last executing test programs: 3.85190336s ago: executing program 3 (id=4521): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x805, 0x0) syz_io_uring_setup(0x10c, &(0x7f00000000c0)={0x0, 0x3eac, 0x400, 0x2, 0x105}, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000600)}, {&(0x7f0000000600)="96dd0b1d90805048a46e4c1334864b8ec7942f41fc1cfd537d059742ba2d4d628d79352a262d8aa052bd1b35e17db0646d450cbbd82437202eb53a005f205849655a4cf8fdd69d3d5f11c1328cd35673dcd36e04462e43382bc08b5160959f2bd4338ff065fd029b37dbcef4a1b439ef6cad5b65dc6fefa2e7c8e6172d679fdfe15c77d619fb6d2ec92c95cfb282f41b2c99a78c9c685764411e92b40849843159478aae911b6ce136acfed9754d795d01efba13c51437e94eda2eab5c6ed607a54dcad483fd76a482fce3cc79a90a11f9903fc7a3235488322749c89ebaf357d783e4672226f4b36455", 0xea}, {&(0x7f0000000a40)="86cd94e9f47d3295b12b02eae3e525f859422ace2e183da5b3df64963d67f740bf7a6621b967098fedd09b5148a42fc2e871f158301aecfda3c828898a8a2014115bffa48bf66506aee1cc73c5a1f0bb6b8a7b866c105358d755d5ef731694d9a754bcd6c73708312362d7268faf3ac5d012c09e9acf52b0771a3544b636e3488812b173afe6b2e94704bc5ae25b6405cc000df68926fff04c7d5aed41640e49f64725c6f8e9f6da28b54eb396b15430011ba37d58763be8ac66a2181921bcb994f075f4355d5f4e4fd314f4f60ac898ca77cc3a9f494db4", 0xd8}], 0x3}, 0x0, 0x50, 0x1}) r1 = syz_io_uring_setup(0x221d, &(0x7f0000000100)={0x0, 0x6e7f, 0x800, 0x1, 0x5cc}, &(0x7f0000000280), &(0x7f00000005c0)) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) io_uring_enter(r1, 0x66ab, 0x4, 0x2, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = dup(0xffffffffffffffff) acct(&(0x7f0000000000)='./file0\x00') r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x48, &(0x7f0000000280)=0x1, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESOCT=r2], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x70, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syslog(0x2, &(0x7f00000004c0)=""/164, 0xa4) 3.779536036s ago: executing program 3 (id=4523): syz_emit_ethernet(0x10e, &(0x7f0000000a00)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x31, 0x4, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp_addr={0x44, 0x14, 0xd3, 0x1, 0x3, [{@multicast1, 0xe8c2}, {@remote, 0x1}]}, @ra={0x94, 0x4, 0x1}, @end, @timestamp_addr={0x44, 0x4c, 0x69, 0x1, 0xc, [{@empty, 0x1}, {@private=0xa010102, 0x1}, {@loopback, 0x10000}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x9}, {@broadcast}, {@empty, 0x8001}, {@local, 0x400000}, {@remote, 0xaf6}, {@private=0xa010101, 0x18000000}]}, @end, @timestamp_addr={0x44, 0xc, 0xfe, 0x1, 0xd, [{@dev={0xac, 0x14, 0x14, 0x16}, 0x4}]}, @rr={0x7, 0x1b, 0x2f, [@dev={0xac, 0x14, 0x14, 0x2d}, @empty, @broadcast, @broadcast, @local, @private=0xa010100]}, @ssrr={0x89, 0x23, 0xfa, [@broadcast, @remote, @loopback, @multicast1, @local, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote]}]}}, {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}, {"85e701ab9fc1806b8405e2bd057071b4571ba5d4f0148f9ba6d395069dc7e2fec6cfffcd884028ca"}}}}}}, 0x0) 3.72062391s ago: executing program 3 (id=4525): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r1, 0x0, 0x2}, 0x18) io_setup(0x4, &(0x7f0000000600)=0x0) r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) io_submit(r2, 0x1, &(0x7f0000000080)=[&(0x7f0000000140)={0x0, 0x4, 0x0, 0x1, 0x0, r3, 0x0}]) 3.555510223s ago: executing program 3 (id=4528): bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r0}, 0x10) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) 3.524918865s ago: executing program 3 (id=4529): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001d40)={0x8, 0xb, &(0x7f0000000180)=ANY=[@ANYRES16=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x4}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[], 0x48) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCXONC(r2, 0x540a, 0x0) ioctl$TCXONC(r2, 0x540a, 0x1) 3.348515249s ago: executing program 4 (id=4533): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000000)=0x3) ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000080)={0x2, &(0x7f00000000c0)=[{0x48, 0xff, 0x0, 0xfff00001}, {0x6, 0x60, 0x0, 0x7}]}) 3.245769277s ago: executing program 4 (id=4535): bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000740), &(0x7f0000000480)="0f83be9d5a1f4540e59c4d1cdd4c55feab606c86", 0x1}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_SIOCADDRT(r1, 0x890b, &(0x7f00000003c0)={0x0, @ethernet={0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, @nl=@kern={0x10, 0x0, 0x0, 0x40000000}, @llc={0x1a, 0x307, 0xe, 0x6, 0x7, 0x2, @remote}, 0x8, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)='bond0\x00', 0x9, 0x3, 0x4}) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xfffffffe}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) close(r0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300), 0x4) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000240)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r4}, 0x18) socket$key(0xf, 0x3, 0x2) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8801}, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="38010000"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) mlock2(&(0x7f00003ee000/0x4000)=nil, 0x4000, 0x0) syz_clone(0x20180080, 0x0, 0x0, 0x0, 0x0, 0x0) getresgid(&(0x7f00000002c0), &(0x7f0000000300)=0x0, &(0x7f0000000400)) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@kern={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)=[{&(0x7f0000000140)={0x118, 0x25, 0x2, 0x70bd26, 0x25dfdbfe, "", [@nested={0x107, 0x62, 0x0, 0x1, [@typed={0x8, 0x13e, 0x0, 0x0, @u32=0x401}, @generic="0683044a3aa6efddeb73321ddfa9d626205a33f80cbadb1986e9d1f3740afc3db694522ef12abdc0e02546da256a1074eeaa222444f8", @generic="058972b67ccbb434e10a78ec1a52f3babc052ef0478a9143d40d6ae031a4e7710a3f53c005db8a120c3ab62f0c71bcc14b69b6a927c6e306595c6d8d276e3f151bb9a57696294e647372bf2d97bad5c3080519b22d2576812448b563cefbc2eae7c56517b8", @nested={0x4, 0xc4}, @nested={0x4, 0x20}, @nested={0x4, 0x88}, @typed={0x8, 0x145, 0x0, 0x0, @u32=0xd76}, @typed={0x8, 0x14a, 0x0, 0x0, @pid}, @generic="10af3a6fea13babfb843cd86a759a91bd957905e19392e58d1d047ffd44ede2566c683470cdcda56943000c059618c149848c83486e8ddcad30c3a63d8ba5737e55a4551"]}]}, 0x118}], 0x1, &(0x7f0000000440)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r7}}}], 0xe8, 0x850}, 0x8094) 3.106263938s ago: executing program 4 (id=4537): bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x48) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x4) sendmsg$key(0xffffffffffffffff, 0x0, 0x2000) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net\x00') r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x80) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000380)='i2c_slave\x00', 0xffffffffffffffff, 0x0, 0xc}, 0x18) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/seq/timer\x00', 0x0, 0x0) 2.95879627s ago: executing program 4 (id=4542): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) sendmmsg$inet(r0, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x732a}], 0x1}}], 0x400000000000292, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x404043000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) (async) bind$phonet(r2, &(0x7f0000000300)={0x23, 0x7, 0xc, 0x2}, 0x10) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x28011, r2, 0x0) (async) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001480)={r2, 0x5, {0x0, 0x0, 0x0, 0x0, 0x3b, 0x0, 0x1, 0x14, 0x10, "20868802beb6a4d084ab51b274ecce0e14240c2ee4c7baaf9f16babfa4c06eb3ee41f17eb7b99f516043d24ddbc7c2e4012f1b9aa7a5206fd45dd0ef9afe3ae5", "65062765a53585e9a67dd488011bd5ced3229086da79a87f1b0ce956fcc59e87780652ead24aa0f2c73aa8be790a98dca8879385b85016747e95d7a1e48a9dcf", "a0ca91101a2174930135a7a2fd395c9b6ed72e54cbc35f4a53dabbacdfac072b", [0x8000000000000001, 0x71]}}) ioctl$SNDRV_TIMER_IOCTL_CREATE(r1, 0xc02054a5, &(0x7f0000000400)={0xf, r0, 'id1\x00'}) r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000140), 0xffffffffffffffff) (async) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x4) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000240), &(0x7f0000000280)=[0x0, 0x0], 0x0, 0x6f, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000380), &(0x7f0000000680), 0x8, 0x38, 0x8, 0x8, &(0x7f0000000400)}}, 0x10) sendmsg$GTP_CMD_GETPDP(r1, &(0x7f0000000640)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x48, r3, 0x100, 0x70bd26, 0x25dfdbff, {}, [@GTPA_LINK={0x8, 0x1, r4}, @GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_TID={0xc, 0x3, 0x2}, @GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_LINK={0x8, 0x1, r5}, @GTPA_FLOW={0x6, 0x6, 0x3}]}, 0x48}}, 0x8040) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xb, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80000000}, [@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x40101}}]}, &(0x7f00000000c0)='GPL\x00', 0xb, 0xff3, &(0x7f0000000cc0)=""/4083, 0x41000, 0x44, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcbb}, 0x94) 2.767893474s ago: executing program 4 (id=4545): bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a00000000000000001812", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f0000000bc0)='kfree\x00', r1, 0x0, 0xfffffffffffffff4}, 0x18) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000000)=0x3) ioctl$PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000080)={0x2, &(0x7f00000000c0)=[{0x48, 0xff, 0x0, 0xfff00001}, {0x6, 0x60, 0x0, 0x7}]}) 2.644490664s ago: executing program 3 (id=4547): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) perf_event_open(&(0x7f0000000800)={0x3, 0x80, 0x0, 0x0, 0x0, 0x6, 0x0, 0x3, 0x22, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffe, 0x2}}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setresuid(0xee00, 0xee00, 0x0) r2 = syz_io_uring_setup(0x4e0, &(0x7f00000000c0)={0x0, 0x20f5ea, 0x3180, 0x8000, 0x2e2}, &(0x7f0000000640), &(0x7f0000000340)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) syz_usb_connect(0x3, 0x51b, &(0x7f00000003c0)=ANY=[@ANYRES16=r2, @ANYRES8=r0], 0xfffffffffffffffe) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r3 = getpid() sched_setaffinity(r3, 0x8, &(0x7f0000000400)=0x4) io_setup(0x1, &(0x7f0000000000)) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="d800000018007b7be00212ba0d1605040a003f00000f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b3162700e06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5005ccca262f3d40fad95667e04adcdf63cc1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e", 0xc8}], 0x1, 0x0, 0x0, 0x2663}, 0x0) 2.431157791s ago: executing program 4 (id=4550): perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x90}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x10, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r0, 0x0, 0x2}, 0x18) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil) brk(0x200000ffc000) 1.243954833s ago: executing program 1 (id=4559): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b700000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f0000000bc0)='kfree\x00', r2, 0x0, 0xfffffffffffffff4}, 0x18) r3 = fsmount(r0, 0x0, 0x8) fchdir(r3) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r4, &(0x7f0000000000)='./file1\x00', 0x2000, 0x0) 1.243416463s ago: executing program 1 (id=4560): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f00000000c0)='.