last executing test programs: 1m8.666598597s ago: executing program 3 (id=3650): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) socket$inet_udplite(0x2, 0x2, 0x88) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000001c0)=0x14) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x2200454, &(0x7f0000000000), 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0) creat(&(0x7f00000000c0)='./bus\x00', 0x182) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000080000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000006000000850000000600000095"], &(0x7f0000000780)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r2}, 0x18) r3 = socket$inet_sctp(0x2, 0x5, 0x84) close(r3) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000600)=0x8) sendmsg$inet_sctp(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}], 0x1, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r5}}], 0x20, 0x2400e044}, 0x0) 1m8.52416953s ago: executing program 3 (id=3657): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) socket$inet_udplite(0x2, 0x2, 0x88) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000001c0)=0x14) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x2200454, &(0x7f0000000000), 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0) creat(&(0x7f00000000c0)='./bus\x00', 0x182) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000080000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000006000000850000000600000095"], &(0x7f0000000780)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) close(0xffffffffffffffff) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000600)=0x8) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}], 0x1, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r4}}], 0x20, 0x2400e044}, 0x0) 1m7.662869402s ago: executing program 3 (id=3672): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e0000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x10) r1 = io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0x400826e, 0x40, 0x3, 0xf0}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000c00)=[{0x0}, {&(0x7f0000000a00)=""/200, 0xc8}], 0x2) syz_clone3(&(0x7f0000000000)={0x285002400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x46) io_uring_register$IORING_REGISTER_FILES(r1, 0x1e, &(0x7f0000000000)=[r1], 0x1) 1m7.549603324s ago: executing program 3 (id=3676): r0 = perf_event_open(&(0x7f0000000440)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10) shutdown(r1, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRESHEX=r0], 0x48) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e1f, 0x6, 'lc\x00', 0x5, 0x8, 0x69}, {@rand_addr=0x64010102, 0x4e26, 0x0, 0xcb, 0x400, 0x12d5c}}, 0x44) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000040), 0xfe, 0x4f2, &(0x7f0000000b00)="$eJzs3d9rHFsdAPDvTHbvbdpcN1d9uF6wLbaSFO0maWwbfKgKok8Ftb7XmGxDyCZbkk3bhKIp/gGCiAq+6JMvgn+AIP0TRCjou6gooq0++FAd2d3ZmKa7+UE3u97s5wMnc8782O85GebsnJlhJ4ChdTEiJiMiy7LsSkSU8vlpnmKnlRrrvXj+eKGRksiyO39LIsnntT/r7Xx6Lt/sTER87csR30xej7uxtb0yX61W1vPyVH01eZll21eXV+eXKkuVtdnZmRtzN+euz033pJ3jEXHri3/6wXd/9qVbv/r0w9/f/cvkt1oNbNnbjl5qNb3Y/F+0FSJi/SSCDUih2cKW6wOuCwAAB2uc7384Ij4REVeiFCPNszkAAADgNMk+NxYvk9b9PwAAAOB0SiNiLJK0nD/vOxZpWi63nuH9aJxNq7WN+qey0u71gvEopveWq5Xp/NmB8SgmjfJM/oxtu3xtX3k2It6NiO+XRpvl8kKtujjQKx8AAAAwPM7tG///s9Qa/wMAAACnzPigKwAAAACcOON/AAAAOP2M/wEAAOBU+8rt242Utd9/vfhga3Ol9uDqYmVjpby6uVBeqK3fLy/VakvN3+xbPezzqrXa/c/E2uajqXploz61sbV9d7W2uVa/u/zKK7ABAACAPnr3wtPfJRGx89nRNCKyZM+yYkQ2snflQv/rB5yc9Dgr//Hk6gH038igKwAMjFN6GF7FQVcAGLjD+oGuD+/8uvd1AQAATsbEx3bv/zdTw1v5smSgNQNOWn7/P3Gsw/Bx/x+Gl/t/MLyKB50BGBTAqZce4VB/8/v/WXasSgEAAD031kxJWs7HAWORpuVyxDvN1wIUk3vL1cp0RHwoIn5bKr7dKM80t0xcHgAAAAAAAAAAAAAAAAAAAAAAAACAI8qyJLIuRnfXAQAAAD7IItI/J/n7vyZKl8f2Xx94K/lXqTmNiIc/vvPDR/P1+vpMY/7fd+fXf5TPv9bvqxcAAABAJ+1xenscDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99OL544V26mfcv34hIsY7xS/Emeb0TBQj4uw/kijs2S6JiJEexN95EhHvdYqfNKoV43kt9sdPI2J0wPHP9SA+DLOnjf7n852OvzQuNqedj79Cnt5U9/4v3e3/Rrr0f+90+sD09VnvP/vFVNf4TyLeL3Tuf9rxky7xLx2xjd/4+vZ2t2XZTyMmOn7/JK/EmkoK96c2travLq/OL1WWKmuzszM35m7OXZ+bnrq3XK3kfzvG+N7Hf/mfg9p/tkv88UPaf/mI7f/3s0fPP9LKFvctKsZPsmzyUuf9/16X+O3vvk/mu7tRnmjnd1r5vc7//DfnLxzQ/sUu7T9s/08esf1XvvqdPxxxVQCgDza2tlfmq9XK+vEyScTOG2wuM1yZ0ehj0Pk4aJ32SWwf6vPtPNT/xS44dmZwfRIAAHAy/nfSP+iaAAAAAAAAAAAAAAAAAAAAwPA67GfAogc/J7Y/5s5gmgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKD/BgAA//+6ychX") r3 = creat(&(0x7f0000000040)='./file0\x00', 0x81) close(r3) recvmsg$unix(r3, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x40010142) r4 = syz_clone(0x24308000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(r4, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000140)=0xef85) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 1m7.234750669s ago: executing program 3 (id=3684): r0 = socket(0x11, 0xa, 0x4) getsockname$packet(r0, 0x0, &(0x7f00000000c0)) unshare(0x400) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000020900010073797a30000000002c000000030a010200000000030000000100ffff0900010073797a30000000000900030073797a3100000000d4040000060a010400000000000000000100000008000b4000000000ac0404802c000180080001006c6f6700200002800900024073797a300000000008000340000000060800034000000002380401800c000100626974776973650028040280080003400000000808000240000000140800064000000002080006400000000064020580bb0001001d92704a203d5ecc985c4e4280e5378a36a2856959ffa601c237cc270251cf18420d11613ec98e629c7d84c655efcb2b5ecd71666675bf512cadfe09e4d05a4f60f60e007ca1cf70a5185f973cec0f1ab052acf1acf6a2df83dd88facc62c6e94a1b6368d6bda68abcaed2ee48c3d589bf2a814b728efb93401dfa1d1063200c10e56294dba0e7b780ce0f6090bd0de9f5e000c98c4b97cd985c91284c2bca23e4757407bb41fd8de797502a72e122032d4ef3160f9f7b00fd000100854e3cb6d05d310db3d528811da7f7450ebb2d62cddc6981343570b9f4ab17d75de9411dea482f508c0dce42c25c4778ebc56bb303f9f51c489eedffcb1490560ab26ab7507ec029cca3ddfe7c4f4f6d91db07cbc008636bc7bea7f96954d31da9d8a9ca043df7b409ca2864d56fc6b2a70fcc2f1a3579737bf47542dae337d5203869caff9ab95a317c25521ebf848fad8ceb87f4655ace0701dbe961e9dcaeffa37bfa2e9d127d61b8d6edc1437b46f54c061e1c9d68120ac8300e91d19c708aa9589c37de59a9f8df5546855e934599a2f31b6cb847347fc02231fec395b906e60300340d60ebe7a3f23e1aa6eec9e0150a9d16b3c25e590000002400028008000340fffffff8080003400000000908000340684dbc5808000180ffffffff6200010091de8d9ca3503f5a0a8259007bc5088ccfe97cfebb5ebb90e05d4e8a63fcbee6f14ab7eff7469cf243a6ef6e528b811dfd72af1e7e08de8fbdd4849367ea82016412fab2ccc0fb94fa63fac7fd0c6ea48c0e9ac7d1a30ecf3e70e44ed5ff00001c0002800800034080000000080003400000000308000180fffffffc080001400000000d600004804000028008000180fffffffb0d00020073797a3000000000080001802b30a3bc08000180000000000900020073797a31000000002900020073797a31000000001c0002800900020073797a31000000000900020073797a3200000000080002400000000a30010480380002800900020073797a3200000000080003400000000908000180fffffffc0800018000000007080003408000000108000340000000050b0001000bca99f460f4b0002800028008000180fffffffb0900020073797a3000000000080003400000000308000340000001ff04000100bc000100e27404a10a99dbcc4575917adc29373e2cc46e5e8f99d7a36b7c42c92713cce62084d863a11eb9c2e19fde212924e527db981a9be0c2c15f6a04a67e9e20f86e4bebd07665e2d01da200712427a5525403c1c75468f31b91a60def25f7757c9921d08b9a5b0bc6f8953efbd0416091bf2b30d9a37e789198313dd07b7b70cebff25c562434b67e9a6b70708dd84c86135ab9b0ffda2c4b2fb4a139220c101f4c0a3d58eb124346005c82dea6f0f36444b28300758475eb3d34000180090001006d65746100000000240002800800024000000002080003400000000d08000340000000090800034000000001100001800a0001006c696d69740000000900010073797a30"], 0x548}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000007c0), 0x13f, 0x5}}, 0x20) stat(&(0x7f0000001c40)='./file0\x00', &(0x7f0000001c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f0000fffffffffffffff0"], 0xffaf}, 0x1, 0x0, 0x0, 0x854}, 0x0) lchown(&(0x7f0000000000)='./file0\x00', 0x0, r3) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000280)={{0x1, 0x1, 0x18, r2, {0xee01, 0xffffffffffffffff}}, './file0\x00'}) r5 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x55, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x8407fff, 0xaea}, 0x14105, 0x32, 0xfffffbff, 0x5, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2007}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r6}, 0x38) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r7, 0x0, 0x3}, 0x18) ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0xc0f85403, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r5) bpf$PROG_LOAD(0x5, 0x0, 0x0) 1m7.16851034s ago: executing program 3 (id=3686): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e0000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x10) r1 = io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0x400826e, 0x40, 0x3, 0xf0}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000c00)=[{0x0}, {&(0x7f0000000a00)=""/200, 0xc8}], 0x2) syz_clone3(&(0x7f0000000000)={0x285002400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x46) io_uring_register$IORING_REGISTER_FILES(r1, 0x1e, &(0x7f0000000000)=[r1], 0x1) 1m7.16820978s ago: executing program 32 (id=3686): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e0000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x10) r1 = io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0x400826e, 0x40, 0x3, 0xf0}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000c00)=[{0x0}, {&(0x7f0000000a00)=""/200, 0xc8}], 0x2) syz_clone3(&(0x7f0000000000)={0x285002400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x46) io_uring_register$IORING_REGISTER_FILES(r1, 0x1e, &(0x7f0000000000)=[r1], 0x1) 2.906133586s ago: executing program 4 (id=4912): mkdir(&(0x7f0000000000)='./control\x00', 0x81) (async) r0 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8) rmdir(&(0x7f0000000040)='./control\x00') (async, rerun: 64) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020206e2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000a78500000073000000850000000e00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 64) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='percpu_alloc_percpu\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) (async) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x29, &(0x7f0000000100)=0x3ff, 0x4) (async) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000040)=0x43e6, 0x4) (async) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x4e21, 0x0, @mcast2}, 0x1c, 0x0}}], 0x62, 0x0) r3 = syz_io_uring_setup(0xbc0, &(0x7f0000000500)={0x0, 0xb1e4, 0x1000, 0x4, 0x224}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async, rerun: 32) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) (rerun: 32) syz_io_uring_submit(r4, r5, &(0x7f0000000340)=@IORING_OP_SENDMSG={0x9, 0x10, 0x0, r3, 0x0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000740)="d590ec55ef26a26fcc803dc80f29d867fd38bf6f8fa8fe9f4ef442f1ff01e5f2dc8929a53d640783e1538d09000000d3b7de25f8a0277bb5c66058377dfb570b96428eab75bad8fa6415c733011bd8165ec4b532befe58b402b781d587620e5af3bca138fa1650052d5ecd1e020b8cc79072b235957c0e46e5f0991b4e39ca35705f140cb1c173cc3c000000000000002bd7f4ce67ff08c68f7aeeb33c7e9b640c9a765311644478f95002534e250b62373b6c7833e469b36504dfced96de74320ca4210a1ac757da69b7c746d93e3274bf68bfd3dd1c246ade46c05d9aa4caed70deb27bbab8228619d06ece3bf391fe8220d347b08f8846bb9db1b23577a2995276354d185acc4eb64bdf0512e4755935949675c7bba7ff8895d312aac4c784b8016057e603c108c6c9428250b58111a16a89fa33806813e9d7ff6c0904fb6bde6f07e47e60a428f6d1629cd64f654cb7de773a5381fb69f9529e579a8108b2ed8f32694959fcb78", 0x169}, {&(0x7f0000000380)="67ddca927a1eccd4ddde7571f57d4494b2ee50fc3ce320fe1f5f2464b6a49a93477987125b5ede9f27b18ebf86eb1ac915a5f91c44ad33d304ed8672fba709f3a52c5d4ca0730f98ce994afce1e61f6f09cc81d08ce033d6d3cbb7067ceb1a3910a31bec7374dc553ce1557a04bb90aa3655799c37c0780a314dc4e1e8db758dc632e0", 0x83}, {&(0x7f0000000440)="70df4a58b3821ccfacb4cde7fbb66a8e9fd1ba048462441cf7928397d00b2700f6c4ca77db170fd52146120122ef6822117c7369102bdfd3fb2928fb5a529371cda29f647dd457b3c2a08673df34d2545aef5d2783785604ad3a4618aebb510a8bf8b8be9214048cfaea75ad340d9f8a276e04dfd618180356296675b8dedf90891ba5a6f7af2a4b0817e4", 0x8b}, {&(0x7f0000000580)="7bfed43d73cc55cbaf67fefb2606e558c983f782cab122015f38f16b702494b2d8a5b4d9829f4c259e174fcdfc90a4f5046069956b126cd492e5513c95a8063e3f5382a457b13a5ba1eed2bbd5f63dd1afef6a67f61b50dd4a553e12194f589f067e32c80521fd954fd3e8b18b24b075e6a48f308f42d2f0e7a02e9f63139dea38a2129620cfc07d1c4b7bc964b4bbf78df5b2182fd2a5b76bcce7cc39b1663016115c858b3aa337c30eba0d529630a121064ec8ccbcbbc1f18e78eadb2386dcc2a9419372ed22e53c3363cb9447d4c8b5b72d2dccaeefc3619f3565df1dd10df9d7284a", 0xe4}], 0x4, &(0x7f0000001500)=ANY=[@ANYBLOB="c8000000000000000600000004000000f07b13063a663a6af149a791b52869a2041f0517d434cb426173cf41d253d4d75d63daf2353ae78f5dfa8e3310cc040eceba8c74632aed42dacf594a6266ad45792dbb58096241afdf83caf244d642764970f116b889cafa8761bd3162f8ceec994f9226e929b3cdab69e75af96b91f1d9f2ff8c95bdb682bccd21ad758ba34095df83a916bd6f7fb32ea45030c52f31fd41dffcb68d382a41c90ad70417b9c7f2d332efa69546edd398ef5253fce56dd0081c6b857712003800000000000000140100003a5900002fd9e58284a926f37ab5cfee8ac61a800781e5e8858ca161b3fee51d597a94e084800000000000003000000000000000140100007f00000015b5ce97f194d3cbc1603e327cd2576cdb803ff566835684724b9fe66d3d0000a000000000000000060000008b0d2d1cb08a0824b7eed4fd6243314d24052676794519dd22db770e855acb41aeefadffd40a389b8d5176190f1a7b2d74e426e6a834fbb463e50e0f3c69c50d1a7c1817af4e95726278cc07833fe1edbb3ffa49fba62736bb95c72df595b9ed334492fd635f56e639a27960382c2ab4741455fe70adcda736a6fb55deff754aacbf05d8647a11ecd7fc5063e33a4ffc30064285f1e8d3dd0e63fe012f7400000000c800000000000000ff000000040000000855a9264ce288e7fcfc0f93b84522974cfe7b574ee5b8dfb67e30489b2cd898d296d8e1a98b8f7fbcfdad52b83be91cdf3f735059aa21533958b3bea0f8c6b97e9bd0389a8dfb7a46558caee3a68bea47b4e92e297bd1ff9f91b4202908a737212ec721594dc143fb8e51d4332987869a79bae27bc89ebf12f6bf798f29224c3ea8e514892fdd4de6b542ded45bb012c3183c25bedfde6d5ce788a79bbcf99c988a67c60af6407a1e8c201325445bf59b00000000000000f000000000000000040000000b0000005a9c44c7ae7435308b0322c4efa5933204647379a7a8bdeba53a253f8304df0e7ea5586fcc1eb83f1f8c507129ebd1975449e63bc2b5bad13c0d52a5043f0732eb9a7f074ecafb2d9aafb4b504aa73e69aff3ee1157cb9b3914f8567d00dd7a1bced2e6862f573eeb0fcc9d129c897c509deeb6a8c354936d7948246c021f7f93a432ddc10f9ce9ea09239e8190d7b813d08a2aa67ffbd672cd9ccc83e5d871ea24889b6525babb914a3f52bd61007b14cca80403bf9cb7cdc9b4da98e087f62406f1c2951bdf71419f32309a6cda845e36b0e70d270ff2dd6fcea1000000000b0000000000000001501000004000000d9b9e014763c3992fe0ebd4a7c42df618cc92e49ce947f726b99f2258df08bbe01d7eb1667f716a2ad1ee7877444d860227b496825fe3cfe2beefd45126326a77cc82440c777b69d13fa89ab1a3c96b3c6ec3ad4f0358039273b5d62636254da650966af70cb720bc34613d856be0297c5a154d06b497c31a0099f8733827413e01909788927e0304503cc706142bd606621bc583270cc7fa7973b548ae89a0000010000000000000b01000008000000f928ae6a0dae8ac7d2e96e3ceaf16e5ba22c21718c31aa0e512072fc64143cd9badd88429de1e0706688b727fdad107d87d4583293e3d68bc27edfae54f9e3e8bbad5e685a20680b0cc03d6eb361fd58d1552ef92c4d15bbc44d02827e7b661438b435be88c1a71664c22a8ea30050a41838c1543b51acdc2480c00e2f2463e13a64104004da0580eb955b44d3da117f2fe5d0b7b206a9417595b3a1bd57b96ff0141593e71ee358a0043338c850a576955aef1064a46d1300da2b32ff85532fb70c2cc03fc4a924e02e6076a086ad0cc95c5c9e17fbe021904d9d556422d766478158cc570b94a8b6b8000000000000770f0f2b2632dfa244c5013e5980b92c661ad6910393cb46b3b3287daec5b633e8887b90294e07433bac11b6c393d8a1a5a1556469feaa66cbecd16eeb290152b66c57321bd9783ce67e77074b6a8b7d116c775bada02174d516853a0210dceb17168f1f65f738e00cf98fe64bb4bfa2df1796b0423c3f3cb585f26d0bb1d004652015f493acf84a79099ce6d8e5baff06563c4f039118da2d25fc9ce7ba9659b6cba104ede07e97110c9a1bd54d0d54edbec5e7b5eec9735d0c"], 0x538}, 0x0, 0x1000, 0x0, {0x0, r6}}) (async) chroot(&(0x7f0000000000)='./file0\x00') (async) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x5c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext, 0x8000, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2) (async) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) (async) syz_io_uring_setup(0x43d5, &(0x7f0000000200)={0x0, 0xb18c, 0x80, 0x2, 0xec}, &(0x7f0000000280), 0xfffffffffffffffc) (async) r7 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) (async, rerun: 32) r8 = fsmount(r7, 0x0, 0x1) (rerun: 32) fchdir(r8) (async) getdents(0xffffffffffffffff, 0x0, 0x58) (async, rerun: 32) io_uring_enter(r3, 0x47f8, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) r9 = socket$inet(0x2, 0x3, 0x8) setsockopt$inet_int(r9, 0x0, 0x5, &(0x7f0000000080)=0x7, 0x4) socket$inet(0x2, 0x3, 0x6) 2.832766557s ago: executing program 4 (id=4913): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2000008, &(0x7f00000003c0), 0xfc, 0x53e, &(0x7f0000000940)="$eJzs3UFvI1cdAPD/eO3d7G62SYEDVGoptGi3grWThrYRh1IkBKdKiMJ5CYkTRXHiKHbaTVRB9hMgIQRInODCBYkPgIRW4sKxQqoEZ5CKQIhuQYIDdJDtcRKcceKsnHjX+f2kybz3xjP/9xy/8YznaSaAC+vZiHgtIj5M0/SFiJjKygvZFHudqfW6Dx68vdiakkjTN/6eRJKVdbeVZPPr2WoTEfH1r0Z8Ozkat7Gzu7ZQqxW7+UpzfbPS2Nm9vbq+sFJdqW7Mzc2+PP/K/EvzM0Np542IePXLf/7h937+lVd//bm3/nTnr7e+06rWZLb8cDtOqXjcwk7TS1cmelbYeshgj6JWe0rdzNXB1rl3hvUBAKC/1jH+RyLi0xHxQkzFpeMPZwEAAIDHUPrFyfhPEpHmu9ynHAAAAHiMFNpjYJNCORsLMBmFQrncGcP7sbhWqNUbzc8u17c3ljpjZaejVFherVVnsrHC01FKWvnZdvog/2JPfi4inoyIH0xdbefLi/Xa0qh//AAAAIAL4nrP+f8/pzrn/wAAAMCYmT5+8dR51QMAAAA4Oyec/wMAAABjwPk/AAAAjLWvvf56a0q7z79eenNne63+5u2lamOtvL69WF6sb22WV+r1lfY9+9ZP2l6tXt/8fGxs3600q41mpbGze2e9vr3RvLMaE+fSIAAAAOCIJz95/w9JROx94Wp7ark86koB56K4n0qyeU7v/+MTnfl751Qp4FxcGuA1713JL3ecAI+3Ym9Bn74OjJ/SqCsAjFxywvKewTvX9lPvZPNPDb9OAADAcN38RP71/5OvC+wVzqF6wBnSieHi6vmeTz3rBy6O9vX/QQfyOFiAsVIaaAQgMM5Oef3/wDuDRkjTU1UIAAAYusn2lBTK2c97k1EolMsRN9qPBSgly6u16kxEPBERv58qXWnlZ9trJieeMwAAAAAAAAAAAAAAAAAAAAAAAAAAHWmaRAoAAACMtYjCX5LfdO7lf3Pq+cne3wcuJ/9uPxL4ckS89ZM3fnR3odncmm2Vv79f3vxxVv7iKH7BAAAAAHp1z9Pb83+NujYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjJsPHry92J0GePnVYcX925ciYjovfjEm2vOJKEXEtX8kUTy0XhIRl4YQf+9eRHw8L37SqtZ+yLz4w3gTTogf09m7kBf/+hDiw0V2v7X/eS2v/xXi2fY8v/8VI/4v/7D67/9if/93qU//vzFgjKfe/WWlb/x7EU8V8/c/3fhJn/jPDRj/W9/Y3e23LP1pxM3u9097j3c4wkGq0lzfrDR2dm+vri+sVFeqG3Nzsy/PvzL/0vxMZXm1Vs3+5sb4/tO/+vC49l/L/f5Lstr0b//zOdvL+07677t3H3y0m9k7Gv/Wcznxf/uz7BVH4xeyOJ/J0kn2XrXTe53387BnfvG7Z45r/9JB+0un+f/f6rfRXkc6ytODfnQAgDPQ2NldW6jVqltjm2idpT8C1bjoiW++/wh+2L471A2maZq2+lTOovsRMch2khhySwv59TlI9P2njHrPBAAADNvBQf+oawIAAAAAAAAAAAAAAAAAAAAX13ncZa035sEtkJNh3EIbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAo/hcAAP//A/7SsQ==") 2.711789169s ago: executing program 4 (id=4920): r0 = socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000bc0)=ANY=[@ANYRES32=r0, @ANYRESHEX, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000c9e2a84ab70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000640)={r3, r1}, 0xc) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x3ffffffffffff14, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000050000"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000300)='sched_switch\x00', r7, 0x0, 0x5}, 0x18) r8 = gettid() rt_sigqueueinfo(r8, 0x11, &(0x7f00000004c0)={0x1c, 0x8, 0x5}) waitid(0x2, 0x0, &(0x7f0000000380), 0x20000000, &(0x7f0000000b00)) lchown(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000040), 0x208e24b) r10 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) ioctl$TUNSETPERSIST(r10, 0x400454c9, 0x1) 2.222799367s ago: executing program 0 (id=4927): r0 = socket(0x11, 0xa, 0x4) getsockname$packet(r0, 0x0, &(0x7f00000000c0)) unshare(0x400) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0xffffffffff600000, 0x0, 0x1}}, 0x40) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000020900010073797a30000000002c000000030a010200000000030000000100ffff0900010073797a30000000000900030073797a3100000000d4040000060a010400000000000000000100000008000b4000000000ac0404802c000180080001006c6f6700200002800900024073797a300000000008000340000000060800034000000002380401800c000100626974776973650028040280080003400000000808000240000000140800064000000002080006400000000064020580bb0001001d92704a203d5ecc985c4e4280e5378a36a2856959ffa601c237cc270251cf18420d11613ec98e629c7d84c655efcb2b5ecd71666675bf512cadfe09e4d05a4f60f60e007ca1cf70a5185f973cec0f1ab052acf1acf6a2df83dd88facc62c6e94a1b6368d6bda68abcaed2ee48c3d589bf2a814b728efb93401dfa1d1063200c10e56294dba0e7b780ce0f6090bd0de9f5e000c98c4b97cd985c91284c2bca23e4757407bb41fd8de797502a72e122032d4ef3160f9f7b00fd000100854e3cb6d05d310db3d528811da7f7450ebb2d62cddc6981343570b9f4ab17d75de9411dea482f508c0dce42c25c4778ebc56bb303f9f51c489eedffcb1490560ab26ab7507ec029cca3ddfe7c4f4f6d91db07cbc008636bc7bea7f96954d31da9d8a9ca043df7b409ca2864d56fc6b2a70fcc2f1a3579737bf47542dae337d5203869caff9ab95a317c25521ebf848fad8ceb87f4655ace0701dbe961e9dcaeffa37bfa2e9d127d61b8d6edc1437b46f54c061e1c9d68120ac8300e91d19c708aa9589c37de59a9f8df5546855e934599a2f31b6cb847347fc02231fec395b906e60300340d60ebe7a3f23e1aa6eec9e0150a9d16b3c25e590000002400028008000340fffffff8080003400000000908000340684dbc5808000180ffffffff6200010091de8d9ca3503f5a0a8259007bc5088ccfe97cfebb5ebb90e05d4e8a63fcbee6f14ab7eff7469cf243a6ef6e528b811dfd72af1e7e08de8fbdd4849367ea82016412fab2ccc0fb94fa63fac7fd0c6ea48c0e9ac7d1a30ecf3e70e44ed5ff00001c0002800800034080000000080003400000000308000180fffffffc080001400000000d600004804000028008000180fffffffb0d00020073797a3000000000080001802b30a3bc08000180000000000900020073797a31000000002900020073797a31000000001c0002800900020073797a31000000000900020073797a3200000000080002400000000a30010480380002800900020073797a3200000000080003400000000908000180fffffffc0800018000000007080003408000000108000340000000050b0001000bca99f460f4b0002800028008000180fffffffb0900020073797a3000000000080003400000000308000340000001ff04000100bc000100e27404a10a99dbcc4575917adc29373e2cc46e5e8f99d7a36b7c42c92713cce62084d863a11eb9c2e19fde212924e527db981a9be0c2c15f6a04a67e9e20f86e4bebd07665e2d01da200712427a5525403c1c75468f31b91a60def25f7757c9921d08b9a5b0bc6f8953efbd0416091bf2b30d9a37e789198313dd07b7b70cebff25c562434b67e9a6b70708dd84c86135ab9b0ffda2c4b2fb4a139220c101f4c0a3d58eb124346005c82dea6f0f36444b28300758475eb3d34000180090001006d65746100000000240002800800024000000002080003400000000d08000340000000090800034000000001100001800a0001006c696d69740000000900010073797a30"], 