec7be8251eba969686b2670ddc1a84df6ab12ab3e0cf8747837062233935704ebbd943ef0c5fef29513c7c1d6d2611796dccb45bdfd9e6533ad3574be5b9ea70e0c3b41a32067c03f5f8ed147cd0655c90d656f66eaed18a3c284c4f19417b5d91431759356db5d45ea40c9866957105b6252b0c028c672049ce163126f143f5758faf2a43f4c4f45a69b4e9113f85ae531085c11c75edbdee5af454757cdaff396c15ab9b210c202ffaea96d1bac60c6d6c56a4babc659858789bd479334e13e1c7876f95429431e61400815788c1397b260600d78e7513c58d9ac9474d392cc06f789753e1e7ebf5f1b55e2a64b9150c6580bf48e7bff763034801cccf403108d127b959ffc425a563ea2b90fbe779fd7d2ebfe94"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$kcm(0x11, 0x2, 0x300) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg$inet(r2, &(0x7f0000001600)=[{{&(0x7f0000000300)={0x2, 0x4e23, @private=0xa010100}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000580)="755e2f671662b3c1260ca7fb84bfc9b1c4435cd1bbc43304722cefcf2bc7534251a9cfb10de104026b448f43c1a2d7be008f7d7f5a76e29ac66bb768a1652c3e2a5463f4d70437b1e57494a5ce7449237d1ca5bcf69f193b3cc74a87d386017d85c67a2cf88841f9a099efae3f05d3b1a8634f905620b5bd231f0aaf18dc92c564ce592f38d8f964d99cb7ad7faeb14e16022cf2cb2ee2e6dee9dad3d9699e5d61214361d7306ee5fe08e7381a4e83bd63dd8ad3dcecdb8232b062548e01521639afa095", 0xc4}], 0x1, &(0x7f0000000680)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x10}}, @ip_ttl={{0x14, 0x0, 0x2, 0x5}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @rand_addr=0x64010101}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x6}}, @ip_ttl={{0x14, 0x0, 0x2, 0x4d}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x80000000}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @remote, @loopback}}}], 0xe8}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000780)="8cdeca32a4cf9c0184a7bf7f0afdf8e9d0edc107a7138dcd3869efd27c9b70382794e5481f563b429531d36cfda3d0ea2c228b9c90c2c85a09904f88cc6dc0b17d9f1439a05dc27543db27902488ff893346080641d00b406dc36643f971f5c064c80d44b00fa5459b2c7d8b9b794e922ff42c10ef69249ab43f1573cc56f03ef2575a7427f42e194ad02325c3c06899d3482b4ef51f9b210cd94a4f", 0x9c}, {&(0x7f0000000840)="f25612b2c36d8f21658454ba2833046217e0e9f74bdb09e85d86ae588644c6b2e257534fc1063bb1c318bb3304bd702a3c740883f5027183a8cb9173892faa855a624e5af8723f5be12d1817ffa1eec09dcaa9d6e3dfc3cc3fc42b2ff2a4805103500c2f2629f8ec2acaa4bb0ea576e04a7367b32ea7e20583ad90b85728a2814a56e96d9b26a46c0732ab259bca93c2ee613883e347e8ddc9fda2c0688813770fe840beeb60605d1beeeea8586ea6516c826f41057bfa45a3f4e65de2b361", 0xbf}], 0x2, &(0x7f0000000e00)=[@ip_retopts={{0x54, 0x0, 0x7, {[@rr={0x7, 0x13, 0xcc, [@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @private=0xa010102]}, @rr={0x7, 0xb, 0x75, [@loopback, @loopback]}, @cipso={0x86, 0x22, 0xffffffffffffffff, [{0x7, 0xf, "78d0426b5bcc066d88f6c547be"}, {0x1, 0xd, "6d534c3560016039c8ff67"}]}, @ra={0x94, 0x4, 0x1}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7fff}}], 0x70}}, {{&(0x7f0000000e80)={0x2, 0x4e23, @private=0xa010102}, 0x10, &(0x7f00000011c0)=[{&(0x7f0000000ec0)="14957f2a6a4bf5e9d764781de175dac48284e8a1af1bfc083469a0e510b5360d663a8f688910b4ddab593a12ef9bd69b61ed4936b6417fa7bbdff2a8b8fe75f0680c3df3be454f909d25374fdf31", 0x4e}, {&(0x7f0000000f40)="5d43edcd760e47d47df7ddda5b1a611b8147efe79a19038beb36c9ad38142dc21126", 0x22}, {&(0x7f0000000f80)="ec450444858d7e43de4b4da2e5d418fcca4bb46667e0ab4bfe6d297f3db906749fcf378c16677fd8df145806721a419eec663a540b9f3ac6e5e17b97c73d92c3dbf7bf4def79d29cd9ab1d0c8873598a08bbdef093b4775a75b263d3483d9437320a255c88e3b5482aef", 0x6a}, {&(0x7f0000001000)="440647fb65458b02eff9f1ef98e414d8701ee07532e6127685665dfbf214bf7d5483ec7b8ac80d09d0abca71f07a638a9ec58b57ce34274422dcd3ccec7746f277c3149f50c35d9ca54728952005b2159951e7966336329d01c4d2f32aeb22f484e77a5a3bdbbf9c62d2f5727d735d0fae766611e0042655e1d4399426451bd08349afa3265ed41ee59e7726c337fe600bbb265f44327d90b61ab188205ce83a1e204835910013e9fb6ec9b745ff7b49c8da9ba95a030b8f0a61f6a1e7dbc4a5e1250ea64bf4d356a9296e3a17983c4d5bf80a9c8e26a2dc1e1749ae269f66f7279badb1ca9f18bb96cb3f1e48ec238882b9fd7eef18c1a3f5e2f8c1", 0xfc}, {&(0x7f0000001100)="4befa4fa7feca4f16b", 0x9}, {&(0x7f0000001140)="bbe842409e599b3aaee37341f5dea8b8e1eace5fde424185513a56f12461e17265ceda2956911962a3dbf9f486d91316253df7e7eb", 0x35}, {&(0x7f0000001180)="4a715da6e6cce803412039ada7", 0xd}], 0x7}}, {{0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000001240)="08fb65eae09a090bac5b5a44b7350d65a7bc0a5f8b3e804b77c7b5a11f4281eb02cd007b448712f38879fa6c4fe9447c433657aefe16aa2ebc", 0x39}, {&(0x7f0000001280)="b8d890ffb92f9bd5858cfec767ea1b6f040b9e6d907f52f04dea0ea61ef1609ff0f170f3bca2fae3ba1f523c6f080e292b46803b5a6e3b38e0c4441eb2735833557bc8ebb0", 0x45}, {&(0x7f0000001300)="cf5599e02b35f6110e277a5d6b8a572b777137c69a169287f3b60e25a53adaa98b6cebd2f7a17e834832557fa14f40e066ea6c85c2526444c9b679ba59eb017c4a13eeb5", 0x44}, {&(0x7f0000001380)="87a0e8387fe12fa48e9a5c81969d71051d7c1087456bf7fdba1d83da629db01b221e82cb8ca9fd3489c888103f257fb897186fcee58a9b1412f2bcb836f2ad3cd462232aba2901ec5482c5aee17bca3cd0779e4784eb0e190551a0fdfea0fab3302ce7508abcad98716bbeea9d914e05523a8410899f1f09249b765d9da57f943e957b352ca5005830f58a3f1460b8d1b2d33a3d3b6e5451451a380c022b066cbadacbb10d558e986c612d7d62ebe66e1f0a2f6dd51c2fa7cf5e26df14a2fb22fb5ab450e7d14ea82a080754faebe65b555641a40b13863be04cd45972e4bb5fc719f4caf821140391ef8ae8359ad23c28de4c3ee48a0245", 0xf8}], 0x4, &(0x7f0000001500)=[@ip_ttl={{0x14, 0x0, 0x2, 0x4}}, @ip_retopts={{0x58, 0x0, 0x7, {[@end, @end, @timestamp_prespec={0x44, 0x34, 0x3e, 0x3, 0x3, [{@remote}, {@loopback, 0x10000e}, {@loopback, 0x10001}, {@empty, 0x7}, {@dev={0xac, 0x14, 0x14, 0x29}, 0xf6fc}, {@empty, 0x3}]}, @timestamp={0x44, 0x10, 0xc9, 0x0, 0x7, [0x13, 0x8, 0x1]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private=0xa010102, @multicast1}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xde}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x81}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}], 0xd8}}], 0x4, 0x60cd894) 2.874574254s ago: executing program 3 (id=5441): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') socket$nl_netfilter(0x10, 0x3, 0xc) openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) lsm_get_self_attr(0x64, 0x0, &(0x7f0000000080), 0x0) 2.81085421s ago: executing program 3 (id=5442): syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x1004010, 0x0, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x6, 0x2}, 0x2400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = epoll_create1(0x0) r2 = dup(r0) mount$9p_tcp(&(0x7f0000000080), &(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100), 0x1110000, &(0x7f0000000140)={'trans=tcp,', {'port', 0x3d, 0x4e20}, 0x2c, {[{@uname={'uname', 0x3d, '\x00'}}, {@privport}], [{@obj_user}]}}) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0x7a7f, 0x10100, 0x0, 0x230}, &(0x7f0000001240)=0x0, &(0x7f0000001340)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) r6 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f00000001c0)=ANY=[@ANYRES32=r7], 0x9) 2.322189785s ago: executing program 4 (id=5450): ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vxcan0\x00'}) rt_sigprocmask(0x2, &(0x7f0000000000)={[0xfffffffffffffffb]}, 0x0, 0x8) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x301, 0x0) write$binfmt_script(r0, &(0x7f00000000c0), 0xfffffff9) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@newqdisc={0x24, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e23, 0x81, @loopback, 0x78}, 0x1c) write$binfmt_misc(r0, 0x0, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7a680000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="d800000018008103e00312ba0d8105040a600300ff0f040b067c55a1bc000900b80006990700000015000500fef32702d3001500030001400200000901ac040098007f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b66bce0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e9703000000000000", 0xcb}], 0x1}, 0x0) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @empty, 0x80000}, @nfc={0x27, 0x0, 0x1, 0x6}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x0, 0xfdffffff}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000380)) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 1.913954923s ago: executing program 3 (id=5461): bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x200202, 0x0) r0 = gettid() process_vm_readv(r0, &(0x7f0000001140)=[{&(0x7f0000000000)=""/87, 0x57}, {&(0x7f0000000100)=""/4103, 0x1007}], 0x2, &(0x7f00000011c0)=[{0xfffffffffffffffc}], 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000480)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) getitimer(0xe, 0x0) statx(0xffffffffffffffff, 0x0, 0x6000, 0x153146e58b5e3128, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00') timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0}, 0x18) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$nl_rdma(0x10, 0x3, 0x14) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, 0x25, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) faccessat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x5) fcntl$lock(r5, 0x6, &(0x7f0000002000)={0x1}) fcntl$lock(r5, 0x26, &(0x7f00000031c0)) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.51210728s ago: executing program 0 (id=5466): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000060000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) kexec_load(0x0, 0x0, 0x0, 0x0) 1.430611178s ago: executing program 0 (id=5468): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000180)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'staff_u'}}], 0x6b}}) 1.381312842s ago: executing program 0 (id=5471): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r1 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1, 0xffffffffffffffff}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff0000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1a000, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000c80)='|', 0x1, 0xbcff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x0, 0x20}, 0xc) sendmsg$inet6(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)='h', 0x34000}], 0x1}, 0x0) 1.358650575s ago: executing program 1 (id=5472): syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x1004010, 0x0, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x6, 0x2}, 0x2400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = epoll_create1(0x0) r2 = dup(r0) mount$9p_tcp(&(0x7f0000000080), &(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100), 0x1110000, &(0x7f0000000140)={'trans=tcp,', {'port', 0x3d, 0x4e20}, 0x2c, {[{@uname={'uname', 0x3d, '\x00'}}, {@privport}], [{@obj_user}]}}) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0x7a7f, 0x10100, 0x0, 0x230}, &(0x7f0000001240), &(0x7f0000001340)) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f00000001c0)=ANY=[@ANYRES32=r6], 0x9) 1.323431928s ago: executing program 4 (id=5474): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000280)='./file0\x00', 0x2224480, 0x0, 0xfb, 0x0, &(0x7f0000000240)) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x2000400, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) ftruncate(r1, 0xc17a) timer_create(0x2, 0x0, &(0x7f0000000180)) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x20, 0x3, &(0x7f0000000f80)=ANY=[@ANYBLOB="030000000000000000000000000001000000000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='mm_page_free\x00', r2}, 0x10) r3 = socket$kcm(0x28, 0x5, 0x0) setsockopt$sock_attach_bpf(r3, 0x28, 0x6, 0x0, 0x44) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x0) r5 = socket(0x10, 0x1, 0x4) getsockopt$nfc_llcp(r5, 0x11, 0xb, 0x0, 0x2000005b) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYRES16=0x0, @ANYBLOB="7a803f8fa36beee18f7ebae7ef3e0f68fb79463ab02d594407b51f2ec4f3141042", @ANYBLOB='\x00'/20, @ANYRES64=r4, @ANYRES32, @ANYBLOB="3068b8547da2e509fceda94f36936d9d453c1cd6abaac779ddeddbe8f308a3a70aa11bb3a6ecb7b3f2e3489d6d26e75adf0b1f9e25cd0e116427cb88c550d47ab8cb427181b3e512614cec29bc75c7baa04e3082fc5a8485e4b83414bdfadf9f71b1e075aea81ac5107955213ceb28b76e477df328ceaf55128a3947518f39d10c521ad75a5218d2c9827cdd560fa79edb6b3e3272013c10ab4388a48198ca1df9fc07cf5c485612f883c8e701fe428ae12c8b686f9382e310241184a8593cfe077e3db1c42fe8518c6711f4ff43b2012956d013bf67eec9164a495138754d34965abe9cd35e808e6b45bde6d7072fe343558b0852b2d44c89256318b78d397fec8f08e820ff6d481db1c3a8f367c4296c158f6cdfccc1bfec031eb677d6e4dcff5a607f342a66c4a6947778bd6e11cd0644596778ef658de5f3fcc80bec023e9cc1d86426330fb9ead04d970fe9ccc90c9968a8050ac80d47ddc64202461e57406cb847b47d6a80fe82333c69d4fc1c283209dbdfdcc4e32fbfe2d93eef9c7d652741426eafc0772eb114d54287913b7b12fa147d7f016a1e93b26248097e0733fa8c2e18d8ca042a0b3ffef36a33ea82c777c66547e87846eceaea3637444d35815eaf7ca70d9138acfd49b69e61f8"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, 0x0) r6 = socket(0x0, 0x3, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x0, 0x3, 0xfffffffe) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x2004c005}, 0xe0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/18, @ANYRES32=r10, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 1.223478107s ago: executing program 4 (id=5476): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r3, &(0x7f0000000040)={0xc0, 0x4e20, @loopback}, 0x10) 1.201585069s ago: executing program 4 (id=5478): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), r1) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x34, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x5}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x34}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000100)={'ip_vti0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x7, 0x8000, 0x9, 0x2, {{0x8, 0x4, 0x1, 0xd, 0x20, 0x66, 0x0, 0x10, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0xf}, {[@generic={0x94, 0xc, "2d47b263c927cd460173"}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000001c0)={'erspan0\x00', &(0x7f0000000140)={'syztnl1\x00', 0x0, 0x7, 0x8000, 0xfffffffd, 0x1, {{0xb, 0x4, 0x1, 0x29, 0x2c, 0x64, 0x0, 0x7f, 0x17, 0x0, @multicast2, @remote, {[@noop, @generic={0xf, 0x7, "03fa18b80c"}, @lsrr={0x83, 0xf, 0xe2, [@private=0xffff, @empty, @broadcast]}, @noop]}}}}}) sendmsg$ETHTOOL_MSG_WOL_SET(r1, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x48, r3, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@ETHTOOL_A_WOL_SOPASS={0x16, 0x3, "19ebdc89b3ee56ff1e913cd03065dbdda195"}, @ETHTOOL_A_WOL_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x40041) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r6, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xfe, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x10) stat(&(0x7f00000013c0)='./file0\x00', 0x0) 1.178552841s ago: executing program 4 (id=5479): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.u'}, 0x15) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180"], 0x15) r2 = dup(r1) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x100000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000001340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x6b}}) 1.155694093s ago: executing program 2 (id=5481): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000180)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'staff_u'}}], 0x6b}}) 1.133667826s ago: executing program 2 (id=5482): mlockall(0x1) 1.07853953s ago: executing program 3 (id=5483): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket(0x840000000002, 0x3, 0xff) openat$tun(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) sendmmsg$inet(r1, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000000074640000000000003552bde5c064c6", 0x15}, {&(0x7f0000000340)="174640b6d80fb2eedc81ba60ccbb9d", 0xf}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000000c0)=[{0x0}], 0x1}}], 0x2, 0x4000040) 1.064665862s ago: executing program 3 (id=5484): ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vxcan0\x00'}) rt_sigprocmask(0x2, &(0x7f0000000000)={[0xfffffffffffffffb]}, 0x0, 0x8) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x301, 0x0) write$binfmt_script(r0, &(0x7f00000000c0), 0xfffffff9) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@newqdisc={0x24, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e23, 0x81, @loopback, 0x78}, 0x1c) write$binfmt_misc(r0, 0x0, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7a680000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="d800000018008103e00312ba0d8105040a600300ff0f040b067c55a1bc000900b80006990700000015000500fef32702d3001500030001400200000901ac040098007f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b66bce0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e9703000000000000", 0xcb}], 0x1}, 0x0) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @empty, 0x80000}, @nfc={0x27, 0x0, 0x1, 0x6}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x0, 0xfdffffff}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000380)) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 838.963802ms ago: executing program 2 (id=5485): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x35, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x8, &(0x7f0000000000), 0x1, 