\x00', 0xa4000061) openat(0xffffffffffffff9c, &(0x7f00000005c0)='./bus\x00', 0x101042, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r1}, 0x10) read(r0, &(0x7f0000002040)=""/76, 0x4c) 1.125943962s ago: executing program 1 (id=4562): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c45, 0x1) flock(r2, 0x5) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x80) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r2, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f00000002c0)=r1}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x18, 0x1a, &(0x7f00000006c0)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9}], &(0x7f0000000380)='GPL\x00', 0x80000000, 0x43, &(0x7f00000004c0)=""/67, 0x41100, 0x20, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f0000000400)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x3, 0x10, 0x45, 0x9}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000005c0)=[r3], &(0x7f00000007c0)=[{0x2, 0x1, 0xe, 0xc}], 0x10, 0x6}, 0x94) flock(r3, 0x2) dup3(r3, r2, 0x0) 1.125338002s ago: executing program 2 (id=4563): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001d40)={0x8, 0xb, &(0x7f0000000180)=ANY=[@ANYRES16=r0], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x4}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[], 0x48) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCXONC(r2, 0x540a, 0x0) ioctl$TCXONC(r2, 0x540a, 0x2) ioctl$TCXONC(r2, 0x540a, 0x1) ioctl$TCXONC(r2, 0x540a, 0x3) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xc, 0x6, 0x7ffc1ff8}]}) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) tee(r5, 0xffffffffffffffff, 0x7fff, 0x4) close_range(r4, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000005880)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001cc0)=ANY=[@ANYBLOB="1b0000000000000000000000000000a416690ff60000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x13, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000008f000000000000000b00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000700008500000086000000bf0900000000000055090100000000009500000000000000bd0a060000000000d500f4ff0100000018000000060000000000000029000000bf91000000000000b702000003000000850000002a000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x1, 0x1000, &(0x7f0000000cc0)=""/4096, 0x41100, 0x2}, 0x94) ioctl$TCSETSF(r4, 0x5404, &(0x7f0000000f00)={0x6, 0x9, 0x1, 0x80000001, 0x15, "2096f86a6f30dfd98832756d1d09a23503e490"}) fsetxattr$security_selinux(r7, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f0000000e80)='hugepage_set_pmd\x00', r6, 0x0, 0x80000000}, 0x18) bind$rds(r7, &(0x7f0000000e40)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) add_key$keyring(&(0x7f0000000300), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) 955.911015ms ago: executing program 1 (id=4565): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f00000000c0)='.\x00', 0xa4000061) openat(0xffffffffffffff9c, &(0x7f00000005c0)='./bus\x00', 0x101042, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r1}, 0x10) read(r0, &(0x7f0000002040)=""/76, 0x4c) 826.027266ms ago: executing program 1 (id=4567): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x20100, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x6, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x3, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_MAP_FREEZE(0x16, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1}, &(0x7f00000001c0), &(0x7f0000000200)}, 0x20) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) socket(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000f4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$FOU_CMD_DEL(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050001000000030000000200000006e6"], 0x24}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000080) 819.789796ms ago: executing program 2 (id=4568): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @perf_config_ext, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b1a, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0x0, 0xfff0}, {0xe, 0xffff}}}, 0x24}}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800) recvmmsg(r3, &(0x7f0000007700), 0x4000267, 0xfc0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10) socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) 718.974164ms ago: executing program 0 (id=4569): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @perf_config_ext, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b1a, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r3 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89d, 0xc000, 0xa, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0x0, 0xfff0}, {0xe, 0xffff}}}, 0x24}}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800) recvmmsg(r4, &(0x7f0000007700), 0x4000267, 0xfc0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000300)='tlb_flush\x00', r5}, 0x18) r6 = fsmount(0xffffffffffffffff, 0x1, 0x30) ioctl$BLKRRPART(r6, 0x125f, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r7}, 0x10) socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) 659.428429ms ago: executing program 2 (id=4570): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000150000000000000400"/20], 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000002c0)='fib_table_lookup\x00', r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x200, {0x0, 0x0, 0x0, r3, {0xfff2, 0x9}, {0x10}, {0x9, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 574.277135ms ago: executing program 1 (id=4571): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0xa362, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000008000000070000000900000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000ff0f00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x10) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000005c0)={{0x1, 0x1, 0x18, r1, {0x7df33ad1}}, './file0\x00'}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000680)={'syztnl1\x00', &(0x7f0000000600)={'gre0\x00', 0x0, 0x1, 0x8, 0x6, 0xfffffdb1, {{0xc, 0x4, 0x3, 0x1, 0x30, 0x64, 0x0, 0xa1, 0x29, 0x0, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp_prespec={0x44, 0xc, 0x5b, 0x3, 0x8, [{@multicast1, 0xfffffffc}]}, @noop, @noop, @timestamp_prespec={0x44, 0xc, 0xf7, 0x3, 0xe, [{@broadcast, 0xb7c4}]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000006c0)={'syztnl1\x00', &(0x7f0000000740)={'ip6_vti0\x00', r3, 0x4, 0x4, 0x8, 0x8, 0x2a, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, 0x20, 0x20, 0xfffffff9, 0x6}}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r4}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x101}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4000000, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r6}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000020500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000002b0900020073797a310000000008000a40ff"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x24, 0x24, 0x1, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x7}, {0xffff, 0xffff}, {0x5, 0x7ff9}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x841) r7 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0) r8 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) r9 = epoll_create(0x201) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r8) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r8, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)=ANY=[@ANYBLOB="80000000", @ANYRES16=r10, @ANYBLOB="000425bd7000fcdbdf250200000008000400000000001c000680060001000a00000008000300e00000020600010002000000280006800800060000000000060001000a00000014000400ff0100000000000000000800000000010800030003000000080002000300000008000300030000000500050003000000"], 0x80}, 0x1, 0x0, 0x0, 0x40008014}, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x400, 0x0) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000000080)={0x90000001}) io_uring_setup(0x7291, &(0x7f0000000140)={0x0, 0xb32, 0x2, 0x0, 0x382}) accept4$inet(r9, &(0x7f0000000200)={0x2, 0x0, @empty}, &(0x7f0000000240)=0x10, 0x0) 498.555781ms ago: executing program 2 (id=4572): bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x48) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x4) sendmsg$key(0xffffffffffffffff, 0x0, 0x2000) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net\x00') r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x80) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x118}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000380)='i2c_slave\x00', 0xffffffffffffffff, 0x0, 0xc}, 0x18) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/seq/timer\x00', 0x0, 0x0) 472.650323ms ago: executing program 0 (id=4573): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f0000000bc0)='kfree\x00', r1, 0x0, 0xfffffffffffffff4}, 0x18) r2 = fsmount(r0, 0x0, 0x8) fchdir(r2) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r3, &(0x7f0000000000)='./file1\x00', 0x2000, 0x0) 433.795076ms ago: executing program 2 (id=4574): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) lsetxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0)=@sha1={0x1, "76f4d1dd2a4ceaaead099bc79bab633eede479f7"}, 0x15, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r1 = socket$inet6(0xa, 0x805, 0x0) getsockopt$bt_hci(r1, 0x84, 0x25, &(0x7f0000000080)=""/4076, &(0x7f0000000040)=0xfec) r2 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10005, 0x4001005, r2}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r4 = eventfd2(0x3ff, 0x80000) write$eventfd(r4, &(0x7f0000000080)=0xfffffffffffffc00, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff00000000000000", @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0xc}, 0x94) 331.870864ms ago: executing program 0 (id=4575): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c3000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TCSETSW2(r1, 0x5408, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x50, &(0x7f00000002c0), 0x64, 