0x548}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000007c0), 0x13f, 0x5}}, 0x20) stat(&(0x7f0000001c40)='./file0\x00', &(0x7f0000001c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f0000fffffffffffffff0"], 0xffaf}, 0x1, 0x0, 0x0, 0x854}, 0x0) lchown(&(0x7f0000000000)='./file0\x00', 0x0, r4) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000280)={{0x1, 0x1, 0x18, r3, {0xee01, 0xffffffffffffffff}}, './file0\x00'}) r6 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x55, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x8407fff, 0xaea}, 0x14105, 0x32, 0xfffffbff, 0x5, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2007}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r7}, 0x38) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r8, 0x0, 0x3}, 0x18) ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0xc0f85403, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r6) bpf$PROG_LOAD(0x5, 0x0, 0x0) 2.150368868s ago: executing program 0 (id=4928): r0 = socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000bc0)=ANY=[@ANYRES32=r0, @ANYRESHEX, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000c9e2a84ab70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000640)={r3, r1}, 0xc) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x3ffffffffffff14, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000050000"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000300)='sched_switch\x00', r7, 0x0, 0x5}, 0x18) r8 = gettid() rt_sigqueueinfo(r8, 0x11, &(0x7f00000004c0)={0x1c, 0x8, 0x5}) waitid(0x2, 0x0, &(0x7f0000000380), 0x20000000, &(0x7f0000000b00)) lchown(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000040), 0x208e24b) r10 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) ioctl$TUNSETPERSIST(r10, 0x400454c9, 0x1) 1.808846503s ago: executing program 4 (id=4931): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) poll(&(0x7f0000000340), 0x20000000000002a9, 0x5e5a) shutdown(r1, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702000002ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x5c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd91, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket(0x2b, 0x80801, 0x1) capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x2}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWTABLE={0x2c, 0x0, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x40}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWCHAIN={0x148, 0x3, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_USERDATA={0xf1, 0xc, "9ffbd82ccb8419b95bf2ac633923770a0cc08c964d8957c6551cc4721d3feba54cc4df6d1074fa9ac1eb66ee6d3f40532aa1a9f8eb202e52bdd84c3d06ba29cd86c8eaf8e4014bf9bc2cf3e5fe0073d84378168fb38ee508080466ab65d0f07a55e0f151cc1c06ebba8c5c8f1da70839c8a268a4f571b2a38e16e5d35648c70b985ee990094bf107f4fe47170421223c2827e2ffe9e199d22e6cac6abe21478a48f394740a862b5aaab8da5b3acaaebf0713f9b58bb50bde721991c1b84fed42c7b2fa3a69ac9c21379d2a415e1af857bee55675c9062fe17a8bc261c5c54b8a8c734e89357ae25e8c3486bba1"}, @NFTA_CHAIN_POLICY={0x8}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0x3}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x571}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x5f8d}]}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x4}]}], {0x14, 0x10}}, 0x1b0}}, 0x8040) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r3]) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x0, 0xab, @empty, 0x1}, 0x1c) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, 0x0, 0x11e) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_rdma(0x10, 0x3, 0x14) perf_event_open(&(0x7f0000001380)={0x2, 0x80, 0x5, 0x1, 0x0, 0x0, 0x0, 0xa, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8000000000000001, 0x8}, 0x4c58, 0x10000, 0x1, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x8000000000000002}, 0x0, 0xffffffdfffffffff, 0xffffffffffffffff, 0x2) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) unshare(0x22020600) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x5, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x2000000, 0x0, 0x3, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001400)=@newqdisc={0x148, 0x24, 0x4, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@TCA_STAB={0x124, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x1, 0xc, 0x80000000, 0x1, 0x696d, 0xc3af, 0x1}}, {0x6, 0x2, [0x5]}}, {{0x1c, 0x1, {0x7, 0xe8, 0x6, 0xff, 0x2, 0xfff, 0x80, 0x6}}, {0x10, 0x2, [0x4, 0x3, 0x6c2, 0x35, 0x9, 0x400]}}, {{0x1c, 0x1, {0xf7, 0x8, 0x40, 0x6, 0x0, 0x6, 0x1, 0x7}}, {0x12, 0x2, [0x6, 0x200, 0x6, 0x9, 0x8000, 0xfff8, 0xc90]}}, {{0x1c, 0x1, {0x4, 0x6, 0x9, 0x2, 0x2, 0x4, 0x4, 0x1}}, {0x6, 0x2, [0x7f]}}, {{0x1c, 0x1, {0xb7, 0x5, 0x4, 0x3, 0x0, 0x7d44, 0x1c0000, 0x7}}, {0x12, 0x2, [0x3, 0x4fd, 0x1, 0x4, 0xffd, 0x4, 0xfffc]}}, {{0x1c, 0x1, {0x8, 0x2, 0x9, 0x7edf, 0x0, 0x4, 0xd, 0x4}}, {0xc, 0x2, [0x2a6, 0x8, 0x800, 0x9]}}, {{0x1c, 0x1, {0x5, 0x70, 0xfff, 0x7, 0x1, 0x1, 0x9, 0x2}}, {0x8, 0x2, [0xefb1, 0x8]}}]}]}, 0x148}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001600)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x4084) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r6) r7 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) fsmount(r7, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 1.690541165s ago: executing program 4 (id=4932): r0 = socket(0x10, 0x3, 0xfffffffc) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xd, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) r2 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f0000fffffffffffffff000000000"], 0xffaf}, 0x1, 0x0, 0x0, 0x854}, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) pidfd_getfd(0xffffffffffffffff, r3, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001d40)={&(0x7f0000000580)=@proc={0x10, 0x0, 0x25dfdbfd, 0x40}, 0xc, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYRES8, @ANYRESDEC, @ANYRES32, @ANYRES32, @ANYBLOB="00000000000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=0xffffffffffffffff, @ANYRES16, @ANYRES32, @ANYRES32], 0x50, 0x24040094}, 0x80) lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r5 = getegid() fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, &(0x7f0000000b00)=ANY=[@ANYRESDEC, @ANYRES32=0x0, @ANYBLOB="0200", @ANYRES64, @ANYBLOB="020002", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0ffe0500", @ANYRES64, @ANYBLOB="02000000", @ANYRES8, @ANYBLOB="02000300", @ANYRES64, @ANYBLOB="020002", @ANYRES32=0xee00, @ANYRES8=r2, @ANYBLOB="7de0de6148d7d44c4d01eeff92df69b773e9c6727f8fbda7576c2a151378b664926695450adc68e74593831c634553c00cb92a5f09f1c013283b5c41e9b48b6df05700293ee4dfd9070d460cc6774ad5cb408f22ce", @ANYRESDEC, @ANYRESDEC=r4, @ANYRES32=0x0, @ANYBLOB="080006", @ANYRES32, @ANYBLOB="08000300", @ANYRES32=0xee00, @ANYBLOB="08000400", @ANYRES32=r5, @ANYBLOB="10000400000000002000000000000000"], 0x94, 0x1) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r6, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1, {0xee01, 0xffffffffffffffff}}, './file0\x00'}) ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f0000000880)=0x0) stat(0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000500), &(0x7f0000000540)=0x0, &(0x7f0000000640)) lstat(&(0x7f0000000680)='./file0\x00', &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$system_posix_acl(r1, &(0x7f0000000100)='system.posix_acl_access\x00', &(0x7f00000008c0)=ANY=[@ANYBLOB="02000000010006000000000002000300", @ANYRES32=0x0, @ANYBLOB='#\x00\a\x00', @ANYRES32=r6, @ANYBLOB="02000000", @ANYRES32=r7, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=r8, @ANYBLOB="12000600d3068fcde198dab6b3aaca206fbeb5fd4c0bf6722972a10e756948632720673c0d13cb28d14059be80a24354d3fb7a5c55729643b952fe5bf102711fbb542310500d600b583f08c8122a346224849c3f952d6c12bc49f70968db3485c2f0d75c62a1ec8d6f9c8aa2b42db9acfd623b892ca16fda59403e23b43441b97dcbf92b0ce41d645e3bbdb32f27fd3391cd3e24b5fe445428d45ba8ef689a3b807de2be0bf12f2219468b73db220156023b0dfab55ca11c677583fbc2b8619db85a0745d16da139e52d6c2cec36886fd446df334e98994eca03", @ANYRES32=r9, @ANYBLOB="02000100", @ANYRES32=r10, @ANYBLOB="040002000000000008000200", @ANYRES32=r11, @ANYBLOB="08000300", @ANYRES32=r12, @ANYBLOB="10000200000000002000060000000000"], 0x6c, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18) r13 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r13, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000160a0103000000000000000002000000540003804000038014000100626f6e645f736c6176655f300000000014000100736974300000000000000000000000000400010073697430000000000000000000000000080002400000000008000140000000000900020073797a31000000000900010073797a30"], 0xa8}, 0x1, 0x0, 0x0, 0x8004}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'}) r14 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000a0db200000000000000000850000000e000000c50006002a000000b5"], &(0x7f0000000840)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='netlink_extack\x00', r14}, 0x10) socket$nl_route(0x10, 0x3, 0x0) 1.666449425s ago: executing program 4 (id=4933): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setsig(r0, 0xa, 0x13) fcntl$setlease(r0, 0x400, 0x0) timer_create(0x0, 0x0, &(0x7f0000000280)=0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) 1.517966117s ago: executing program 2 (id=4934): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$inet_sctp(0x2, 0x5, 0x84) close(r2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000600)=0x8) sendmsg$inet_sctp(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}], 0x1, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r4}}], 0x20, 0x2400e044}, 0x0) 1.447222568s ago: executing program 2 (id=4937): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x7528, 0x5}, 0x0, 0x10000, 0x0, 0x1, 0x1, 0x20005, 0xd6de, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0xfffffffffffffffd, 0x1}, 0x100c60, 0x0, 0x400, 0xc, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0xfffffffffffffdfd}, 0x0, 0x0, 0xffffffffffffffff, 0x3) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f00000000c0)='%+9llu \x00'}, 0x20) sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair(0x15, 0x5, 0x0, &(0x7f00000000c0)) mbind(&(0x7f000053e000/0x3000)=nil, 0x3000, 0x2, &(0x7f0000000000)=0x9, 0xb, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x4, 0x3, 0xc4e4, 0x4240, r0, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x3}, 0x50) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000200)='f2fs_truncate_partial_nodes\x00', r1, 0x0, 0x3}, 0x18) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007000000181100", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x18) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, &(0x7f0000000280)=""/193, 0x29, 0xc1, 0x0, 0x8}, 0x28) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)="2e00000011008188040f80ec59acbc0413a1810031000000000f000000028002002d1f00"/46, 0x2e}], 0x1}, 0x0) 1.269768561s ago: executing program 2 (id=4943): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0x8}, 0x18) r1 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) write$selinux_validatetrans(r1, &(0x7f0000000180)=ANY=[@ANYBLOB='system_u:object_r:semanage_t system_u:object_r:fixed_disk_device_t:s0 00000000000w'], 0x79) 1.256147231s ago: executing program 2 (id=4944): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) r1 = socket(0xa, 0x5, 0x0) r2 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) write$binfmt_script(r2, &(0x7f00000004c0)={'#! ', './file0', [{0x20, 'kfree\x00'}, {0x20, '\x00'}, {0x20, 'kfree\x00'}, {0x20, 'GPL\x00'}, {0x20, 'kfree\x00'}, {0x20, 'kfree\x00'}, {0x20, '.'}, {0x20, '\x00nHJ\xeeX8\xbc$\xd3 \x92S\xad\xb6\x13alV\x14\xb6\xf8\x112 \xd4NJ\xed:?\x9c0\xbf\xa8\x13\xeb\xf7\xc5\xad\xd9\xe5\x05\nl\xcfZ\xd6\xe90\xd6\x13\t\xb2 g#2\xf1\x9a\xe3n\xc1\x96\xc6\xaaQAg8\xf5U\xf3\xb9\x02u'}, {0x20, '&:^:\\'}], 0xa, "4abb82365c7e40000fba67fad20d64c59ab4b64f915b01adb3850a38643ed4398fdbb7e47bcca3b5fb3d160ae99800a49a5b762edc0e456ce794ff3050d6cac6d4050ae01e"}, 0xc8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f0000000080)}) setxattr$incfs_metadata(0x0, &(0x7f0000000840), 0x0, 0x0, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x7}, 0x10041, 0x0, 0x3574, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000}, 0x0, 0x10, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a310000ffff0500010007000000280007800c00018008000140fffffff70500070084000000060004404e220000060005"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000005ac0)={0x0, 0x0, &(0x7f0000005a80)={&(0x7f00000058c0)=ANY=[@ANYBLOB="cc0000001b0001002bbd7000fddbdf2500000000002400000400000000000001ac1414390000000000000000000000004e2200014e2400050200a0a03b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="090000000000000007000000000000000600000000000000020000000000000007000000000000000c00000000000000a604000000000000060000000000000002000000000000000000000000000000f4fffffffffffffff2ffffffffffffff790a0000b26b6e00010101010000000005000000000000000a00100002"], 0xcc}, 0x1, 0x0, 0x0, 0x44040}, 0x20000004) sendto$inet6(r1, &(0x7f0000000040)='\x00', 0x1, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c) 1.240291172s ago: executing program 0 (id=4945): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00', 0x80000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000100)) 1.213749622s ago: executing program 0 (id=4947): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=0x0, @ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x14, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000040), &(0x7f0000000280)='%pS \x00'}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x20, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="73dd3015d67ff1f5434f98a5599320807a", @ANYRES64=r2, @ANYRES64=r2, @ANYRESHEX=r2, @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r3}, 0x10) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000003000200850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r7}, 0x10) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r9 = socket$pppl2tp(0x18, 0x1, 0x1) r10 = socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) sendmmsg$inet(r11, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x732a}], 0x1}}], 0x400000000000292, 0x0) connect$pppl2tp(r9, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r10, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r12 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r12, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @rand_addr=0x1}, 0x2, 0x4}}, 0x26) ioctl$PPPIOCGL2TPSTATS(r12, 0x8004745a, &(0x7f0000005280)) sendmsg$netlink(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002800010004000000f8dbdf2503"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)=0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.110002104s ago: executing program 5 (id=4949): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) socket(0xa, 0x5, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) setxattr$incfs_metadata(0x0, &(0x7f0000000840), 0x0, 0x0, 0x1) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x7}, 0x10041, 0x0, 0x3574, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000}, 0x0, 0x10, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a310000ffff0500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) socket$nl_xfrm(0x10, 0x3, 0x6) 884.844327ms ago: executing program 1 (id=4950): socket$kcm(0x2, 0x1, 0x84) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = mq_open(&(0x7f0000000600)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdF\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1b\xf4\xce\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|9\x90\x8d\xf4r\xd9*\xd1\x83\n\x1a\xa8fa2\xd4:^\xd7a\x0f\x12}\a\x9d\xc9h\x02\xbe\xeb\x01\xd39LS\xefJ\xcc<\xc4\xc0\xb4A\xab{\x1b\x15<\x95\x02\xae\xfdT\x98\xf4\x85\a\x01@\x12\xe0<3\xb4\x97\xb6W\x84K\xd7\xc5\xf47\xed\xda4\xe2W\xb6r\xca\x1e\x90\xef\x13\xf1&~\x97n\x9f\x8eS\xa8R\xf6\x9d{9\x1bN\x81\x18~\xd7{', 0x42, 0x100, 0x0) syz_open_procfs(0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x6, 0x0) mq_timedreceive(r0, &(0x7f000001a3c0)=""/102381, 0xffffffffffffff32, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x18) prctl$PR_SET_NAME(0xf, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) 855.900147ms ago: executing program 5 (id=4951): capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x2}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWTABLE={0x2c, 0x0, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x40}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x8}}], {0x14, 0x10}}, 0x7c}}, 0x8040) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r0]) 855.306297ms ago: executing program 1 (id=4952): openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xa00, 0x1c2) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r0, 0x0) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wg2\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40010}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000540)=ANY=[@ANYBLOB="180800000000100000000000100000008510000006000000180000", @ANYRESDEC=r1, @ANYBLOB="00000000000000116608000000001000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000280)='syzkaller\x00', 0x6, 0xe2, &(0x7f0000000180)=""/226, 0x0, 0x8, '\x00', r3}, 0x94) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0200}]}) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil) brk(0x400000ffc000) 834.874248ms ago: executing program 5 (id=4953): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x2200454, &(0x7f0000000000), 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r2}, 