0x51a, &(0x7f0000001200)="$eJzs3U9sI1cZAPBvJsnam6ZNCj0AKnQphQWt1k68bVT1QjlVCFVC9MhhGxInimLHUeyUJuwhe+SORCVOcOLMAYkDUk/ckTjAjUs5IBVYgRokJFx5bGedP06sbGJv499PGvnNvLG/93Y071mfN/MCGFu3ImI/Im5ExLsRMds5nnS2eLO9tc775NGD5YNHD5aTaDbf+WeS1beORc97Wp7pfGY+In7wVsSPkmNB/xRR393bWKpUytudQ8VGdatY3927u15dWiuvlTdLpcWFxfnX771WurS+vlT9zcc3I+L3v/vyR3/c/9ZPWs2a6dT19uMytbs+dRinZTIivncVwUZgotOfGxd584XexGVKI+JzEfFydv/PxkR2NY86epm+PcTWAQBXodmcjeZs7z4AcN2lWQ4sSQudXMBMpGmh0M7hvRDTaaVWb9xZre1srrRzZXMxla6uV8rznVzhXEwlq+uT5YWs3N2vlEvH9u9FxPMR8bPczWy/sFyrrIzyiw8AjLFnjs3//8m1538A4JrLPy7mRtkOAGB48qNuAAAwdOZ/ABg/5n8AGD/mfwAYP+Z/ABg/5n8AGCvff/vt1tY86Dz/euW93Z2N2nt3V8r1jUJ1Z7mwXNveKqzVamvZM3uq531epVbbWng1dt4vNsr1RrG+u3e/WtvZbNzPnut9vzw1lF4BAGd5/qUP/5JExP4bN7Mtep73f+5c/eJVtw64SumoGwCMzMSoGwCMzMnVvoBxIR8P4+v/zWYzetbujYiHh6Weh4H2/S9CHwwUJrVuKDx9bn/xCfL/wGea/D+Mr4vl/32Xh+tA/h/GV7OZWPMfAMaMHD+QnFPf+/v/fLNnZ7Df/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBamsm2JC101gKfiTQtFCKejYi5mEpW1yvl+Yh4LiL+nJvKtfYXIsK6QQDwWZb+Pems/3V79pWZ47U3cv/NZa8R8eNfvPPz95caje2FiBvJvw6PNz7oHC+Nov0AwHm683R3Hu/65NGD5e42zPZ8/J324qKtuAedrV0zGZPZaz7LNUz/O+nst7W+r0xcQvz9hxHxhdP6n2S5kbnOyqfH47diPzvU+OmR+GlW135t/Vt8/hLaAuPmw9b48+Zp918at7LX0+//fDZCPbnu+HdwYvxLD8e/iT7j361BY7z6h++eONicbdc9jPjSZMRB98N7xp9u/KRP/FcGjP/XF7/ycr+65i8jbsdp/U+OxCo2qlvF+u7e3fXq0lp5rbxZKi0uLM6/fu+1UjHLURe7meqT/vHGnef6xW/1f7pP/Pw5/f/6gP3/1f/e/eFXz4j/za+dfv1fOCN+a078xoDxl6Z/m+9X14q/0qf/513/OwPG/+hveysDngoADEF9d29jqVIpbz95IX/mOellhBigkETsX3GIx4Xcr3/61vkn54bWngsWol/VxNPSwmtTyD0dzRigMOqRCbhqj2/6UbcEAAAAAAAAAAAAAADoZxh/TjTqPgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9fRoAAP//j4/W2A==") r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) renameat2(r1, 0x0, r0, 0x0, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc00000000000000", @ANYRES32, @ANYBLOB='\x00'/20], 0x48) 477.042166ms ago: executing program 0 (id=5486): openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/vmcoreinfo', 0xa0180, 0x0) syz_io_uring_setup(0x279, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_setup(0x60e6, &(0x7f0000000280), &(0x7f0000000300)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r1, r0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x4, 0xc3a8, 0x1, 0x38880, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x10000000, 0x0, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) r5 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000f6498b20a3e100000000", @ANYRES32=r5, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r8 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x8401) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0400000000000000fd00"/20, @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r11}, 0x10) ioctl$USBDEVFS_ALLOW_SUSPEND(r8, 0x5522) ioctl$USBDEVFS_BULK(r8, 0x5523, 0x0) ioctl$USBDEVFS_FORBID_SUSPEND(r8, 0x5521) bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="09020000000000000f000480001e680f46de6a6f00ce80a815f9caa3b9c3368c9ed3a274e521a4f66e7b16c711f430b8a0f43fc602dcac1aaa3135f386dbf48769aa37cb6015d6cb00c7f1f983b42a854978eba0224b3bd99545ce79b78ec71f0cfb5d0302bf50657c4970efc2742e08d892d9bd0721cfee077542af85d4e2b56f88b5e66e4dad70bb2849cbce18bd63b1e2ea53d316704e08a7183e54a6460073920068378b16e48bfd4e98b6930a60d7f4407b51c6ea073b98ef143f796c79863f4bc80671560d162ca4234c6636e16058ea77fba43e012fd9361bb4aa9a540323cb000000", @ANYRES32, @ANYBLOB="1000"/20, @ANYRES32=r10, @ANYRESDEC=r6, @ANYBLOB='\x00'/28], 0x50) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRES8=r7, @ANYRESOCT=r3], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xfffffffffffffe01) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r12}, 0x10) socket$kcm(0x10, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f00000001c0)=[{0x200000000006, 0x0, 0x2, 0x7ffc0802}]}) arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f00000005c0)) r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) brk(0x20ffc004) syncfs(r13) unlink(&(0x7f0000000080)='./file0\x00') shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil) 476.887486ms ago: executing program 2 (id=5487): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000090600000000000000", @ANYRES32=0x0, @ANYBLOB="adffa888000000001c00128009000100626f6e64000000000c000280050001000600000008000a0079"], 0x44}}, 0x0) 476.411106ms ago: executing program 1 (id=5488): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x53d, &(0x7f0000000a80)="$eJzs3c9vHFcdAPDvjH82TesEeoAKSIBCQFF2400bVb20uYBQVQlRcUAcUmNvLJNdr/GuS20s4f4NIIHECf4EDkgckHriwI0jEgeEVA5IASxQjATSopkdO1t7TZbsepd6Px9pMvPmzcz3vWxm39u3m3kBTKyrEbEXEbMR8VZELBT7k2KJ1zpLdtzD/d3lg/3d5STa7Tf/muT52b7oOifzdHHN+Yj42pcjvpWcjNvc3rm/VKtVN4t0uVXfKDe3d26s1ZdWq6vV9Url9uLtmy/feqkytLpeqf/8wZfWXv/6r375yfd/u/fF72XFuljkdddjmDpVnzmKk5mOiNfPItgYTBXr2TGXgyeTRsRHIuIz+f2/EFP5v04A4DxrtxeivdCdBgDOuzQfA0vSUkSkadEJKHXG8J6LC2mt0Wxdv9fYWl/pjJVdipn03lqtevPy3O+/kx88k2TpxTwvz8/TlWPpWxFxOSJ+OPdUni4tN2or4+nyAMDEe7q7/Y+If8ylaanU16k9vtUDAD405sddAABg5LT/ADB5tP8AMHn6aP+LL/v3zrwsAMBo+PwPAJNH+w8Ak0f7DwAT5atvvJEt7YPi+dcrb29v3W+8fWOl2rxfqm8tl5Ybmxul1UZjNX9mT/1x16s1GhuLL8bWO+VWtdkqN7d37tYbW+utu/lzve9WZ0ZSKwDgv7l85b3fJRGx98pT+RJdczloq+F8S8ddAGBspgY5WQcBPtTM9gWTq68mPO8k/ObMywKMR8+Hec/33PygH/8PQfzOCP6vXPt4/+P/5niG88X4P0yuJxv/f3Xo5QBGz/g/TK52Ozk+5//sURYAcC4N8BO+9veH1QkBxupxk3kP5ft/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOGcuRsS3I0lL+VzgafZnWipFPBMRl2ImubdWq96MiGfjSkTMzGXpxXEXGgAYUPrnpJj/69rCCxeP584m/5zL1xHx3Z+8+aN3llqtzcVs/9+O9s8dTh9WeXTeAPMKAgBDlrfflWLd9UH+4f7u8uEyyvI8uBP/LqYiXj7Y382XTs50ZDsj5vO+xIW/JzFdnDMfEc9HxNQQ4u+9GxEf61X/JB8buVTMfNodP4rYz4w0fvqB+Gme11lnna+PDqEsMGneuxMRr/W6/9K4mq973//z+TvU4B7c6Vzs8L3voCv+dBFpqkf87J6/2m+MF3/9lRM72wudvHcjnp/uFT85ip+cEv+FPuP/4ROf+sGrp+S1fxpxLXrH745VbtU3ys3tnRtr9aXV6mp1vVK5vXj75su3XqqU8zHq8uFI9Ul/eeX6s6eVLav/hVPiz/es/+zRuZ/rs/4/+9db3/z0o+Tc8fhf+Gzv1/+5nvE7sjbx833GX7rwi1On787ir5xS/8e9/tf7jP/+n3ZW+jwUABiB5vbO/aVarbo50Eb2KXQY1zmxkRWxv4MPu4uDBf1jnEUtnnBj5qz+Vs98Y/qorzjcK38ju+KIq5MOvRYDbTwcVazxvScBo/Hoph93SQAAAAAAAAAAAAAAgNOM4r8ujbuOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CQAA//+zi8zo") r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) (async) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000180)=0xffffffffffffffe7) (async, rerun: 64) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_request_blocks\x00', r1, 0x0, 0x554}, 0x18) (async, rerun: 64) lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=r0, @ANYBLOB="040000000000800008000000", @ANYRES32=r0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0) (async, rerun: 32) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000003fffffe218110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x600}, [@IFLA_MTU={0x8, 0x4, 0x60}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}]}, 0x3c}}, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r4, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000ac0)='mm_page_free_batched\x00', r5}, 0x10) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, 0xffffffffffffffff, 0x0) (async) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002200)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) socketpair$unix(0x1, 0x2, 0x0, 0x0) 440.115569ms ago: executing program 2 (id=5489): socket$kcm(0x10, 0x2, 0x4) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000280)={0x0, @generic={0x17, "62ffa66ae19b67b844b3e0908148"}, @nfc={0x27, 0x0, 0xfffffffe, 0x6}, @ax25={0x3, @default, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x2}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001880)) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000002200)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002600)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) unshare(0x42000000) 366.234886ms ago: executing program 1 (id=5490): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), r1) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x34, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x5}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x34}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000100)={'ip_vti0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x7, 0x8000, 0x9, 0x2, {{0x8, 0x4, 0x1, 0xd, 0x20, 0x66, 0x0, 0x10, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0xf}, {[@generic={0x94, 0xc, "2d47b263c927cd460173"}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000001c0)={'erspan0\x00', &(0x7f0000000140)={'syztnl1\x00', 0x0, 0x7, 0x8000, 0xfffffffd, 0x1, {{0xb, 0x4, 0x1, 0x29, 0x2c, 0x64, 0x0, 0x7f, 0x17, 0x0, @multicast2, @remote, {[@noop, @generic={0xf, 0x7, "03fa18b80c"}, @lsrr={0x83, 0xf, 0xe2, [@private=0xffff, @empty, @broadcast]}, @noop]}}}}}) sendmsg$ETHTOOL_MSG_WOL_SET(r1, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x48, r3, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@ETHTOOL_A_WOL_SOPASS={0x16, 0x3, "19ebdc89b3ee56ff1e913cd03065dbdda195"}, @ETHTOOL_A_WOL_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x40041) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000300)={'#! ', './bus', [{0x20, '\'{-'}]}, 0xd) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, 0xffffffffffffffff, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xfe, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10) stat(&(0x7f00000013c0)='./file0\x00', 0x0) 356.993567ms ago: executing program 0 (id=5491): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x24, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x35, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x20000000000002c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000002dc0)={0x0, 0x0, &(0x7f00000029c0)=[{&(0x7f00000016c0)}], 0x1}, 0x41) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x13, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="620ac4ff00000000711070000000000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) prctl$PR_SET_IO_FLUSHER(0x39, 0x1) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/power/resume', 0x201, 0x184) write$cgroup_int(r0, &(0x7f0000000040)=0x900, 0x12) 292.616293ms ago: executing program 2 (id=5492): socket$kcm(0x10, 0x2, 0x4) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000280)={0x0, @generic={0x17, "62ffa66ae19b67b844b3e0908148"}, @nfc={0x27, 0x0, 0xfffffffe, 0x6}, @ax25={0x3, @default, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x2}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001880)) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000002200)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002600)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) unshare(0x42000000) (fail_nth: 2) 292.237083ms ago: executing program 1 (id=5493): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000180)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'staff_u'}}], 0x6b}}) 62.734194ms ago: executing program 1 (id=5494): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket(0x840000000002, 0x3, 0xff) openat$tun(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) sendmmsg$inet(r1, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000000074640000000000003552bde5c064c6", 0x15}, {&(0x7f0000000340)="174640b6d80fb2eedc81ba60ccbb9d", 0xf}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000280)}], 0x1}}], 0x2, 0x4000040) 4.71568ms ago: executing program 0 (id=5495): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000008bd60000000000000000181100002d167a8af27107a4b1aae531b8bc9542263a2b3726a4d4260354dc1c6c45ad82714071e8b1bd0f10957b9e4d59c46e10c1e2e9d4f970915b5cb4368d33148203be9a5ad06cca8cd8fc6812cffeb903ee6e74", @ANYRESOCT=r0, @ANYBLOB="0000000000000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000000200000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x12, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4000000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002000128008000100687372001400028008000100", @ANYRES32=r3, @ANYBLOB="08000200", @ANYRES32=r5, @ANYBLOB="aecee3f739e2f81eb76cb9f3257feb66bbf2b8360df4116449dcc96aedc768503f15d123d596b93ec100ec9924a446accaf8953b7c0daaa371a463d8c5ed9db03b007022d8901b82739eecc244bad5a0f946e823578a55a22f7351f2fe660b4589ca40b65b6b8aeb995738f54bbe5c7ad6836c2097e52f24c1ee2a76e760cae994e000fb9948acaf4f968e7a03659be3847754f94c168c27ef61d83dd4fad248f99b0f6c526d83f96cbed9"], 0x40}, 0x1, 0x0, 0x0, 0x4008040}, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6}, 0x10) r7 = epoll_create1(0x0) (async) r8 = socket$unix(0x1, 0x5, 0x0) setsockopt$sock_int(r8, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) (async) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000100)={0xa0028000}) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, @void, @value}, 0x94) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r9 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) (async) r10 = socket$netlink(0x10, 0x3, 0x0) r11 = socket$inet_udp(0x2, 0x2, 0x0) r12 = dup3(r10, r11, 0x0) (async) r13 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000040)={'gre0\x00', 0x0}) sendmsg$nl_route(r12, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001000010400"/20, @ANYRES32=r14, @ANYBLOB="e000000000000200"], 0x20}}, 0x4) (async) ioctl$AUTOFS_DEV_IOCTL_FAIL(r9, 0xc0189377, &(0x7f0000000300)={{0x1, 0x1, 0x18, r0, {0x4, 0x6}}, './file0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0xfa, 0xfff, 0x7fffffff, 0x11800, r9, 0x7fff, '\x00', r14, r9, 0x3, 0x3, 0x2, 0x6, @void, @value, @value=r15}, 0x50) fcntl$lock(r9, 0x24, &(0x7f0000000140)={0x300, 0x1, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff}) (async) ioctl$PPPIOCSACTIVE(r9, 0x40107446, &(0x7f0000000040)={0x7, &(0x7f0000000000)=[{0x0, 0x3, 0x6, 0x6}, {0x1, 0x70, 0xf, 0x4}, {0x6, 0x5, 0xa, 0x1}, {0x4, 0x6, 0x1, 0x3}, {0x26f2, 0x7f, 0x0, 0xffff}, {0x8, 0xb, 0x9, 0x168}, {0x80, 0x6, 0x4, 0x4}]}) syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) 0s ago: executing program 1 (id=5496): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003ec0)={{0x14, 0x10, 0xc00e}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x4000000, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xc0}}, 0x0) kernel console output (not intermixed with test programs): 826def9 code=0x7ffc0000 [ 401.117994][ T3343] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 401.131765][T18648] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4929'. [ 401.149300][ T3343] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 401.182391][T18659] FAULT_INJECTION: forcing a failure. [ 401.182391][T18659] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 401.196499][ T3343] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 401.204216][T18659] CPU: 1 UID: 0 PID: 18659 Comm: syz.4.4934 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 401.204247][T18659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 401.204261][T18659] Call Trace: [ 401.204274][T18659] [ 401.204284][T18659] dump_stack_lvl+0xf2/0x150 [ 401.213326][ T3343] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 401.220998][T18659] dump_stack+0x15/0x20 [ 401.234061][ T3343] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 401.241710][T18659] should_fail_ex+0x223/0x230 [ 401.252160][ T3343] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 401.262157][T18659] should_fail+0xb/0x10 [ 401.269296][ T3343] hid-generic 0000:0000:FFFFFFFF.0003: hidraw0: HID v0.01 Device [syz0] on syz0 [ 401.272950][T18659] should_fail_usercopy+0x1a/0x20 [ 401.324745][T18659] strncpy_from_user+0x25/0x200 [ 401.329685][T18659] ? kmem_cache_alloc_noprof+0x10c/0x290 [ 401.335328][T18659] getname_flags+0xb0/0x3b0 [ 401.339879][T18659] user_path_at+0x26/0x110 [ 401.344404][T18659] do_faccessat+0x396/0x640 [ 401.348978][T18659] __x64_sys_faccessat+0x43/0x50 [ 401.354039][T18659] x64_sys_call+0x1986/0x2d60 [ 401.358761][T18659] do_syscall_64+0xc9/0x1c0 [ 401.363272][T18659] ? clear_bhb_loop+0x55/0xb0 [ 401.368011][T18659] ? clear_bhb_loop+0x55/0xb0 [ 401.372771][T18659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.378747][T18659] RIP: 0033:0x7f77d614def9 [ 401.383198][T18659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 401.403009][T18659] RSP: 002b:00007f77d4dc7038 EFLAGS: 00000246 ORIG_RAX: 000000000000010d [ 401.411430][T18659] RAX: ffffffffffffffda RBX: 00007f77d6305f80 RCX: 00007f77d614def9 [ 401.419407][T18659] RDX: 0000000000000005 RSI: 0000000020000000 RDI: 0000000000000006 [ 401.427439][T18659] RBP: 00007f77d4dc7090 R08: 0000000000000000 R09: 0000000000000000 [ 401.435677][T18659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 401.443651][T18659] R13: 0000000000000000 R14: 00007f77d6305f80 R15: 00007fff88e18b58 [ 401.451661][T18659] [ 401.456503][T18445] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 401.469995][T14963] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 401.485821][T13968] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 401.625383][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.633316][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.641136][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.649009][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.656811][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.664915][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.673025][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.681057][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.688924][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.696706][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.704508][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.712568][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.720454][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.728398][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.736341][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.744226][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.752077][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.760372][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.768300][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.776124][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.783915][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.791705][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.799460][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.807313][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.815073][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.822922][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.830678][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.838488][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.846314][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.854083][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.862010][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.869736][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: unknown main item tag 0x0 [ 401.879032][ T3343] hid-generic 0000:0000:FFFFFFFF.0004: hidraw0: HID v0.01 Device [syz0] on syz0 [ 402.009282][T18734] loop2: detected capacity change from 0 to 512 [ 402.021593][T18738] syz.3.4967[18738] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 402.021672][T18738] syz.3.4967[18738] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 402.034666][T18738] syz.3.4967[18738] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 402.036025][T18734] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 402.079820][T18734] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 402.107868][T18742] loop1: detected capacity change from 0 to 512 [ 402.118120][T18734] EXT4-fs error (device loop2): ext4_acquire_dquot:6879: comm syz.2.4966: Failed to acquire dquot type 0 [ 402.196851][T18375] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 402.208941][T18746] syz.4.4970: attempt to access beyond end of device [ 402.208941][T18746] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 402.222307][T18742] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 402.235788][T18742] ext4 filesystem being mounted at /277/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 402.262352][T18750] loop3: detected capacity change from 0 to 2048 [ 402.295918][T18750] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 402.316550][T14963] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 402.379529][T18757] @ÿ: renamed from veth0_vlan (while UP) [ 402.386237][T18750] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4969: bg 0: block 274: padding at end of block bitmap is not set [ 402.411206][T18750] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 117 [ 402.423866][T18750] EXT4-fs (loop3): This should not happen!! Data will be lost [ 402.423866][T18750] [ 402.450164][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.458023][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.465845][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.473671][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.481723][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.489486][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.497343][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.505131][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.512936][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.520834][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.528779][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.536565][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.544330][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.552220][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.560068][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.568054][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.575945][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.584007][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.591831][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.599649][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.607601][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.615424][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.623267][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.631258][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.639060][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.646879][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.654802][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.662602][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.670360][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.673487][T18773] loop4: detected capacity change from 0 to 512 [ 402.678390][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.692224][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.700071][ T992] hid-generic 0000:0000:FFFFFFFF.0005: unknown main item tag 0x0 [ 402.712519][ T992] hid-generic 0000:0000:FFFFFFFF.0005: hidraw0: HID v0.01 Device [syz0] on syz0 [ 402.747134][T18773] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 402.761587][T18773] ext4 filesystem being mounted at /360/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 402.795993][T18773] EXT4-fs error (device loop4): ext4_acquire_dquot:6879: comm syz.4.4981: Failed to acquire dquot type 0 [ 402.874171][T18787] loop0: detected capacity change from 0 to 512 [ 402.894175][T18787] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 402.904079][T18788] loop1: detected capacity change from 0 to 2048 [ 402.908271][T13968] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 402.913884][T18787] ext4 filesystem being mounted at /170/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 402.950194][T16223] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 402.978146][T18788] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 403.009621][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.017523][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.025305][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.033273][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.041212][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.049105][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.056903][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.064700][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.072495][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.080497][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.088369][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.096159][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.103943][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.111747][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.119674][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.127436][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.135251][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.143027][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.150775][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.158571][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.166401][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.171663][T18808] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 403.174165][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.190212][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.197996][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.205772][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.213582][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.221334][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.229177][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.236945][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.244757][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.252585][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.260380][ T992] hid-generic 0000:0000:FFFFFFFF.0006: unknown main item tag 0x0 [ 403.270562][ T992] hid-generic 0000:0000:FFFFFFFF.0006: hidraw0: HID v0.01 Device [syz0] on syz0 [ 403.270736][T18750] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 403.320781][T18811] @ÿ: renamed from veth0_vlan (while UP) [ 403.348088][T18813] loop2: detected capacity change from 0 to 1024 [ 403.376951][T18813] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 403.386458][T18819] FAULT_INJECTION: forcing a failure. [ 403.386458][T18819] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 403.388096][T18813] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869) [ 403.400982][T18819] CPU: 1 UID: 0 PID: 18819 Comm: syz.4.4998 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 403.421006][T18819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 403.431172][T18819] Call Trace: [ 403.431507][T18813] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 403.434454][T18819] [ 403.444775][T18813] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 403.447445][T18819] dump_stack_lvl+0xf2/0x150 [ 403.456328][T18813] EXT4-fs (loop2): filesystem has both journal inode and journal device! [ 403.460694][T18819] dump_stack+0x15/0x20 [ 403.473341][T18819] should_fail_ex+0x223/0x230 [ 403.478118][T18819] should_fail+0xb/0x10 [ 403.482403][T18819] should_fail_usercopy+0x1a/0x20 [ 403.487517][T18819] strncpy_from_user+0x25/0x200 [ 403.492382][T18819] ? kmem_cache_alloc_noprof+0x10c/0x290 [ 403.498253][T18819] getname_flags+0xb0/0x3b0 [ 403.502834][T18819] user_path_at+0x26/0x110 [ 403.507269][T18819] __se_sys_move_mount+0x13c/0x730 [ 403.512447][T18819] ? fput+0x14e/0x190 [ 403.516495][T18819] __x64_sys_move_mount+0x67/0x80 [ 403.521622][T18819] x64_sys_call+0x1b80/0x2d60 [ 403.526331][T18819] do_syscall_64+0xc9/0x1c0 [ 403.530953][T18819] ? clear_bhb_loop+0x55/0xb0 [ 403.535680][T18819] ? clear_bhb_loop+0x55/0xb0 [ 403.540545][T18819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.546554][T18819] RIP: 0033:0x7f77d614def9 [ 403.550974][T18819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.570720][T18819] RSP: 002b:00007f77d4dc7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ad [ 403.579144][T18819] RAX: ffffffffffffffda RBX: 00007f77d6305f80 RCX: 00007f77d614def9 [ 403.587213][T18819] RDX: ffffffffffffff9c RSI: 0000000020000040 RDI: 0000000000000004 [ 403.595197][T18819] RBP: 00007f77d4dc7090 R08: 0000000000000000 R09: 0000000000000000 [ 403.603206][T18819] R10: 0000000020000180 R11: 0000000000000246 R12: 0000000000000001 [ 403.611230][T18819] R13: 0000000000000000 R14: 00007f77d6305f80 R15: 00007fff88e18b58 [ 403.619230][T18819] [ 403.640032][T14963] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 403.675540][T18825] +}[@[18825] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 403.675610][T18825] +}[@[18825] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 403.685955][T18829] loop2: detected capacity change from 0 to 1024 [ 403.687848][T18825] +}[@[18825] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 403.698675][T18829] EXT4-fs: Ignoring removed nobh option [ 403.730413][T18825] netlink: 12 bytes leftover after parsing attributes in process `+}[@'. [ 403.741546][ T3316] hid-generic 0001:0000:0000.0007: item fetching failed at offset 6/56 [ 403.750034][ T3316] hid-generic 0001:0000:0000.0007: probe with driver hid-generic failed with error -22 [ 403.762864][T18829] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 403.802494][T18375] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 403.834902][T18835] loop4: detected capacity change from 0 to 1024 [ 403.844891][T18837] loop0: detected capacity change from 0 to 164 [ 403.852806][T18835] EXT4-fs: Ignoring removed nobh option [ 403.872259][T18837] Unable to read rock-ridge attributes [ 403.880274][T18840] +}[@[18840] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 403.880344][T18840] +}[@[18840] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 403.884470][T18837] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3601 sclass=netlink_route_socket pid=18837 comm=syz.0.5006 [ 403.912984][T18840] +}[@[18840] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 403.919658][T18835] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 403.925234][T18840] netlink: 12 bytes leftover after parsing attributes in process `+}[@'. [ 403.932982][T18837] Unable to read rock-ridge attributes [ 403.956112][T18843] loop1: detected capacity change from 0 to 512 [ 403.965468][ T992] hid-generic 0000:0000:FFFFFFFF.0008: unknown main item tag 0x0 [ 403.973384][ T992] hid-generic 0000:0000:FFFFFFFF.0008: unknown main item tag 0x0 [ 403.981260][ T992] hid-generic 0000:0000:FFFFFFFF.0008: unknown main item tag 0x0 [ 403.989113][ T992] hid-generic 0000:0000:FFFFFFFF.0008: unknown main item tag 0x0 [ 403.996890][ T992] hid-generic 0000:0000:FFFFFFFF.0008: unknown main item tag 0x0 [ 404.001750][T18835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 404.004753][ T992] hid-generic 0000:0000:FFFFFFFF.0008: unknown main item tag 0x0 [ 404.021131][ T992] hid-generic 0000:0000:FFFFFFFF.0008: unknown main item tag 0x0 [ 404.028942][ T992] hid-generic 0000:0000:FFFFFFFF.0008: unknown main item tag 0x0 [ 404.036964][ T992] hid-generic 0000:0000:FFFFFFFF.0008: unknown main item tag 0x0 [ 404.044787][ T992] hid-generic 0000:0000:FFFFFFFF.0008: unknown main item tag 0x0 [ 404.052760][ T992] hid-generic 0000:0000:FFFFFFFF.0008: unknown main item tag 0x0 [ 404.060586][T18835] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 404.060883][ T992] hid-generic 0000:0000:FFFFFFFF.0008: hidraw0: HID v0.01 Device [syz0] on syz0 [ 404.080673][T18843] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #13: comm syz.1.5000: attempt to clear invalid blocks 2 len 1 [ 404.095289][T18843] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 404.127348][T18843] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.5000: invalid indirect mapped block 1819239214 (level 0) [ 404.152586][T18850] loop0: detected capacity change from 0 to 164 [ 404.170128][T18850] Unable to read rock-ridge attributes [ 404.176002][T18843] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.5000: invalid indirect mapped block 1819239214 (level 1) [ 404.213986][T18850] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3601 sclass=netlink_route_socket pid=18850 comm=syz.0.5009 [ 404.227596][T18843] EXT4-fs (loop1): 1 truncate cleaned up [ 404.233862][T18843] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 404.247192][T18850] Unable to read rock-ridge attributes [ 404.268904][T18843] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.5000: Unrecognised inode hash code 20 [ 404.280475][T18843] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.5000: Corrupt directory, running e2fsck is recommended [ 404.295394][T18843] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.5000: Unrecognised inode hash code 20 [ 404.307024][T18843] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.5000: Corrupt directory, running e2fsck is recommended [ 404.335008][T18858] loop2: detected capacity change from 0 to 2048 [ 404.341624][T18860] FAULT_INJECTION: forcing a failure. [ 404.341624][T18860] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 404.348263][T18843] EXT4-fs error (device loop1): ext4_find_dest_de:2069: inode #2: block 13: comm syz.1.5000: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 404.354697][T18860] CPU: 0 UID: 0 PID: 18860 Comm: syz.0.5012 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 404.354728][T18860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 404.394592][T18860] Call Trace: [ 404.397892][T18860] [ 404.400840][T18860] dump_stack_lvl+0xf2/0x150 [ 404.405456][T18860] dump_stack+0x15/0x20 [ 404.409630][T18860] should_fail_ex+0x223/0x230 [ 404.414382][T18860] should_fail+0xb/0x10 [ 404.418625][T18860] should_fail_usercopy+0x1a/0x20 [ 404.423772][T18860] strncpy_from_user+0x25/0x200 [ 404.428716][T18860] ? __fget_files+0x1d4/0x210 [ 404.433432][T18860] __se_sys_add_key+0x81/0x320 [ 404.438275][T18860] ? fput+0x14e/0x190 [ 404.442295][T18860] __x64_sys_add_key+0x67/0x80 [ 404.447071][T18860] x64_sys_call+0x157d/0x2d60 [ 404.451841][T18860] do_syscall_64+0xc9/0x1c0 [ 404.456404][T18860] ? clear_bhb_loop+0x55/0xb0 [ 404.461092][T18860] ? clear_bhb_loop+0x55/0xb0 [ 404.465809][T18860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.471756][T18860] RIP: 0033:0x7fb3f826def9 [ 404.476191][T18860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.495881][T18860] RSP: 002b:00007fb3f6ee1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 404.504428][T18860] RAX: ffffffffffffffda RBX: 00007fb3f8425f80 RCX: 00007fb3f826def9 [ 404.512526][T18860] RDX: 0000000020000140 RSI: 0000000000000000 RDI: 0000000020000100 [ 404.520624][T18860] RBP: 00007fb3f6ee1090 R08: 0000000021c6b2bf R09: 0000000000000000 [ 404.528647][T18860] R10: 00000000000fffff R11: 0000000000000246 R12: 0000000000000001 [ 404.536625][T18860] R13: 0000000000000000 R14: 00007fb3f8425f80 R15: 00007fff0f366e88 [ 404.544609][T18860] [ 404.552590][T18861] EXT4-fs error (device loop1): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.1.5000: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 404.626138][T18863] pim6reg1: entered promiscuous mode [ 404.631657][T18863] pim6reg1: entered allmulticast mode [ 404.657262][T18858] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 405.046338][T18878] @ÿ: renamed from veth0_vlan (while UP) [ 405.076191][ T36] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.088213][T13968] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 405.262325][ T36] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.352619][ T36] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.382404][T14963] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 405.434341][ T36] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.467090][T18882] lo speed is unknown, defaulting to 1000 [ 405.537620][ T36] bridge_slave_1: left allmulticast mode [ 405.543370][ T36] bridge_slave_1: left promiscuous mode [ 405.549072][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.562016][ T36] bridge_slave_0: left promiscuous mode [ 405.567978][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.684411][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 