0x505, &(0x7f0000000940)="$eJzs3cFrHF8dAPDvbHZr06a/5Kce9Af+rLaSFu1u0tg2eKgVRE8Ftd5rTDYhZJMN2U3bhKIp/gGCiAqe9OJF8A8QpEePIhT0rKggoq0ePGjnx+5O0jTdTbbtNptmPx+YzHtvZvb73oaZnTfzmAlgYJ2NiBsR8TRN04sRMZqV57IptlpTY70nj+/PNqYk0vTWP5NIsrLtz0qy+elss5MR8Y2vRnw7eTFubWNzaaZSKa9l+VJ9ebVU29i8tLg8s1BeKK9MTU1enb42fWV6oiftPBMR17/8tx99/xdfuf6bz9398+2/X/hOo1oj2fLd7XhJ+f0WtppeaH4XuzdYe8VgR1G+2cLMcLs1hl4oefCG6wQAQHuNc/wPR8SnI+JijMbQ/qezAAAAwFso/eJI/C+JSNs70aEcAAAAeIvkmmNgk1wxGwswErlcsdgaw/vROJWrVGv1z85X11fmWmNlx6KQm1+slCeyscJjUUga+clm+ln+8p78VES8GxE/HB1u5ouz1cpcvy9+AAAAwIA4vaf//5/RVv8fAAAAOGbG+l0BAAAA4I3T/wcAAIDjT/8fAAAAjrWv3bzZmNLt91/P3dlYX6reuTRXri0Vl9dni7PVtdXiQrW60Hxm3/JBn1epVlc/Hyvr90r1cq1eqm1s3l6urq/Uby8+9wpsAAAA4BC9+8mHf0wiYusLw82p4UR3m3a5GnBU5XdSSTZvs1v/6Z3W/K+HVCngUAz1uwJA3+T7XQGgbwr9rgDQd8kByzsO3vldNv9Ub+sDAAD03vjHO9//z+275db+i4Ejz04Mg8v9fxhczfv/3Y7kdbIAx0rBGQAMvNe+/3+gNH2pCgEAAD030pySXDG7vDcSuVyxGHGm+VqAQjK/WClPRMQ7EfGH0cKHGvnJ5pbJgX0GAAAAAAAAAAAAAAAAAAAAAAAAAKAlTZNIAQAAgGMtIrfzGP/x0fMje68PnEj+OxrZK0Lv/vTWj+/N1Otrk43yf+2U13+SlV8+5IsXAAAAMDhe6gX+2/307X48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTSk8f3Z7enw4z7jy9FxFi7+Pk42ZyfjEJEnPp3Evld2yURMdSD+MONPx9rFz9pVGsnZLv4wz2Iv/Vg3/gxln0L7eKf7kF8GGQPG8efG+32v1ycbc7b73/5iOfyr6rz8S92jn9DHfb/M13GeO/Rr0od4z+IeC/f/vizHT/pEP9cl/G/9c3NzU7L0p9FjLf9/Umei1WqL6+WahublxaXZxbKC+WVqanJq9PXpq9MT5TmFyvl7G/bGD/4xK+f7tf+Ux3ijx3Q/vNdtv//j+49/kgrWWgX/8K5NvF/+/NsjRfj57Lfvs9k6cby8e30Viu92/u//P37+7V/rkP7D/r/X+iy/Re//r2/dLkqAHAIahubSzOVSnnt2CYavfQjUA2JI5j4bk8/ME3TtLFPvcbnJHEUvpZmot9HJgAAoNeenfT3uyYAAAAAAAAAAAAAAAAAAAAwuA7jcWJ7Y27tpJJePEIbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAnPggAAP//FZnXpg==") 247.720221ms ago: executing program 0 (id=4576): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r1, 0x0, 0x2}, 0x18) io_setup(0x4, &(0x7f0000000600)=0x0) r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) io_submit(r2, 0x1, &(0x7f0000000080)=[&(0x7f0000000140)={0x0, 0x4, 0x0, 0x1, 0x0, r3, &(0x7f0000000040)}]) 120.97609ms ago: executing program 0 (id=4577): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c45, 0x1) flock(r2, 0x5) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x80) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r2, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f00000002c0)=r1}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x18, 0x1a, &(0x7f00000006c0)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9}], &(0x7f0000000380)='GPL\x00', 0x80000000, 0x43, &(0x7f00000004c0)=""/67, 0x41100, 0x20, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f0000000400)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x3, 0x10, 0x45, 0x9}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000005c0)=[r3], &(0x7f00000007c0)=[{0x2, 0x1, 0xe, 0xc}], 0x10, 0x6}, 0x94) flock(r3, 0x2) dup3(r3, r2, 0x0) 963.92µs ago: executing program 0 (id=4578): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001d40)={0x8, 0xb, &(0x7f0000000180)=ANY=[@ANYRES16=r0], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x4}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[], 0x48) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCXONC(r2, 0x540a, 0x0) ioctl$TCXONC(r2, 0x540a, 0x2) ioctl$TCXONC(r2, 0x540a, 0x1) ioctl$TCXONC(r2, 0x540a, 0x3) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xc, 0x6, 0x7ffc1ff8}]}) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) tee(r5, 0xffffffffffffffff, 0x7fff, 0x4) close_range(r4, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000005880)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001cc0)=ANY=[@ANYBLOB="1b0000000000000000000000000000a416690ff60000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x13, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000008f000000000000000b00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000700008500000086000000bf0900000000000055090100000000009500000000000000bd0a060000000000d500f4ff0100000018000000060000000000000029000000bf91000000000000b702000003000000850000002a000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x1, 0x1000, &(0x7f0000000cc0)=""/4096, 0x41100, 0x2}, 0x94) ioctl$TCSETSF(r4, 0x5404, &(0x7f0000000f00)={0x6, 0x9, 0x1, 0x80000001, 0x15, "2096f86a6f30dfd98832756d1d09a23503e490"}) fsetxattr$security_selinux(r7, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f0000000e80)='hugepage_set_pmd\x00', r6, 0x0, 0x80000000}, 0x18) bind$rds(r7, &(0x7f0000000e40)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) add_key$keyring(&(0x7f0000000300), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) 0s ago: executing program 2 (id=4579): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r1, @ANYRESOCT=r0], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) mkdir(&(0x7f0000000580)='./file0\x00', 0x92) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000040)=@v2={0x2000000, [{0x9, 0xfffffff7}, {0xde7, 0x8002}]}, 0x14, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_emit_ethernet(0x10e, &(0x7f0000000a00)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x31, 0x4, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp_addr={0x44, 0x14, 0xd3, 0x1, 0x3, [{@multicast1, 0xe8c2}, {@remote, 0x1}]}, @ra={0x94, 0x4, 0x1}, @end, @timestamp_addr={0x44, 0x4c, 0x69, 0x1, 0xc, [{@empty, 0x1}, {@private=0xa010102, 0x1}, {@loopback, 0x10000}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x9}, {@broadcast}, {@empty, 0x8001}, {@local, 0x400000}, {@remote, 0xaf6}, {@private=0xa010101, 0x18000000}]}, @end, @timestamp_addr={0x44, 0xc, 0xfe, 0x1, 0xd, [{@dev={0xac, 0x14, 0x14, 0x16}, 0x4}]}, @rr={0x7, 0x1b, 0x2f, [@dev={0xac, 0x14, 0x14, 0x2d}, @empty, @broadcast, @broadcast, @local, @private=0xa010100]}, @ssrr={0x89, 0x23, 0xfa, [@broadcast, @remote, @loopback, @multicast1, @local, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote]}]}}, {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}, {"85e701ab9fc1806b8405e2bd057071b4571ba5d4f0148f9ba6d395069dc7e2fec6cfffcd884028ca"}}}}}}, 0x0) kernel console output (not intermixed with test programs): ) [ 259.868022][ T3785] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 259.893471][ T3785] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 259.911570][ T3785] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 259.966383][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.973064][T18844] syz!: rxe_newlink: already configured on team_slave_0 [ 260.075458][T18858] 9pnet_fd: Insufficient options for proto=fd [ 260.094973][T18858] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 260.118999][T18858] ext4 filesystem being mounted at /196/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 260.206308][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.239532][T18872] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 260.307414][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.352908][T18882] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3473: bg 0: block 248: padding at end of block bitmap is not set [ 260.368838][T18882] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3473: Failed to acquire dquot type 1 [ 260.381105][T18882] EXT4-fs (loop2): 1 truncate cleaned up [ 260.387322][T18882] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 260.400565][T18882] ext4 filesystem being mounted at /146/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 260.548841][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.775984][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.840337][T18932] xt_CT: You must specify a L4 protocol and not use inversions on it [ 260.850534][T18934] xt_CT: You must specify a L4 protocol and not use inversions on it [ 260.909142][T18952] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=18952 comm=syz.3.3489 [ 261.016098][T18967] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=18967 comm=syz.0.3493 [ 261.030947][T18965] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 261.132378][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.151853][T18972] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=18972 comm=syz.0.3497 [ 261.277074][T18992] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 261.277074][T18992] program syz.1.3495 not setting count and/or reply_len properly [ 261.312148][T18993] xt_CT: You must specify a L4 protocol and not use inversions on it [ 261.349136][T18993] __nla_validate_parse: 25 callbacks suppressed [ 261.349158][T18993] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3502'. [ 261.396435][T19007] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3507'. [ 261.459441][T19007] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3507'. [ 261.479051][T19007] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3507'. [ 261.502357][T19006] set_capacity_and_notify: 4 callbacks suppressed [ 261.502379][T19006] loop3: detected capacity change from 0 to 512 [ 261.525408][T19006] EXT4-fs (loop3): failed to initialize system zone (-117) [ 261.593083][T19007] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3507'. [ 261.608980][T19006] EXT4-fs (loop3): mount failed [ 261.662455][T19021] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=19021 comm=syz.4.3511 [ 261.737378][T19036] xt_CT: You must specify a L4 protocol and not use inversions on it [ 261.770355][T19036] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3516'. [ 261.870725][T19057] 9pnet_fd: Insufficient options for proto=fd [ 261.902132][T19057] loop2: detected capacity change from 0 to 512 [ 261.921092][T19057] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 261.950488][T19064] loop3: detected capacity change from 0 to 512 [ 261.975333][T19065] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3525'. [ 261.985088][T19057] ext4 filesystem being mounted at /154/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 262.027123][T19064] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3524: bg 0: block 248: padding at end of block bitmap is not set [ 262.052944][T19064] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3524: Failed to acquire dquot type 1 [ 262.065623][T19064] EXT4-fs (loop3): 1 truncate cleaned up [ 262.072445][T19064] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 262.085233][T19064] ext4 filesystem being mounted at /210/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 262.117624][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.165363][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.310546][T19091] xt_CT: You must specify a L4 protocol and not use inversions on it [ 262.310880][T19103] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 262.310880][T19103] program syz.4.3527 not setting count and/or reply_len properly [ 262.350887][T19091] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3532'. [ 262.409953][T19105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3538'. [ 262.422766][T19113] loop2: detected capacity change from 0 to 512 [ 262.458297][T19113] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3541: bg 0: block 248: padding at end of block bitmap is not set [ 262.477499][T19113] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3541: Failed to acquire dquot type 1 [ 262.497790][T19113] EXT4-fs (loop2): 1 truncate cleaned up [ 262.524397][T19113] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 262.553683][T19113] ext4 filesystem being mounted at /157/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 262.588460][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.673304][T19119] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 262.673304][T19119] program syz.3.3537 not setting count and/or reply_len properly [ 262.725461][T19142] xt_CT: You must specify a L4 protocol and not use inversions on it [ 262.738920][T19142] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3549'. [ 262.833311][T19154] FAULT_INJECTION: forcing a failure. [ 