0x18) write$UHID_INPUT(r1, &(0x7f00000027c0)={0x8, {"68828c0b9bc23b6a89f8110d35c59d082b92f476102ce32229638a495dcd21c89d83a602a5e31db5ec28b818a3d699abbfafad0370d610ac8a0c4726147706600ff53312a5a0fcf02dd3c0c051bce7e14058a91070617264a63a446e3bcbc60a8204e1cde7294551e2b14ca95768db0f1d7e91a01558164eb611a545bfff41ad4788237a35d9bb2087b6245d27b7fdf4d12d0b19d8cb93ab5ae5850dc1c521058256c8ffa7742038290bb874b0e4199e945f3ab5c74e1b3840f18b0c27377c18beea9f6f909f141e96c7ef2d65f293a13fbbca16644d71cf8cc7652391c5eacaa8a1e247815d7c91adab2cfe77c71882246812312aa01c99b9402a62d82ce80d08636aa5a87b550becadfe4b5ae98085a6b0d9fd3407461eecd242e243140cbe1027d68516e3c379a0921455ca4b36fb9d4b9f9324590fc77730385dee376d147a74bb08ce8fec7ed205311dc42f4cd009f57c85abced5844867f81ddf09cb67bb623ed41304c2d08373972f30418780c6bed885604b2fc6ea1cd1dfe48c5fae5f5925c9c657bb39d8b30db6eb1cab5031ae94d45aa4764d45397793250c758537e24bab0ab75d8066903f808d1bf68d189c1a1f5c6ad28dbeae6ab64c771346a9e7720b92ad4008db9c94d6b876753d57bb21f7c645d6833e680f52c3ecaf20b05869feb4ee670d4f18e233df78ccda64a8cbc6d28e392fad9cc7dc8baed666cf0e96111aac3376d3e66b50f83bbc51b180de2a320ee8c5fe17bea897acea40274c3962f009ede428a99e0fe869a9f711b626e68a5e257e32cd6a000f4c9c509b1116f2502f199823f29d7410e37f4d57755b85e3b0f555422f8631047187b55295001847e7395e7d59752ee37d12f7f9b0d94f00f626eb330ebcf5fd520925036cc07e687e001befa33475b67d381f5d0d5c969fd603464520d9212df27dbb4665c139755795a42005fac94f0ceeb6dee1f3bb0c7c1b03bbaafe7a4b53257892fa6a0148a1bbb43f0b57c21e278730c53a888864a8fbf71a81e154d5f923bdc67a3557d081655d3a63c63609c0e1804dbb7242ca489ac2f2d425a4f8007d4f312ca7723bf3c6633b651177c0a54d6ac50ac45e5f36e474685ef3938775537a3c50f06eca472d7f8cee44239b2a4d29fbf2629eaf62d879ab8dcd2fd5d2345298f3fea84307f0d22a5ecbe2c728cec1b9ad4240926dc9d3d94d5476a0f9f088b0c21b040139bbe103417ae11a85f72d652c93351f8e062530c03cb842ef3b231ecf36ef32c470c67d48648740334ea670a200e4d87745784c270023ac2391b39319162a268c55d64c763d9e5079c286b0c2eb6c084adbdd0b1823d9d31a73aa181cb507bfce4d9f7752da2fbbd3d3eb366b7fcb4c7868a5d010ea3b4e7dd6e68aeb044edf20e2d4aa2837cd70814a556b5a4f90fc47ceab97b2f6ec437f46196398667cf927c900523154b3bfee8e96eb4b4c03dc0d818511a51b5defd3ebf6523816560ba03fc010fd34ab09fdb3aa355e48b6b3a0cb6ce89b4008104a4afe8265f1178d177027918ec1aca8a2ad98fa63bad1367d379e6ff13a57909d8f9ecf50bf5dedc6e49cb9459e4db15c4aa2098fec4e13eafebaf8c1ea118d05c51e799f8e843e0c722ececfcf2422ece64dd945b6c14e5843a393e84873d3dd84eab786955014f210686aea9b11062c70e829ef9ff9da1be19705d2a74110d82e141cb1da325441a8593780470656e6116d5bf16bb6fee6b980ae3448d782c5f8d658f6e9e8494d9357490485a1b9879d34f4e681a425e36627f4844a64bfee3c90bb2c93c4e791ecefb0917b45f9323524fa575472f9152b84ab51aca006e5672091554d95a598c2c09068673a857704b131dac07bff07985941f2510aa52dbb79246bb5193819fe06cfafd24ac8f2cb98b9f4a7bb5f27d962fcb733b9ac25f1dec5a1d6f6c4fde072048169fbfdde0854a993ae1f93d13b4cfbacd926c204d687f2f9feb696406a8aa83de5853cdb2fc110db3e3ee717851ebc9bfea5f7563e7f41d8edfac83f2b6d015fca0f9ca29e3d97f9c727bdddc5eab6bf603c0af7b421aa44f3a03296fde5d980b3c2c707059440b0e6fac05a66d919733989f69209303d91e09e7b6fac37c812bb880bd06b687958dac2608ec6e07f492732c44b3a304d0a11a7307abab29e31239bde8274ec53a6999c0ec36ef708d46b4e606ddd4e41b05e144147b5a3d786806873dad19d8b11209a0d0d3e93d17ba4b6b75b5e8e9c36289f9be1db428278c0c18bef8327d374fcb16007c595b8c59b15c90f0b2e302071a1e328282b94516af2a83bbcdd2912a5b2044582f21820df59cee9d45a8dc0e9baffffffff2475af0ce53bb0b25661ac5226e946f6cf87dab12601f2cb55573f17ac7d48a647a4ef38e3fca92377ffdd9b5f3bb75bad2b406d8d5656b4eea17a7e2f540c12985599bdb09793068b3151f5a7c39241c88c267f34cf342506338835a8e9975b76dde0e275f3522ff6be12402011868e658fba23ef0ea8eeb470f631ca1b5a2e5e35336320ed03ecc31212bf84467333730d96919e2ed9edddb71da5784fdbc23472da3840ac665cfafbc863d71f5e032d6cb1299375f96ae7a1658798561c5d3e549052751eda4d830109d0c7ccdd80afc7803e546738e3424cf77627330b9447ff34068585936bb60eadd47d40f171d80f5b4d3276a74a4ac606135b805a64d0d39a06344d3be8c1572cd33f9a3afd10dfefd4789a54e9cb55677b02f9330ed19a1f93a6cebd52f22e0d0000000000000082b4dabaf26e215872e11cc836b439b580ea013c76ea8629ed752b087bcf176fdc8cb6ae4e2947f5bcf9338d48ce1cf74e365b720d1b3d8c5145d1a78e8eb1b45d21bb62ed1b6e212c13a0ea21223103cd521cb73666cc7a5bacf02b5764251257dea8138e3683c0f7ec4037093a3b78a2d74185289a4803003619b1d9d1553ea217ca214be2cba732907692a769d398d52b816e3859f8ae81e5d0c089e1a87885dd5c86c50ac83db3a802ea67bc0224b4d4e5ed0347a7b144004a93826b01244e75b6e499d4b26bb1845afea8654ba9ade75f5310b458885ad78eff3712c02e62363c5dedd6c99d9aae4cff5cc5ed9406c248744cb4f091eb1f419d0efd1ef5c850b4176fa07a1a5a4e8d39d2e0308916abc77f6cf6b4a44a8a01fc21059d0e100daaeaf636bd177637a583eb9f45c67bc2c76760a58bf448e2e379831755f7a974384d3d62727ca3fec2194dd633a0ed411d6586651b4bbd8b4f5746ce4e72715ba9736c240747f98a01fd3df0b9bed007763c1a1968d4b6f7afd279d1c761f8d6a675ab2fced1793920b10c50af3520170b1d5041a0dde753a2fc210cf98ebcc5392a5deccaefdf4b002aeee716dcdca6cb6073881ddbfd37ee751edaca99b65202bfdbe1fec457bd502555b7dedc5d8e221d4093cf7acf89a3b801d6d2fdd3415d58bef856be0ff22eab5d75675081d85416ab70d7d36d617a2a7f0c8d6ed35a2a81588f01e80712534c3256fc52fb4ed5478325ae28efd78e7eaaabf08bd749226ecab7bdbab7a60b5b60f2d93714455ae6d3b88de9ebb5d2df81fc7e349af45d1b502cfaf36f4adc16886db2758b4f43f5a030912cb772def90d1a0fb555c8fb10d3a7bd8e2dd954860b8084ce5c72971f5df24ef5bc24937ccd545f964a86b6c466610e24cee92bf7a196c915975349b491e8bb1f164ae0af3fbe050d57dc7af839be63cdf1883ec31f5310c6e0d87c70902a66259bcf76588f14f96ebb85b95997f64814c73d6ff8b059536c70f7d72b5924258ffb706e2af7aaf580f327af6dff0c3b020b451c4b22d46fa72854af95b2b6a6d7a3e0b2b78c06eeec2edd5f9a2174ae8b7b6f4ce2e781314142b8482dc8ff4046e851a5d6b8347b4ac8b2326e1c359160ac49d637e4f5549d73369d3323223f179146a5426e21213c6e51a348bc9d55289837b42fa56f9084f6e268a9d041bde513b1e8ea13a7637bc53f67b2951b4bec7a44acb0d93ea325611c486806884b08192ed5768ca88e95db075d8d551b09c42d62a81769f1555707b163af0ff78d728ad0a1871704645f1ed8632e85735ff24e7541005d5409205940df84926ec581218a4ce89498715fb09dcdb44849d3ca7631c1d472ffcafeb37610e8ca77ba4b43176d825a27f59ec81b217b7aa6e01698fe45ffafa0ea2356ad423e581b632b6c627e0d827da58523a40aa19ea3e2ca93f93ed2a33e4fabc36ae56abcb11ae7944577230ec6c498033976fb8d9610d9d9eacf7302ecb060ea5002d70eb6f327ded18f5b2c79e04f09bff203b7d572a214c3684eb89470c28a1361333b32dd63df2163c039d129c5f766fe1a4110f95fc99b87ead844433ac309c3565bc9ca7a6f838a121fc44303ae248a366865e0a3da36ed3046e304f579ff422a7b9946b5cfb52d3e4463e4c5a1e3c7ec1dc16c18c1cdc641b8a8301cd2fcd271489528b4bb4a8515a71be236faadc7ea05173c21f4b8a9aadae38d2e8443199a08a8df1d502df62736812398e8df6eb17f938d529e8dccfe6a15470be9a8cb613a7fb337f213f77ebd136ddbab9471629169e24304e8d20f37e9a341559afc9ab598119e504c53d5c8ec5316e8336295c4101d8bdf6c71d1483355c00972636ea6831704008858cf823defbba5069c24ac7d5e1b7c8e664212d350832fbc767e09a6c2a08073dd8ac2661fec32d6f548b56d74201c274e2cc07a1712169d3db64ebd5bc111fc0aa41f69a5ef849a41a84cb0673db00cb6ae345fdbd44a5467f8588aa24ef57d05000000000000002ee7990c1e3d97375ffd800248f87789cedb94803c315728805b5c0394ab617eadacafebba89d103b28c9df323fc65d023539393ac18285246ffc5e4a7ba902dc234ac2383382f3f445f198cd82a494c8f7ea80c0517223f14e303cf7565e44cd650d4997202ac331355d2c734c61c8a1903d056eb03ce50d167a7a94854de234e45e3886287d01221c6d493ea078df81c2c0d7e5b61a34ceecbf83dd21edb2aeddd14869aaf034588076f6a604569e745f4400fa8ca7dfb9be8bfb85874283a5d1522ec70559abe4681c91112e3561841b2fad0540865944b5df385121b4c8d99cb4d5f9634ace1700c90dbc98f4086714f5f3fd8450f4067e32715aee5943c571fcdca2cb6115dcc373e3f5e96b08e626a1a776ffd5efbf898cfaac7405f75a40feb8ddf06cddf1258a09f3e58b424d409767966290c5c15d150e0f7d120f0078cb97337874f16838ce3cad921bad2573ecef3d853ee5d7e89c3fe517a0d1139ad3f1424c6e5e880cc8b33eb4762b7bd1fe5fd4e2d4c3249bb70b5fe2e74e3751e1b0d78dfbc78fbab4a35d7cd97f8be57eec3a6b3b5c63a5747f82bd3e7fba99bbf9ad1faee6f4b59e14049bbc7a78c285cc8be8cc3fac3451add460bdada49d65d2253adb3500ad3d163f9ae0e24d413ad348bc1a2ed940e6d1c28fa16b9ad05c2175b3374d765939148451b8daffb3f4e646397bc04b0f04a808b6f96dcab1dccbd5b55d4758279b67899dea10bbb61c58f6aad2aefe78f9e5d2b916ca6d717d78e978c25a527b912e7bddede9c2bf3cd464ff102d78332c1468fc2f2f5cd20baddb71736c30a4a302bb5412587e95f165bc12c05cebf5128ef67064fe9b9f14aed30708a4e5afe8b0cf6c904dbedcd2d7c467cef6544ddd020de4cc50f646d0ba0862030febee6af93b263ff983708b1c725a1310300", 0xffffffffffffff48}}, 0x1006) fallocate(r0, 0x0, 0x803, 0x2000404) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0xc, r1, 0x4, 0x0, 0x0, 0xfffffffffffffffd}) 778.239958ms ago: executing program 5 (id=4954): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0x8}, 0x18) r1 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) write$selinux_validatetrans(r1, &(0x7f0000000180)=ANY=[@ANYBLOB='system_u:object_r:semanage_t system_u:object_r:fixed_disk_device_t:s0 00000000000w'], 0x79) 758.970679ms ago: executing program 5 (id=4955): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) pipe(&(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) unshare(0x68040200) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x5, 0xa5d4}, 0x14c58, 0x5, 0x0, 0x1, 0x6, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}]}], {0x14}}, 0x88}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = dup(r1) write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r5]) 629.673751ms ago: executing program 5 (id=4956): r0 = socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000bc0)=ANY=[@ANYRES32=r0, @ANYRESHEX, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000c9e2a84ab70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000640)={r3, r1}, 0xc) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x3ffffffffffff14, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000050000"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000300)='sched_switch\x00', r7, 0x0, 0x5}, 0x18) r8 = gettid() rt_sigqueueinfo(r8, 0x11, &(0x7f00000004c0)={0x1c, 0x8, 0x5}) waitid(0x2, 0x0, &(0x7f0000000380), 0x20000000, &(0x7f0000000b00)) lchown(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000040), 0x208e24b) r10 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) ioctl$TUNSETPERSIST(r10, 0x400454c9, 0x1) 405.885904ms ago: executing program 2 (id=4957): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) poll(&(0x7f0000000340), 0x20000000000002a9, 0x5e5a) shutdown(r1, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702000002ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x5c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd91, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket(0x2b, 0x80801, 0x1) capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x2}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWTABLE={0x2c, 0x0, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x40}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWCHAIN={0x148, 0x3, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_USERDATA={0xf1, 0xc, "9ffbd82ccb8419b95bf2ac633923770a0cc08c964d8957c6551cc4721d3feba54cc4df6d1074fa9ac1eb66ee6d3f40532aa1a9f8eb202e52bdd84c3d06ba29cd86c8eaf8e4014bf9bc2cf3e5fe0073d84378168fb38ee508080466ab65d0f07a55e0f151cc1c06ebba8c5c8f1da70839c8a268a4f571b2a38e16e5d35648c70b985ee990094bf107f4fe47170421223c2827e2ffe9e199d22e6cac6abe21478a48f394740a862b5aaab8da5b3acaaebf0713f9b58bb50bde721991c1b84fed42c7b2fa3a69ac9c21379d2a415e1af857bee55675c9062fe17a8bc261c5c54b8a8c734e89357ae25e8c3486bba1"}, @NFTA_CHAIN_POLICY={0x8}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0x3}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x571}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x5f8d}]}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x4}]}], {0x14, 0x10}}, 0x1b0}}, 0x8040) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r3]) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x0, 0xab, @empty, 0x1}, 0x1c) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, 0x0, 0x11e) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_rdma(0x10, 0x3, 0x14) perf_event_open(&(0x7f0000001380)={0x2, 0x80, 0x5, 0x1, 0x0, 0x0, 0x0, 0xa, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8000000000000001, 0x8}, 0x4c58, 0x10000, 0x1, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x8000000000000002}, 0x0, 0xffffffdfffffffff, 0xffffffffffffffff, 0x2) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0) unshare(0x22020600) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x5, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x2000000, 0x0, 0x3, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001400)=@newqdisc={0x148, 0x24, 0x4, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@TCA_STAB={0x124, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x1, 0xc, 0x80000000, 0x1, 0x696d, 0xc3af, 0x1}}, {0x6, 0x2, [0x5]}}, {{0x1c, 0x1, {0x7, 0xe8, 0x6, 0xff, 0x2, 0xfff, 0x80, 0x6}}, {0x10, 0x2, [0x4, 0x3, 0x6c2, 0x35, 0x9, 0x400]}}, {{0x1c, 0x1, {0xf7, 0x8, 0x40, 0x6, 0x0, 0x6, 0x1, 0x7}}, {0x12, 0x2, [0x6, 0x200, 0x6, 0x9, 0x8000, 0xfff8, 0xc90]}}, {{0x1c, 0x1, {0x4, 0x6, 0x9, 0x2, 0x2, 0x4, 0x4, 0x1}}, {0x6, 0x2, [0x7f]}}, {{0x1c, 0x1, {0xb7, 0x5, 0x4, 0x3, 0x0, 0x7d44, 0x1c0000, 0x7}}, {0x12, 0x2, [0x3, 0x4fd, 0x1, 0x4, 0xffd, 0x4, 0xfffc]}}, {{0x1c, 0x1, {0x8, 0x2, 0x9, 0x7edf, 0x0, 0x4, 0xd, 0x4}}, {0xc, 0x2, [0x2a6, 0x8, 0x800, 0x9]}}, {{0x1c, 0x1, {0x5, 0x70, 0xfff, 0x7, 0x1, 0x1, 0x9, 0x2}}, {0x8, 0x2, [0xefb1, 0x8]}}]}]}, 0x148}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001600)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x4084) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r6) r7 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) fsmount(r7, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 320.547545ms ago: executing program 0 (id=4958): r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, 0x0, &(0x7f00000002c0)=@chain) 316.907725ms ago: executing program 2 (id=4959): r0 = socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000bc0)=ANY=[@ANYRES32=r0, @ANYRESHEX, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000c9e2a84ab70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000640)={r3, r1}, 0xc) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x3ffffffffffff14, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000050000"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000300)='sched_switch\x00', r7, 0x0, 0x5}, 0x18) r8 = gettid() rt_sigqueueinfo(r8, 0x11, &(0x7f00000004c0)={0x1c, 0x8, 0x5}) waitid(0x2, 0x0, &(0x7f0000000380), 0x20000000, &(0x7f0000000b00)) lchown(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000040), 0x208e24b) r10 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) ioctl$TUNSETPERSIST(r10, 0x400454c9, 0x1) 249.050417ms ago: executing program 0 (id=4960): r0 = socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000bc0)=ANY=[@ANYRES32=r0, @ANYRESHEX, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000c9e2a84ab70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000640)={r3, r1}, 0xc) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r4, &(0x7f00000000c0), 0x3ffffffffffff14, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000300)='sched_switch\x00', r6, 0x0, 0x5}, 0x18) r7 = gettid() rt_sigqueueinfo(r7, 0x11, &(0x7f00000004c0)={0x1c, 0x8, 0x5}) waitid(0x2, 0x0, &(0x7f0000000380), 0x20000000, &(0x7f0000000b00)) lchown(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000040), 0x208e24b) r9 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) 248.483607ms ago: executing program 1 (id=4961): r0 = socket(0x11, 0xa, 0x4) getsockname$packet(r0, 0x0, &(0x7f00000000c0)) unshare(0x400) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x400000000000045c], 0x0, 0xffffffffff600000, 0x1, 0x1}}, 0x40) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000007c0), 0x13f, 0x5}}, 0x20) stat(&(0x7f0000001c40)='./file0\x00', &(0x7f0000001c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r8 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f0000fffffffffffffff0"], 0xffaf}, 0x1, 0x0, 0x0, 0x854}, 0x0) lchown(&(0x7f0000000000)='./file0\x00', 0x0, r7) getegid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000280)={{0x1, 0x1, 0x18, r4, {0xee01, 0xffffffffffffffff}}, './file0\x00'}) r9 = perf_event_open(&(0x7f0000002100)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0xa0100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x6}, 0x0, 0x0, 0x80000001, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r10 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x55, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x8407fff, 0xaea}, 0x14105, 0x32, 0xfffffbff, 0x5, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2007}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r11}, 0x38) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r12, 0x0, 0x3}, 0x18) r13 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x100) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r13, 0xc0f85403, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r9, 0x2405, r10) bpf$PROG_LOAD(0x5, 0x0, 0x0) 40.13305ms ago: executing program 1 (id=4962): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) socket(0xa, 0x5, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) setxattr$incfs_metadata(0x0, &(0x7f0000000840), 0x0, 0x0, 0x1) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x7}, 0x10041, 0x0, 0x3574, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000}, 0x0, 0x10, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a310000ffff0500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) socket$nl_xfrm(0x10, 0x3, 0x6) 24.65033ms ago: executing program 1 (id=4963): capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x2}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWTABLE={0x2c, 0x0, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x40}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x8}}], {0x14, 0x10}}, 0x7c}}, 0x8040) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r0]) 0s ago: executing program 1 (id=4964): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x189002, 0x181) write(r2, &(0x7f0000004200)='t', 0x1) sendfile(r2, r1, 0x0, 0x3ffff) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) sendfile(r2, r1, 0x0, 0x7ffff000) kernel console output (not intermixed with test programs): ] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 222.356832][T14677] ? clear_bhb_loop+0x40/0x90 [ 222.356878][T14677] ? clear_bhb_loop+0x40/0x90 [ 222.356897][T14677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.356916][T14677] RIP: 0033:0x7f65c58be929 [ 222.356929][T14677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.356946][T14677] RSP: 002b:00007f65c3f26fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 222.356962][T14677] RAX: ffffffffffffffda RBX: 00007f65c5ae5fa0 RCX: 00007f65c58be929 [ 222.356980][T14677] RDX: 0000000000000000 RSI: fffffffffffffc70 RDI: 0000000001022000 [ 222.356991][T14677] RBP: 00007f65c3f27090 R08: 0000000000000000 R09: 0000000000000000 [ 222.357002][T14677] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 222.357012][T14677] R13: 0000000000000000 R14: 00007f65c5ae5fa0 R15: 00007ffc4c94c6c8 [ 222.357029][T14677] [ 222.603944][T14688] SELinux: syz.2.4229 (14688) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 222.652048][T14691] lo speed is unknown, defaulting to 1000 [ 222.771427][T14702] loop5: detected capacity change from 0 to 512 [ 222.787711][T14702] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 222.800500][T14702] ext4 filesystem being mounted at /116/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 222.847631][T14709] loop2: detected capacity change from 0 to 512 [ 222.860445][T14711] siw: device registration error -23 [ 222.886313][T14709] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 222.899291][T14709] ext4 filesystem being mounted at /270/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 222.996548][T14725] program syz.4.4242 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 223.242642][T14738] loop0: detected capacity change from 0 to 1024 [ 223.249659][T14738] EXT4-fs: Ignoring removed orlov option [ 223.257283][T14738] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 223.607772][T13190] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.639228][T14752] siw: device registration error -23 [ 223.658178][T10605] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.717755][T14758] program syz.2.4253 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 223.754920][T14760] loop2: detected capacity change from 0 to 1024 [ 223.761787][T14760] EXT4-fs: Ignoring removed orlov option [ 223.770758][T14760] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.280573][T14780] SELinux: syz.5.4261 (14780) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 224.487454][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 224.487471][ T29] audit: type=1326 audit(1752774740.111:11541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14787 comm="syz.5.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 224.517361][ T29] audit: type=1326 audit(1752774740.111:11542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14787 comm="syz.5.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 224.605017][ T29] audit: type=1326 audit(1752774740.111:11543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14787 comm="syz.5.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 224.628738][ T29] audit: type=1326 audit(1752774740.111:11544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14787 comm="syz.5.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 224.652431][ T29] audit: type=1326 audit(1752774740.111:11545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14787 comm="syz.5.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 224.655165][T14790] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=14790 comm=syz.5.4265 [ 224.676115][ T29] audit: type=1326 audit(1752774740.111:11546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14787 comm="syz.5.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 224.688582][T14790] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=14790 comm=syz.5.4265 [ 224.712180][ T29] audit: type=1326 audit(1752774740.111:11547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14787 comm="syz.5.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 224.748432][ T29] audit: type=1326 audit(1752774740.111:11548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14787 comm="syz.5.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 224.772100][ T29] audit: type=1326 audit(1752774740.111:11549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14787 comm="syz.5.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 224.795870][ T29] audit: type=1326 audit(1752774740.121:11550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14788 comm="syz.1.