405.695317][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 405.705841][ T36] bond0 (unregistering): Released all slaves [ 405.714167][T18912] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5030'. [ 405.723174][T18912] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 405.730567][T18912] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 405.738432][T18912] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 405.745873][T18912] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 405.763254][T18882] chnl_net:caif_netlink_parms(): no params data found [ 405.787864][ T36] hsr_slave_0: left promiscuous mode [ 405.795406][ T36] hsr_slave_1: left promiscuous mode [ 405.805404][ T36] bridge_slave_0: left allmulticast mode [ 405.811114][ T36] veth1_macvtap: left promiscuous mode [ 405.816623][ T36] veth0_macvtap: left promiscuous mode [ 405.822589][ T36] veth1_vlan: left promiscuous mode [ 405.827939][ T36] @ÿ: left promiscuous mode [ 405.884723][ T3339] infiniband syz0: ib_query_port failed (-19) [ 405.891359][ T36] pimreg (unregistering): left allmulticast mode [ 405.942679][ T36] team0 (unregistering): Port device team_slave_1 removed [ 405.954969][ T36] team0 (unregistering): Port device team_slave_0 removed [ 406.035907][T18882] bridge0: port 1(bridge_slave_0) entered blocking state [ 406.043328][T18882] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.050668][T18882] bridge_slave_0: entered allmulticast mode [ 406.057268][T18882] bridge_slave_0: entered promiscuous mode [ 406.064390][T18882] bridge0: port 2(bridge_slave_1) entered blocking state [ 406.071474][T18882] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.078640][T18882] bridge_slave_1: entered allmulticast mode [ 406.085591][T18882] bridge_slave_1: entered promiscuous mode [ 406.103728][T18882] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 406.114555][T18882] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 406.134409][T18882] team0: Port device team_slave_0 added [ 406.140944][T18882] team0: Port device team_slave_1 added [ 406.156649][T18882] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 406.163692][T18882] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 406.189674][T18882] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 406.201136][T18882] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 406.208081][T18882] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 406.234014][T18882] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 406.260664][T18882] hsr_slave_0: entered promiscuous mode [ 406.266939][T18882] hsr_slave_1: entered promiscuous mode [ 406.272873][T18882] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 406.280460][T18882] Cannot create hsr debugfs directory [ 406.319654][ T29] kauditd_printk_skb: 1171 callbacks suppressed [ 406.319674][ T29] audit: type=1326 audit(1727153370.387:30102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18926 comm="syz.1.5035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 406.349663][ T29] audit: type=1326 audit(1727153370.387:30103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18926 comm="syz.1.5035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 406.374375][ T29] audit: type=1326 audit(1727153370.387:30104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18926 comm="syz.1.5035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 406.398045][ T29] audit: type=1326 audit(1727153370.387:30105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18926 comm="syz.1.5035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 406.421746][ T29] audit: type=1326 audit(1727153370.387:30106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18926 comm="syz.1.5035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 406.445388][ T29] audit: type=1326 audit(1727153370.407:30107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18926 comm="syz.1.5035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 406.468973][ T29] audit: type=1326 audit(1727153370.407:30108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18926 comm="syz.1.5035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 406.492640][ T29] audit: type=1326 audit(1727153370.407:30109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18926 comm="syz.1.5035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 406.516635][ T29] audit: type=1326 audit(1727153370.407:30110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18926 comm="syz.1.5035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 406.540323][ T29] audit: type=1326 audit(1727153370.407:30111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18926 comm="syz.1.5035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 406.706264][T18936] loop2: detected capacity change from 0 to 2048 [ 406.736152][T18942] loop1: detected capacity change from 0 to 512 [ 406.752501][T18882] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 406.766573][T18942] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #13: comm syz.1.5035: attempt to clear invalid blocks 2 len 1 [ 406.792101][T18942] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 406.817787][T18882] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 406.823840][T18948] loop0: detected capacity change from 0 to 512 [ 406.825367][T18942] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.5035: invalid indirect mapped block 1819239214 (level 0) [ 406.849327][T18942] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.5035: invalid indirect mapped block 1819239214 (level 1) [ 406.866946][T18948] ext4 filesystem being mounted at /183/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 406.878066][T18942] EXT4-fs (loop1): 1 truncate cleaned up [ 406.886541][T18948] EXT4-fs error (device loop0): ext4_acquire_dquot:6879: comm syz.0.5040: Failed to acquire dquot type 0 [ 406.904135][T18882] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 406.924075][T18882] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 406.960343][T18942] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.5035: Unrecognised inode hash code 20 [ 406.972008][T18942] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.5035: Corrupt directory, running e2fsck is recommended [ 407.021200][T18942] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.5035: Unrecognised inode hash code 20 [ 407.032843][T18942] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.5035: Corrupt directory, running e2fsck is recommended [ 407.039489][T18882] 8021q: adding VLAN 0 to HW filter on device bond0 [ 407.071491][T18882] 8021q: adding VLAN 0 to HW filter on device team0 [ 407.092032][T16496] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.099233][T16496] bridge0: port 1(bridge_slave_0) entered forwarding state [ 407.123843][T18942] EXT4-fs error (device loop1): ext4_find_dest_de:2069: inode #2: block 13: comm syz.1.5035: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 407.148788][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.155889][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 407.194195][T18961] loop0: detected capacity change from 0 to 164 [ 407.221609][T18959] EXT4-fs error (device loop1): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.1.5035: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 407.291282][T18961] Unable to read rock-ridge attributes [ 407.302653][T18882] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 407.312100][T18961] Unable to read rock-ridge attributes [ 407.384280][T18972] loop3: detected capacity change from 0 to 512 [ 407.420115][T18973] loop0: detected capacity change from 0 to 164 [ 407.439111][T18972] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 407.463359][T18973] Unable to read rock-ridge attributes [ 407.492705][T18954] EXT4-fs error (device loop3): ext4_readdir:261: inode #2: block 3: comm +}[@: path /27/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 407.515510][T18973] Unable to read rock-ridge attributes [ 407.561787][T18983] FAULT_INJECTION: forcing a failure. [ 407.561787][T18983] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 407.575078][T18983] CPU: 1 UID: 0 PID: 18983 Comm: syz.0.5047 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 407.585508][T18983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 407.595584][T18983] Call Trace: [ 407.598875][T18983] [ 407.601825][T18983] dump_stack_lvl+0xf2/0x150 [ 407.606561][T18983] dump_stack+0x15/0x20 [ 407.610765][T18983] should_fail_ex+0x223/0x230 [ 407.615596][T18983] should_fail+0xb/0x10 [ 407.619794][T18983] should_fail_usercopy+0x1a/0x20 [ 407.621729][T18954] EXT4-fs (loop3): Remounting filesystem read-only [ 407.624848][T18983] strncpy_from_user+0x25/0x200 [ 407.636220][T18983] ? __fget_files+0x1d4/0x210 [ 407.640973][T18983] __se_sys_add_key+0x81/0x320 [ 407.645758][T18983] ? fput+0x14e/0x190 [ 407.649774][T18983] __x64_sys_add_key+0x67/0x80 [ 407.654688][T18983] x64_sys_call+0x157d/0x2d60 [ 407.659454][T18983] do_syscall_64+0xc9/0x1c0 [ 407.664011][T18983] ? clear_bhb_loop+0x55/0xb0 [ 407.668727][T18983] ? clear_bhb_loop+0x55/0xb0 [ 407.673435][T18983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.679400][T18983] RIP: 0033:0x7fb3f826def9 [ 407.683840][T18983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.703915][T18983] RSP: 002b:00007fb3f6ee1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 407.712457][T18983] RAX: ffffffffffffffda RBX: 00007fb3f8425f80 RCX: 00007fb3f826def9 [ 407.720437][T18983] RDX: 0000000020000140 RSI: 0000000000000000 RDI: 0000000020000100 [ 407.728514][T18983] RBP: 00007fb3f6ee1090 R08: 000000002eaf0832 R09: 0000000000000000 [ 407.736496][T18983] R10: 00000000000fffff R11: 0000000000000246 R12: 0000000000000001 [ 407.744471][T18983] R13: 0000000000000000 R14: 00007fb3f8425f80 R15: 00007fff0f366e88 [ 407.752466][T18983] [ 407.833606][T18882] veth0_vlan: entered promiscuous mode [ 407.852060][T18882] veth1_vlan: entered promiscuous mode [ 407.858296][T18987] syz.0.5048: attempt to access beyond end of device [ 407.858296][T18987] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 407.898493][T18882] veth0_macvtap: entered promiscuous mode [ 407.908551][T18882] veth1_macvtap: entered promiscuous mode [ 407.929240][T18882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 407.939887][T18882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 407.981731][T18882] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 408.003363][T18882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.013931][T18882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.035823][T18882] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 408.052247][T18882] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.061130][T18882] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.070126][T18882] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.078874][T18882] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.453522][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 408.482322][T19011] loop2: detected capacity change from 0 to 512 [ 408.493312][T19011] ext4 filesystem being mounted at /42/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 408.701915][T19016] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 408.969494][T19031] +}[@[19031] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 408.969655][T19031] +}[@[19031] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 408.982857][T19031] +}[@[19031] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 409.025444][T19033] loop1: detected capacity change from 0 to 2048 [ 409.049069][T19035] loop2: detected capacity change from 0 to 512 [ 409.062626][T19035] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 409.094073][T19025] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 3: comm +}[@: path /46/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 409.114605][T19025] EXT4-fs (loop2): Remounting filesystem read-only [ 409.180642][T19047] loop1: detected capacity change from 0 to 512 [ 409.196855][T19047] ext4 filesystem being mounted at /287/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 409.284949][T19054] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5071'. [ 409.293983][T19054] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 409.301703][T19054] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 409.330427][T19054] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 409.337961][T19054] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 409.367957][T19056] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5072'. [ 409.376906][T19056] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5072'. [ 409.398694][T19056] bond1: entered promiscuous mode [ 409.403816][T19056] bond1: entered allmulticast mode [ 409.409323][T19056] 8021q: adding VLAN 0 to HW filter on device bond1 [ 409.560104][T19069] loop1: detected capacity change from 0 to 512 [ 409.577571][T19069] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #13: comm syz.1.5074: attempt to clear invalid blocks 2 len 1 [ 409.605944][T19069] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 409.636696][T19069] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.5074: invalid indirect mapped block 1819239214 (level 0) [ 409.683244][T19069] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.5074: invalid indirect mapped block 1819239214 (level 1) [ 409.715594][T19069] EXT4-fs (loop1): 1 truncate cleaned up [ 409.735097][T19069] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.5074: Unrecognised inode hash code 20 [ 409.746642][T19069] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.5074: Corrupt directory, running e2fsck is recommended [ 409.801446][T19069] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.5074: Unrecognised inode hash code 20 [ 409.813003][T19069] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.5074: Corrupt directory, running e2fsck is recommended [ 409.841975][T19069] EXT4-fs error (device loop1): ext4_find_dest_de:2069: inode #2: block 13: comm syz.1.5074: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 409.926756][T19071] EXT4-fs error (device loop1): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.1.5074: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 410.182475][T19088] loop2: detected capacity change from 0 to 164 [ 410.190052][T19088] Unable to read rock-ridge attributes [ 410.205384][T19088] Unable to read rock-ridge attributes [ 410.338064][T19096] loop2: detected capacity change from 0 to 512 [ 410.377370][T19096] ext4 filesystem being mounted at /54/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 410.455394][T19111] FAULT_INJECTION: forcing a failure. [ 410.455394][T19111] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 410.468562][T19111] CPU: 0 UID: 0 PID: 19111 Comm: syz.0.5092 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 410.478998][T19111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 410.489145][T19111] Call Trace: [ 410.492436][T19111] [ 410.495384][T19111] dump_stack_lvl+0xf2/0x150 [ 410.500010][T19111] dump_stack+0x15/0x20 [ 410.504221][T19111] should_fail_ex+0x223/0x230 [ 410.508966][T19111] should_fail+0xb/0x10 [ 410.513150][T19111] should_fail_usercopy+0x1a/0x20 [ 410.518271][T19111] _copy_to_user+0x1e/0xa0 [ 410.522788][T19111] simple_read_from_buffer+0xa0/0x110 [ 410.528197][T19111] proc_fail_nth_read+0xf9/0x140 [ 410.533159][T19111] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 410.538853][T19111] vfs_read+0x195/0x720 [ 410.543032][T19111] ? __rcu_read_unlock+0x4e/0x70 [ 410.547999][T19111] ? __fget_files+0x1d4/0x210 [ 410.552786][T19111] ksys_read+0xeb/0x1b0 [ 410.556986][T19111] __x64_sys_read+0x42/0x50 [ 410.561623][T19111] x64_sys_call+0x27d3/0x2d60 [ 410.566331][T19111] do_syscall_64+0xc9/0x1c0 [ 410.570969][T19111] ? clear_bhb_loop+0x55/0xb0 [ 410.575672][T19111] ? clear_bhb_loop+0x55/0xb0 [ 410.580442][T19111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.586380][T19111] RIP: 0033:0x7fb3f826c93c [ 410.590804][T19111] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 410.610587][T19111] RSP: 002b:00007fb3f6ee1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 410.619054][T19111] RAX: ffffffffffffffda RBX: 00007fb3f8425f80 RCX: 00007fb3f826c93c [ 410.627079][T19111] RDX: 000000000000000f RSI: 00007fb3f6ee10a0 RDI: 0000000000000003 [ 410.635153][T19111] RBP: 00007fb3f6ee1090 R08: 0000000000000000 R09: 0000000000000000 [ 410.643144][T19111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 410.651188][T19111] R13: 0000000000000001 R14: 00007fb3f8425f80 R15: 00007fff0f366e88 [ 410.659265][T19111] [ 410.679468][T19115] syz.2.5093[19115] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 410.679562][T19115] syz.2.5093[19115] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 410.691565][T19115] syz.2.5093[19115] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 410.775573][T19127] loop2: detected capacity change from 0 to 512 [ 410.794662][T19130] loop3: detected capacity change from 0 to 128 [ 410.807006][T19130] FAULT_INJECTION: forcing a failure. [ 410.807006][T19130] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 410.820360][T19130] CPU: 0 UID: 0 PID: 19130 Comm: syz.3.5102 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 410.830864][T19130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 410.840992][T19130] Call Trace: [ 410.844364][T19130] [ 410.847325][T19130] dump_stack_lvl+0xf2/0x150 [ 410.851943][T19130] dump_stack+0x15/0x20 [ 410.856116][T19130] should_fail_ex+0x223/0x230 [ 410.860830][T19130] should_fail_alloc_page+0xfd/0x110 [ 410.866204][T19130] __alloc_pages_noprof+0x109/0x360 [ 