262.833311][T19154] name failslab, interval 1, probability 0, space 0, times 0 [ 262.846142][T19154] CPU: 0 UID: 0 PID: 19154 Comm: syz.1.3552 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 262.846181][T19154] Tainted: [W]=WARN [ 262.846193][T19154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 262.846205][T19154] Call Trace: [ 262.846211][T19154] [ 262.846275][T19154] __dump_stack+0x1d/0x30 [ 262.846297][T19154] dump_stack_lvl+0xe8/0x140 [ 262.846317][T19154] dump_stack+0x15/0x1b [ 262.846334][T19154] should_fail_ex+0x265/0x280 [ 262.846385][T19154] should_failslab+0x8c/0xb0 [ 262.846405][T19154] kmem_cache_alloc_noprof+0x69/0x4b0 [ 262.846428][T19154] ? skb_clone+0x151/0x1f0 [ 262.846462][T19154] skb_clone+0x151/0x1f0 [ 262.846498][T19154] nfnetlink_rcv+0x2fc/0x16c0 [ 262.846530][T19154] ? kmem_cache_free+0xe3/0x3a0 [ 262.846556][T19154] ? __kfree_skb+0x109/0x150 [ 262.846578][T19154] ? consume_skb+0x49/0x150 [ 262.846599][T19154] ? nlmon_xmit+0x4f/0x60 [ 262.846658][T19154] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 262.846774][T19154] ? __dev_queue_xmit+0x138d/0x1ec0 [ 262.846808][T19154] ? __dev_queue_xmit+0x148/0x1ec0 [ 262.846850][T19154] ? ref_tracker_free+0x37d/0x3e0 [ 262.846901][T19154] netlink_unicast+0x5c0/0x690 [ 262.846936][T19154] netlink_sendmsg+0x58b/0x6b0 [ 262.847015][T19154] ? __pfx_netlink_sendmsg+0x10/0x10 [ 262.847057][T19154] __sock_sendmsg+0x145/0x180 [ 262.847143][T19154] ____sys_sendmsg+0x31e/0x4a0 [ 262.847254][T19154] ___sys_sendmsg+0x17b/0x1d0 [ 262.847354][T19154] __x64_sys_sendmsg+0xd4/0x160 [ 262.847386][T19154] x64_sys_call+0x17ba/0x3000 [ 262.847410][T19154] do_syscall_64+0xd8/0x2a0 [ 262.847450][T19154] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.847534][T19154] RIP: 0033:0x7f814f26f749 [ 262.847550][T19154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.847587][T19154] RSP: 002b:00007f814dccf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 262.847613][T19154] RAX: ffffffffffffffda RBX: 00007f814f4c5fa0 RCX: 00007f814f26f749 [ 262.847629][T19154] RDX: 0000000024044850 RSI: 0000200000009b40 RDI: 0000000000000003 [ 262.847646][T19154] RBP: 00007f814dccf090 R08: 0000000000000000 R09: 0000000000000000 [ 262.847698][T19154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 262.847774][T19154] R13: 00007f814f4c6038 R14: 00007f814f4c5fa0 R15: 00007ffdad213058 [ 262.847796][T19154] [ 263.163819][T19165] FAULT_INJECTION: forcing a failure. [ 263.163819][T19165] name failslab, interval 1, probability 0, space 0, times 0 [ 263.176577][T19165] CPU: 0 UID: 0 PID: 19165 Comm: syz.2.3557 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 263.176616][T19165] Tainted: [W]=WARN [ 263.176625][T19165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 263.176662][T19165] Call Trace: [ 263.176669][T19165] [ 263.176678][T19165] __dump_stack+0x1d/0x30 [ 263.176704][T19165] dump_stack_lvl+0xe8/0x140 [ 263.176734][T19165] dump_stack+0x15/0x1b [ 263.176763][T19165] should_fail_ex+0x265/0x280 [ 263.176870][T19165] should_failslab+0x8c/0xb0 [ 263.176915][T19165] kmem_cache_alloc_node_noprof+0x6b/0x4c0 [ 263.176946][T19165] ? __alloc_skb+0x324/0x4d0 [ 263.176978][T19165] __alloc_skb+0x324/0x4d0 [ 263.177008][T19165] ? __alloc_skb+0x24d/0x4d0 [ 263.177094][T19165] pfkey_sendmsg+0x7e4/0x900 [ 263.177142][T19165] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 263.177179][T19165] __sock_sendmsg+0x145/0x180 [ 263.177283][T19165] ____sys_sendmsg+0x31e/0x4a0 [ 263.177320][T19165] ___sys_sendmsg+0x17b/0x1d0 [ 263.177371][T19165] __x64_sys_sendmsg+0xd4/0x160 [ 263.177481][T19165] x64_sys_call+0x17ba/0x3000 [ 263.177520][T19165] do_syscall_64+0xd8/0x2a0 [ 263.177562][T19165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.177623][T19165] RIP: 0033:0x7fbd263df749 [ 263.177642][T19165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.177719][T19165] RSP: 002b:00007fbd24e3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 263.177738][T19165] RAX: ffffffffffffffda RBX: 00007fbd26635fa0 RCX: 00007fbd263df749 [ 263.177751][T19165] RDX: 0000000000008090 RSI: 0000200000000280 RDI: 0000000000000005 [ 263.177765][T19165] RBP: 00007fbd24e3f090 R08: 0000000000000000 R09: 0000000000000000 [ 263.177780][T19165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 263.177807][T19165] R13: 00007fbd26636038 R14: 00007fbd26635fa0 R15: 00007ffd59b65088 [ 263.177831][T19165] [ 263.481939][T19174] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=19174 comm=syz.2.3561 [ 263.547976][ T10] Process accounting resumed [ 263.695520][T19230] loop3: detected capacity change from 0 to 128 [ 263.908599][ T29] kauditd_printk_skb: 466 callbacks suppressed [ 263.908616][ T29] audit: type=1326 audit(1765554665.801:29680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19243 comm="syz.2.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 263.910412][T19244] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=19244 comm=syz.2.3579 [ 263.914963][ T29] audit: type=1326 audit(1765554665.801:29681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19243 comm="syz.2.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 263.974924][ T29] audit: type=1326 audit(1765554665.801:29682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19243 comm="syz.2.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 263.998653][ T29] audit: type=1326 audit(1765554665.801:29683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19243 comm="syz.2.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 264.022295][ T29] audit: type=1326 audit(1765554665.801:29684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19243 comm="syz.2.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 264.038926][T19253] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 264.038926][T19253] program syz.1.3576 not setting count and/or reply_len properly [ 264.045909][ T29] audit: type=1326 audit(1765554665.801:29685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19243 comm="syz.2.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 264.086870][ T29] audit: type=1326 audit(1765554665.801:29686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19243 comm="syz.2.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 264.110830][ T29] audit: type=1326 audit(1765554665.801:29687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19243 comm="syz.2.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 264.134746][ T29] audit: type=1326 audit(1765554665.801:29688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19243 comm="syz.2.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 264.158516][ T29] audit: type=1326 audit(1765554665.801:29689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19243 comm="syz.2.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 264.420489][T19263] loop4: detected capacity change from 0 to 512 [ 264.444227][T19263] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 264.457070][T19263] ext4 filesystem being mounted at /43/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 264.495827][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.138346][T19308] loop3: detected capacity change from 0 to 512 [ 265.150413][T19308] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #18: comm syz.3.3596: iget: bad extra_isize 90 (inode size 256) [ 265.240332][T19308] EXT4-fs (loop3): Remounting filesystem read-only [ 265.292821][T19308] EXT4-fs warning (device loop3): ext4_evict_inode:273: xattr delete (err -30) [ 265.314266][T19308] EXT4-fs (loop3): 1 orphan inode deleted [ 265.328754][T19308] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 265.407961][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.567799][T19344] loop3: detected capacity change from 0 to 512 [ 265.578304][T19344] EXT4-fs (loop3): too many log groups per flexible block group [ 265.586051][T19344] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 265.593028][T19344] EXT4-fs (loop3): mount failed [ 265.605457][T19344] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 266.085939][T19367] bond1: option min_links: invalid value (18446744073709551608) [ 266.093739][T19367] bond1: option min_links: allowed values 0 - 2147483647 [ 266.245976][T19367] bond1 (unregistering): Released all slaves [ 266.542367][T19444] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 266.557442][T19355] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 266.557442][T19355] program syz.2.3602 not setting count and/or reply_len properly [ 266.611784][T19448] loop3: detected capacity change from 0 to 512 [ 266.637837][T19448] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3613: bg 0: block 248: padding at end of block bitmap is not set [ 266.730071][T19448] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3613: Failed to acquire dquot type 1 [ 266.757205][T19448] EXT4-fs (loop3): 1 truncate cleaned up [ 266.769812][T19448] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 266.812751][T19448] ext4 filesystem being mounted at /225/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 266.968912][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 267.002636][T19463] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2 [ 267.106423][T19469] 9pnet_fd: Insufficient options for proto=fd [ 267.111791][T19467] loop3: detected capacity change from 0 to 512 [ 267.131811][T19467] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 267.131988][T19467] ext4 filesystem being mounted at /226/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 267.223662][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 267.254443][T19476] __nla_validate_parse: 30 callbacks suppressed [ 267.254458][T19476] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3619'. [ 267.426740][T19490] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3621'. [ 267.448547][T19488] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3625'. [ 267.483775][T19488] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3625'. [ 267.529711][T19488] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3625'. [ 267.546082][T19488] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3625'. [ 267.565355][T19500] program syz.4.3628 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 267.750817][T19510] loop4: detected capacity change from 0 to 512 [ 267.756729][T19501] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 267.756729][T19501] program syz.3.3627 not setting count and/or reply_len properly [ 267.788534][T19510] EXT4-fs (loop4): too many log groups per flexible block group [ 267.798144][T19510] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 267.808057][T19510] EXT4-fs (loop4): mount failed [ 267.827699][T19510] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 267.998274][T19548] loop4: detected capacity change from 0 to 1024 [ 268.034168][T19548] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 268.175932][T19548] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3634'. [ 268.203358][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 