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5078b3e929 code=0x7ffc0000 [ 224.884843][T14793] loop4: detected capacity change from 0 to 128 [ 224.899200][T14793] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 224.945911][T14796] vhci_hcd: invalid port number 96 [ 224.951100][T14796] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 224.958357][T14793] ext4 filesystem being mounted at /245/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 225.013760][T11405] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 225.122218][T14807] loop1: detected capacity change from 0 to 1024 [ 225.146156][T14807] EXT4-fs: Ignoring removed nobh option [ 225.151798][T14807] EXT4-fs: Ignoring removed bh option [ 225.161029][T10605] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.174816][T14808] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4270'. [ 225.192399][T14807] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 225.223772][T11790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.233009][T14808] Falling back ldisc for ttyS3. [ 225.253480][T14807] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 225.286096][T11202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.307576][T14818] loop0: detected capacity change from 0 to 512 [ 225.315610][T14817] lo speed is unknown, defaulting to 1000 [ 225.327920][T14818] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 225.345787][T14818] ext4 filesystem being mounted at /193/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 225.621780][T14829] lo speed is unknown, defaulting to 1000 [ 225.664870][T14829] loop1: detected capacity change from 0 to 512 [ 225.675433][T14829] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.4277: Failed to acquire dquot type 1 [ 225.687587][T14829] EXT4-fs (loop1): 1 truncate cleaned up [ 225.693956][T14829] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 225.707107][T14829] ext4 filesystem being mounted at /278/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 225.719579][T14829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.779537][T14833] loop5: detected capacity change from 0 to 128 [ 225.787533][T14833] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 225.799968][T14833] ext4 filesystem being mounted at /124/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 225.824448][T14836] FAULT_INJECTION: forcing a failure. [ 225.824448][T14836] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 225.837598][T14836] CPU: 1 UID: 0 PID: 14836 Comm: syz.1.4278 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 225.837634][T14836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 225.837716][T14836] Call Trace: [ 225.837723][T14836] [ 225.837730][T14836] __dump_stack+0x1d/0x30 [ 225.837753][T14836] dump_stack_lvl+0xe8/0x140 [ 225.837842][T14836] dump_stack+0x15/0x1b [ 225.837940][T14836] should_fail_ex+0x265/0x280 [ 225.838053][T14836] should_fail+0xb/0x20 [ 225.838085][T14836] should_fail_usercopy+0x1a/0x20 [ 225.838121][T14836] _copy_to_iter+0x381/0xe30 [ 225.838157][T14836] ? _raw_spin_unlock_irqrestore+0x2b/0x60 [ 225.838260][T14836] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 225.838296][T14836] __skb_datagram_iter+0xc6/0x690 [ 225.838329][T14836] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 225.838467][T14836] skb_copy_datagram_iter+0x3d/0x110 [ 225.838503][T14836] netlink_recvmsg+0x1a8/0x550 [ 225.838598][T14836] ? __pfx_netlink_recvmsg+0x10/0x10 [ 225.838626][T14836] sock_recvmsg+0x136/0x170 [ 225.838655][T14836] ____sys_recvmsg+0xf5/0x280 [ 225.838694][T14836] ___sys_recvmsg+0x11f/0x370 [ 225.838723][T14836] do_recvmmsg+0x1ef/0x540 [ 225.838765][T14836] ? get_timespec64+0xc9/0x100 [ 225.838791][T14836] __x64_sys_recvmmsg+0xfb/0x170 [ 225.838816][T14836] x64_sys_call+0x1c6a/0x2fb0 [ 225.838916][T14836] do_syscall_64+0xd2/0x200 [ 225.838949][T14836] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 225.838975][T14836] ? clear_bhb_loop+0x40/0x90 [ 225.839053][T14836] ? clear_bhb_loop+0x40/0x90 [ 225.839073][T14836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.839095][T14836] RIP: 0033:0x7f5078b3e929 [ 225.839111][T14836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.839133][T14836] RSP: 002b:00007f50771a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 225.839200][T14836] RAX: ffffffffffffffda RBX: 00007f5078d65fa0 RCX: 00007f5078b3e929 [ 225.839211][T14836] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 225.839291][T14836] RBP: 00007f50771a7090 R08: 0000200000003700 R09: 0000000000000000 [ 225.839302][T14836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.839349][T14836] R13: 0000000000000000 R14: 00007f5078d65fa0 R15: 00007ffcf2101118 [ 225.839379][T14836] [ 225.875925][T14838] lo speed is unknown, defaulting to 1000 [ 225.877530][T13190] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 225.953849][T14838] loop1: detected capacity change from 0 to 512 [ 226.127164][T14838] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.4281: Failed to acquire dquot type 1 [ 226.150896][T11790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.164481][T14838] EXT4-fs (loop1): 1 truncate cleaned up [ 226.170875][T14844] loop5: detected capacity change from 0 to 1024 [ 226.178125][T14838] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 226.191914][T14844] EXT4-fs: Ignoring removed nobh option [ 226.193189][T14838] ext4 filesystem being mounted at /280/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 226.197612][T14844] EXT4-fs: Ignoring removed bh option [ 226.216750][T14838] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.262318][T14844] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 226.363839][T14858] program syz.0.4287 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 226.407349][T13190] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.425896][T14860] loop1: detected capacity change from 0 to 1024 [ 226.468352][T14860] EXT4-fs: Ignoring removed nobh option [ 226.474066][T14860] EXT4-fs: Ignoring removed bh option [ 226.502447][T14864] loop0: detected capacity change from 0 to 128 [ 226.516524][T14860] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 226.534110][T14864] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 226.558316][T14864] ext4 filesystem being mounted at /196/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 226.586848][T14860] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 226.628703][T11202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.662967][T11790] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 226.717849][T14847] netlink: 14 bytes leftover after parsing attributes in process `syz.2.4284'. [ 226.911773][T14882] loop2: detected capacity change from 0 to 512 [ 226.941829][T14882] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 226.964415][T14882] ext4 filesystem being mounted at /277/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 226.986034][T14876] netlink: 14 bytes leftover after parsing attributes in process `syz.1.4294'. [ 227.069802][T14890] loop0: detected capacity change from 0 to 1024 [ 227.118829][T14890] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 227.156356][T14895] loop4: detected capacity change from 0 to 1024 [ 227.159363][T11790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.163463][T14895] EXT4-fs: Ignoring removed nobh option [ 227.177465][T14895] EXT4-fs: Ignoring removed bh option [ 227.204204][T14895] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 227.218068][T14902] loop1: detected capacity change from 0 to 512 [ 227.237050][T14902] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 227.283434][T11405] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.294253][T14902] ext4 filesystem being mounted at /285/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 227.407103][T14913] SELinux: syz.4.4305 (14913) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 227.448461][T14917] loop5: detected capacity change from 0 to 1024 [ 227.455328][T14917] EXT4-fs: Ignoring removed orlov option [ 227.468283][T14917] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 227.750016][T10605] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.919557][T14939] lo speed is unknown, defaulting to 1000 [ 227.963803][T14939] loop4: detected capacity change from 0 to 512 [ 227.989084][T14939] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4314: Failed to acquire dquot type 1 [ 228.001248][T14939] EXT4-fs (loop4): 1 truncate cleaned up [ 228.008361][T14939] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.037098][T14939] ext4 filesystem being mounted at /259/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 228.052080][T11202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.064829][T14939] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.090870][T14945] SELinux: syz.1.4316 (14945) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 228.256071][T14955] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4320'. [ 228.390898][T14962] lo speed is unknown, defaulting to 1000 [ 228.524513][T14964] netlink: 14 bytes leftover after parsing attributes in process `syz.1.4324'. [ 228.697472][T14970] program syz.2.4327 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 228.727936][T14972] SELinux: syz.1.4328 (14972) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 228.831496][T14979] loop4: detected capacity change from 0 to 512 [ 228.845495][T14979] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.871612][T14979] ext4 filesystem being mounted at /262/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 229.053927][T13190] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.148544][T14999] loop0: detected capacity change from 0 to 512 [ 229.167115][T14999] EXT4-fs (loop0): too many log groups per flexible block group [ 229.174890][T14999] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 229.183348][T14999] EXT4-fs (loop0): mount failed [ 229.227573][T15008] loop1: detected capacity change from 0 to 4096 [ 229.340773][T15015] netlink: 208 bytes leftover after parsing attributes in process `syz.0.4337'. [ 229.350398][T15015] unsupported nla_type 8573 [ 229.414913][T15018] 9pnet_fd: Insufficient options for proto=fd [ 229.566810][T15022] loop0: detected capacity change from 0 to 1024 [ 229.580639][T15022] EXT4-fs: Ignoring removed nobh option [ 229.586342][T15022] EXT4-fs: Ignoring removed bh option [ 229.607455][T15022] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 229.729313][T15022] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 18: block 209:freeing already freed block (bit 13); block bitmap corrupt. [ 229.769932][T15028] loop1: detected capacity change from 0 to 512 [ 229.807622][T11405] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.816840][T11790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.827820][T15028] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 229.840750][T15028] ext4 filesystem being mounted at /303/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 229.859293][T15034] SELinux: syz.4.4348 (15034) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 229.999991][ T29] kauditd_printk_skb: 82 callbacks suppressed [ 230.000007][ T29] audit: type=1326 audit(1752774745.621:11627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15038 comm="syz.2.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f733dcbe929 code=0x7ffc0000 [ 230.039280][ T29] audit: type=1326 audit(1752774745.661:11628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15031 comm="syz.0.4347" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f65c58be929 code=0x0 [ 230.073481][ T29] audit: type=1326 audit(1752774745.691:11629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15038 comm="syz.2.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f733dcbe929 code=0x7ffc0000 [ 230.097239][ T29] audit: type=1326 audit(1752774745.691:11630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15038 comm="syz.2.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f733dcbe929 code=0x7ffc0000 [ 230.121602][ T29] audit: type=1326 audit(1752774745.691:11631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15038 comm="syz.2.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f733dcbe929 code=0x7ffc0000 [ 230.206648][T15051] program syz.2.4355 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 230.207403][ T29] audit: type=1326 audit(1752774745.771:11632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15038 comm="syz.2.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f733dcbe929 code=0x7ffc0000 [ 230.239692][ T29] audit: type=1326 audit(1752774745.771:11633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15038 comm="syz.2.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f733dcbe929 code=0x7ffc0000 [ 230.263463][ T29] audit: type=1326 audit(1752774745.791:11634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15038 comm="syz.2.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f733dcbe929 code=0x7ffc0000 [ 230.267181][T15053] siw: device registration error -23 [ 230.287154][ T29] audit: type=1326 audit(1752774745.791:11635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15038 comm="syz.2.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f733dcbe929 code=0x7ffc0000 [ 230.287223][ T29] audit: type=1326 audit(1752774745.791:11636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15038 comm="syz.2.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=304 compat=0 ip=0x7f733dcbe929 code=0x7ffc0000 [ 230.385377][T15059] loop1: detected capacity change from 0 to 1024 [ 230.392358][T15059] EXT4-fs: Ignoring removed nobh option [ 230.398004][T15059] EXT4-fs: Ignoring removed bh option [ 230.716132][T15089] loop2: detected capacity change from 0 to 128 [ 230.729358][T15093] program syz.5.4373 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 230.733468][T15089] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 230.746556][T15095] siw: device registration error -23 [ 230.770546][T15089] ALSA: seq fatal error: cannot create timer (-22) [ 230.794950][T15097] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4375'. [ 230.834678][T15099] netlink: 19 bytes leftover after parsing attributes in process `syz.2.4376'. [ 230.885177][T15105] loop0: detected capacity change from 0 to 1024 [ 230.896784][T15105] EXT4-fs: Ignoring removed bh option [ 230.908073][T15105] EXT4-fs: inline encryption not supported [ 230.917617][T15105] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 230.929819][T15105] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 230.939848][T15105] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 2: comm syz.0.4379: lblock 2 mapped to illegal pblock 2 (length 1) [ 230.942889][T15108] loop5: detected capacity change from 0 to 128 [ 230.954916][T15105] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 48: comm syz.0.4379: lblock 0 mapped to illegal pblock 48 (length 1) [ 230.976772][T15105] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.4379: Failed to acquire dquot type 0 [ 230.988510][T15105] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 230.998792][T15105] EXT4-fs error (device loop0): ext4_evict_inode:254: inode #11: comm syz.0.4379: mark_inode_dirty error [ 231.010431][T15105] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 231.021786][T15108] ext4 filesystem being mounted at /143/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 231.032466][T15105] EXT4-fs (loop0): 1 orphan inode deleted [ 231.042751][ T51] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1) [ 231.098531][ T51] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 0 [ 231.140138][T15105] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 48: comm kfree: lblock 0 mapped to illegal pblock 48 (length 1) [ 231.321077][T15116] siw: device registration error -23 [ 231.349412][T15118] siw: device registration error -23 [ 231.369326][T15120] ALSA: seq fatal error: cannot create timer (-22) [ 231.419026][T15124] siw: device registration error -23 [ 231.521832][T15133] loop4: detected capacity change from 0 to 512 [ 231.535285][T15133] ext4 filesystem being mounted at /272/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 231.581211][T15139] tipc: Started in network mode [ 231.586258][T15139] tipc: Node identity ac14140f, cluster identity 4711 [ 231.626108][T15139] tipc: New replicast peer: 10.1.1.2 [ 231.631547][T15139] tipc: Enabled bearer , priority 10 [ 231.658334][T15139] loop5: detected capacity change from 0 to 4096 [ 231.770020][T15149] lo speed is unknown, defaulting to 1000 [ 231.869569][T15153] lo speed is unknown, defaulting to 1000 [ 231.915755][T15159] loop0: detected capacity change from 0 to 512 [ 231.947936][T15159] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.4396: Failed to acquire dquot type 1 [ 231.961691][T15149] loop2: detected capacity change from 0 to 512 [ 231.968681][T15159] EXT4-fs (loop0): 1 truncate cleaned up [ 231.976053][T15159] ext4 filesystem being mounted at /217/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 231.996938][T15172] xt_hashlimit: max too large, truncated to 1048576 [ 232.004915][T15149] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4393: Failed to acquire dquot type 1 [ 232.036868][T15149] EXT4-fs (loop2): 1 truncate cleaned up [ 232.043679][T15149] ext4 filesystem being mounted at /290/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 232.203872][T15189] siw: device registration error -23 [ 232.546805][T15200] loop1: detected capacity change from 0 to 512 [ 232.558709][T15200] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 232.584096][T15200] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=884ee02c, mo2=0102] [ 232.592189][T15200] EXT4-fs (loop1): orphan cleanup on readonly fs [ 232.599163][T15200] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 33619980: comm syz.1.4413: invalid block [ 232.611627][T15200] EXT4-fs (loop1): Remounting filesystem read-only [ 232.620636][T15200] EXT4-fs (loop1): 1 truncate cleaned up [ 232.630694][ T3407] tipc: Node number set to 2886997007 [ 232.883792][T15207] siw: device registration error -23 [ 232.884920][T15206] lo speed is unknown, defaulting to 1000 [ 232.926708][T15206] loop4: detected capacity change from 0 to 512 [ 232.944655][T15206] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4416: Failed to acquire dquot type 1 [ 232.966061][T15206] EXT4-fs (loop4): 1 truncate cleaned up [ 232.982678][T15206] ext4 filesystem being mounted at /273/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 233.023830][T15211] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set [ 233.218152][T15222] loop4: detected capacity change from 0 to 128 [ 233.237110][T15226] siw: device registration error -23 [ 233.245599][T15222] ext4 filesystem being mounted at /275/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 233.275347][T15230] loop1: detected capacity change from 0 to 128 [ 233.314273][T15230] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 233.343157][T15230] ALSA: seq fatal error: cannot create timer (-22) [ 233.368147][T15237] siw: device registration error -23 [ 233.409643][T15240] loop0: detected capacity change from 0 to 512 [ 233.426719][T15240] ext4 filesystem being mounted at /227/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 233.467002][T15247] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4434'. [ 233.476813][T15247] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4434'. [ 233.553156][T15247] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4434'. [ 233.562288][T15256] loop4: detected capacity change from 0 to 1024 [ 233.569151][T15256] EXT4-fs: Ignoring removed nobh option [ 233.574831][T15256] EXT4-fs: Ignoring removed bh option [ 233.661339][T15256] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 233.909878][T15292] lo speed is unknown, defaulting to 1000 [ 233.930760][T15294] lo speed is unknown, defaulting to 1000 [ 234.002122][T15295] loop2: detected capacity change from 0 to 512 [ 234.019402][T15294] loop1: detected capacity change from 0 to 512 [ 234.026077][T15295] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4450: Failed to acquire dquot type 1 [ 234.026860][T15295] EXT4-fs (loop2): 1 truncate cleaned up [ 234.044148][T15295] ext4 filesystem being mounted at /299/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 234.077014][T15303] loop4: detected capacity change from 0 to 1024 [ 234.085618][T15303] EXT4-fs: Ignoring removed nobh option [ 234.086647][T15294] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.4451: Failed to acquire dquot type 1 [ 234.091292][T15303] EXT4-fs: Ignoring removed bh option [ 234.103767][T15294] EXT4-fs (loop1): 1 truncate cleaned up [ 234.115519][T15294] ext4 filesystem being mounted at /326/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 234.165617][T15303] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 209:freeing already freed block (bit 13); block bitmap corrupt. [ 234.263047][T15313] program syz.1.4457 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 234.287882][T15315] lo speed is unknown, defaulting to 1000 [ 234.324624][T15317] SELinux: syz.1.4459 (15317) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 234.355723][T15315] loop0: detected capacity change from 0 to 512 [ 234.385779][T15315] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.4456: Failed to acquire dquot type 1 [ 234.399421][T15315] EXT4-fs (loop0): 1 truncate cleaned up [ 234.403147][T15312] netlink: 14 bytes leftover after parsing attributes in process `syz.4.4458'. [ 234.405996][T15315] ext4 filesystem being mounted at /228/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 234.524455][T15330] loop4: detected capacity change from 0 to 2048 [ 234.532612][T15335] loop5: detected capacity change from 0 to 128 [ 234.542985][T15335] ext4 filesystem being mounted at /160/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 234.604500][T15346] program syz.0.4469 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 234.616074][T15330] EXT4-fs error (device loop4): ext4_ext_precache:632: inode #2: comm syz.4.4463: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 234.636017][T15330] EXT4-fs (loop4): Remounting filesystem read-only [ 234.650429][T15348] loop5: detected capacity change from 0 to 512 [ 234.674906][T15348] ext4 filesystem being mounted at /161/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 234.690353][T15351] SELinux: syz.0.4470 (15351) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 234.732044][T15357] loop4: detected capacity change from 0 to 128 [ 234.746881][T15357] ext4 filesystem being mounted at /287/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 234.787274][T15361] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4468'. [ 