410.871422][T19130] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 410.876831][T19130] folio_alloc_noprof+0xee/0x130 [ 410.881809][T19130] filemap_alloc_folio_noprof+0x69/0x220 [ 410.887491][T19130] __filemap_get_folio+0x298/0x5b0 [ 410.892715][T19130] ? mntput+0x49/0x70 [ 410.896725][T19130] cont_write_begin+0x512/0x860 [ 410.901609][T19130] ? _parse_integer_limit+0x167/0x180 [ 410.907072][T19130] fat_write_begin+0x51/0xe0 [ 410.911740][T19130] ? __pfx_fat_get_block+0x10/0x10 [ 410.916930][T19130] generic_perform_write+0x1a8/0x4a0 [ 410.922254][T19130] __generic_file_write_iter+0xa1/0x120 [ 410.927822][T19130] generic_file_write_iter+0x77/0x1c0 [ 410.933213][T19130] vfs_write+0x76a/0x910 [ 410.937497][T19130] ? __pfx_generic_file_write_iter+0x10/0x10 [ 410.943503][T19130] ksys_write+0xeb/0x1b0 [ 410.947924][T19130] __x64_sys_write+0x42/0x50 [ 410.952539][T19130] x64_sys_call+0x27dd/0x2d60 [ 410.957258][T19130] do_syscall_64+0xc9/0x1c0 [ 410.961788][T19130] ? clear_bhb_loop+0x55/0xb0 [ 410.966545][T19130] ? clear_bhb_loop+0x55/0xb0 [ 410.971250][T19130] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.977200][T19130] RIP: 0033:0x7fa93919def9 [ 410.981623][T19130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.001301][T19130] RSP: 002b:00007fa937e11038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 411.009747][T19130] RAX: ffffffffffffffda RBX: 00007fa939355f80 RCX: 00007fa93919def9 [ 411.017830][T19130] RDX: 000000000208e24b RSI: 0000000020000080 RDI: 0000000000000008 [ 411.022341][T19127] ext4 filesystem being mounted at /58/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 411.025865][T19130] RBP: 00007fa937e11090 R08: 0000000000000000 R09: 0000000000000000 [ 411.025884][T19130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 411.025899][T19130] R13: 0000000000000000 R14: 00007fa939355f80 R15: 00007ffcd1f7cb38 [ 411.025924][T19130] [ 411.296527][T19149] netlink: 'syz.3.5108': attribute type 10 has an invalid length. [ 411.315477][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 411.325982][T19149] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.333234][T19149] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.363057][T19149] bridge0: port 2(bridge_slave_1) entered blocking state [ 411.370235][T19149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 411.377596][T19149] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.384828][T19149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 411.405090][T19149] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 411.413928][ T29] kauditd_printk_skb: 632 callbacks suppressed [ 411.413942][ T29] audit: type=1326 audit(1727153375.497:30742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19150 comm="syz.3.5108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fa93919def9 code=0x7ffc0000 [ 411.414930][T19152] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5108'. [ 411.420189][ T29] audit: type=1326 audit(1727153375.497:30743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19148 comm="syz.3.5108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa93919def9 code=0x7ffc0000 [ 411.476726][ T29] audit: type=1326 audit(1727153375.497:30744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19148 comm="syz.3.5108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa93919def9 code=0x7ffc0000 [ 411.479349][T19152] bridge_slave_1: left allmulticast mode [ 411.504099][ T29] audit: type=1326 audit(1727153375.537:30745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19148 comm="syz.3.5108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fa93919def9 code=0x7ffc0000 [ 411.506061][T19152] bridge_slave_1: left promiscuous mode [ 411.506235][T19152] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.529768][ T29] audit: type=1326 audit(1727153375.547:30746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19148 comm="syz.3.5108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa93919def9 code=0x7ffc0000 [ 411.566273][ T29] audit: type=1326 audit(1727153375.547:30747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19148 comm="syz.3.5108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fa93919def9 code=0x7ffc0000 [ 411.590007][ T29] audit: type=1326 audit(1727153375.547:30748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19148 comm="syz.3.5108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa93919def9 code=0x7ffc0000 [ 411.613620][ T29] audit: type=1326 audit(1727153375.547:30749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19148 comm="syz.3.5108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=126 compat=0 ip=0x7fa93919def9 code=0x7ffc0000 [ 411.637312][ T29] audit: type=1326 audit(1727153375.547:30750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19148 comm="syz.3.5108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa93919def9 code=0x7ffc0000 [ 411.661052][ T29] audit: type=1326 audit(1727153375.547:30751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19148 comm="syz.3.5108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa93919def9 code=0x7ffc0000 [ 411.686083][T19152] bridge_slave_0: left allmulticast mode [ 411.691790][T19152] bridge_slave_0: left promiscuous mode [ 411.697483][T19152] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.727214][T19152] bond0: (slave bridge0): Releasing backup interface [ 411.821589][T19158] loop4: detected capacity change from 0 to 2048 [ 411.904611][T19162] loop3: detected capacity change from 0 to 128 [ 411.942034][T19168] loop0: detected capacity change from 0 to 128 [ 412.082693][T19181] loop3: detected capacity change from 0 to 164 [ 412.103851][T19181] Unable to read rock-ridge attributes [ 412.172887][T19187] loop4: detected capacity change from 0 to 512 [ 412.188945][T19189] syz.3.5122[19189] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 412.189008][T19189] syz.3.5122[19189] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 412.209200][T19189] syz.3.5122[19189] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 412.260680][T19187] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #13: comm syz.4.5115: attempt to clear invalid blocks 2 len 1 [ 412.290471][T19195] FAULT_INJECTION: forcing a failure. [ 412.290471][T19195] name failslab, interval 1, probability 0, space 0, times 0 [ 412.303128][T19195] CPU: 1 UID: 0 PID: 19195 Comm: +}[@ Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 412.313093][T19195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 412.323229][T19195] Call Trace: [ 412.326563][T19195] [ 412.329572][T19195] dump_stack_lvl+0xf2/0x150 [ 412.334191][T19195] dump_stack+0x15/0x20 [ 412.338405][T19195] should_fail_ex+0x223/0x230 [ 412.343113][T19195] ? security_file_alloc+0x32/0x100 [ 412.348332][T19195] should_failslab+0x8f/0xb0 [ 412.353020][T19195] kmem_cache_alloc_noprof+0x4c/0x290 [ 412.358457][T19195] security_file_alloc+0x32/0x100 [ 412.363561][T19195] alloc_empty_file+0x121/0x2f0 [ 412.368438][T19195] path_openat+0x6a/0x1fa0 [ 412.372998][T19195] ? _parse_integer_limit+0x167/0x180 [ 412.378531][T19195] ? _parse_integer+0x27/0x30 [ 412.383259][T19195] ? kstrtoull+0x110/0x140 [ 412.387712][T19195] ? kstrtouint+0x77/0xc0 [ 412.392215][T19195] do_filp_open+0xf7/0x200 [ 412.396670][T19195] do_sys_openat2+0xab/0x120 [ 412.401289][T19195] __x64_sys_open+0xe6/0x110 [ 412.405931][T19195] x64_sys_call+0x1321/0x2d60 [ 412.410805][T19195] do_syscall_64+0xc9/0x1c0 [ 412.415341][T19195] ? clear_bhb_loop+0x55/0xb0 [ 412.420080][T19195] ? clear_bhb_loop+0x55/0xb0 [ 412.424776][T19195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.430722][T19195] RIP: 0033:0x7f552f0ddef9 [ 412.435214][T19195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.454868][T19195] RSP: 002b:00007f552dd57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 412.463328][T19195] RAX: ffffffffffffffda RBX: 00007f552f295f80 RCX: 00007f552f0ddef9 [ 412.471405][T19195] RDX: 0000000000000017 RSI: 0000000000080080 RDI: 0000000020000040 [ 412.477802][T19187] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 412.479384][T19195] RBP: 00007f552dd57090 R08: 0000000000000000 R09: 0000000000000000 [ 412.501646][T19195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 412.509724][T19195] R13: 0000000000000000 R14: 00007f552f295f80 R15: 00007ffe9e826ea8 [ 412.517795][T19195] [ 412.522437][T19187] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.5115: invalid indirect mapped block 1819239214 (level 0) [ 412.552077][T19187] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.5115: invalid indirect mapped block 1819239214 (level 1) [ 412.606330][T19187] EXT4-fs (loop4): 1 truncate cleaned up [ 412.638141][T19187] EXT4-fs warning (device loop4): dx_probe:833: inode #2: comm syz.4.5115: Unrecognised inode hash code 20 [ 412.649757][T19187] EXT4-fs warning (device loop4): dx_probe:966: inode #2: comm syz.4.5115: Corrupt directory, running e2fsck is recommended [ 412.680021][T19209] loop2: detected capacity change from 0 to 164 [ 412.690503][T19187] EXT4-fs warning (device loop4): dx_probe:833: inode #2: comm syz.4.5115: Unrecognised inode hash code 20 [ 412.701969][T19187] EXT4-fs warning (device loop4): dx_probe:966: inode #2: comm syz.4.5115: Corrupt directory, running e2fsck is recommended [ 412.715817][T19209] Unable to read rock-ridge attributes [ 412.717192][T19187] EXT4-fs error (device loop4): ext4_find_dest_de:2069: inode #2: block 13: comm syz.4.5115: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 412.742766][T19213] EXT4-fs error (device loop4): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.4.5115: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 412.764773][T19209] Unable to read rock-ridge attributes [ 412.816220][T19217] loop2: detected capacity change from 0 to 164 [ 412.845838][T19217] Unable to read rock-ridge attributes [ 413.016989][T19235] loop2: detected capacity change from 0 to 2048 [ 413.041876][T19234] loop0: detected capacity change from 0 to 2048 [ 413.048992][T19237] SELinux: policydb version 1446001614 does not match my version range 15-33 [ 413.069207][T19235] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 413.080318][T19237] SELinux: failed to load policy [ 413.085127][T19235] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 17 with error 28 [ 413.090851][T19237] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5141'. [ 413.101354][T19235] EXT4-fs (loop2): This should not happen!! Data will be lost [ 413.101354][T19235] [ 413.110278][T19237] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5141'. [ 413.119918][T19235] EXT4-fs (loop2): Total free blocks count 0 [ 413.135207][T19235] EXT4-fs (loop2): Free/Dirty block details [ 413.141292][T19235] EXT4-fs (loop2): free_blocks=2415919104 [ 413.147024][T19235] EXT4-fs (loop2): dirty_blocks=32 [ 413.152163][T19235] EXT4-fs (loop2): Block reservation details [ 413.154693][T19234] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, [ 413.158202][T19235] EXT4-fs (loop2): i_reserved_data_blocks=2 [ 413.172672][T19234] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 413.183256][T19234] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 17 with error 28 [ 413.195760][T19234] EXT4-fs (loop0): This should not happen!! Data will be lost [ 413.195760][T19234] [ 413.205604][T19234] EXT4-fs (loop0): Total free blocks count 0 [ 413.211797][T19234] EXT4-fs (loop0): Free/Dirty block details [ 413.217908][T19234] EXT4-fs (loop0): free_blocks=2415919104 [ 413.218402][T19248] loop1: detected capacity change from 0 to 164 [ 413.223678][T19234] EXT4-fs (loop0): dirty_blocks=32 [ 413.235109][T19234] EXT4-fs (loop0): Block reservation details [ 413.241128][T19234] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 413.258272][T19248] Unable to read rock-ridge attributes [ 413.270807][T19246] Unable to read rock-ridge attributes [ 413.701328][T19259] loop1: detected capacity change from 0 to 164 [ 413.810935][T19259] Unable to read rock-ridge attributes [ 414.051702][T16496] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 414.064056][T16496] EXT4-fs (loop0): This should not happen!! Data will be lost [ 414.064056][T16496] [ 414.146788][T19274] loop0: detected capacity change from 0 to 2048 [ 414.382012][ T36] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 414.394287][ T36] EXT4-fs (loop2): This should not happen!! Data will be lost [ 414.394287][ T36] [ 414.434469][T19287] loop4: detected capacity change from 0 to 164 [ 414.441492][T19287] Unable to read rock-ridge attributes [ 414.448792][T19287] Unable to read rock-ridge attributes [ 414.763772][T19302] loop4: detected capacity change from 0 to 512 [ 414.784594][T19302] EXT4-fs: Mount option(s) incompatible with ext2 [ 414.800425][T19306] loop2: detected capacity change from 0 to 164 [ 414.810592][T19306] Unable to read rock-ridge attributes [ 414.823826][T19306] Unable to read rock-ridge attributes [ 415.023769][T19318] loop2: detected capacity change from 0 to 164 [ 415.031338][T19318] Unable to read rock-ridge attributes [ 415.039070][T19318] Unable to read rock-ridge attributes [ 415.083937][T19320] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5171'. [ 415.112006][T19320] xfrm1: entered promiscuous mode [ 415.117976][T19320] xfrm1: entered allmulticast mode [ 415.139411][T19320] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 415.751280][T19339] @ÿ: renamed from veth0_vlan (while UP) [ 415.886818][T19347] loop4: detected capacity change from 0 to 2048 [ 416.071478][T19365] loop3: detected capacity change from 0 to 512 [ 416.082057][T19365] ext4 filesystem being mounted at /65/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 416.177413][T19378] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 416.193632][T19380] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 416.680685][T19399] loop1: detected capacity change from 0 to 1024 [ 416.688120][T19399] EXT4-fs (loop1): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 416.715263][ T29] kauditd_printk_skb: 631 callbacks suppressed [ 416.715294][ T29] audit: type=1400 audit(1727153380.788:31383): avc: denied { mounton } for pid=19398 comm="syz.1.5203" path="/309/file1/file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 416.888501][T19410] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5207'. [ 416.904430][T19410] bond1: entered promiscuous mode [ 416.909583][T19410] bond1: entered allmulticast mode [ 416.915194][T19410] 8021q: adding VLAN 0 to HW filter on device bond1 [ 417.142953][T19429] loop3: detected capacity change from 0 to 512 [ 417.178069][T19429] ext4 filesystem being mounted at /70/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 417.259147][T19443] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5219'. [ 417.298214][T19443] bond2: entered promiscuous mode [ 417.303409][T19443] bond2: entered allmulticast mode [ 417.308751][T19443] 8021q: adding VLAN 0 to HW filter on device bond2 [ 417.350812][T19449] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 417.737026][T19454] +}[@[19454] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 417.737091][T19454] +}[@[19454] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 417.748562][T19454] +}[@[19454] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 417.779096][T19456] loop4: detected capacity change from 0 to 512 [ 417.801373][T19456] EXT4-fs mount: 41 callbacks suppressed [ 417.801387][T19456] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 417.821566][T19456] ext4 filesystem being mounted at /31/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 417.842653][T18882] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 418.047558][T19475] bond1: entered promiscuous mode [ 418.051773][T19473] loop4: detected capacity change from 0 to 2048 [ 418.052675][T19475] bond1: entered allmulticast mode [ 418.064700][T19475] 8021q: adding VLAN 0 to HW filter on device bond1 [ 418.084826][T19473] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 418.116261][T19473] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 418.134462][T19473] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 17 with error 28 [ 418.147028][T19473] EXT4-fs (loop4): This should not happen!! Data will be lost [ 418.147028][T19473] [ 418.156759][T19473] EXT4-fs (loop4): Total free blocks count 0 [ 418.162992][T19473] EXT4-fs (loop4): Free/Dirty block details [ 418.169078][T19473] EXT4-fs (loop4): free_blocks=2415919104 [ 418.174908][T19473] EXT4-fs (loop4): dirty_blocks=32 [ 418.180118][T19473] EXT4-fs (loop4): Block reservation details [ 418.186119][T19473] EXT4-fs (loop4): i_reserved_data_blocks=2 [ 418.371682][T19498] loop2: detected capacity change from 0 to 2048 [ 418.391821][T19498] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 418.419050][T19498] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 418.442979][T19498] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 17 with error 28 [ 418.455391][T19498] EXT4-fs (loop2): This should not happen!! Data will be lost [ 418.455391][T19498] [ 418.465075][T19498] EXT4-fs (loop2): Total free blocks count 0 [ 418.471102][T19498] EXT4-fs (loop2): Free/Dirty block details [ 418.477032][T19498] EXT4-fs (loop2): free_blocks=2415919104 [ 418.482813][T19498] EXT4-fs (loop2): dirty_blocks=32 [ 418.487944][T19498] EXT4-fs (loop2): Block reservation details [ 418.493962][T19498] EXT4-fs (loop2): i_reserved_data_blocks=2 [ 418.505319][T19510] FAULT_INJECTION: forcing a failure. [ 418.505319][T19510] name failslab, interval 1, probability 0, space 0, times 0 [ 418.518076][T19510] CPU: 1 UID: 0 PID: 19510 Comm: syz.3.5242 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 