268.272400][T19566] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3636'. [ 268.281572][T19566] netlink: 'syz.4.3636': attribute type 30 has an invalid length. [ 268.295489][ T3626] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 268.324476][ T3626] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 268.364144][ T3626] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 268.409161][ T3626] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 268.700414][T19591] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3643'. [ 268.745821][T19591] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3643'. [ 268.768648][T19592] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 269.028212][ T29] kauditd_printk_skb: 476 callbacks suppressed [ 269.028230][ T29] audit: type=1326 audit(1765554670.921:30164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19588 comm="syz.1.3644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f814f26f749 code=0x7ffc0000 [ 269.058342][ T29] audit: type=1326 audit(1765554670.921:30165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19588 comm="syz.1.3644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f814f26f749 code=0x7ffc0000 [ 269.153093][T19623] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 269.395648][T19637] xt_CT: You must specify a L4 protocol and not use inversions on it [ 269.598076][T19658] netlink: 'syz.1.3658': attribute type 30 has an invalid length. [ 269.734423][T19665] loop2: detected capacity change from 0 to 512 [ 269.792094][T19665] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3659: bg 0: block 248: padding at end of block bitmap is not set [ 269.817676][T19665] Quota error (device loop2): write_blk: dquota write failed [ 269.817701][T19665] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 269.817721][T19665] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3659: Failed to acquire dquot type 1 [ 269.818298][T19665] EXT4-fs (loop2): 1 truncate cleaned up [ 269.818759][T19665] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 269.819210][T19665] ext4 filesystem being mounted at /181/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 269.884061][T19673] loop4: detected capacity change from 0 to 1024 [ 269.967656][T19675] loop3: detected capacity change from 0 to 512 [ 269.968723][ T29] audit: type=1326 audit(1765554671.851:30166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19668 comm="syz.3.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5eedb565e7 code=0x7ffc0000 [ 269.997732][ T29] audit: type=1326 audit(1765554671.851:30167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19668 comm="syz.3.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5eedafb829 code=0x7ffc0000 [ 269.997771][ T29] audit: type=1326 audit(1765554671.851:30168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19668 comm="syz.3.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5eedb565e7 code=0x7ffc0000 [ 269.997809][ T29] audit: type=1326 audit(1765554671.851:30169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19668 comm="syz.3.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5eedafb829 code=0x7ffc0000 [ 269.997908][ T29] audit: type=1326 audit(1765554671.851:30170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19668 comm="syz.3.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedb5f749 code=0x7ffc0000 [ 269.997933][ T29] audit: type=1326 audit(1765554671.851:30171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19668 comm="syz.3.3662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f5eedb5f749 code=0x7ffc0000 [ 270.032537][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 270.234217][T19686] FAULT_INJECTION: forcing a failure. [ 270.234217][T19686] name failslab, interval 1, probability 0, space 0, times 0 [ 270.234271][T19686] CPU: 1 UID: 0 PID: 19686 Comm: syz.2.3665 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 270.234312][T19686] Tainted: [W]=WARN [ 270.234321][T19686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 270.234337][T19686] Call Trace: [ 270.234345][T19686] [ 270.234352][T19686] __dump_stack+0x1d/0x30 [ 270.234395][T19686] dump_stack_lvl+0xe8/0x140 [ 270.234456][T19686] dump_stack+0x15/0x1b [ 270.234497][T19686] should_fail_ex+0x265/0x280 [ 270.234526][T19686] should_failslab+0x8c/0xb0 [ 270.234699][T19686] kmem_cache_alloc_noprof+0x69/0x4b0 [ 270.234728][T19686] ? copy_sighand+0x52/0x1b0 [ 270.234749][T19686] copy_sighand+0x52/0x1b0 [ 270.234774][T19686] copy_process+0xc67/0x1ef0 [ 270.234807][T19686] kernel_clone+0x16c/0x5c0 [ 270.234879][T19686] ? vfs_write+0x7e8/0x960 [ 270.234905][T19686] __x64_sys_clone+0xe6/0x120 [ 270.234944][T19686] x64_sys_call+0x12d0/0x3000 [ 270.234968][T19686] do_syscall_64+0xd8/0x2a0 [ 270.235061][T19686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.235084][T19686] RIP: 0033:0x7fbd263df749 [ 270.235099][T19686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 270.235116][T19686] RSP: 002b:00007fbd24e3efe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 270.235135][T19686] RAX: ffffffffffffffda RBX: 00007fbd26635fa0 RCX: 00007fbd263df749 [ 270.235148][T19686] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000400 [ 270.235180][T19686] RBP: 00007fbd24e3f090 R08: 0000000000000000 R09: 0000000000000000 [ 270.235196][T19686] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 270.235212][T19686] R13: 00007fbd26636038 R14: 00007fbd26635fa0 R15: 00007ffd59b65088 [ 270.235236][T19686] [ 270.238284][T19673] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 270.243165][T19675] EXT4-fs (loop3): too many log groups per flexible block group [ 270.243211][T19675] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 270.243236][T19675] EXT4-fs (loop3): mount failed [ 270.358858][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 270.397685][T19674] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 270.630002][T19709] loop2: detected capacity change from 0 to 512 [ 270.658361][T19709] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3669: bg 0: block 248: padding at end of block bitmap is not set [ 270.680973][T19700] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=19700 comm=syz.0.3668 [ 270.703969][T19709] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3669: Failed to acquire dquot type 1 [ 270.748925][T19709] EXT4-fs (loop2): 1 truncate cleaned up [ 270.766743][T19709] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 270.840932][T19709] ext4 filesystem being mounted at /184/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 270.887760][T19726] loop4: detected capacity change from 0 to 512 [ 270.938094][T19726] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3673: bg 0: block 248: padding at end of block bitmap is not set [ 270.955406][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 270.982102][T19726] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.3673: Failed to acquire dquot type 1 [ 271.005153][T19726] EXT4-fs (loop4): 1 truncate cleaned up [ 271.011619][T19726] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 271.038383][T19726] ext4 filesystem being mounted at /64/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 271.179058][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.244817][T19734] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 271.244817][T19734] program syz.3.3677 not setting count and/or reply_len properly [ 271.265133][T19754] loop4: detected capacity change from 0 to 1024 [ 271.279630][T19754] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 271.321907][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.373924][T19767] 9pnet_fd: Insufficient options for proto=fd [ 271.529030][T19767] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 271.566855][T19767] ext4 filesystem being mounted at /187/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 271.635317][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.830318][T19805] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=19805 comm=syz.1.3696 [ 272.316219][T19843] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 272.456493][T19854] __nla_validate_parse: 22 callbacks suppressed [ 272.456508][T19854] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3713'. [ 272.518355][T19863] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 272.518355][T19863] program syz.4.3709 not setting count and/or reply_len properly [ 272.555228][T19855] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=19855 comm=syz.1.3712 [ 272.657936][T19870] syz!: rxe_newlink: already configured on team_slave_0 [ 272.701073][T19874] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3719'. [ 272.717528][T19874] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3719'. [ 272.730270][T19874] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3719'. [ 272.741675][T19874] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3719'. [ 272.880742][T19885] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 272.955781][T19894] set_capacity_and_notify: 1 callbacks suppressed [ 272.955862][T19894] loop3: detected capacity change from 0 to 512 [ 272.984597][T19890] loop2: detected capacity change from 0 to 512 [ 273.011219][T19894] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3726: bg 0: block 248: padding at end of block bitmap is not set [ 273.076957][T19890] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3724: bg 0: block 248: padding at end of block bitmap is not set [ 273.127237][T19894] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3726: Failed to acquire dquot type 1 [ 273.139592][T19890] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3724: Failed to acquire dquot type 1 [ 273.151984][T19890] EXT4-fs (loop2): 1 truncate cleaned up [ 273.158074][T19894] EXT4-fs (loop3): 1 truncate cleaned up [ 273.164255][T19894] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 273.187210][T19890] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 273.200005][T19894] ext4 filesystem being mounted at /247/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 273.210591][T19890] ext4 filesystem being mounted at /194/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 273.260944][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 273.260980][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 273.327127][T19918] loop2: detected capacity change from 0 to 1024 [ 273.417520][T19918] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3728'. [ 273.848825][T19970] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 273.848825][T19970] program syz.4.3736 not setting count and/or reply_len properly [ 273.905163][T19974] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3739'. [ 273.925481][T19966] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3739'. [ 273.937698][T19975] xt_CT: You must specify a L4 protocol and not use inversions on it [ 273.943683][T19966] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3739'. [ 273.960960][T19966] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3739'. [ 274.200969][ T29] kauditd_printk_skb: 652 callbacks suppressed [ 274.200988][ T29] audit: type=1326 audit(1765554676.091:30816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19987 comm="syz.0.