234.864069][T15364] siw: device registration error -23 [ 235.028395][T15366] netlink: 14 bytes leftover after parsing attributes in process `syz.4.4474'. [ 235.041811][T15369] lo speed is unknown, defaulting to 1000 [ 235.077991][T15369] loop1: detected capacity change from 0 to 512 [ 235.095655][T15369] __quota_error: 123 callbacks suppressed [ 235.095674][T15369] Quota error (device loop1): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 235.111612][T15369] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 235.121739][T15369] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.4475: Failed to acquire dquot type 1 [ 235.133994][T15369] EXT4-fs (loop1): 1 truncate cleaned up [ 235.140264][T15369] ext4 filesystem being mounted at /332/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 235.184376][T15376] loop4: detected capacity change from 0 to 128 [ 235.196328][T15376] ext4 filesystem being mounted at /291/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 235.226475][T15379] loop1: detected capacity change from 0 to 1024 [ 235.233588][T15379] EXT4-fs: Ignoring removed bh option [ 235.239310][T15379] EXT4-fs: inline encryption not supported [ 235.245740][T15379] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 235.257201][T15379] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 235.266391][T15379] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 2: comm syz.1.4478: lblock 2 mapped to illegal pblock 2 (length 1) [ 235.277590][T15381] vhci_hcd: invalid port number 96 [ 235.282195][T15379] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 235.285714][T15381] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 235.293928][T15379] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 48: comm syz.1.4478: lblock 0 mapped to illegal pblock 48 (length 1) [ 235.315201][T15379] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 235.324074][T15379] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.4478: Failed to acquire dquot type 0 [ 235.335590][T15379] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 235.345204][T15379] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.4478: mark_inode_dirty error [ 235.356719][T15379] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 235.366994][T15379] EXT4-fs (loop1): 1 orphan inode deleted [ 235.382904][ T2048] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 235.398197][ T2048] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 235.406700][ T2048] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:6: Failed to release dquot type 0 [ 235.422987][T15379] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 235.476752][T15388] loop4: detected capacity change from 0 to 512 [ 235.494539][T15388] ext4 filesystem being mounted at /293/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 235.521344][T15394] loop1: detected capacity change from 0 to 2048 [ 235.539994][T15394] EXT4-fs error (device loop1): ext4_ext_precache:632: inode #2: comm syz.1.4481: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 235.562026][T15394] EXT4-fs (loop1): Remounting filesystem read-only [ 235.582929][ T29] audit: type=1326 audit(1752774751.201:11744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15397 comm="syz.5.4483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 235.606589][ T29] audit: type=1326 audit(1752774751.201:11745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15397 comm="syz.5.4483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 235.630194][ T29] audit: type=1326 audit(1752774751.201:11746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15397 comm="syz.5.4483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 235.670350][T15402] siw: device registration error -23 [ 235.777094][T15401] netlink: 14 bytes leftover after parsing attributes in process `syz.5.4486'. [ 235.793684][T15413] ALSA: seq fatal error: cannot create timer (-22) [ 235.845573][T15415] vhci_hcd: invalid port number 96 [ 235.850782][T15415] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 235.893643][T15418] SELinux: syz.5.4491 (15418) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 236.327601][T15442] loop5: detected capacity change from 0 to 1024 [ 236.334630][T15442] ext4: Unknown parameter 'uid<00000000000000000000' [ 236.367415][ T29] audit: type=1326 audit(1752774751.991:11747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15438 comm="syz.0.4499" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f65c58be929 code=0x0 [ 236.394857][T15431] netlink: 256 bytes leftover after parsing attributes in process `syz.1.4493'. [ 236.408842][ T29] audit: type=1400 audit(1752774752.021:11748): avc: denied { ioctl } for pid=15424 comm="syz.1.4493" path="socket:[46892]" dev="sockfs" ino=46892 ioctlcmd=0x745a scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 236.448056][T15431] capability: warning: `syz.1.4493' uses 32-bit capabilities (legacy support in use) [ 236.683081][T15448] program syz.4.4500 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 236.851253][T15453] netlink: 14 bytes leftover after parsing attributes in process `syz.4.4502'. [ 236.923299][T15459] SELinux: syz.4.4504 (15459) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 236.974701][T15463] lo speed is unknown, defaulting to 1000 [ 237.015012][T15463] loop1: detected capacity change from 0 to 512 [ 237.027446][T15461] vhci_hcd: invalid port number 96 [ 237.032759][T15461] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 237.047424][T15463] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.4506: Failed to acquire dquot type 1 [ 237.060219][T15463] EXT4-fs (loop1): 1 truncate cleaned up [ 237.066652][T15463] ext4 filesystem being mounted at /340/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 237.070018][T15469] lo speed is unknown, defaulting to 1000 [ 237.214456][T15475] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4509'. [ 237.225171][T15475] FAULT_INJECTION: forcing a failure. [ 237.225171][T15475] name failslab, interval 1, probability 0, space 0, times 0 [ 237.237976][T15475] CPU: 0 UID: 0 PID: 15475 Comm: syz.5.4509 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 237.238013][T15475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 237.238029][T15475] Call Trace: [ 237.238037][T15475] [ 237.238067][T15475] __dump_stack+0x1d/0x30 [ 237.238094][T15475] dump_stack_lvl+0xe8/0x140 [ 237.238119][T15475] dump_stack+0x15/0x1b [ 237.238140][T15475] should_fail_ex+0x265/0x280 [ 237.238177][T15475] should_failslab+0x8c/0xb0 [ 237.238205][T15475] kmem_cache_alloc_noprof+0x50/0x310 [ 237.238288][T15475] ? sk_prot_alloc+0x3f/0x190 [ 237.238326][T15475] sk_prot_alloc+0x3f/0x190 [ 237.238385][T15475] sk_alloc+0x34/0x360 [ 237.238421][T15475] unix_create1+0xa5/0x430 [ 237.238517][T15475] unix_stream_connect+0x1a5/0xa50 [ 237.238554][T15475] ? selinux_netlbl_socket_connect+0x115/0x130 [ 237.238635][T15475] ? selinux_socket_connect+0x57/0x70 [ 237.238674][T15475] ? __pfx_unix_stream_connect+0x10/0x10 [ 237.238703][T15475] __sys_connect+0x1ef/0x2b0 [ 237.238821][T15475] __x64_sys_connect+0x3f/0x50 [ 237.238856][T15475] x64_sys_call+0x1daa/0x2fb0 [ 237.238882][T15475] do_syscall_64+0xd2/0x200 [ 237.238902][T15475] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 237.238962][T15475] ? clear_bhb_loop+0x40/0x90 [ 237.238997][T15475] ? clear_bhb_loop+0x40/0x90 [ 237.239025][T15475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.239051][T15475] RIP: 0033:0x7f993880e929 [ 237.239070][T15475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.239098][T15475] RSP: 002b:00007f9936e6f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 237.239121][T15475] RAX: ffffffffffffffda RBX: 00007f9938a35fa0 RCX: 00007f993880e929 [ 237.239189][T15475] RDX: 000000000000006e RSI: 0000200000000280 RDI: 0000000000000008 [ 237.239201][T15475] RBP: 00007f9936e6f090 R08: 0000000000000000 R09: 0000000000000000 [ 237.239213][T15475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 237.239225][T15475] R13: 0000000000000000 R14: 00007f9938a35fa0 R15: 00007ffc037ed8e8 [ 237.239244][T15475] [ 237.246887][T15480] program syz.2.4511 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 237.262616][T15477] ALSA: seq fatal error: cannot create timer (-22) [ 237.358333][T15488] SELinux: syz.0.4515 (15488) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 237.542352][T15494] siw: device registration error -23 [ 237.674870][T15500] loop5: detected capacity change from 0 to 1024 [ 237.681838][T15500] EXT4-fs: Ignoring removed nobh option [ 237.687579][T15500] EXT4-fs: Ignoring removed bh option [ 237.763549][T15501] loop4: detected capacity change from 0 to 1024 [ 237.770404][T15501] ext4: Unknown parameter 'uid<00000000000000000000' [ 237.829991][T15506] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4519'. [ 238.139243][T15500] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 18: block 209:freeing already freed block (bit 13); block bitmap corrupt. [ 238.345391][T15520] program syz.5.4526 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 238.356970][T15518] loop1: detected capacity change from 0 to 1024 [ 238.364026][T15518] EXT4-fs: Ignoring removed nobh option [ 238.369684][T15518] EXT4-fs: Ignoring removed bh option [ 238.493706][T15526] siw: device registration error -23 [ 238.545991][T15518] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 238.629048][T15530] program syz.4.4532 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 238.690344][T15535] lo speed is unknown, defaulting to 1000 [ 238.700750][T15532] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 238.700750][T15532] program syz.5.4533 not setting count and/or reply_len properly [ 238.797882][T15535] loop1: detected capacity change from 0 to 512 [ 238.959081][T15547] loop2: detected capacity change from 0 to 1024 [ 238.965935][T15547] EXT4-fs: Ignoring removed bh option [ 238.971420][T15547] EXT4-fs: inline encryption not supported [ 238.973190][T15535] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.4531: Failed to acquire dquot type 1 [ 239.037259][T15547] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 239.041286][T15535] EXT4-fs (loop1): 1 truncate cleaned up [ 239.053646][T15554] loop5: detected capacity change from 0 to 512 [ 239.054369][T15535] ext4 filesystem being mounted at /345/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 239.074277][T15553] ALSA: seq fatal error: cannot create timer (-22) [ 239.084581][T15554] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.4538: Failed to acquire dquot type 1 [ 239.106272][T15554] EXT4-fs (loop5): 1 truncate cleaned up [ 239.120146][T15547] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 239.129352][T15547] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 2: comm syz.2.4528: lblock 2 mapped to illegal pblock 2 (length 1) [ 239.143726][T15554] ext4 filesystem being mounted at /179/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 239.156363][T15547] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 48: comm syz.2.4528: lblock 0 mapped to illegal pblock 48 (length 1) [ 239.178155][T15559] xt_hashlimit: max too large, truncated to 1048576 [ 239.210477][T15547] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4528: Failed to acquire dquot type 0 [ 239.231058][T15547] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 239.253839][T15565] loop4: detected capacity change from 0 to 1024 [ 239.261268][T15565] EXT4-fs: Ignoring removed bh option [ 239.271653][T15565] EXT4-fs: inline encryption not supported [ 239.273658][T15547] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.4528: mark_inode_dirty error [ 239.278023][T15565] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 239.302773][T15547] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 239.305105][T15567] siw: device registration error -23 [ 239.314171][T15547] EXT4-fs (loop2): 1 orphan inode deleted [ 239.324715][T15565] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 239.332982][T15563] loop1: detected capacity change from 0 to 2048 [ 239.333836][ T133] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 239.354922][T15565] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.4542: lblock 2 mapped to illegal pblock 2 (length 1) [ 239.396281][T15563] EXT4-fs error (device loop1): ext4_ext_precache:632: inode #2: comm syz.1.4541: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 239.416368][ T133] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 0 [ 239.439762][T15565] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.4542: lblock 0 mapped to illegal pblock 48 (length 1) [ 239.455130][T15547] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 239.476823][T15563] EXT4-fs (loop1): Remounting filesystem read-only [ 239.487164][T15572] 9pnet_fd: Insufficient options for proto=fd [ 239.515792][T15565] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4542: Failed to acquire dquot type 0 [ 239.535723][T15565] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 239.552293][T15565] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.4542: mark_inode_dirty error [ 239.564925][T15565] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 239.575222][T15565] EXT4-fs (loop4): 1 orphan inode deleted [ 239.587356][T15579] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4545'. [ 239.592876][ T37] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 239.630376][ T37] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:2: Failed to release dquot type 0 [ 239.647837][T15581] 9pnet_fd: Insufficient options for proto=fd [ 239.658742][T15565] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 239.678798][T15583] loop5: detected capacity change from 0 to 1024 [ 239.694017][T15583] EXT4-fs: Ignoring removed bh option [ 239.701837][T15583] EXT4-fs: inline encryption not supported [ 239.708547][T15583] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 239.730070][T15583] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 239.775159][T15583] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 2: comm syz.5.4550: lblock 2 mapped to illegal pblock 2 (length 1) [ 239.809970][T15583] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 48: comm syz.5.4550: lblock 0 mapped to illegal pblock 48 (length 1) [ 239.838202][T15599] loop0: detected capacity change from 0 to 1024 [ 239.845173][T15599] EXT4-fs: Ignoring removed bh option [ 239.850871][T15599] EXT4-fs: inline encryption not supported [ 239.858838][T15583] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.4550: Failed to acquire dquot type 0 [ 239.872164][T15603] net_ratelimit: 10 callbacks suppressed [ 239.872197][T15603] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 239.878216][T15602] loop4: detected capacity change from 0 to 512 [ 239.892253][T15599] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 239.904094][T15583] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 239.905608][T15599] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 239.922260][T15583] EXT4-fs error (device loop5): ext4_evict_inode:254: inode #11: comm syz.5.4550: mark_inode_dirty error [ 239.934126][T15599] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 2: comm syz.0.4546: lblock 2 mapped to illegal pblock 2 (length 1) [ 239.935160][T15602] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4557: Failed to acquire dquot type 1 [ 239.948470][T15599] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 48: comm syz.0.4546: lblock 0 mapped to illegal pblock 48 (length 1) [ 239.973897][T15599] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.4546: Failed to acquire dquot type 0 [ 239.987875][T15583] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 239.987909][T15583] EXT4-fs (loop5): 1 orphan inode deleted [ 239.998185][T15599] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 240.013442][ T133] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 240.028588][T15599] EXT4-fs error (device loop0): ext4_evict_inode:254: inode #11: comm syz.0.4546: mark_inode_dirty error [ 240.029653][T15602] EXT4-fs (loop4): 1 truncate cleaned up [ 240.045847][T15599] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 240.046560][ T133] EXT4-fs error (device loop5): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 0 [ 240.062939][T15599] EXT4-fs (loop0): 1 orphan inode deleted [ 240.073216][T15602] ext4 filesystem being mounted at /311/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 240.083907][ T133] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 240.102201][ T133] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 0 [ 240.115018][T15583] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 240.123561][T15599] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 240.172273][T15612] program syz.4.4562 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 240.230944][ T29] kauditd_printk_skb: 29 callbacks suppressed [ 240.230963][ T29] audit: type=1326 audit(1752774755.841:11758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15619 comm="syz.5.4565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 240.242876][T15623] ALSA: seq fatal error: cannot create timer (-22) [ 240.260817][ T29] audit: type=1326 audit(1752774755.841:11759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15619 comm="syz.5.4565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 240.290838][ T29] audit: type=1326 audit(1752774755.841:11760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15619 comm="syz.5.4565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 240.327186][ T29] audit: type=1326 audit(1752774755.951:11761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15607 comm="syz.1.4559" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5078b3e929 code=0x0 [ 240.354122][T15628] loop0: detected capacity change from 0 to 1024 [ 240.360966][T15628] EXT4-fs: Ignoring removed orlov option [ 240.372328][T15625] xt_hashlimit: max too large, truncated to 1048576 [ 240.374408][T15630] program syz.4.4569 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 240.419569][T15632] lo speed is unknown, defaulting to 1000 [ 240.470770][T15639] SELinux: syz.5.4573 (15639) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 240.484922][T15640] loop4: detected capacity change from 0 to 2048 [ 240.608438][T15638] loop2: detected capacity change from 0 to 512 [ 240.731270][T15638] Quota error (device loop2): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 240.741511][T15638] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 240.751682][T15638] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4570: Failed to acquire dquot type 1 [ 240.816840][T15638] EXT4-fs (loop2): 1 truncate cleaned up [ 240.839503][T15638] ext4 filesystem being mounted at /306/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 240.864659][ T29] audit: type=1326 audit(1752774756.491:11762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15654 comm="syz.5.4577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 240.898773][ T29] audit: type=1326 audit(1752774756.491:11763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15654 comm="syz.5.4577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 240.922543][ T29] audit: type=1326 audit(1752774756.491:11764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15654 comm="syz.5.4577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 240.946153][ T29] audit: type=1326 audit(1752774756.491:11765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15654 comm="syz.5.4577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f993880e929 code=0x7ffc0000 [ 240.971146][T15658] ALSA: seq fatal error: cannot create timer (-22) [ 241.003427][T15660] siw: device registration error -23 [ 241.017044][T15662] loop5: detected capacity change from 0 to 1024 [ 241.049549][T15662] EXT4-fs: Ignoring removed nobh option [ 241.055256][T15662] EXT4-fs: Ignoring removed bh option [ 241.076747][T15665] loop2: detected capacity change from 0 to 2048 [ 241.149496][T15673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4581'. [ 241.161861][T15675] xt_hashlimit: max too large, truncated to 1048576 [ 241.184109][T15662] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 241.338008][T15681] vhci_hcd: invalid port number 96 [ 241.343251][T15681] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 241.372465][T15686] loop4: detected capacity change from 0 to 1024 [ 241.379294][T15686] EXT4-fs: Ignoring removed nobh option [ 241.385084][T15686] EXT4-fs: Ignoring removed bh option [ 241.441360][T15686] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 241.494567][T15695] program syz.2.4591 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 241.519669][T15697] lo speed is unknown, defaulting to 1000 [ 241.576531][T15700] SELinux: syz.4.4593 (15700) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 241.576861][T15698] loop5: detected capacity change from 0 to 512 [ 241.635513][T15698] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.4592: Failed to acquire dquot type 1 [ 241.673599][T15698] EXT4-fs (loop5): 1 truncate cleaned up [ 241.681701][T15698] ext4 filesystem being mounted at /197/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 241.732200][T15710] loop4: detected capacity change from 0 to 2048 [ 