418.528558][T19510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 418.538749][T19510] Call Trace: [ 418.542048][T19510] [ 418.545009][T19510] dump_stack_lvl+0xf2/0x150 [ 418.549771][T19510] dump_stack+0x15/0x20 [ 418.553954][T19510] should_fail_ex+0x223/0x230 [ 418.558755][T19510] ? x509_cert_parse+0x3b/0x440 [ 418.563711][T19510] should_failslab+0x8f/0xb0 [ 418.568344][T19510] __kmalloc_cache_noprof+0x4b/0x2a0 [ 418.573658][T19510] x509_cert_parse+0x3b/0x440 [ 418.578369][T19510] x509_key_preparse+0x3c/0x400 [ 418.583244][T19510] asymmetric_key_preparse+0x6b/0xc0 [ 418.588744][T19510] __key_create_or_update+0x29f/0x750 [ 418.594188][T19510] key_create_or_update+0x42/0x60 [ 418.599321][T19510] __se_sys_add_key+0x280/0x320 [ 418.604368][T19510] ? fput+0x14e/0x190 [ 418.608456][T19510] __x64_sys_add_key+0x67/0x80 [ 418.613298][T19510] x64_sys_call+0x157d/0x2d60 [ 418.618082][T19510] do_syscall_64+0xc9/0x1c0 [ 418.622621][T19510] ? clear_bhb_loop+0x55/0xb0 [ 418.627434][T19510] ? clear_bhb_loop+0x55/0xb0 [ 418.632137][T19510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.638252][T19510] RIP: 0033:0x7fa93919def9 [ 418.642859][T19510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.662680][T19510] RSP: 002b:00007fa937e11038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 418.671141][T19510] RAX: ffffffffffffffda RBX: 00007fa939355f80 RCX: 00007fa93919def9 [ 418.679357][T19510] RDX: 0000000020000140 RSI: 0000000000000000 RDI: 0000000020000100 [ 418.687445][T19510] RBP: 00007fa937e11090 R08: 000000003186f534 R09: 0000000000000000 [ 418.695498][T19510] R10: 00000000000fffff R11: 0000000000000246 R12: 0000000000000001 [ 418.703538][T19510] R13: 0000000000000000 R14: 00007fa939355f80 R15: 00007ffcd1f7cb38 [ 418.711544][T19510] [ 418.764346][T19512] bond3: entered promiscuous mode [ 418.769508][T19512] bond3: entered allmulticast mode [ 418.778587][T19512] 8021q: adding VLAN 0 to HW filter on device bond3 [ 418.832671][T19515] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 418.857692][T16496] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 418.974128][T19523] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5247'. [ 419.017847][T19523] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5247'. [ 419.071710][ T29] audit: type=1326 audit(1727153383.148:31384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19532 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 419.094876][ T29] audit: type=1326 audit(1727153383.148:31385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19532 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 419.171591][ T29] audit: type=1326 audit(1727153383.148:31386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19532 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 419.194773][ T29] audit: type=1326 audit(1727153383.148:31387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19532 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 419.218102][ T29] audit: type=1326 audit(1727153383.148:31388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19532 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 419.241167][ T29] audit: type=1326 audit(1727153383.148:31389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19532 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 419.264411][ T29] audit: type=1326 audit(1727153383.148:31390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19532 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 419.273911][T19541] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 419.287571][ T29] audit: type=1326 audit(1727153383.208:31391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19531 comm="syz.4.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8dbcadef9 code=0x7ffc0000 [ 419.319448][ T29] audit: type=1326 audit(1727153383.208:31392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19531 comm="syz.4.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8dbcadef9 code=0x7ffc0000 [ 419.320103][ T2324] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 419.421149][T19551] loop0: detected capacity change from 0 to 2048 [ 419.430979][T19551] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 419.439283][T19556] loop2: detected capacity change from 0 to 1024 [ 419.445453][T19551] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 419.450299][T19556] EXT4-fs (loop2): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 419.465516][T19551] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 17 with error 28 [ 419.486384][T19551] EXT4-fs (loop0): This should not happen!! Data will be lost [ 419.486384][T19551] [ 419.496092][T19551] EXT4-fs (loop0): Total free blocks count 0 [ 419.502200][T19551] EXT4-fs (loop0): Free/Dirty block details [ 419.508108][T19551] EXT4-fs (loop0): free_blocks=2415919104 [ 419.513877][T19551] EXT4-fs (loop0): dirty_blocks=32 [ 419.519010][T19551] EXT4-fs (loop0): Block reservation details [ 419.525325][T19551] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 419.553209][T19556] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 419.556668][T19562] loop3: detected capacity change from 0 to 512 [ 419.581420][T19562] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 419.594502][T19562] ext4 filesystem being mounted at /92/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 419.630047][T19566] FAULT_INJECTION: forcing a failure. [ 419.630047][T19566] name failslab, interval 1, probability 0, space 0, times 0 [ 419.642821][T19566] CPU: 0 UID: 0 PID: 19566 Comm: syz.2.5261 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 419.653355][T19566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 419.663525][T19566] Call Trace: [ 419.666825][T19566] [ 419.669778][T19566] dump_stack_lvl+0xf2/0x150 [ 419.674399][T19566] dump_stack+0x15/0x20 [ 419.678706][T19566] should_fail_ex+0x223/0x230 [ 419.683431][T19566] ? ext4_expand_extra_isize_ea+0x7c9/0xf70 [ 419.689461][T19566] should_failslab+0x8f/0xb0 [ 419.694094][T19566] __kmalloc_noprof+0xa5/0x370 [ 419.698929][T19566] ext4_expand_extra_isize_ea+0x7c9/0xf70 [ 419.704684][T19566] __ext4_expand_extra_isize+0x243/0x280 [ 419.710389][T19566] __ext4_mark_inode_dirty+0x2c5/0x440 [ 419.715950][T19566] ext4_dirty_inode+0x91/0xb0 [ 419.720663][T19566] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 419.726089][T19566] __mark_inode_dirty+0x166/0x7e0 [ 419.731204][T19566] file_modified_flags+0x2fd/0x330 [ 419.736398][T19566] file_modified+0x17/0x20 [ 419.740840][T19566] ext4_buffered_write_iter+0x1cc/0x370 [ 419.746454][T19566] ext4_file_write_iter+0x293/0xe10 [ 419.751693][T19566] ? __rcu_read_unlock+0x4e/0x70 [ 419.756673][T19566] ? mntput_no_expire+0x70/0x3c0 [ 419.761742][T19566] ? splice_from_pipe_next+0x332/0x390 [ 419.767224][T19566] ? iter_file_splice_write+0x102/0x980 [ 419.772843][T19566] iter_file_splice_write+0x5f1/0x980 [ 419.778274][T19566] ? __pfx_iter_file_splice_write+0x10/0x10 [ 419.784371][T19566] do_splice+0x98f/0x1120 [ 419.788921][T19566] ? get_pid_task+0x8e/0xc0 [ 419.793543][T19566] ? proc_fail_nth_write+0x12a/0x150 [ 419.798905][T19566] ? __fget_files+0x1d4/0x210 [ 419.803693][T19566] __se_sys_splice+0x24c/0x390 [ 419.808552][T19566] __x64_sys_splice+0x78/0x90 [ 419.813272][T19566] x64_sys_call+0x2945/0x2d60 [ 419.818025][T19566] do_syscall_64+0xc9/0x1c0 [ 419.822613][T19566] ? clear_bhb_loop+0x55/0xb0 [ 419.827322][T19566] ? clear_bhb_loop+0x55/0xb0 [ 419.832101][T19566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.838019][T19566] RIP: 0033:0x7f552f0ddef9 [ 419.842458][T19566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.862098][T19566] RSP: 002b:00007f552dd36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 419.870739][T19566] RAX: ffffffffffffffda RBX: 00007f552f296058 RCX: 00007f552f0ddef9 [ 419.878738][T19566] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000004 [ 419.886735][T19566] RBP: 00007f552dd36090 R08: 00001fffffffffff R09: 0000000000000000 [ 419.894718][T19566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 419.902716][T19566] R13: 0000000000000001 R14: 00007f552f296058 R15: 00007ffe9e826ea8 [ 419.910749][T19566] [ 419.999686][T18375] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 420.017290][T18445] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 420.028960][T16496] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 420.051658][T19569] loop4: detected capacity change from 0 to 164 [ 420.060171][T19569] Unable to read rock-ridge attributes [ 420.096791][T19569] Unable to read rock-ridge attributes [ 420.108474][T19583] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 420.151512][T19593] FAULT_INJECTION: forcing a failure. [ 420.151512][T19593] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 420.161133][T19595] loop4: detected capacity change from 0 to 512 [ 420.165090][T19593] CPU: 0 UID: 0 PID: 19593 Comm: syz.3.5275 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 420.181375][T19593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 420.191477][T19593] Call Trace: [ 420.194765][T19593] [ 420.197738][T19593] dump_stack_lvl+0xf2/0x150 [ 420.202396][T19593] dump_stack+0x15/0x20 [ 420.206584][T19593] should_fail_ex+0x223/0x230 [ 420.211351][T19593] should_fail+0xb/0x10 [ 420.215537][T19593] should_fail_usercopy+0x1a/0x20 [ 420.220624][T19593] _copy_to_iter+0xd3/0xd20 [ 420.225207][T19593] copy_page_to_iter+0x171/0x2b0 [ 420.230183][T19593] shmem_file_read_iter+0x408/0x550 [ 420.235416][T19593] vfs_read+0x5f6/0x720 [ 420.239651][T19593] ? __rcu_read_unlock+0x4e/0x70 [ 420.244690][T19593] ksys_read+0xeb/0x1b0 [ 420.248904][T19593] __x64_sys_read+0x42/0x50 [ 420.253457][T19593] x64_sys_call+0x27d3/0x2d60 [ 420.258148][T19593] do_syscall_64+0xc9/0x1c0 [ 420.262713][T19593] ? clear_bhb_loop+0x55/0xb0 [ 420.267401][T19593] ? clear_bhb_loop+0x55/0xb0 [ 420.272109][T19593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.278076][T19593] RIP: 0033:0x7fa93919def9 [ 420.282566][T19593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.302185][T19593] RSP: 002b:00007fa937e11038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 420.310607][T19593] RAX: ffffffffffffffda RBX: 00007fa939355f80 RCX: 00007fa93919def9 [ 420.318608][T19593] RDX: 00000000fffffe47 RSI: 0000000020000180 RDI: 0000000000000004 [ 420.326586][T19593] RBP: 00007fa937e11090 R08: 0000000000000000 R09: 0000000000000000 [ 420.334572][T19593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 420.342546][T19593] R13: 0000000000000000 R14: 00007fa939355f80 R15: 00007ffcd1f7cb38 [ 420.350579][T19593] [ 420.368095][T19596] loop1: detected capacity change from 0 to 2048 [ 420.386421][T19595] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 420.404354][T19595] ext4 filesystem being mounted at /41/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 420.410021][T19596] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 420.444479][T18882] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 420.455205][T19596] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 420.467379][T19609] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5281'. [ 420.472330][T19596] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 17 with error 28 [ 420.491516][T19596] EXT4-fs (loop1): This should not happen!! Data will be lost [ 420.491516][T19596] [ 420.501572][T19596] EXT4-fs (loop1): Total free blocks count 0 [ 420.507622][T19596] EXT4-fs (loop1): Free/Dirty block details [ 420.513570][T19596] EXT4-fs (loop1): free_blocks=2415919104 [ 420.519304][T19596] EXT4-fs (loop1): dirty_blocks=32 [ 420.524469][T19596] EXT4-fs (loop1): Block reservation details [ 420.530511][T19596] EXT4-fs (loop1): i_reserved_data_blocks=2 [ 420.875104][T19617] loop3: detected capacity change from 0 to 128 [ 420.886137][T19619] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 420.896252][T19617] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 420.904229][T19617] FAT-fs (loop3): Filesystem has been set read-only [ 420.914972][T19617] syz.3.5283: attempt to access beyond end of device [ 420.914972][T19617] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 420.929627][T19617] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 420.937466][T19617] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 420.967572][T19617] syz.3.5283: attempt to access beyond end of device [ 420.967572][T19617] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 420.983469][T19617] syz.3.5283: attempt to access beyond end of device [ 420.983469][T19617] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 421.055306][ T36] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 421.066695][T19635] loop2: detected capacity change from 0 to 164 [ 421.080063][T19635] Unable to read rock-ridge attributes [ 421.089979][T19635] Unable to read rock-ridge attributes [ 421.133380][T19646] loop2: detected capacity change from 0 to 512 [ 421.168728][T19651] loop1: detected capacity change from 0 to 164 [ 421.176628][T19646] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 421.189428][T19646] ext4 filesystem being mounted at /86/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 421.216975][T19651] Unable to read rock-ridge attributes [ 421.228276][T18375] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 421.238886][T19651] Unable to read rock-ridge attributes [ 421.255185][T19659] syz.4.5302: attempt to access beyond end of device [ 421.255185][T19659] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 421.277007][T19661] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 421.284288][T19663] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5303'. [ 421.328290][T19672] FAULT_INJECTION: forcing a failure. [ 421.328290][T19672] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 421.341486][T19672] CPU: 1 UID: 0 PID: 19672 Comm: syz.1.5307 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 421.351928][T19672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 421.361243][T19675] loop3: detected capacity change from 0 to 2048 [ 421.361986][T19672] Call Trace: [ 421.361996][T19672] [ 421.374576][T19672] dump_stack_lvl+0xf2/0x150 [ 421.379187][T19672] dump_stack+0x15/0x20 [ 421.383365][T19672] should_fail_ex+0x223/0x230 [ 421.388234][T19672] should_fail+0xb/0x10 [ 421.392414][T19672] should_fail_usercopy+0x1a/0x20 [ 421.397478][T19672] _copy_from_user+0x1e/0xd0 [ 421.402125][T19672] copy_msghdr_from_user+0x54/0x2a0 [ 421.407382][T19672] __sys_sendmsg+0x171/0x270 [ 421.412017][T19672] __x64_sys_sendmsg+0x46/0x50 [ 421.416858][T19672] x64_sys_call+0x2689/0x2d60 [ 421.421550][T19672] do_syscall_64+0xc9/0x1c0 [ 421.426128][T19672] ? clear_bhb_loop+0x55/0xb0 [ 421.430844][T19672] ? clear_bhb_loop+0x55/0xb0 [ 421.435539][T19672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.441459][T19672] RIP: 0033:0x7f418698def9 [ 421.445886][T19672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.465856][T19672] RSP: 002b:00007f4185607038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 421.474277][T19672] RAX: ffffffffffffffda RBX: 00007f4186b45f80 RCX: 00007f418698def9 [ 421.482331][T19672] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 421.490308][T19672] RBP: 00007f4185607090 R08: 0000000000000000 R09: 0000000000000000 [ 421.498740][T19672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 421.506714][T19672] R13: 0000000000000000 R14: 00007f4186b45f80 R15: 00007ffd89731a88 [ 421.514781][T19672] [ 421.542959][T19680] loop0: detected capacity change from 0 to 512 [ 421.561234][T19675] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 421.586317][T19675] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 421.588580][T19680] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 421.603456][T19675] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 17 with error 28 [ 421.614660][T19680] ext4 filesystem being mounted at /231/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 421.626134][T19675] EXT4-fs (loop3): This should not happen!! Data will be lost [ 421.626134][T19675] [ 421.646426][T19675] EXT4-fs (loop3): Total free blocks count 0 [ 421.652278][T19692] loop1: detected capacity change from 0 to 164 [ 421.652458][T19675] EXT4-fs (loop3): Free/Dirty block details [ 421.664725][T19675] EXT4-fs (loop3): free_blocks=2415919104 [ 421.665743][T19692] Unable to read rock-ridge attributes [ 421.670466][T19675] EXT4-fs (loop3): dirty_blocks=32 [ 421.670485][T19675] EXT4-fs (loop3): Block reservation details [ 421.682725][T19692] Unable to read rock-ridge attributes [ 421.687042][T19675] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 421.716409][T19693] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 27 with error 28 [ 421.732208][T16223] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 421.743938][ T29] kauditd_printk_skb: 247 callbacks suppressed [ 421.743954][ T29] audit: type=1326 audit(1727153385.818:31640): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19676 comm="syz.4.5309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8dbcadef9 code=0x7ffc0000 [ 421.776805][ T29] audit: type=1326 audit(1727153385.818:31641): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19676 comm="syz.4.5309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8dbcadef9 code=0x7ffc0000 [ 421.803311][T19695] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5315'. [ 421.829641][T19699] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 421.853619][ T29] audit: type=1326 audit(1727153385.928:31642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19700 comm="syz.4.5317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8dbcadef9 code=0x7ffc0000 [ 421.897956][ T29] audit: type=1326 