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 274.251243][T19984] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 274.251243][T19984] program syz.2.3741 not setting count and/or reply_len properly [ 274.266159][ T29] audit: type=1326 audit(1765554676.091:30817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19987 comm="syz.0.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 274.292254][ T29] audit: type=1326 audit(1765554676.091:30818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19987 comm="syz.0.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 274.315933][ T29] audit: type=1326 audit(1765554676.091:30819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19987 comm="syz.0.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 274.339961][ T29] audit: type=1326 audit(1765554676.091:30820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19987 comm="syz.0.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 274.363976][ T29] audit: type=1326 audit(1765554676.091:30821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19987 comm="syz.0.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 274.387600][ T29] audit: type=1326 audit(1765554676.091:30822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19987 comm="syz.0.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 274.411360][ T29] audit: type=1326 audit(1765554676.091:30823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19987 comm="syz.0.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 274.435268][ T29] audit: type=1326 audit(1765554676.091:30824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19987 comm="syz.0.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 274.458830][ T29] audit: type=1326 audit(1765554676.091:30825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19987 comm="syz.0.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 275.193712][T20038] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 275.193712][T20038] program syz.2.3761 not setting count and/or reply_len properly [ 275.248529][T20048] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=20048 comm=syz.1.3766 [ 275.571970][T20074] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 275.571970][T20074] program syz.1.3770 not setting count and/or reply_len properly [ 275.676100][T20099] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=20099 comm=syz.3.3781 [ 275.785681][T20113] xt_CT: You must specify a L4 protocol and not use inversions on it [ 276.365325][T20166] 9p: Bad value for 'rfdno' [ 276.379550][T20168] 9p: Bad value for 'rfdno' [ 276.394465][T20166] loop2: detected capacity change from 0 to 512 [ 276.413840][T20166] ext4 filesystem being mounted at /203/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 276.578088][T20187] syz!: rxe_newlink: already configured on team_slave_0 [ 277.225332][T20227] loop3: detected capacity change from 0 to 512 [ 277.242131][T20212] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 277.242131][T20212] program syz.0.3805 not setting count and/or reply_len properly [ 277.268767][T20227] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3810: bg 0: block 248: padding at end of block bitmap is not set [ 277.318125][T20234] loop4: detected capacity change from 0 to 1024 [ 277.340688][T20227] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3810: Failed to acquire dquot type 1 [ 277.399584][T20227] EXT4-fs (loop3): 1 truncate cleaned up [ 277.434410][T20227] ext4 filesystem being mounted at /270/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 277.486452][T20245] 9pnet_fd: Insufficient options for proto=fd [ 277.535415][T20245] loop4: detected capacity change from 0 to 512 [ 277.691475][T20245] ext4 filesystem being mounted at /90/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 277.904805][T20263] __nla_validate_parse: 22 callbacks suppressed [ 277.904847][T20263] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3819'. [ 277.929384][T20263] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3819'. [ 277.946997][T20263] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3819'. [ 277.958780][T20263] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3819'. [ 277.973416][T20264] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=20264 comm=syz.2.3820 [ 278.094501][T20282] loop3: detected capacity change from 0 to 512 [ 278.133695][T20282] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3825: bg 0: block 248: padding at end of block bitmap is not set [ 278.167300][T20282] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3825: Failed to acquire dquot type 1 [ 278.323835][T20282] EXT4-fs (loop3): 1 truncate cleaned up [ 278.345356][T20282] ext4 filesystem being mounted at /274/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 278.364104][T20296] loop4: detected capacity change from 0 to 512 [ 278.438224][T20296] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3828: bg 0: block 248: padding at end of block bitmap is not set [ 278.453587][T20296] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.3828: Failed to acquire dquot type 1 [ 278.466362][T20296] EXT4-fs (loop4): 1 truncate cleaned up [ 278.474196][T20296] ext4 filesystem being mounted at /94/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 278.487141][T20303] syz!: rxe_newlink: already configured on team_slave_0 [ 278.502915][T20309] loop3: detected capacity change from 0 to 1024 [ 278.542012][T20300] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 278.542012][T20300] program syz.0.3829 not setting count and/or reply_len properly [ 278.564946][T20316] loop4: detected capacity change from 0 to 128 [ 278.586942][T20309] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3830'. [ 278.617026][T20316] syz.4.3832: attempt to access beyond end of device [ 278.617026][T20316] loop4: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 278.731410][T20329] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=20329 comm=syz.2.3836 [ 279.152592][T20358] loop2: detected capacity change from 0 to 1024 [ 279.206899][ T29] kauditd_printk_skb: 658 callbacks suppressed [ 279.206917][ T29] audit: type=1326 audit(1765554681.091:31478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20357 comm="syz.2.3845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 279.259309][T20358] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3845'. [ 279.287958][ T29] audit: type=1326 audit(1765554681.131:31479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20357 comm="syz.2.3845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 279.311702][ T29] audit: type=1326 audit(1765554681.131:31480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20357 comm="syz.2.3845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 279.335452][ T29] audit: type=1326 audit(1765554681.131:31481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20357 comm="syz.2.3845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 279.359261][ T29] audit: type=1326 audit(1765554681.131:31482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20357 comm="syz.2.3845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 279.383083][ T29] audit: type=1326 audit(1765554681.131:31483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20357 comm="syz.2.3845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 279.406692][ T29] audit: type=1326 audit(1765554681.131:31484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20357 comm="syz.2.3845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 279.430386][ T29] audit: type=1326 audit(1765554681.131:31485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20357 comm="syz.2.3845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 279.454069][ T29] audit: type=1326 audit(1765554681.141:31486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20357 comm="syz.2.3845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 279.477902][ T29] audit: type=1326 audit(1765554681.141:31487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20357 comm="syz.2.3845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 279.517037][T20372] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3847'. [ 279.554320][T20374] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3849'. [ 279.573909][T20374] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3849'. [ 279.589207][T20374] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3849'. [ 279.652540][T20378] 9pnet_fd: Insufficient options for proto=fd [ 279.664426][T20378] loop2: detected capacity change from 0 to 512 [ 279.680454][T20378] ext4 filesystem being mounted at /222/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 279.833722][T20392] loop3: detected capacity change from 0 to 512 [ 279.859952][T20392] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3855: bg 0: block 248: padding at end of block bitmap is not set [ 279.878705][T20392] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3855: Failed to acquire dquot type 1 [ 279.941671][T20392] EXT4-fs (loop3): 1 truncate cleaned up [ 279.964312][T20392] ext4 filesystem being mounted at /281/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 280.076158][T20427] 9pnet_fd: Insufficient options for proto=fd [ 280.106459][T20427] loop3: detected capacity change from 0 to 512 [ 280.113309][T20415] loop2: detected capacity change from 0 to 512 [ 280.133176][T20427] ext4 filesystem being mounted at /282/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 280.180637][T20415] ext4 filesystem being mounted at /224/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 280.351852][T20477] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=20477 comm=syz.3.3870 [ 280.428225][T20483] 9pnet_fd: Insufficient options for proto=fd [ 280.512166][T20491] loop3: detected capacity change from 0 to 1024 [ 280.526431][T20472] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 280.612486][T20510] 9pnet_fd: Insufficient options for proto=fd [ 280.991514][T20530] ext4 filesystem being mounted at /226/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 281.239064][T20554] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 281.248112][T20550] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3888: bg 0: block 248: padding at end of block bitmap is not set [ 281.263436][T20550] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3888: Failed to acquire dquot type 1 [ 281.275384][T20550] EXT4-fs (loop2): 1 truncate cleaned up [ 281.347127][T20550] ext4 filesystem being mounted at /229/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 281.747978][T20610] 9pnet_fd: Insufficient options for proto=fd [ 281.810032][T20622] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3906: bg 0: block 248: padding at end of block bitmap is not set [ 281.815301][T20610] ext4 filesystem