241.741456][T15712] loop2: detected capacity change from 0 to 2048 [ 241.879832][T15719] loop5: detected capacity change from 0 to 512 [ 241.931516][T15719] ext4 filesystem being mounted at /198/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 242.010131][T15727] vhci_hcd: invalid port number 96 [ 242.015430][T15727] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 242.094273][T15730] program syz.2.4603 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 242.117155][T15734] siw: device registration error -23 [ 242.216662][T15745] loop1: detected capacity change from 0 to 1024 [ 242.223530][T15745] EXT4-fs: Ignoring removed orlov option [ 242.305868][T15751] lo speed is unknown, defaulting to 1000 [ 242.402633][T15755] loop2: detected capacity change from 0 to 512 [ 242.447895][T15760] loop4: detected capacity change from 0 to 2048 [ 242.477650][T15755] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4611: Failed to acquire dquot type 1 [ 242.515204][T15755] EXT4-fs (loop2): 1 truncate cleaned up [ 242.543214][T15755] ext4 filesystem being mounted at /313/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 242.591684][T15767] siw: device registration error -23 [ 242.859137][T15778] program syz.2.4619 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 242.971592][T15779] loop5: detected capacity change from 0 to 1024 [ 242.978563][T15779] ext4: Unknown parameter 'uid<00000000000000000000' [ 243.369763][T15793] siw: device registration error -23 [ 243.483558][T15798] loop2: detected capacity change from 0 to 2048 [ 243.745412][T15809] 9pnet_fd: Insufficient options for proto=fd [ 243.814822][T15815] program syz.2.4633 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 243.843931][T15817] 9pnet_fd: Insufficient options for proto=fd [ 243.857540][T15819] loop1: detected capacity change from 0 to 1024 [ 243.875560][T15823] siw: device registration error -23 [ 243.890524][T15819] EXT4-fs: Ignoring removed bh option [ 243.899421][T15819] EXT4-fs: inline encryption not supported [ 243.906495][T15819] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 243.918587][T15819] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 243.929345][T15819] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 2: comm syz.1.4635: lblock 2 mapped to illegal pblock 2 (length 1) [ 243.946971][T15819] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 48: comm syz.1.4635: lblock 0 mapped to illegal pblock 48 (length 1) [ 243.961469][T15827] loop5: detected capacity change from 0 to 512 [ 243.968604][T15819] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.4635: Failed to acquire dquot type 0 [ 243.981521][T15819] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 243.991121][T15819] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.4635: mark_inode_dirty error [ 243.995206][T15827] ext4 filesystem being mounted at /204/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 244.002796][T15819] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 244.066732][T15819] EXT4-fs (loop1): 1 orphan inode deleted [ 244.104539][ T51] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1) [ 244.122527][T15834] loop4: detected capacity change from 0 to 512 [ 244.135129][ T51] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 0 [ 244.147754][T15819] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 244.158652][T15834] ext4 filesystem being mounted at /338/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 244.207935][T15841] xt_hashlimit: max too large, truncated to 1048576 [ 244.255770][T15844] lo speed is unknown, defaulting to 1000 [ 244.309281][T15846] 9pnet_fd: Insufficient options for proto=fd [ 244.337565][T15849] loop1: detected capacity change from 0 to 1024 [ 244.344748][T15849] EXT4-fs: Ignoring removed orlov option [ 244.789822][T15862] loop5: detected capacity change from 0 to 1024 [ 244.855437][T15862] EXT4-fs: Ignoring removed bh option [ 244.873783][T15862] EXT4-fs: inline encryption not supported [ 245.014544][T15862] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 245.124493][T15862] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 245.165296][T15862] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 2: comm syz.5.4649: lblock 2 mapped to illegal pblock 2 (length 1) [ 245.228822][T15862] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 48: comm syz.5.4649: lblock 0 mapped to illegal pblock 48 (length 1) [ 245.265075][T15862] __quota_error: 34 callbacks suppressed [ 245.265097][T15862] Quota error (device loop5): v2_write_file_info: Can't write info structure [ 245.279703][T15862] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.4649: Failed to acquire dquot type 0 [ 245.326915][T15870] loop4: detected capacity change from 0 to 512 [ 245.333926][T15862] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 245.355575][T15870] ext4 filesystem being mounted at /339/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 245.404085][T15862] EXT4-fs error (device loop5): ext4_evict_inode:254: inode #11: comm syz.5.4649: mark_inode_dirty error [ 245.415635][T15862] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 245.425969][T15862] EXT4-fs (loop5): 1 orphan inode deleted [ 245.446492][ T2100] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:7: lblock 1 mapped to illegal pblock 1 (length 1) [ 245.474810][ T2100] Quota error (device loop5): remove_tree: Can't read quota data block 1 [ 245.483336][ T2100] EXT4-fs error (device loop5): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 0 [ 245.517822][T15862] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 245.605145][T15875] loop5: detected capacity change from 0 to 1024 [ 245.626356][T15875] EXT4-fs: Ignoring removed bh option [ 245.647973][T15875] EXT4-fs: inline encryption not supported [ 245.665927][T15877] siw: device registration error -23 [ 245.674799][T15875] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 245.717468][T15875] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 245.750331][T15875] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 2: comm syz.5.4653: lblock 2 mapped to illegal pblock 2 (length 1) [ 245.778132][T15880] 9pnet_fd: Insufficient options for proto=fd [ 245.815263][T15875] Quota error (device loop5): qtree_write_dquot: dquota write failed [ 245.840794][T15882] loop2: detected capacity change from 0 to 1024 [ 245.853462][T15875] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 48: comm syz.5.4653: lblock 0 mapped to illegal pblock 48 (length 1) [ 245.868357][T15882] EXT4-fs: Ignoring removed nobh option [ 245.873357][T15875] Quota error (device loop5): v2_write_file_info: Can't write info structure [ 245.873973][T15882] EXT4-fs: Ignoring removed bh option [ 245.882798][T15875] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.4653: Failed to acquire dquot type 0 [ 245.906921][T15875] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 245.917252][T15875] EXT4-fs error (device loop5): ext4_evict_inode:254: inode #11: comm syz.5.4653: mark_inode_dirty error [ 245.929437][T15875] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 245.941243][T15875] EXT4-fs (loop5): 1 orphan inode deleted [ 245.952745][ T51] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1) [ 245.983677][ T51] Quota error (device loop5): remove_tree: Can't read quota data block 1 [ 245.992445][ T51] EXT4-fs error (device loop5): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 0 [ 246.017035][T15882] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 246.061638][T15887] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 246.244642][T15907] siw: device registration error -23 [ 246.294162][T15911] siw: device registration error -23 [ 246.299160][T15913] loop2: detected capacity change from 0 to 1024 [ 246.323190][T15913] EXT4-fs: Ignoring removed nobh option [ 246.328941][T15913] EXT4-fs: Ignoring removed bh option [ 246.333539][T15914] loop4: detected capacity change from 0 to 512 [ 246.345109][T15914] ext4 filesystem being mounted at /342/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 246.410658][T15896] netlink: 14 bytes leftover after parsing attributes in process `syz.0.4661'. [ 246.413425][T15921] SELinux: syz.5.4670 (15921) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 246.658609][T15942] program syz.0.4677 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 246.686094][T15943] loop2: detected capacity change from 0 to 1024 [ 246.693808][T15943] EXT4-fs: Ignoring removed bh option [ 246.700752][T15943] EXT4-fs: inline encryption not supported [ 246.707441][T15943] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 246.718722][T15943] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 246.731752][T15946] loop1: detected capacity change from 0 to 1024 [ 246.738823][T15946] EXT4-fs: Ignoring removed orlov option [ 246.746543][T15943] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 2: comm syz.2.4678: lblock 2 mapped to illegal pblock 2 (length 1) [ 246.763606][T15951] program syz.5.4681 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 246.784464][T15943] Quota error (device loop2): qtree_write_dquot: dquota write failed [ 246.798286][T15953] loop5: detected capacity change from 0 to 1024 [ 246.805291][T15953] EXT4-fs: Ignoring removed nobh option [ 246.810899][T15953] EXT4-fs: Ignoring removed bh option [ 246.816705][T15943] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 48: comm syz.2.4678: lblock 0 mapped to illegal pblock 48 (length 1) [ 246.838338][T15943] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 246.847291][T15943] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4678: Failed to acquire dquot type 0 [ 246.871160][T15943] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 246.881293][T15943] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.4678: mark_inode_dirty error [ 246.914720][T15943] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 246.928340][T15943] EXT4-fs (loop2): 1 orphan inode deleted [ 246.928444][ T12] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:0: lblock 1 mapped to illegal pblock 1 (length 1) [ 246.951312][ T12] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 246.959965][ T12] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:0: Failed to release dquot type 0 [ 246.972546][T15943] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 246.999979][T15966] program syz.5.4686 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 247.067033][T15969] ALSA: seq fatal error: cannot create timer (-22) [ 247.121470][T15975] program syz.5.4690 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 247.182056][T15977] lo speed is unknown, defaulting to 1000 [ 247.235949][T15973] loop2: detected capacity change from 0 to 512 [ 247.260055][T15979] loop5: detected capacity change from 0 to 1024 [ 247.267079][T15979] EXT4-fs: Ignoring removed orlov option [ 247.333501][T15982] program syz.4.4692 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 247.396381][T15973] Quota error (device loop2): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 247.407053][T15973] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 247.417024][T15973] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4689: Failed to acquire dquot type 1 [ 247.473494][T15973] EXT4-fs (loop2): 1 truncate cleaned up [ 247.479723][T15973] ext4 filesystem being mounted at /338/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 247.549682][T15993] ALSA: seq fatal error: cannot create timer (-22) [ 247.588174][T15995] siw: device registration error -23 [ 247.689774][T16000] loop0: detected capacity change from 0 to 512 [ 247.776149][T16000] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.4698: Failed to acquire dquot type 1 [ 247.836481][T16000] EXT4-fs (loop0): 1 truncate cleaned up [ 247.937668][T16000] ext4 filesystem being mounted at /267/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 248.013692][T16006] loop4: detected capacity change from 0 to 1024 [ 248.020393][T16006] ext4: Unknown parameter 'uid<00000000000000000000' [ 248.174298][T16010] program syz.2.4701 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 248.421938][T16012] loop2: detected capacity change from 0 to 1024 [ 248.455619][T16012] EXT4-fs: Ignoring removed bh option [ 248.480321][T16012] EXT4-fs: inline encryption not supported [ 248.503864][T16012] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 248.535990][T16012] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 248.550035][T16012] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 2: comm syz.2.4702: lblock 2 mapped to illegal pblock 2 (length 1) [ 248.583394][T16012] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 48: comm syz.2.4702: lblock 0 mapped to illegal pblock 48 (length 1) [ 248.621291][T16016] lo speed is unknown, defaulting to 1000 [ 248.682448][T16012] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4702: Failed to acquire dquot type 0 [ 248.753753][T16012] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 248.764452][T16012] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.4702: mark_inode_dirty error [ 248.777282][T16012] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 248.787598][T16012] EXT4-fs (loop2): 1 orphan inode deleted [ 248.792369][T16025] loop1: detected capacity change from 0 to 1024 [ 248.794100][T16012] EXT4-fs mount: 132 callbacks suppressed [ 248.794118][T16012] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 248.821858][T16025] EXT4-fs: Ignoring removed nobh option [ 248.827653][T16025] EXT4-fs: Ignoring removed bh option [ 248.827636][ T2048] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 248.858129][T16025] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 248.858709][ T2048] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:6: Failed to release dquot type 0 [ 248.964243][T16012] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 248.979220][T16025] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 249.018071][T10605] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.090380][T11202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.130852][T16039] loop4: detected capacity change from 0 to 1024 [ 249.147139][T16039] EXT4-fs: Ignoring removed bh option [ 249.152745][T16039] EXT4-fs: inline encryption not supported [ 249.257056][T16039] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 249.281010][T16039] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 249.292896][T16043] lo speed is unknown, defaulting to 1000 [ 249.320149][T16039] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.4713: lblock 2 mapped to illegal pblock 2 (length 1) [ 249.335870][T16044] loop0: detected capacity change from 0 to 512 [ 249.365724][T16049] loop2: detected capacity change from 0 to 1024 [ 249.372746][T16049] ext4: Unknown parameter 'uid<00000000000000000000' [ 249.435298][T16039] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.4713: lblock 0 mapped to illegal pblock 48 (length 1) [ 249.536185][T16044] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.4715: Failed to acquire dquot type 1 [ 249.576678][T16051] lo speed is unknown, defaulting to 1000 [ 249.587900][T16039] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4713: Failed to acquire dquot type 0 [ 249.602001][T16044] EXT4-fs (loop0): 1 truncate cleaned up [ 249.629551][T16044] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 249.681056][T16039] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 249.702225][T16044] ext4 filesystem being mounted at /271/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 249.702870][T16039] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.4713: mark_inode_dirty error [ 249.727330][T16039] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 249.736102][T16044] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.747025][T16039] EXT4-fs (loop4): 1 orphan inode deleted [ 249.753337][ T37] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 249.759792][T16039] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 249.780342][ T37] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:2: Failed to release dquot type 0 [ 249.794753][T16051] loop1: detected capacity change from 0 to 512 [ 249.804069][T16051] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.4716: Failed to acquire dquot type 1 [ 249.818537][T13190] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.837113][T16051] EXT4-fs (loop1): 1 truncate cleaned up [ 249.843476][T16051] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 249.856258][T16051] ext4 filesystem being mounted at /372/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 249.869057][T16051] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.880162][T16039] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 249.909647][T11405] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.964451][T16068] lo speed is unknown, defaulting to 1000 [ 250.010265][T16068] loop4: detected capacity change from 0 to 512 [ 250.046298][T16068] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4719: Failed to acquire dquot type 1 [ 250.095516][T16068] EXT4-fs (loop4): 1 truncate cleaned up [ 250.106622][T16068] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 250.119517][T16068] ext4 filesystem being mounted at /352/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 250.151676][T16068] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.197034][T16077] loop2: detected capacity change from 0 to 512 [ 250.214305][T16077] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4724: Failed to acquire dquot type 1 [ 250.227172][T16075] netlink: 256 bytes leftover after parsing attributes in process `syz.1.4721'. [ 250.243702][T16077] EXT4-fs (loop2): 1 truncate cleaned up [ 250.251001][T16077] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 250.264128][T16077] ext4 filesystem being mounted at /343/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 250.282756][T16077] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.306665][T16085] ALSA: seq fatal error: cannot create timer (-22) [ 250.383794][T16089] lo speed is unknown, defaulting to 1000 [ 250.425725][T16089] loop2: detected capacity change from 0 to 512 [ 250.445679][T16089] __quota_error: 17 callbacks suppressed [ 250.445694][T16089] Quota error (device loop2): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 250.461524][T16089] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 250.471590][T16089] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4728: Failed to acquire dquot type 1 [ 250.483477][T16089] EXT4-fs (loop2): 1 truncate cleaned up [ 250.489572][T16089] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 250.502338][T16089] ext4 filesystem being mounted at /344/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 250.524029][T16089] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.561535][T16099] loop2: detected capacity change from 0 to 512 [ 250.574940][T16099] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 250.587598][T16099] ext4 filesystem being mounted at /345/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 250.726004][T10605] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.827308][T16107] lo speed is unknown, defaulting to 1000 [ 250.850814][T16110] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4735'. [ 250.907990][T16115] ALSA: seq fatal error: cannot create timer (-22) [ 250.947657][T16117] lo speed is unknown, defaulting to 1000 [ 250.967554][T16119] loop1: detected capacity change from 0 to 1024 [ 250.987729][T16119] EXT4-fs: Ignoring removed nobh option [ 250.993431][T16119] EXT4-fs: Ignoring removed bh option [ 251.012514][T16117] loop0: detected capacity change from 0 to 512 [ 251.024978][T16119] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 251.026701][T16117] Quota error (device loop0): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 251.048038][T16117] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 251.058147][T16117] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.4738: Failed to acquire dquot type 1 [ 251.073737][T16117] EXT4-fs (loop0): 1 truncate cleaned up [ 251.088678][T16117] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 251.112315][T16119] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 251.127777][T16117] ext4 filesystem being mounted at /275/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 251.147018][T16117] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.163435][T11202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.188548][T16126] 9pnet_fd: Insufficient options for proto=fd [ 251.290871][T16131] loop1: detected capacity change from 0 to 512 [ 251.374286][T16131] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 251.387681][T16131] ext4 filesystem being mounted at /378/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 251.484393][T16140] loop5: detected capacity change from 0 to 1024 [ 251.491304][T16140] ext4: Unknown parameter 'uid<00000000000000000000' [ 251.584052][T16141] siw: device registration error -23 [ 251.608485][T16136] loop0: detected capacity change from 0 to 1024 [ 251.649564][T16136] EXT4-fs: Ignoring removed nobh option [ 251.655356][T16136] EXT4-fs: Ignoring removed bh option [ 251.805827][T16136] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 