audit(1727153385.928:31643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19700 comm="syz.4.5317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8dbcadef9 code=0x7ffc0000 [ 421.921775][ T29] audit: type=1326 audit(1727153385.958:31644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19700 comm="syz.4.5317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd8dbcadef9 code=0x7ffc0000 [ 421.945406][ T29] audit: type=1326 audit(1727153385.958:31645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19700 comm="syz.4.5317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8dbcadef9 code=0x7ffc0000 [ 421.950614][T19709] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5321'. [ 421.969004][ T29] audit: type=1326 audit(1727153385.958:31646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19700 comm="syz.4.5317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8dbcadef9 code=0x7ffc0000 [ 422.001622][ T29] audit: type=1326 audit(1727153385.958:31647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19700 comm="syz.4.5317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd8dbcadef9 code=0x7ffc0000 [ 422.005217][T19712] loop0: detected capacity change from 0 to 512 [ 422.025154][ T29] audit: type=1326 audit(1727153385.958:31648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19700 comm="syz.4.5317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8dbcadef9 code=0x7ffc0000 [ 422.055062][ T29] audit: type=1326 audit(1727153385.958:31649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19700 comm="syz.4.5317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8dbcadef9 code=0x7ffc0000 [ 422.103400][T19718] loop4: detected capacity change from 0 to 512 [ 422.121920][T19718] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #13: comm syz.4.5317: attempt to clear invalid blocks 2 len 1 [ 422.136835][T19718] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 422.151450][T19718] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.5317: invalid indirect mapped block 1819239214 (level 0) [ 422.163700][T19712] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 422.180891][T19718] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.5317: invalid indirect mapped block 1819239214 (level 1) [ 422.207696][T19727] loop2: detected capacity change from 0 to 512 [ 422.231737][T19712] ext4 filesystem being mounted at /233/fiˆ supports timestamps until 2038-01-19 (0x7fffffff) [ 422.249070][T19718] EXT4-fs (loop4): 1 truncate cleaned up [ 422.257730][T19727] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 422.280665][T19730] loop1: detected capacity change from 0 to 164 [ 422.288890][T19718] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 422.319697][T19727] ext4 filesystem being mounted at /95/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 422.331102][T19730] Unable to read rock-ridge attributes [ 422.338100][T16223] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 422.350197][T19730] Unable to read rock-ridge attributes [ 422.379424][T19718] EXT4-fs warning (device loop4): dx_probe:833: inode #2: comm syz.4.5317: Unrecognised inode hash code 20 [ 422.390952][T19718] EXT4-fs warning (device loop4): dx_probe:966: inode #2: comm syz.4.5317: Corrupt directory, running e2fsck is recommended [ 422.429537][T18375] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 422.458581][T19736] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 422.490032][T19740] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5328'. [ 422.563997][T19745] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 422.590715][T19747] @ÿ: renamed from veth0_vlan (while UP) [ 422.636904][T19749] loop0: detected capacity change from 0 to 512 [ 422.651115][T19751] netlink: 48 bytes leftover after parsing attributes in process `syz.1.5335'. [ 422.740846][T19755] FAULT_INJECTION: forcing a failure. [ 422.740846][T19755] name failslab, interval 1, probability 0, space 0, times 0 [ 422.753595][T19755] CPU: 1 UID: 0 PID: 19755 Comm: syz.1.5337 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 422.764075][T19755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 422.774443][T19755] Call Trace: [ 422.777801][T19755] [ 422.780738][T19755] dump_stack_lvl+0xf2/0x150 [ 422.785364][T19755] dump_stack+0x15/0x20 [ 422.789984][T19755] should_fail_ex+0x223/0x230 [ 422.794788][T19755] ? __get_vm_area_node+0xf7/0x1b0 [ 422.799916][T19755] should_failslab+0x8f/0xb0 [ 422.804580][T19755] __kmalloc_cache_node_noprof+0x50/0x2b0 [ 422.810334][T19755] __get_vm_area_node+0xf7/0x1b0 [ 422.815344][T19755] __vmalloc_node_range_noprof+0x2c3/0xec0 [ 422.821342][T19755] ? bpf_prog_alloc_no_stats+0x49/0x360 [ 422.826988][T19755] ? mntput_no_expire+0x70/0x3c0 [ 422.832021][T19755] ? avc_has_perm_noaudit+0x1cc/0x210 [ 422.837527][T19755] ? selinux_capable+0x1f2/0x260 [ 422.842503][T19755] ? bpf_prog_alloc_no_stats+0x49/0x360 [ 422.848232][T19755] __vmalloc_noprof+0x5e/0x70 [ 422.853033][T19755] ? bpf_prog_alloc_no_stats+0x49/0x360 [ 422.858616][T19755] bpf_prog_alloc_no_stats+0x49/0x360 [ 422.864105][T19755] ? bpf_prog_alloc+0x28/0x150 [ 422.868896][T19755] bpf_prog_alloc+0x3a/0x150 [ 422.870462][T19749] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 422.873501][T19755] bpf_prog_load+0x4d1/0x1070 [ 422.889650][T19749] ext4 filesystem being mounted at /236/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 422.890620][T19755] ? __rcu_read_unlock+0x4e/0x70 [ 422.906160][T19755] __sys_bpf+0x463/0x7a0 [ 422.910458][T19755] __x64_sys_bpf+0x43/0x50 [ 422.915012][T19755] x64_sys_call+0x2625/0x2d60 [ 422.919779][T19755] do_syscall_64+0xc9/0x1c0 [ 422.924389][T19755] ? clear_bhb_loop+0x55/0xb0 [ 422.929105][T19755] ? clear_bhb_loop+0x55/0xb0 [ 422.933831][T19755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.939752][T19755] RIP: 0033:0x7f418698def9 [ 422.944188][T19755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 422.963833][T19755] RSP: 002b:00007f4185607038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 422.972286][T19755] RAX: ffffffffffffffda RBX: 00007f4186b45f80 RCX: 00007f418698def9 [ 422.980361][T19755] RDX: 0000000000000090 RSI: 0000000020000380 RDI: 0000000000000005 [ 422.988493][T19755] RBP: 00007f4185607090 R08: 0000000000000000 R09: 0000000000000000 [ 422.996470][T19755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 423.004456][T19755] R13: 0000000000000000 R14: 00007f4186b45f80 R15: 00007ffd89731a88 [ 423.012467][T19755] [ 423.015672][T19755] syz.1.5337: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0 [ 423.031964][T19755] CPU: 1 UID: 0 PID: 19755 Comm: syz.1.5337 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 423.042413][T19755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 423.052509][T19755] Call Trace: [ 423.055813][T19755] [ 423.058748][T19755] dump_stack_lvl+0xf2/0x150 [ 423.063357][T19755] dump_stack+0x15/0x20 [ 423.067596][T19755] warn_alloc+0x145/0x1b0 [ 423.072031][T19755] __vmalloc_node_range_noprof+0x2e8/0xec0 [ 423.077937][T19755] ? mntput_no_expire+0x70/0x3c0 [ 423.082893][T19755] ? avc_has_perm_noaudit+0x1cc/0x210 [ 423.088384][T19755] ? selinux_capable+0x1f2/0x260 [ 423.093409][T19755] ? bpf_prog_alloc_no_stats+0x49/0x360 [ 423.099014][T19755] __vmalloc_noprof+0x5e/0x70 [ 423.103706][T19755] ? bpf_prog_alloc_no_stats+0x49/0x360 [ 423.109283][T19755] bpf_prog_alloc_no_stats+0x49/0x360 [ 423.114679][T19755] ? bpf_prog_alloc+0x28/0x150 [ 423.119463][T19755] bpf_prog_alloc+0x3a/0x150 [ 423.124205][T19755] bpf_prog_load+0x4d1/0x1070 [ 423.128925][T19755] ? __rcu_read_unlock+0x4e/0x70 [ 423.133944][T19755] __sys_bpf+0x463/0x7a0 [ 423.138239][T19755] __x64_sys_bpf+0x43/0x50 [ 423.142747][T19755] x64_sys_call+0x2625/0x2d60 [ 423.147476][T19755] do_syscall_64+0xc9/0x1c0 [ 423.152027][T19755] ? clear_bhb_loop+0x55/0xb0 [ 423.156728][T19755] ? clear_bhb_loop+0x55/0xb0 [ 423.161439][T19755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.167391][T19755] RIP: 0033:0x7f418698def9 [ 423.171813][T19755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 423.191430][T19755] RSP: 002b:00007f4185607038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 423.199850][T19755] RAX: ffffffffffffffda RBX: 00007f4186b45f80 RCX: 00007f418698def9 [ 423.207824][T19755] RDX: 0000000000000090 RSI: 0000000020000380 RDI: 0000000000000005 [ 423.215967][T19755] RBP: 00007f4185607090 R08: 0000000000000000 R09: 0000000000000000 [ 423.224061][T19755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 423.232131][T19755] R13: 0000000000000000 R14: 00007f4186b45f80 R15: 00007ffd89731a88 [ 423.240114][T19755] [ 423.243290][T19755] Mem-Info: [ 423.246420][T19755] active_anon:5842 inactive_anon:1660 isolated_anon:0 [ 423.246420][T19755] active_file:14568 inactive_file:12696 isolated_file:0 [ 423.246420][T19755] unevictable:0 dirty:447 writeback:0 [ 423.246420][T19755] slab_reclaimable:2749 slab_unreclaimable:14327 [ 423.246420][T19755] mapped:21573 shmem:2633 pagetables:615 [ 423.246420][T19755] sec_pagetables:0 bounce:0 [ 423.246420][T19755] kernel_misc_reclaimable:0 [ 423.246420][T19755] free:1878137 free_pcp:2289 free_cma:0 [ 423.291746][T19755] Node 0 active_anon:23368kB inactive_anon:6640kB active_file:58272kB inactive_file:50784kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:86292kB dirty:1788kB writeback:0kB shmem:10532kB writeback_tmp:0kB kernel_stack:3072kB pagetables:2460kB sec_pagetables:0kB all_unreclaimable? no [ 423.319934][T19755] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 423.346826][T19755] lowmem_reserve[]: 0 2866 7844 0 [ 423.351998][T19755] Node 0 DMA32 free:2950360kB boost:0kB min:4136kB low:7068kB high:10000kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953892kB mlocked:0kB bounce:0kB free_pcp:3532kB local_pcp:0kB free_cma:0kB [ 423.380788][T19755] lowmem_reserve[]: 0 0 4978 0 [ 423.385672][T19755] Node 0 Normal free:4546828kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB active_anon:23368kB inactive_anon:6640kB active_file:58272kB inactive_file:50784kB unevictable:0kB writepending:1788kB present:5242880kB managed:5098208kB mlocked:0kB bounce:0kB free_pcp:10040kB local_pcp:1936kB free_cma:0kB [ 423.416318][T19755] lowmem_reserve[]: 0 0 0 0 [ 423.420891][T19755] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 423.433783][T19755] Node 0 DMA32: 4*4kB (M) 1*8kB (M) 4*16kB (M) 2*32kB (M) 3*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 3*1024kB (M) 2*2048kB (M) 718*4096kB (M) = 2950360kB [ 423.449961][T19755] Node 0 Normal: 27*4kB (UME) 840*8kB (ME) 405*16kB (ME) 106*32kB (UME) 86*64kB (ME) 64*128kB (UME) 38*256kB (UME) 48*512kB (UME) 41*1024kB (UME) 24*2048kB (UM) 1072*4096kB (UME) = 4546748kB [ 423.469028][T19755] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 423.478415][T19755] 31905 total pagecache pages [ 423.483148][T19755] 2008 pages in swap cache [ 423.487675][T19755] Free swap = 116512kB [ 423.491880][T19755] Total swap = 124996kB [ 423.496049][T19755] 2097051 pages RAM [ 423.499892][T19755] 0 pages HighMem/MovableOnly [ 423.504606][T19755] 80186 pages reserved [ 423.530551][T16223] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 423.560103][T19758] syz.2.5339: attempt to access beyond end of device [ 423.560103][T19758] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 423.614637][T19766] loop0: detected capacity change from 0 to 512 [ 423.643358][T19772] loop2: detected capacity change from 0 to 512 [ 423.652271][T19766] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 423.668268][T19766] ext4 filesystem being mounted at /238/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 423.680686][T19772] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 423.703610][T19772] ext4 filesystem being mounted at /99/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 423.716177][T16223] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 423.752331][T19782] loop0: detected capacity change from 0 to 2048 [ 423.782264][T18375] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 423.782311][T18882] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 423.803054][T19782] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 423.840065][T16223] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 423.870413][T19794] loop1: detected capacity change from 0 to 2048 [ 423.894055][T19804] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 423.910305][T19794] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 423.923546][T19810] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 423.924204][T19794] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 423.947170][T19794] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 17 with error 28 [ 423.959636][T19794] EXT4-fs (loop1): This should not happen!! Data will be lost [ 423.959636][T19794] [ 423.969499][T19794] EXT4-fs (loop1): Total free blocks count 0 [ 423.975528][T19794] EXT4-fs (loop1): Free/Dirty block details [ 423.981854][T19794] EXT4-fs (loop1): free_blocks=2415919104 [ 423.987829][T19794] EXT4-fs (loop1): dirty_blocks=32 [ 423.993030][T19794] EXT4-fs (loop1): Block reservation details [ 423.999237][T19794] EXT4-fs (loop1): i_reserved_data_blocks=2 [ 424.009591][T19818] loop4: detected capacity change from 0 to 512 [ 424.020810][T19818] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 424.033929][T19818] ext4 filesystem being mounted at /58/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 424.061818][T18882] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 424.074765][T19823] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5359'. [ 424.135639][T19829] @ÿ: renamed from veth0_vlan (while UP) [ 424.325725][T19839] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5367'. [ 424.450100][T19845] FAULT_INJECTION: forcing a failure. [ 424.450100][T19845] name failslab, interval 1, probability 0, space 0, times 0 [ 424.462847][T19845] CPU: 0 UID: 0 PID: 19845 Comm: syz.4.5370 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 424.473329][T19845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 424.483782][T19845] Call Trace: [ 424.487076][T19845] [ 424.490066][T19845] dump_stack_lvl+0xf2/0x150 [ 424.494732][T19845] dump_stack+0x15/0x20 [ 424.498949][T19845] should_fail_ex+0x223/0x230 [ 424.503653][T19845] ? __alloc_skb+0x10b/0x310 [ 424.508275][T19845] should_failslab+0x8f/0xb0 [ 424.512934][T19845] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 424.518931][T19845] __alloc_skb+0x10b/0x310 [ 424.523390][T19845] audit_log_start+0x368/0x6b0 [ 424.528229][T19845] audit_seccomp+0x4b/0x130 [ 424.532777][T19845] __seccomp_filter+0x6fa/0x1180 [ 424.537789][T19845] ? proc_fail_nth_write+0x12a/0x150 [ 424.543110][T19845] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 424.548787][T19845] ? vfs_write+0x580/0x910 [ 424.553312][T19845] ? __fget_files+0x1d4/0x210 [ 424.558107][T19845] __secure_computing+0x9f/0x1c0 [ 424.563086][T19845] syscall_trace_enter+0xd1/0x1f0 [ 424.568149][T19845] ? fpregs_assert_state_consistent+0x83/0xa0 [ 424.574266][T19845] do_syscall_64+0xaa/0x1c0 [ 424.578899][T19845] ? clear_bhb_loop+0x55/0xb0 [ 424.583646][T19845] ? clear_bhb_loop+0x55/0xb0 [ 424.588351][T19845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.594331][T19845] RIP: 0033:0x7fd8dbcadef9 [ 424.598856][T19845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 424.618486][T19845] RSP: 002b:00007fd8da927038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ba [ 424.626962][T19845] RAX: ffffffffffffffda RBX: 00007fd8dbe65f80 RCX: 00007fd8dbcadef9 [ 424.635028][T19845] RDX: 0000000000000000 RSI: 0000000020000040 RDI: ffffffffffffff9c [ 424.643009][T19845] RBP: 00007fd8da927090 R08: fffffffffffffd78 R09: 0000000000000000 [ 424.651001][T19845] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001 [ 424.658992][T19845] R13: 0000000000000000 R14: 00007fd8dbe65f80 R15: 00007ffddfcfad48 [ 424.667054][T19845] [ 424.790350][T19855] loop2: detected capacity change from 0 to 512 [ 424.822600][ T36] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 424.832454][T19864] loop3: detected capacity change from 0 to 1024 [ 424.838877][T19855] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 424.853736][T19855] ext4 filesystem being mounted at /103/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 424.865365][T19864] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 424.898550][T18375] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 424.909583][T19868] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 424.924695][T19864] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=f054c01c, mo2=0002] [ 424.938904][T19864] System zones: 0-1, 3-36 [ 424.954322][T19871] loop4: detected capacity change from 0 to 1024 [ 424.964095][T19864] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 425.014087][T19871] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 425.207792][T18882] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 425.251198][T19892] FAULT_INJECTION: forcing a failure. [ 425.251198][T19892] name failslab, interval 1, probability 0, space 0, times 0 [ 425.263970][T19892] CPU: 0 UID: 0 PID: 19892 Comm: syz.4.5388 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 425.274453][T19892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 425.284673][T19892] Call Trace: [ 425.287992][T19892] [ 425.290997][T19892] dump_stack_lvl+0xf2/0x150 [ 425.295624][T19892] dump_stack+0x15/0x20 [ 425.299809][T19892] should_fail_ex+0x223/0x230 [ 425.304558][T19892] ? ext4_init_io_end+0x31/0xb0 [ 425.309439][T19892] should_failslab+0x8f/0xb0 [ 425.314047][T19892] kmem_cache_alloc_noprof+0x4c/0x290 [ 425.319458][T19892] ext4_init_io_end+0x31/0xb0 [ 425.324228][T19892] ext4_do_writepages+0x6c5/0x2130 [ 425.329377][T19892] ? trace_buffer_unlock_commit_regs+0x113/0x3a0 [ 425.335760][T19892] ? xa_load+0xb9/0xe0 [ 425.339883][T19892] ? memcg_list_lru_alloc+0xd2/0x740 [ 425.345259][T19892] ? bpf_bprintf_cleanup+0x82/0xb0 [ 425.350406][T19892] ? mod_objcg_state+0x2ea/0x4f0 [ 425.355373][T19892] ? mod_objcg_state+0x2ea/0x4f0 [ 425.360411][T19892] ? __rcu_read_unlock+0x4e/0x70 [ 425.365459][T19892] ? cmp_ex_search+0x56/0x70 [ 425.370127][T19892] ext4_writepages+0x159/0x2e0 [ 425.374937][T19892] ? __pfx_ext4_writepages+0x10/0x10 [ 425.380264][T19892] do_writepages+0x1d8/0x480 [ 425.384871][T19892] ? mntput_no_expire+0x70/0x3c0 [ 425.389877][T19892] ? _raw_spin_unlock+0x26/0x50 [ 425.394748][T19892] filemap_fdatawrite_wbc+0xdb/0x100 [ 425.400152][T19892] file_write_and_wait_range+0xc4/0x250 [ 425.405866][T19892] ext4_sync_file+0x12e/0x6c0 [ 425.410600][T19892] ? __pfx_ext4_sync_file+0x10/0x10 [ 425.415958][T19892] vfs_fsync_range+0x116/0x130 [ 425.420793][T19892] __se_sys_msync+0x34d/0x510 [ 425.425490][T19892] __x64_sys_msync+0x43/0x50 [ 425.430094][T19892] x64_sys_call+0x1074/0x2d60 [ 425.434853][T19892] do_syscall_64+0xc9/0x1c0 [ 425.439403][T19892] ? clear_bhb_loop+0x55/0xb0 [ 425.444162][T19892] ? clear_bhb_loop+0x55/0xb0 [ 425.448933][T19892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.454847][T19892] RIP: 0033:0x7fd8dbcadef9 [ 425.459271][T19892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.478897][T19892] RSP: 002b:00007fd8da927038 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 425.487326][T19892] RAX: ffffffffffffffda RBX: 00007fd8dbe65f80 RCX: 00007fd8dbcadef9 [ 425.495336][T19892] RDX: 0000000000000004 RSI: 087abbe8d1cc6ad9 RDI: 0000000020952000 [ 425.503389][T19892] RBP: 00007fd8da927090 R08: 0000000000000000 R09: 0000000000000000 [ 425.511365][T19892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.519345][T19892] R13: 0000000000000000 R14: 00007fd8dbe65f80 R15: 00007ffddfcfad48 [ 425.527336][T19892] [ 425.591962][T19898] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5391'. [ 425.612541][T19900] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 425.686877][T19909] loop0: detected capacity change from 0 to 164 [ 425.699887][T19909] Unable to read rock-ridge attributes [ 425.711227][T18445] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 425.725123][T19909] Unable to read rock-ridge attributes [ 425.809642][T19921] loop0: detected capacity change from 0 to 164 [ 425.817285][T19921] Unable to read rock-ridge attributes [ 425.826972][T19921] Unable to read rock-ridge attributes [ 425.865934][T19925] loop3: detected capacity change from 0 to 2048 [ 425.921110][T19925] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 425.940622][T19925] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 425.940676][T19934] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5405'. [ 425.955709][T19925] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 17 with error 28 [ 425.976875][T19925] EXT4-fs (loop3): This should not happen!! Data will be lost [ 425.976875][T19925] [ 425.986627][T19925] EXT4-fs (loop3): Total free blocks count 0 [ 425.992859][T19925] EXT4-fs (loop3): Free/Dirty block details [ 425.998836][T19925] EXT4-fs (loop3): free_blocks=2415919104 [ 426.004712][T19925] EXT4-fs (loop3): dirty_blocks=32 [ 426.009868][T19925] EXT4-fs (loop3): Block reservation details [ 426.015873][T19925] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 426.044449][T19943] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5408'. [ 426.082078][T19947] loop4: detected capacity change from 0 to 164 [ 426.090641][T19947] Unable to read rock-ridge attributes [ 426.109425][T19947] Unable to read rock-ridge attributes [ 426.197653][T19951] loop4: detected capacity change from 0 to 2048 [ 426.227682][T19951] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 426.286378][T18882] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 426.783618][ T29] kauditd_printk_skb: 222 callbacks suppressed [ 426.783638][ T29] audit: type=1326 audit(1727153390.859:31870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19967 comm="syz.4.5419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8dbcadef9 code=0x7ffc0000 [ 426.821392][T19973] loop0: detected capacity change from 0 to 164 [ 426.845341][T19973] Unable to read rock-ridge attributes [ 426.852583][T19973] Unable to read rock-ridge attributes [ 426.868308][ T29] audit: type=1326 audit(1727153390.859:31871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19967 comm="syz.4.5419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8dbcadef9 code=0x7ffc0000 [ 426.928879][ T29] audit: type=1400 audit(1727153390.989:31872): avc: denied { read } for pid=19976 comm="syz.0.5423" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 426.948482][ T29] audit: type=1326 audit(1727153390.999:31873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19978 comm="syz.1.5424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 426.972218][ T29] audit: type=1326 audit(1727153390.999:31874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19978 comm="syz.1.5424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 426.995836][ T29] audit: type=1326 audit(1727153390.999:31875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19978 comm="syz.1.5424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 427.019592][ T29] audit: type=1326 audit(1727153390.999:31876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19978 comm="syz.1.5424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 427.043235][ T29] audit: type=1326 audit(1727153390.999:31877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19978 comm="syz.1.5424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 427.066936][ T29] audit: type=1326 audit(1727153390.999:31878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19978 comm="syz.1.5424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 427.090576][ T29] audit: type=1326 audit(1727153390.999:31879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19978 comm="syz.1.5424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418698def9 code=0x7ffc0000 [ 427.136482][T19983] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 427.162771][T19977] tipc: Started in network mode [ 427.167725][T19977] tipc: Node identity 4, cluster identity 4711 [ 427.173968][T19977] tipc: Node number set to 4 [ 427.255873][T16496] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 427.301259][T19999] FAULT_INJECTION: forcing a failure. [ 427.301259][T19999] name failslab, interval 1, probability 0, space 0, times 0 [ 427.314038][T19999] CPU: 0 UID: 0 PID: 19999 Comm: syz.0.5433 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 427.324677][T19999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 427.334783][T19999] Call Trace: [ 427.338075][T19999] [ 427.341030][T19999] dump_stack_lvl+0xf2/0x150 [ 427.345766][T19999] dump_stack+0x15/0x20 [ 427.349945][T19999] should_fail_ex+0x223/0x230 [ 427.354718][T19999] ? getname_flags+0x81/0x3b0 [ 427.359513][T19999] should_failslab+0x8f/0xb0 [ 427.364128][T19999] kmem_cache_alloc_noprof+0x4c/0x290 [ 427.369558][T19999] getname_flags+0x81/0x3b0 [ 427.374099][T19999] getname+0x17/0x20 [ 427.378026][T19999] do_sys_openat2+0x67/0x120 [ 427.382700][T19999] __x64_sys_open+0xe6/0x110 [ 427.387370][T19999] x64_sys_call+0x1321/0x2d60 [ 427.392112][T19999] do_syscall_64+0xc9/0x1c0 [ 427.396677][T19999] ? clear_bhb_loop+0x55/0xb0 [ 427.401380][T19999] ? clear_bhb_loop+0x55/0xb0 [ 427.406177][T19999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.412160][T19999] RIP: 0033:0x7fb3f826def9 [ 427.416608][T19999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.436298][T19999] RSP: 002b:00007fb3f6ee1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 427.444753][T19999] RAX: ffffffffffffffda RBX: 00007fb3f8425f80 RCX: 00007fb3f826def9 [ 427.452750][T19999] RDX: 0000000000000000 RSI: 000000000014507e RDI: 0000000020000780 [ 427.460753][T19999] RBP: 00007fb3f6ee1090 R08: 0000000000000000 R09: 0000000000000000 [ 427.468793][T19999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 427.476786][T19999] R13: 0000000000000000 R14: 00007fb3f8425f80 R15: 00007fff0f366e88 [ 427.484834][T19999] [ 427.491800][T19998] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5434'. [ 427.540167][T20005] syz.2.5435: attempt to access beyond end of device [ 427.540167][T20005] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 427.888089][T20029] FAULT_INJECTION: forcing a failure. [ 427.888089][T20029] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 427.893169][T20031] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5447'. [ 427.901195][T20029] CPU: 1 UID: 0 PID: 20029 Comm: syz.1.5446 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 427.901229][T20029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 427.901242][T20029] Call Trace: [ 427.901248][T20029] [ 427.936950][T20029] dump_stack_lvl+0xf2/0x150 [ 427.941678][T20029] dump_stack+0x15/0x20 [ 427.945930][T20029] should_fail_ex+0x223/0x230 [ 427.950649][T20029] should_fail+0xb/0x10 [ 427.954935][T20029] should_fail_usercopy+0x1a/0x20 [ 427.960083][T20029] copy_fpstate_to_sigframe+0x5d7/0x770 [ 427.965694][T20029] ? copy_fpstate_to_sigframe+0xe3/0x770 [ 427.971474][T20029] ? dequeue_signal+0x28c/0x420 [ 427.976355][T20029] ? fpu__alloc_mathframe+0x95/0xd0 [ 427.981559][T20029] get_sigframe+0x2f3/0x430 [ 427.986147][T20029] x64_setup_rt_frame+0xa7/0x570 [ 427.991094][T20029] arch_do_signal_or_restart+0x287/0x4b0 [ 427.996787][T20029] syscall_exit_to_user_mode+0x59/0x130 [ 428.002379][T20029] do_syscall_64+0xd6/0x1c0 [ 428.006894][T20029] ? clear_bhb_loop+0x55/0xb0 [ 428.011608][T20029] ? clear_bhb_loop+0x55/0xb0 [ 428.016346][T20029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.022310][T20029] RIP: 0033:0x7f418698def7 [ 428.026786][T20029] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 428.046510][T20029] RSP: 002b:00007f4185607038 EFLAGS: 00000246 ORIG_RAX: 0000000000000049 [ 428.055043][T20029] RAX: 0000000000000049 RBX: 00007f4186b45f80 RCX: 00007f418698def9 [ 428.063038][T20029] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000008 [ 428.071013][T20029] RBP: 00007f4185607090 R08: 0000000000000000 R09: 0000000000000000 [ 428.079018][T20029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 428.086989][T20029] R13: 0000000000000000 R14: 00007f4186b45f80 R15: 00007ffd89731a88 [ 428.094976][T20029] [ 428.111663][T20035] loop2: detected capacity change from 0 to 512 [ 428.182784][T20035] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 428.196684][T20035] ext4 filesystem being mounted at /124/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 428.286672][T18375] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 428.554546][T20061] loop2: detected capacity change from 0 to 512 [ 428.581683][T20064] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 428.597836][T20061] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 428.620196][T20061] ext4 filesystem being mounted at /126/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 428.641268][T20072] loop0: detected capacity change from 0 to 512 [ 428.672778][T20072] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 428.698718][T18375] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 428.712818][T20072] ext4 filesystem being mounted at /269/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 428.855224][T16223] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 428.893085][T20079] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5464'. [ 428.969908][T20082] syz.0.5465: attempt to access beyond end of device [ 428.969908][T20082] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 429.086403][T20088] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 429.202807][T20098] loop2: detected capacity change from 0 to 512 [ 429.220034][T20098] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 429.236297][T20098] ext4 filesystem being mounted at /131/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 429.243472][T20100] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5474'. [ 429.284037][T18375] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 429.310898][T20108] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5475'. [ 429.336508][T20112] syz.2.5477: attempt to access beyond end of device [ 429.336508][T20112] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 429.381708][T20120] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 429.702897][T20131] loop2: detected capacity change from 0 to 512 [ 429.730671][T20131] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 429.744020][T20131] ext4 filesystem being mounted at /137/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 429.806919][T18375] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 430.036652][T20137] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5487'. [ 430.047296][T20140] loop1: detected capacity change from 0 to 512 [ 430.061574][T20140] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 430.079386][T20140] ext4 filesystem being mounted at /363/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 430.109455][T20147] syz.2.5489[20147] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 430.109623][T20147] syz.2.5489[20147] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 430.123055][T14963] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 430.144352][T20147] syz.2.5489[20147] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 430.194502][T20152] syz.0.5491: attempt to access beyond end of device [ 430.194502][T20152] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 430.256513][T20154] syz.2.5492[20154] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 430.256599][T20154] syz.2.5492[20154] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 430.260244][T20156] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 430.288120][T20154] syz.2.5492[20154] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 430.288793][T20154] FAULT_INJECTION: forcing a failure. [ 430.288793][T20154] name failslab, interval 1, probability 0, space 0, times 0 [ 430.312918][T20154] CPU: 0 UID: 0 PID: 20154 Comm: syz.2.5492 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 430.323390][T20154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 430.333457][T20154] Call Trace: [ 430.336824][T20154] [ 430.339772][T20154] dump_stack_lvl+0xf2/0x150 [ 430.344538][T20154] dump_stack+0x15/0x20 [ 430.348727][T20154] should_fail_ex+0x223/0x230 [ 430.353451][T20154] ? copy_cgroup_ns+0x167/0x370 [ 430.358383][T20154] should_failslab+0x8f/0xb0 [ 430.363011][T20154] __kmalloc_cache_noprof+0x4b/0x2a0 [ 430.368404][T20154] copy_cgroup_ns+0x167/0x370 [ 430.373114][T20154] create_new_namespaces+0x1d8/0x430 [ 430.378451][T20154] unshare_nsproxy_namespaces+0xe6/0x120 [ 430.384158][T20154] ksys_unshare+0x3da/0x720 [ 430.388697][T20154] ? ksys_write+0x17a/0x1b0 [ 430.393295][T20154] __x64_sys_unshare+0x1f/0x30 [ 430.398188][T20154] x64_sys_call+0x2c8d/0x2d60 [ 430.402949][T20154] do_syscall_64+0xc9/0x1c0 [ 430.407540][T20154] ? clear_bhb_loop+0x55/0xb0 [ 430.412234][T20154] ? clear_bhb_loop+0x55/0xb0 [ 430.416964][T20154] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.422912][T20154] RIP: 0033:0x7f552f0ddef9 [ 430.427337][T20154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 430.447071][T20154] RSP: 002b:00007f552dd57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 430.455544][T20154] RAX: ffffffffffffffda RBX: 00007f552f295f80 RCX: 00007f552f0ddef9 [ 430.463624][T20154] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000042000000 [ 430.471695][T20154] RBP: 00007f552dd57090 R08: 0000000000000000 R09: 0000000000000000 [ 430.479778][T20154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 430.487768][T20154] R13: 0000000000000000 R14: 00007f552f295f80 R15: 00007ffe9e826ea8 [ 430.495972][T20154] [ 430.534406][T20162] ================================================================== [ 430.542538][T20162] BUG: KCSAN: data-race in mas_wr_store_entry / mtree_range_walk [ 430.550299][T20162] [ 430.552624][T20162] write to 0xffff888104224e10 of 8 bytes by task 20160 on cpu 1: [ 430.560345][T20162] mas_wr_store_entry+0x146b/0x2d00 [ 430.565562][T20162] mas_store_prealloc+0x6bf/0x960 [ 430.570603][T20162] commit_merge+0x441/0x740 [ 430.575121][T20162] vma_expand+0x211/0x360 [ 430.579463][T20162] vma_merge_new_range+0x2cf/0x3e0 [ 430.584619][T20162] mmap_region+0x887/0x16e0 [ 430.589150][T20162] do_mmap+0x718/0xb60 [ 430.593324][T20162] vm_mmap_pgoff+0x133/0x290 [ 430.597931][T20162] ksys_mmap_pgoff+0xd0/0x330 [ 430.602629][T20162] x64_sys_call+0x1884/0x2d60 [ 430.607324][T20162] do_syscall_64+0xc9/0x1c0 [ 430.611840][T20162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.617746][T20162] [ 430.620075][T20162] read to 0xffff888104224e10 of 8 bytes by task 20162 on cpu 0: [ 430.627718][T20162] mtree_range_walk+0x1b4/0x460 [ 430.632594][T20162] mas_walk+0x16e/0x320 [ 430.636760][T20162] lock_vma_under_rcu+0x95/0x260 [ 430.641719][T20162] exc_page_fault+0x150/0x650 [ 430.646406][T20162] asm_exc_page_fault+0x26/0x30 [ 430.651267][T20162] [ 430.653590][T20162] value changed: 0x00007fb3f6ec0fff -> 0xffffffff8529e680 [ 430.660695][T20162] [ 430.663018][T20162] Reported by Kernel Concurrency Sanitizer on: [ 430.669167][T20162] CPU: 0 UID: 0 PID: 20162 Comm: syz.0.5495 Not tainted 6.11.0-syzkaller-09015-g18ba6034468e #0 [ 430.679673][T20162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 430.689820][T20162] ==================================================================