being mounted at /292/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 281.831119][T20622] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.3906: Failed to acquire dquot type 1 [ 281.847080][T20622] EXT4-fs (loop4): 1 truncate cleaned up [ 281.853445][T20622] ext4 filesystem being mounted at /109/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 281.864958][T20641] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=20641 comm=syz.1.3905 [ 282.415337][T20692] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=20692 comm=syz.1.3919 [ 282.569333][T20698] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3920: bg 0: block 248: padding at end of block bitmap is not set [ 282.625791][T20698] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3920: Failed to acquire dquot type 1 [ 282.688080][T20698] EXT4-fs (loop3): 1 truncate cleaned up [ 282.706933][T20698] EXT4-fs mount: 36 callbacks suppressed [ 282.706952][T20698] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 282.797192][T20698] ext4 filesystem being mounted at /295/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 282.815299][T20713] 9pnet_fd: Insufficient options for proto=fd [ 282.836074][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 282.952515][T20718] __nla_validate_parse: 13 callbacks suppressed [ 282.952536][T20718] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3924'. [ 283.370145][T20747] set_capacity_and_notify: 5 callbacks suppressed [ 283.370161][T20747] loop2: detected capacity change from 0 to 512 [ 283.399867][T20740] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=20740 comm=syz.0.3932 [ 283.501125][T20754] netlink: 'syz.3.3933': attribute type 30 has an invalid length. [ 283.531802][ T3638] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 283.541260][T20747] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3931: bg 0: block 248: padding at end of block bitmap is not set [ 283.556313][T20747] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3931: Failed to acquire dquot type 1 [ 283.569136][ T3638] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 283.577649][T20747] EXT4-fs (loop2): 1 truncate cleaned up [ 283.578224][ T3638] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 283.592434][ T3638] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 283.594745][T20747] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 283.692201][T20747] ext4 filesystem being mounted at /235/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 283.801612][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 283.801705][T20763] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3936'. [ 283.873616][T20765] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3938'. [ 284.216909][ T29] kauditd_printk_skb: 1121 callbacks suppressed [ 284.216932][ T29] audit: type=1326 audit(1765554686.101:32599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20790 comm="syz.2.3945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 284.218147][T20791] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3945'. [ 284.223389][ T29] audit: type=1326 audit(1765554686.101:32600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20790 comm="syz.2.3945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 284.409721][ T29] audit: type=1326 audit(1765554686.111:32601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20790 comm="syz.2.3945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 284.433373][ T29] audit: type=1326 audit(1765554686.211:32602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20790 comm="syz.2.3945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 284.457147][ T29] audit: type=1326 audit(1765554686.211:32603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20790 comm="syz.2.3945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 284.480890][ T29] audit: type=1326 audit(1765554686.221:32604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20785 comm="syz.0.3943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4ef5f065e7 code=0x7ffc0000 [ 284.504459][ T29] audit: type=1326 audit(1765554686.221:32605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20785 comm="syz.0.3943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4ef5eab829 code=0x7ffc0000 [ 284.528008][ T29] audit: type=1326 audit(1765554686.221:32606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20785 comm="syz.0.3943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4ef5f065e7 code=0x7ffc0000 [ 284.551796][ T29] audit: type=1326 audit(1765554686.221:32607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20785 comm="syz.0.3943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4ef5eab829 code=0x7ffc0000 [ 284.575487][ T29] audit: type=1326 audit(1765554686.221:32608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20785 comm="syz.0.3943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 284.668711][T20792] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 284.668711][T20792] program syz.4.3944 not setting count and/or reply_len properly [ 284.693540][T20804] loop3: detected capacity change from 0 to 512 [ 284.731285][T20804] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 284.747662][T20804] ext4 filesystem being mounted at /300/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 284.811537][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 284.869971][T20824] syz!: rxe_newlink: already configured on team_slave_0 [ 284.905997][T20833] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3956'. [ 285.071545][T20854] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3960'. [ 285.135202][T20855] xt_CT: You must specify a L4 protocol and not use inversions on it [ 285.157008][T20863] FAULT_INJECTION: forcing a failure. [ 285.157008][T20863] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 285.170300][T20863] CPU: 0 UID: 0 PID: 20863 Comm: syz.3.3965 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 285.170398][T20863] Tainted: [W]=WARN [ 285.170406][T20863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 285.170431][T20863] Call Trace: [ 285.170439][T20863] [ 285.170447][T20863] __dump_stack+0x1d/0x30 [ 285.170474][T20863] dump_stack_lvl+0xe8/0x140 [ 285.170534][T20863] dump_stack+0x15/0x1b [ 285.170555][T20863] should_fail_ex+0x265/0x280 [ 285.170586][T20863] should_fail+0xb/0x20 [ 285.170670][T20863] should_fail_usercopy+0x1a/0x20 [ 285.170696][T20863] strncpy_from_user+0x27/0x260 [ 285.170738][T20863] getname_flags+0xae/0x3b0 [ 285.170770][T20863] user_path_at+0x28/0x130 [ 285.170853][T20863] __se_sys_fspick+0xaa/0x240 [ 285.170883][T20863] __x64_sys_fspick+0x43/0x50 [ 285.170908][T20863] x64_sys_call+0x2bf9/0x3000 [ 285.170943][T20863] do_syscall_64+0xd8/0x2a0 [ 285.170984][T20863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.171051][T20863] RIP: 0033:0x7f5eedb5f749 [ 285.171106][T20863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.171169][T20863] RSP: 002b:00007f5eec5bf038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1 [ 285.171194][T20863] RAX: ffffffffffffffda RBX: 00007f5eeddb5fa0 RCX: 00007f5eedb5f749 [ 285.171211][T20863] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffffffffffffff [ 285.171227][T20863] RBP: 00007f5eec5bf090 R08: 0000000000000000 R09: 0000000000000000 [ 285.171244][T20863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 285.171260][T20863] R13: 00007f5eeddb6038 R14: 00007f5eeddb5fa0 R15: 00007fffb6ff40a8 [ 285.171285][T20863] [ 285.446726][T20866] loop4: detected capacity change from 0 to 512 [ 285.459144][T20855] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3961'. [ 285.470907][T20866] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 285.485206][T20866] ext4 filesystem being mounted at /123/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 285.551237][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 285.642491][T20881] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 285.666565][T20887] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3973'. [ 285.829366][T20896] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3975'. [ 286.056158][T20916] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3984'. [ 286.079290][T20918] 9pnet_fd: Insufficient options for proto=fd [ 286.090593][T20918] loop2: detected capacity change from 0 to 512 [ 286.120442][T20918] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 286.146500][T20918] ext4 filesystem being mounted at /248/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 286.227614][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.284466][T20940] loop4: detected capacity change from 0 to 512 [ 286.305378][T20940] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3991: bg 0: block 248: padding at end of block bitmap is not set [ 286.321204][T20940] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.3991: Failed to acquire dquot type 1 [ 286.347134][T20940] EXT4-fs (loop4): 1 truncate cleaned up [ 286.355753][T20940] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 286.368516][T20940] ext4 filesystem being mounted at /132/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 286.392245][T20950] syz!: rxe_newlink: already configured on team_slave_0 [ 286.417333][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.536627][T20969] loop3: detected capacity change from 0 to 512 [ 286.568790][T20969] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 286.581989][T20969] ext4 filesystem being mounted at /311/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 286.631360][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.856920][T20977] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 286.856920][T20977] program syz.0.4002 not setting count and/or reply_len properly [ 287.113558][T21016] loop2: detected capacity change from 0 to 512 [ 287.139432][T21016] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.4014: bg 0: block 248: padding at end of block bitmap is not set [ 287.154918][T21016] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.4014: Failed to acquire dquot type 1 [ 287.168495][T21016] EXT4-fs (loop2): 1 truncate cleaned up [ 287.174800][T21016] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 287.188876][T21016] ext4 filesystem being mounted at /258/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 287.281479][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.378436][T21027] netlink: 'syz.2.4017': attribute type 1 has an invalid length. [ 287.390495][T21029] 9pnet_fd: Insufficient options for proto=fd [ 287.418850][T21027] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.445258][T21027] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.449725][T21029] loop4: detected capacity change from 0 to 512 [ 287.459249][T21027] bond0: (slave vxcan3): The slave device specified does not support setting the MAC address [ 287.471280][T21027] bond0: (slave vxcan3): Error -95 calling set_mac_address [ 287.491027][T21074] gretap1: entered promiscuous mode [ 287.499408][T21074] bond0: (slave gretap1): making