251.907773][T11790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.933255][T16153] lo speed is unknown, defaulting to 1000 [ 251.934813][T16155] program syz.0.4749 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 252.023252][T16159] loop0: detected capacity change from 0 to 512 [ 252.081576][ T29] audit: type=1326 audit(1752774767.701:11793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16150 comm="syz.2.4747" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f733dcbe929 code=0x0 [ 252.108531][T16159] Quota error (device loop0): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 252.118651][T16159] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 252.119636][T16157] netlink: 14 bytes leftover after parsing attributes in process `syz.4.4750'. [ 252.128755][T16159] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.4751: Failed to acquire dquot type 1 [ 252.151801][T16159] EXT4-fs (loop0): 1 truncate cleaned up [ 252.159654][T16159] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.172451][T16159] ext4 filesystem being mounted at /278/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 252.213053][T11202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.223578][T11790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.367708][T16178] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 252.376648][T16180] loop0: detected capacity change from 0 to 1024 [ 252.395708][T16180] EXT4-fs: Ignoring removed nobh option [ 252.401420][T16180] EXT4-fs: Ignoring removed bh option [ 252.423637][T16184] lo speed is unknown, defaulting to 1000 [ 252.435129][T16180] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.478939][T16180] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 18: block 305:freeing already freed block (bit 19); block bitmap corrupt. [ 252.516244][T16193] loop4: detected capacity change from 0 to 512 [ 252.557093][T11790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.568325][T16193] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.588469][T16193] ext4 filesystem being mounted at /361/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 252.638407][T16207] loop5: detected capacity change from 0 to 512 [ 252.684777][T16207] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.718232][T16207] ext4 filesystem being mounted at /231/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 252.776621][T16219] loop1: detected capacity change from 0 to 512 [ 252.812058][T16205] netlink: 14 bytes leftover after parsing attributes in process `syz.0.4769'. [ 252.827321][T16219] Quota error (device loop1): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 252.837433][T16219] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 252.847572][T16219] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.4774: Failed to acquire dquot type 1 [ 252.861238][T16219] EXT4-fs (loop1): 1 truncate cleaned up [ 252.867333][T16219] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.880723][T16219] ext4 filesystem being mounted at /387/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 252.892098][T16219] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.973118][T16227] FAULT_INJECTION: forcing a failure. [ 252.973118][T16227] name failslab, interval 1, probability 0, space 0, times 0 [ 252.985964][T16227] CPU: 1 UID: 0 PID: 16227 Comm: syz.0.4776 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 252.986040][T16227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 252.986062][T16227] Call Trace: [ 252.986070][T16227] [ 252.986081][T16227] __dump_stack+0x1d/0x30 [ 252.986108][T16227] dump_stack_lvl+0xe8/0x140 [ 252.986128][T16227] dump_stack+0x15/0x1b [ 252.986163][T16227] should_fail_ex+0x265/0x280 [ 252.986226][T16227] should_failslab+0x8c/0xb0 [ 252.986252][T16227] kmem_cache_alloc_node_noprof+0x57/0x320 [ 252.986295][T16227] ? __alloc_skb+0x101/0x320 [ 252.986401][T16227] __alloc_skb+0x101/0x320 [ 252.986439][T16227] netlink_alloc_large_skb+0xba/0xf0 [ 252.986471][T16227] netlink_sendmsg+0x3cf/0x6b0 [ 252.986555][T16227] ? __pfx_netlink_sendmsg+0x10/0x10 [ 252.986624][T16227] __sock_sendmsg+0x145/0x180 [ 252.986648][T16227] ____sys_sendmsg+0x345/0x4e0 [ 252.986692][T16227] ___sys_sendmsg+0x17b/0x1d0 [ 252.986752][T16227] __sys_sendmmsg+0x178/0x300 [ 252.986835][T16227] __x64_sys_sendmmsg+0x57/0x70 [ 252.986876][T16227] x64_sys_call+0x2f2f/0x2fb0 [ 252.986907][T16227] do_syscall_64+0xd2/0x200 [ 252.986929][T16227] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 252.986983][T16227] ? clear_bhb_loop+0x40/0x90 [ 252.987009][T16227] ? clear_bhb_loop+0x40/0x90 [ 252.987064][T16227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.987087][T16227] RIP: 0033:0x7f65c58be929 [ 252.987101][T16227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.987119][T16227] RSP: 002b:00007f65c3f27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 252.987179][T16227] RAX: ffffffffffffffda RBX: 00007f65c5ae5fa0 RCX: 00007f65c58be929 [ 252.987194][T16227] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000006 [ 252.987211][T16227] RBP: 00007f65c3f27090 R08: 0000000000000000 R09: 0000000000000000 [ 252.987227][T16227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 252.987242][T16227] R13: 0000000000000000 R14: 00007f65c5ae5fa0 R15: 00007ffc4c94c6c8 [ 252.987296][T16227] [ 253.222715][T16230] program syz.0.4777 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 253.339100][T11405] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.372743][ T29] audit: type=1326 audit(1752774768.991:11794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16242 comm="syz.4.4784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03352fe929 code=0x7ffc0000 [ 253.457940][T13190] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.518867][T16249] loop5: detected capacity change from 0 to 512 [ 253.567877][T16249] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.4786: Failed to acquire dquot type 1 [ 253.575315][T16256] program syz.1.4789 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 253.594831][T16258] loop4: detected capacity change from 0 to 1024 [ 253.601735][T16258] EXT4-fs: Ignoring removed nobh option [ 253.607400][T16258] EXT4-fs: Ignoring removed bh option [ 253.614107][T16249] EXT4-fs (loop5): 1 truncate cleaned up [ 253.620179][T16249] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.647173][T16249] ext4 filesystem being mounted at /232/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 253.686350][T16258] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.727997][T16249] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.774329][T16258] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 305:freeing already freed block (bit 19); block bitmap corrupt. [ 253.842230][T11405] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.960697][T16275] ALSA: seq fatal error: cannot create timer (-22) [ 254.071009][T16287] FAULT_INJECTION: forcing a failure. [ 254.071009][T16287] name failslab, interval 1, probability 0, space 0, times 0 [ 254.083877][T16287] CPU: 1 UID: 0 PID: 16287 Comm: syz.2.4801 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 254.083912][T16287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 254.083927][T16287] Call Trace: [ 254.083936][T16287] [ 254.083944][T16287] __dump_stack+0x1d/0x30 [ 254.083979][T16287] dump_stack_lvl+0xe8/0x140 [ 254.084001][T16287] dump_stack+0x15/0x1b [ 254.084020][T16287] should_fail_ex+0x265/0x280 [ 254.084128][T16287] should_failslab+0x8c/0xb0 [ 254.084194][T16287] kmem_cache_alloc_noprof+0x50/0x310 [ 254.084232][T16287] ? security_inode_alloc+0x37/0x100 [ 254.084280][T16287] security_inode_alloc+0x37/0x100 [ 254.084315][T16287] inode_init_always_gfp+0x4b7/0x500 [ 254.084357][T16287] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 254.084436][T16287] alloc_inode+0x58/0x170 [ 254.084481][T16287] new_inode+0x1d/0xe0 [ 254.084504][T16287] hugetlbfs_get_inode+0x7b/0x370 [ 254.084603][T16287] hugetlb_file_setup+0x192/0x3d0 [ 254.084634][T16287] ksys_mmap_pgoff+0x157/0x310 [ 254.084721][T16287] x64_sys_call+0x1602/0x2fb0 [ 254.084748][T16287] do_syscall_64+0xd2/0x200 [ 254.084769][T16287] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 254.084868][T16287] ? clear_bhb_loop+0x40/0x90 [ 254.084890][T16287] ? clear_bhb_loop+0x40/0x90 [ 254.084918][T16287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.084945][T16287] RIP: 0033:0x7f733dcbe929 [ 254.084963][T16287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.085046][T16287] RSP: 002b:00007f733c31f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 254.085069][T16287] RAX: ffffffffffffffda RBX: 00007f733dee5fa0 RCX: 00007f733dcbe929 [ 254.085083][T16287] RDX: 0000000001000002 RSI: 0000000000ff5000 RDI: 0000200000000000 [ 254.085099][T16287] RBP: 00007f733c31f090 R08: ffffffffffffffff R09: 0000000000000000 [ 254.085115][T16287] R10: 000200000005c831 R11: 0000000000000246 R12: 0000000000000001 [ 254.085131][T16287] R13: 0000000000000000 R14: 00007f733dee5fa0 R15: 00007ffc2b631aa8 [ 254.085156][T16287] [ 254.088275][T16288] loop4: detected capacity change from 0 to 512 [ 254.090169][T16286] ALSA: seq fatal error: cannot create timer (-22) [ 254.156214][T16292] loop2: detected capacity change from 0 to 1024 [ 254.259199][T16297] siw: device registration error -23 [ 254.263272][T16292] EXT4-fs: Ignoring removed bh option [ 254.273320][T16288] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 254.278867][T16292] EXT4-fs: inline encryption not supported [ 254.294876][T16295] loop1: detected capacity change from 0 to 512 [ 254.354365][T16292] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 254.364843][T16288] ext4 filesystem being mounted at /366/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 254.402494][T16292] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 254.425117][T16292] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 2: comm syz.2.4803: lblock 2 mapped to illegal pblock 2 (length 1) [ 254.444965][T16292] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 48: comm syz.2.4803: lblock 0 mapped to illegal pblock 48 (length 1) [ 254.460080][T16292] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4803: Failed to acquire dquot type 0 [ 254.487794][T16292] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 254.501689][T16295] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 254.515148][T16292] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.4803: mark_inode_dirty error [ 254.534908][T16295] ext4 filesystem being mounted at /399/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 254.550267][T16305] loop5: detected capacity change from 0 to 512 [ 254.563571][T16292] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 254.581274][T16292] EXT4-fs (loop2): 1 orphan inode deleted [ 254.587603][T16292] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 254.601582][ T295] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:5: lblock 1 mapped to illegal pblock 1 (length 1) [ 254.604181][T16305] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.4806: Failed to acquire dquot type 1 [ 254.627642][T16305] EXT4-fs (loop5): 1 truncate cleaned up [ 254.635092][T16305] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 254.647679][T16305] ext4 filesystem being mounted at /236/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 254.672512][T16313] ALSA: seq fatal error: cannot create timer (-22) [ 254.680742][ T295] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:5: Failed to release dquot type 0 [ 254.700349][T16292] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 254.711135][T13190] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.731433][T10605] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.757502][T16319] loop2: detected capacity change from 0 to 512 [ 254.774873][T16319] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4811: Failed to acquire dquot type 1 [ 254.786940][T16319] EXT4-fs (loop2): 1 truncate cleaned up [ 254.793057][T16319] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 254.805765][T16319] ext4 filesystem being mounted at /356/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 254.833305][T10605] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.860942][T16327] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.4815'. [ 254.871207][T16329] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 254.891327][T16327] SELinux: syz.0.4815 (16327) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 254.935968][T11405] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.986268][T16335] siw: device registration error -23 [ 254.997003][T11202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.033016][T16337] ALSA: seq fatal error: cannot create timer (-22) [ 255.076206][T16344] program syz.4.4822 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 255.093754][T16346] program syz.1.4823 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 255.124731][T16349] loop4: detected capacity change from 0 to 1024 [ 255.135490][T16349] EXT4-fs: Ignoring removed bh option [ 255.140952][T16349] EXT4-fs: inline encryption not supported [ 255.147587][T16349] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 255.164455][T16349] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 255.184230][T16349] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.4824: lblock 2 mapped to illegal pblock 2 (length 1) [ 255.202443][T16349] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.4824: lblock 0 mapped to illegal pblock 48 (length 1) [ 255.216961][T16349] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4824: Failed to acquire dquot type 0 [ 255.228520][T16349] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 255.241206][T16349] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.4824: mark_inode_dirty error [ 255.254216][T16349] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 255.264540][T16349] EXT4-fs (loop4): 1 orphan inode deleted [ 255.270725][T16349] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 255.283716][ T295] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:5: lblock 1 mapped to illegal pblock 1 (length 1) [ 255.299946][ T295] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:5: Failed to release dquot type 0 [ 255.312045][T16356] loop1: detected capacity change from 0 to 128 [ 255.312299][T16351] netlink: 256 bytes leftover after parsing attributes in process `syz.0.4816'. [ 255.320445][T16349] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 255.329555][T16356] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 255.348619][T16356] ext4 filesystem being mounted at /403/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 255.378044][T11405] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.378392][T11202] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 255.407704][T16362] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4827'. [ 255.417089][T16363] loop1: detected capacity change from 0 to 1024 [ 255.424104][T16363] EXT4-fs: Ignoring removed orlov option [ 255.432210][T16363] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 255.514550][T16367] loop4: detected capacity change from 0 to 512 [ 255.535381][T16367] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 255.645893][T16367] ext4 filesystem being mounted at /372/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 255.763996][T16375] loop5: detected capacity change from 0 to 512 [ 255.817707][T16375] __quota_error: 28 callbacks suppressed [ 255.817726][T16375] Quota error (device loop5): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 255.833594][T16375] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 255.843583][T16375] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.4831: Failed to acquire dquot type 1 [ 255.855750][T16375] EXT4-fs (loop5): 1 truncate cleaned up [ 255.861936][T16375] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 255.875306][T16375] ext4 filesystem being mounted at /241/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 255.939195][T16386] program syz.2.4835 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 255.955730][T13190] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.966069][ T29] audit: type=1326 audit(1752774771.591:11811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16387 comm="syz.0.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c58be929 code=0x7ffc0000 [ 255.997825][ T29] audit: type=1326 audit(1752774771.611:11812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16387 comm="syz.0.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c58be929 code=0x7ffc0000 [ 256.021872][ T29] audit: type=1326 audit(1752774771.621:11813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16387 comm="syz.0.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65c58be929 code=0x7ffc0000 [ 256.045599][ T29] audit: type=1326 audit(1752774771.621:11814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16387 comm="syz.0.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c58be929 code=0x7ffc0000 [ 256.069423][ T29] audit: type=1326 audit(1752774771.621:11815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16387 comm="syz.0.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c58be929 code=0x7ffc0000 [ 256.093243][ T29] audit: type=1326 audit(1752774771.621:11816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16387 comm="syz.0.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65c58be929 code=0x7ffc0000 [ 256.116882][ T29] audit: type=1326 audit(1752774771.621:11817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16387 comm="syz.0.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c58be929 code=0x7ffc0000 [ 256.140487][ T29] audit: type=1326 audit(1752774771.621:11818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16387 comm="syz.0.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65c58be929 code=0x7ffc0000 [ 256.198900][T16393] siw: device registration error -23 [ 256.336809][T11405] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.430252][T16404] 9pnet_fd: Insufficient options for proto=fd [ 256.446674][T16406] siw: device registration error -23 [ 256.480835][T16408] siw: device registration error -23 [ 256.530335][T16402] netlink: 256 bytes leftover after parsing attributes in process `syz.5.4839'. [ 256.620402][T16422] loop4: detected capacity change from 0 to 1024 [ 256.627215][T16422] EXT4-fs: Ignoring removed bh option [ 256.632797][T16422] EXT4-fs: inline encryption not supported [ 256.633766][T16420] loop0: detected capacity change from 0 to 1024 [ 256.645404][T16422] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 256.657048][T16420] EXT4-fs: Ignoring removed bh option [ 256.662622][T16420] EXT4-fs: inline encryption not supported [ 256.670197][T16422] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 256.679856][T16420] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 256.693775][T16420] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 256.702580][T16422] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.4851: lblock 2 mapped to illegal pblock 2 (length 1) [ 256.718747][T16420] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 2: comm syz.0.4850: lblock 2 mapped to illegal pblock 2 (length 1) [ 256.733691][T16422] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.4851: lblock 0 mapped to illegal pblock 48 (length 1) [ 256.748285][T16420] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 48: comm syz.0.4850: lblock 0 mapped to illegal pblock 48 (length 1) [ 256.763366][T16422] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4851: Failed to acquire dquot type 0 [ 256.775126][T16420] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.4850: Failed to acquire dquot type 0 [ 256.787403][T16422] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 256.798930][T16420] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 256.809323][T16422] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.4851: mark_inode_dirty error [ 256.820901][T16420] EXT4-fs error (device loop0): ext4_evict_inode:254: inode #11: comm syz.0.4850: mark_inode_dirty error [ 256.833413][T16420] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 256.844991][T16422] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 256.856676][T16422] EXT4-fs (loop4): 1 orphan inode deleted [ 256.862742][T16420] EXT4-fs (loop0): 1 orphan inode deleted [ 256.869158][T16422] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 256.883023][T16420] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 256.899401][ T133] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 256.916168][ T133] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 0 [ 256.927884][ T133] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 256.943050][ T133] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 0 [ 256.955892][T16422] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 256.976069][T16420] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 256.987807][T11405] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 257.015935][T11790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 257.030534][T16426] loop4: detected capacity change from 0 to 512 [ 257.055413][T16426] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4852: Failed to acquire dquot type 1 [ 257.068160][T16432] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4855'. [ 257.108248][T16426] EXT4-fs (loop4): 1 truncate cleaned up [ 257.135290][T16426] ext4 filesystem being mounted at /379/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 257.203170][T16441] 9pnet_fd: Insufficient options for proto=fd [ 257.344985][T16451] loop2: detected capacity change from 0 to 512 [ 257.395765][T16451] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4863: Failed to acquire dquot type 1 [ 257.449270][T16451] EXT4-fs (loop2): 1 truncate cleaned up [ 257.469751][T16451] ext4 filesystem being mounted at /365/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 257.548293][T16461] program syz.4.4867 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 257.628750][T16464] loop2: detected capacity change from 0 to 512 [ 257.645358][T16464] ext4 filesystem being mounted at /366/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 257.775465][T16470] siw: device registration error -23 [ 257.842027][T16472] lo speed is unknown, defaulting to 1000 [ 257.891787][T16474] 9pnet_fd: Insufficient options for proto=fd [ 257.901459][T16474] loop2: detected capacity change from 0 to 512 [ 257.948266][T16474] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4870: Failed to acquire dquot type 1 [ 257.993668][T16474] EXT4-fs (loop2): 1 truncate cleaned up [ 257.999924][T16474] ext4 filesystem being mounted at /367/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 258.173309][T16486] siw: device registration error -23 [ 258.256471][T16494] lo speed is unknown, defaulting to 1000 [ 258.398302][T16494] loop4: detected capacity change from 0 to 512 [ 258.424959][T16494] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4879: Failed to acquire dquot type 1 [ 258.442922][T16494] EXT4-fs (loop4): 1 truncate cleaned up [ 258.449448][T16494] ext4 filesystem being mounted at /390/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 258.713787][T16511] program syz.2.4886 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 258.803878][T16519] program syz.5.4890 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 258.873976][T16523] loop5: detected capacity change from 0 to 128 [ 258.894527][T16523] ext4 filesystem being mounted at /253/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 258.921879][T16521] loop2: detected capacity change from 0 to 512 [ 258.973010][T16521] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4891: Failed to acquire dquot type 1 [ 258.985406][T16521] EXT4-fs (loop2): 1 truncate cleaned up [ 258.991502][T16521] ext4 filesystem being mounted at /375/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 259.057033][T16536] loop2: detected capacity change from 0 to 1024 [ 259.057310][T16537] loop5: detected capacity change from 0 to 1024 [ 259.069947][T16536] EXT4-fs: Ignoring removed bh option [ 259.086435][T16536] EXT4-fs: inline encryption not supported [ 259.093035][T16537] EXT4-fs: Ignoring removed bh option [ 259.095399][T16536] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 259.110091][T16537] EXT4-fs: inline encryption not supported [ 259.116180][T16540] loop1: detected capacity change from 0 to 1024 [ 259.116783][T16536] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 259.132969][T16540] EXT4-fs: Ignoring removed nobh option [ 259.138617][T16540] EXT4-fs: Ignoring removed bh option [ 259.163037][T16537] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 259.189022][T16537] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 259.208573][T16536] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 2: comm syz.2.4896: lblock 2 mapped to illegal pblock 2 (length 1) [ 259.234881][T16537] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 2: comm syz.5.4895: lblock 2 mapped to illegal pblock 2 (length 1) [ 259.256646][T16536] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 48: comm syz.2.4896: lblock 0 mapped to illegal pblock 48 (length 1) [ 259.273434][T16536] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4896: Failed to acquire dquot type 0 [ 259.281819][T16540] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, [ 259.284817][T16537] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 48: comm syz.5.4895: lblock 0 mapped to illegal pblock 48 (length 1) [ 259.306571][T16540] inode 18: block 305:freeing already freed block (bit 19); block bitmap corrupt. [ 259.313474][T16537] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.4895: Failed to acquire dquot type 0 [ 259.328862][T16536] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 259.339531][T16536] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.4896: mark_inode_dirty error [ 259.351894][T16537] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 259.362071][T16537] EXT4-fs error (device loop5): ext4_evict_inode:254: inode #11: comm syz.5.4895: mark_inode_dirty error [ 259.373996][T16536] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 259.384310][T16537] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 259.384481][T16536] EXT4-fs (loop2): 1 orphan inode deleted [ 259.400504][T16537] EXT4-fs (loop5): 1 orphan inode deleted [ 259.413823][ T133] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 259.426192][T16547] lo speed is unknown, defaulting to 1000 [ 259.441611][ T133] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 0 [ 259.457189][ T133] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 259.471652][ T133] EXT4-fs error (device loop5): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 0 [ 259.484207][T16536] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 259.505681][T16537] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 259.526788][T16547] loop1: detected capacity change from 0 to 512 [ 259.545388][T16547] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.4898: Failed to acquire dquot type 1 [ 259.606048][T16556] loop4: detected capacity change from 0 to 512 [ 259.617127][T16547] EXT4-fs (loop1): 1 truncate cleaned up [ 259.636825][T16547] ext4 filesystem being mounted at /410/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 259.659633][T16556] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4902: Failed to acquire dquot type 1 [ 259.673182][T16562] program syz.5.4903 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 259.695187][T16556] EXT4-fs (loop4): 1 truncate cleaned up [ 259.705907][T16556] ext4 filesystem being mounted at /392/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 259.789867][T16568] loop5: detected capacity change from 0 to 512 [ 259.822000][T16568] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.4906: Failed to acquire dquot type 1 [ 259.861100][T16568] EXT4-fs (loop5): 1 truncate cleaned up [ 259.868484][T16568] ext4 filesystem being mounted at /260/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 259.883893][T16576] loop1: detected capacity change from 0 to 512 [ 259.894022][T16576] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.4909: Failed to acquire dquot type 1 [ 259.907795][T16576] EXT4-fs (loop1): 1 truncate cleaned up [ 259.914506][T16576] ext4 filesystem being mounted at /413/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 260.049643][T16581] FAULT_INJECTION: forcing a failure. [ 260.049643][T16581] name failslab, interval 1, probability 0, space 0, times 0 [ 260.063079][T16581] CPU: 1 UID: 0 PID: 16581 Comm: syz.1.4910 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 260.063168][T16581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 260.063181][T16581] Call Trace: [ 260.063189][T16581] [ 260.063198][T16581] __dump_stack+0x1d/0x30 [ 260.063224][T16581] dump_stack_lvl+0xe8/0x140 [ 260.063248][T16581] dump_stack+0x15/0x1b [ 260.063268][T16581] should_fail_ex+0x265/0x280 [ 260.063327][T16581] ? netdevice_event+0x2ae/0x610 [ 260.063356][T16581] should_failslab+0x8c/0xb0 [ 260.063405][T16581] __kmalloc_cache_noprof+0x4c/0x320 [ 260.063429][T16581] ? sysvec_apic_timer_interrupt+0x44/0x80 [ 260.063457][T16581] ? __pfx_netdevice_event+0x10/0x10 [ 260.063489][T16581] netdevice_event+0x2ae/0x610 [ 260.063595][T16581] ? __pfx_del_netdev_ips+0x10/0x10 [ 260.063626][T16581] ? __pfx_pass_all_filter+0x10/0x10 [ 260.063653][T16581] ? __pfx_netdevice_event+0x10/0x10 [ 260.063687][T16581] raw_notifier_call_chain+0x6c/0x1b0 [ 260.063740][T16581] ? call_netdevice_notifiers_info+0x9c/0x100 [ 260.063774][T16581] call_netdevice_notifiers_info+0xae/0x100 [ 260.063885][T16581] unregister_netdevice_many_notify+0xd9d/0x1690 [ 260.063973][T16581] unregister_netdevice_queue+0x1f5/0x220 [ 260.064013][T16581] br_dev_delete+0xc4/0xe0 [ 260.064061][T16581] br_del_bridge+0x97/0xc0 [ 260.064105][T16581] br_ioctl_stub+0x535/0x860 [ 260.064134][T16581] ? do_vfs_ioctl+0x3a/0x11d0 [ 260.064169][T16581] ? __pfx_br_ioctl_stub+0x10/0x10 [ 260.064271][T16581] sock_ioctl+0x399/0x610 [ 260.064347][T16581] ? __pfx_sock_ioctl+0x10/0x10 [ 260.064369][T16581] __se_sys_ioctl+0xcb/0x140 [ 260.064401][T16581] __x64_sys_ioctl+0x43/0x50 [ 260.064427][T16581] x64_sys_call+0x19a8/0x2fb0 [ 260.064460][T16581] do_syscall_64+0xd2/0x200 [ 260.064480][T16581] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 260.064594][T16581] ? clear_bhb_loop+0x40/0x90 [ 260.064614][T16581] ? clear_bhb_loop+0x40/0x90 [ 260.064635][T16581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.064751][T16581] RIP: 0033:0x7f5078b3e929 [ 260.064771][T16581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.064831][T16581] RSP: 002b:00007f50771a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 260.064848][T16581] RAX: ffffffffffffffda RBX: 00007f5078d65fa0 RCX: 00007f5078b3e929 [ 260.064861][T16581] RDX: 0000200000000080 RSI: 00000000000089a1 RDI: 0000000000000007 [ 260.064876][T16581] RBP: 00007f50771a7090 R08: 0000000000000000 R09: 0000000000000000 [ 260.064891][T16581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 260.064915][T16581] R13: 0000000000000000 R14: 00007f5078d65fa0 R15: 00007ffcf2101118 [ 260.064937][T16581] [ 260.424515][T16591] loop4: detected capacity change from 0 to 512 [ 260.444739][T16595] program syz.5.4915 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 260.461404][T16591] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4913: Failed to acquire dquot type 1 [ 260.494104][T16591] EXT4-fs (loop4): 1 truncate cleaned up [ 260.500233][T16591] ext4 filesystem being mounted at /395/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 260.511461][T16602] loop5: detected capacity change from 0 to 1024 [ 260.527876][T16602] EXT4-fs: Ignoring removed orlov option [ 260.534741][T16604] loop2: detected capacity change from 0 to 512 [ 260.552171][T16607] siw: device registration error -23 [ 260.575386][T16604] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4918: Failed to acquire dquot type 1 [ 260.590277][T16604] EXT4-fs (loop2): 1 truncate cleaned up [ 260.617444][T16604] ext4 filesystem being mounted at /380/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 260.636864][T16615] loop0: detected capacity change from 0 to 1024 [ 260.643951][T16615] EXT4-fs: Ignoring removed nobh option [ 260.649694][T16615] EXT4-fs: Ignoring removed bh option [ 260.658637][T16618] FAULT_INJECTION: forcing a failure. [ 260.658637][T16618] name failslab, interval 1, probability 0, space 0, times 0 [ 260.671708][T16618] CPU: 0 UID: 0 PID: 16618 Comm: syz.1.4924 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 260.671744][T16618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 260.671759][T16618] Call Trace: [ 260.671768][T16618] [ 260.671777][T16618] __dump_stack+0x1d/0x30 [ 260.671856][T16618] dump_stack_lvl+0xe8/0x140 [ 260.671915][T16618] dump_stack+0x15/0x1b [ 260.671935][T16618] should_fail_ex+0x265/0x280 [ 260.671968][T16618] ? __pfx_proc_self_get_link+0x10/0x10 [ 260.672057][T16618] ? proc_self_get_link+0x97/0x110 [ 260.672188][T16618] should_failslab+0x8c/0xb0 [ 260.672304][T16618] __kmalloc_cache_noprof+0x4c/0x320 [ 260.672396][T16618] ? __pfx_proc_self_get_link+0x10/0x10 [ 260.672432][T16618] proc_self_get_link+0x97/0x110 [ 260.672462][T16618] pick_link+0x47d/0x830 [ 260.672497][T16618] step_into+0x7b6/0x820 [ 260.672523][T16618] ? inode_permission+0x106/0x310 [ 260.672553][T16618] link_path_walk+0x571/0x900 [ 260.672584][T16618] path_openat+0x1de/0x2170 [ 260.672615][T16618] ? _parse_integer_limit+0x170/0x190 [ 260.672656][T16618] do_filp_open+0x109/0x230 [ 260.672697][T16618] do_sys_openat2+0xa6/0x110 [ 260.672765][T16618] __x64_sys_openat+0xf2/0x120 [ 260.672863][T16618] x64_sys_call+0x1af/0x2fb0 [ 260.672886][T16618] do_syscall_64+0xd2/0x200 [ 260.672904][T16618] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 260.673023][T16618] ? clear_bhb_loop+0x40/0x90 [ 260.673051][T16618] ? clear_bhb_loop+0x40/0x90 [ 260.673078][T16618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.673131][T16618] RIP: 0033:0x7f5078b3d290 [ 260.673145][T16618] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 260.673162][T16618] RSP: 002b:00007f50771a6f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 260.673185][T16618] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5078b3d290 [ 260.673201][T16618] RDX: 0000000000000002 RSI: 00007f50771a6fa0 RDI: 00000000ffffff9c [ 260.673217][T16618] RBP: 00007f50771a6fa0 R08: 0000000000000000 R09: 0000000000000000 [ 260.673233][T16618] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 260.673248][T16618] R13: 0000000000000001 R14: 00007f5078d65fa0 R15: 00007ffcf2101118 [ 260.673276][T16618] [ 260.911157][T16624] loop4: detected capacity change from 0 to 512 [ 260.943610][T16624] ext4 filesystem being mounted at /396/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 260.999994][T16615] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 18: block 305:freeing already freed block (bit 19); block bitmap corrupt. [ 261.071513][T16632] siw: device registration error -23 [ 261.180630][T16639] loop0: detected capacity change from 0 to 512 [ 261.194405][T16639] ext4 filesystem being mounted at /309/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 261.209144][T16642] loop5: detected capacity change from 0 to 512 [ 261.224801][T16642] ext4 filesystem being mounted at /265/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 261.465041][T16646] program syz.4.4931 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 261.580911][T16648] siw: device registration error -23 [ 261.920564][T16659] netlink: 14 bytes leftover after parsing attributes in process `syz.2.4937'. [ 261.954002][T16671] program syz.1.4942 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 262.033429][T16677] ALSA: seq fatal error: cannot create timer (-22) [ 262.069471][T16683] FAULT_INJECTION: forcing a failure. [ 262.069471][T16683] name failslab, interval 1, probability 0, space 0, times 0 [ 262.082350][T16683] CPU: 1 UID: 0 PID: 16683 Comm: syz.1.4948 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 262.082378][T16683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 262.082458][T16683] Call Trace: [ 262.082467][T16683] [ 262.082477][T16683] __dump_stack+0x1d/0x30 [ 262.082501][T16683] dump_stack_lvl+0xe8/0x140 [ 262.082520][T16683] dump_stack+0x15/0x1b [ 262.082541][T16683] should_fail_ex+0x265/0x280 [ 262.082635][T16683] ? tcf_block_get_ext+0x19e/0xb30 [ 262.082732][T16683] should_failslab+0x8c/0xb0 [ 262.082757][T16683] __kmalloc_cache_noprof+0x4c/0x320 [ 262.082784][T16683] tcf_block_get_ext+0x19e/0xb30 [ 262.082814][T16683] ? netlink_unicast+0x5a5/0x680 [ 262.082914][T16683] ? ____sys_sendmsg+0x31e/0x4e0 [ 262.082943][T16683] ? ___sys_sendmsg+0x17b/0x1d0 [ 262.083080][T16683] ? x64_sys_call+0x2999/0x2fb0 [ 262.083138][T16683] ? __pfx_prio_init+0x10/0x10 [ 262.083231][T16683] tcf_block_get+0x67/0xa0 [ 262.083257][T16683] ? __pfx_tcf_chain_head_change_dflt+0x10/0x10 [ 262.083290][T16683] prio_init+0x36/0x80 [ 262.083358][T16683] qdisc_create+0x58e/0x9e0 [ 262.083391][T16683] tc_modify_qdisc+0xf2e/0x1420 [ 262.083427][T16683] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 262.083493][T16683] rtnetlink_rcv_msg+0x657/0x6d0 [ 262.083519][T16683] netlink_rcv_skb+0x120/0x220 [ 262.083547][T16683] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 262.083578][T16683] rtnetlink_rcv+0x1c/0x30 [ 262.083602][T16683] netlink_unicast+0x5a5/0x680 [ 262.083765][T16683] netlink_sendmsg+0x58b/0x6b0 [ 262.083791][T16683] ? __pfx_netlink_sendmsg+0x10/0x10 [ 262.083809][T16683] __sock_sendmsg+0x145/0x180 [ 262.083890][T16683] ____sys_sendmsg+0x31e/0x4e0 [ 262.083932][T16683] ___sys_sendmsg+0x17b/0x1d0 [ 262.084052][T16683] __x64_sys_sendmsg+0xd4/0x160 [ 262.084171][T16683] x64_sys_call+0x2999/0x2fb0 [ 262.084198][T16683] do_syscall_64+0xd2/0x200 [ 262.084216][T16683] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 262.084278][T16683] ? clear_bhb_loop+0x40/0x90 [ 262.084306][T16683] ? clear_bhb_loop+0x40/0x90 [ 262.084375][T16683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.084409][T16683] RIP: 0033:0x7f5078b3e929 [ 262.084429][T16683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.084469][T16683] RSP: 002b:00007f50771a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 262.084487][T16683] RAX: ffffffffffffffda RBX: 00007f5078d65fa0 RCX: 00007f5078b3e929 [ 262.084540][T16683] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 262.084556][T16683] RBP: 00007f50771a7090 R08: 0000000000000000 R09: 0000000000000000 [ 262.084571][T16683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 262.084587][T16683] R13: 0000000000000000 R14: 00007f5078d65fa0 R15: 00007ffcf2101118 [ 262.084673][T16683] [ 262.408923][T16690] program syz.5.4951 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 262.436663][T16694] loop5: detected capacity change from 0 to 128 [ 262.445573][T16684] netlink: 256 bytes leftover after parsing attributes in process `syz.0.4947'. [ 262.455104][T16694] ext4 filesystem being mounted at /268/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 262.523298][T16701] lo speed is unknown, defaulting to 1000 [ 262.701207][T16704] loop5: detected capacity change from 0 to 512 [ 262.714790][T16704] ext4 filesystem being mounted at /271/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 262.865804][T16708] program syz.2.4957 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 263.008617][T16715] loop2: detected capacity change from 0 to 512 [ 263.026896][T16715] ext4 filesystem being mounted at /388/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 263.046912][T16718] loop0: detected capacity change from 0 to 512 [ 263.084498][T16718] ext4 filesystem being mounted at /313/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 263.245772][T16727] program syz.1.4963 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 263.272886][T16729] loop1: detected capacity change from 0 to 1024 [ 263.279568][T16729] EXT4-fs: Ignoring removed orlov option [ 263.408837][T16731] ================================================================== [ 263.416998][T16731] BUG: KCSAN: data-race in redirty_tail_locked / vfs_fsync_range [ 263.424805][T16731] [ 263.427161][T16731] read-write to 0xffff888106b99bb0 of 4 bytes by task 16729 on cpu 0: [ 263.435356][T16731] redirty_tail_locked+0x56/0x280 [ 263.440512][T16731] writeback_single_inode+0x21e/0x3e0 [ 263.445918][T16731] sync_inode_metadata+0x5b/0x90 [ 263.450880][T16731] generic_buffers_fsync_noflush+0xd9/0x120 [ 263.456803][T16731] ext4_sync_file+0x1ab/0x690 [ 263.461501][T16731] vfs_fsync_range+0x10d/0x130 [ 263.466309][T16731] ext4_buffered_write_iter+0x34f/0x3c0 [ 263.471872][T16731] ext4_file_write_iter+0x383/0xf00 [ 263.477090][T16731] iter_file_splice_write+0x5f2/0x970 [ 263.482502][T16731] direct_splice_actor+0x156/0x2a0 [ 263.487639][T16731] splice_direct_to_actor+0x312/0x680 [ 263.493055][T16731] do_splice_direct+0xda/0x150 [ 263.497862][T16731] do_sendfile+0x380/0x650 [ 263.502304][T16731] __x64_sys_sendfile64+0x105/0x150 [ 263.507523][T16731] x64_sys_call+0xb39/0x2fb0 [ 263.512146][T16731] do_syscall_64+0xd2/0x200 [ 263.516670][T16731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.522580][T16731] [ 263.524912][T16731] read to 0xffff888106b99bb0 of 4 bytes by task 16731 on cpu 1: [ 263.532570][T16731] vfs_fsync_range+0x9b/0x130 [ 263.537289][T16731] ext4_buffered_write_iter+0x34f/0x3c0 [ 263.542855][T16731] ext4_file_write_iter+0x383/0xf00 [ 263.548073][T16731] iter_file_splice_write+0x5f2/0x970 [ 263.553477][T16731] direct_splice_actor+0x156/0x2a0 [ 263.558618][T16731] splice_direct_to_actor+0x312/0x680 [ 263.564015][T16731] do_splice_direct+0xda/0x150 [ 263.568810][T16731] do_sendfile+0x380/0x650 [ 263.573253][T16731] __x64_sys_sendfile64+0x105/0x150 [ 263.578477][T16731] x64_sys_call+0xb39/0x2fb0 [ 263.583090][T16731] do_syscall_64+0xd2/0x200 [ 263.587610][T16731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.593543][T16731] [ 263.595875][T16731] value changed: 0x0000003a -> 0x00000002 [ 263.601599][T16731] [ 263.603928][T16731] Reported by Kernel Concurrency Sanitizer on: [ 263.610114][T16731] CPU: 1 UID: 0 PID: 16731 Comm: syz.1.4964 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 263.622641][T16731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 263.632750][T16731] ==================================================================