interface the new active one [ 287.508451][T21029] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 287.527688][T21029] ext4 filesystem being mounted at /134/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 287.538874][T21074] bond0: (slave gretap1): Enslaving as an active interface with an up link [ 287.615804][T21086] netlink: 'syz.1.4021': attribute type 30 has an invalid length. [ 287.632170][T21027] macvlan2: entered promiscuous mode [ 287.637619][T21027] macvlan2: entered allmulticast mode [ 287.664650][T21027] bond0: entered promiscuous mode [ 287.687333][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.714064][T21027] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 287.743591][T21027] bond0: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 287.757756][T21027] bond0: left promiscuous mode [ 288.097300][T21109] Set syz1 is full, maxelem 65536 reached [ 288.128907][T21117] __nla_validate_parse: 7 callbacks suppressed [ 288.128958][T21117] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4027'. [ 288.173953][T21117] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4027'. [ 288.198806][T21117] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4027'. [ 288.216998][T21117] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4027'. [ 288.384932][T21131] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4031'. [ 288.424508][T21127] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=21127 comm=syz.4.4030 [ 288.550513][T21142] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 288.586735][T21149] loop2: detected capacity change from 0 to 512 [ 288.610577][T21149] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 288.623312][T21149] ext4 filesystem being mounted at /265/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 288.657124][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.970260][T21173] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 288.970260][T21173] program syz.4.4043 not setting count and/or reply_len properly [ 289.021926][T21183] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=21183 comm=syz.1.4049 [ 289.142272][T21190] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 289.142272][T21190] program syz.2.4050 not setting count and/or reply_len properly [ 289.227228][ T29] kauditd_printk_skb: 859 callbacks suppressed [ 289.227246][ T29] audit: type=1326 audit(1765554691.121:33464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21198 comm="syz.1.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f814f26f749 code=0x7ffc0000 [ 289.228086][ T29] audit: type=1326 audit(1765554691.121:33465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21198 comm="syz.1.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f814f26f749 code=0x7ffc0000 [ 289.228229][ T29] audit: type=1326 audit(1765554691.121:33466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21198 comm="syz.1.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f814f26f749 code=0x7ffc0000 [ 289.228412][ T29] audit: type=1326 audit(1765554691.121:33467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21198 comm="syz.1.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f814f26f749 code=0x7ffc0000 [ 289.228597][ T29] audit: type=1326 audit(1765554691.121:33468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21198 comm="syz.1.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f814f26f749 code=0x7ffc0000 [ 289.239892][ T29] audit: type=1326 audit(1765554691.131:33469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21198 comm="syz.1.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f814f26f749 code=0x7ffc0000 [ 289.242157][ T29] audit: type=1326 audit(1765554691.131:33470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21198 comm="syz.1.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f814f26f749 code=0x7ffc0000 [ 289.242369][ T29] audit: type=1326 audit(1765554691.131:33471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21198 comm="syz.1.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f814f26f749 code=0x7ffc0000 [ 289.245102][ T29] audit: type=1326 audit(1765554691.131:33472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21198 comm="syz.1.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f814f26f749 code=0x7ffc0000 [ 289.245395][ T29] audit: type=1326 audit(1765554691.131:33473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21198 comm="syz.1.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f814f26f749 code=0x7ffc0000 [ 289.258804][T21202] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 289.285457][T21204] 9pnet_fd: Insufficient options for proto=fd [ 289.832603][T21216] loop4: detected capacity change from 0 to 764 [ 289.838150][T21216] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 289.979176][T21216] Symlink component flag not implemented [ 290.006111][T21216] Symlink component flag not implemented (7) [ 290.016614][T21224] Symlink component flag not implemented (7) [ 290.152359][T21248] 9pnet_fd: Insufficient options for proto=fd [ 290.177799][T21248] loop3: detected capacity change from 0 to 512 [ 290.189975][T21249] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=21249 comm=syz.0.4066 [ 290.304731][T21248] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 290.348274][T21248] ext4 filesystem being mounted at /320/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 290.384539][T21258] 9pnet_fd: Insufficient options for proto=fd [ 290.516138][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 290.668108][T21283] loop3: detected capacity change from 0 to 512 [ 290.799241][T21283] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 290.827241][T21283] ext4 filesystem being mounted at /323/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 290.913190][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.031057][T21291] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4078'. [ 291.059620][T21291] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4078'. [ 291.078421][T21291] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4078'. [ 291.107684][T21291] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4078'. [ 291.530758][T21314] xt_CT: You must specify a L4 protocol and not use inversions on it [ 291.542453][T21317] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=21317 comm=syz.1.4085 [ 291.542773][T21314] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4084'. [ 292.805653][T21432] openvswitch: netlink: EtherType 0 is less than min 600 [ 293.251222][T21476] loop3: detected capacity change from 0 to 512 [ 293.255089][T21478] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=21478 comm=syz.2.4119 [ 293.290078][T21476] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4118: bg 0: block 248: padding at end of block bitmap is not set [ 293.335740][T21476] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.4118: Failed to acquire dquot type 1 [ 293.352752][T21486] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 293.373823][T21476] EXT4-fs (loop3): 1 truncate cleaned up [ 293.380363][T21476] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.435833][T21476] ext4 filesystem being mounted at /332/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 293.500351][T21495] __nla_validate_parse: 8 callbacks suppressed [ 293.500369][T21495] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4123'. [ 293.503423][T21498] openvswitch: netlink: EtherType 0 is less than min 600 [ 293.562819][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.644117][T21506] 9pnet_fd: p9_fd_create_unix (21506): problem connecting socket: ./file0: -2 [ 293.675127][T21509] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4128'. [ 293.729798][T21512] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4129'. [ 293.743093][T21512] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4129'. [ 293.756944][T21512] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4129'. [ 293.779771][T21512] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4129'. [ 293.887869][T21522] FAULT_INJECTION: forcing a failure. [ 293.887869][T21522] name failslab, interval 1, probability 0, space 0, times 0 [ 293.900687][T21522] CPU: 0 UID: 0 PID: 21522 Comm: syz.4.4132 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 293.900725][T21522] Tainted: [W]=WARN [ 293.900733][T21522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 293.900783][T21522] Call Trace: [ 293.900792][T21522] [ 293.900803][T21522] __dump_stack+0x1d/0x30 [ 293.900829][T21522] dump_stack_lvl+0xe8/0x140 [ 293.900897][T21522] dump_stack+0x15/0x1b [ 293.900917][T21522] should_fail_ex+0x265/0x280 [ 293.900946][T21522] should_failslab+0x8c/0xb0 [ 293.901036][T21522] __kmalloc_cache_noprof+0x65/0x4c0 [ 293.901068][T21522] ? do_inotify_init+0x93/0x270 [ 293.901122][T21522] do_inotify_init+0x93/0x270 [ 293.901191][T21522] __x64_sys_inotify_init1+0x1e/0x30 [ 293.901224][T21522] x64_sys_call+0x2873/0x3000 [ 293.901256][T21522] do_syscall_64+0xd8/0x2a0 [ 293.901356][T21522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.901451][T21522] RIP: 0033:0x7f48665df749 [ 293.901467][T21522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 293.901487][T21522] RSP: 002b:00007f4865047038 EFLAGS: 00000246 ORIG_RAX: 0000000000000126 [ 293.901506][T21522] RAX: ffffffffffffffda RBX: 00007f4866835fa0 RCX: 00007f48665df749 [ 293.901547][T21522] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 293.901581][T21522] RBP: 00007f4865047090 R08: 0000000000000000 R09: 0000000000000000 [ 293.901597][T21522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 293.901613][T21522] R13: 00007f4866836038 R14: 00007f4866835fa0 R15: 00007fff5e756018 [ 293.901634][T21522] [ 294.157561][T21529] loop4: detected capacity change from 0 to 512 [ 294.333318][T21529] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.4135: bg 0: block 248: padding at end of block bitmap is not set [ 294.355000][T21545] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4139'. [ 294.371024][T21529] __quota_error: 580 callbacks suppressed [ 294.371045][T21529] Quota error (device loop4): write_blk: dquota write failed [ 294.384384][T21529] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 294.394441][T21529] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.4135: Failed to acquire dquot type 1 [ 294.406550][T21543] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 294.458566][T21547] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4141'. [ 294.513802][T21539] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4139'. [ 294.527151][T21529] EXT4-fs (loop4): 1 truncate cleaned up [ 294.530006][T21549] loop3: detected capacity change from 0 to 512 [ 294.533192][T21529] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 294.567080][T21529] ext4 filesystem being mounted at /162/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 294.578279][T21550] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4141'. [ 294.603177][T21549] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4143: bg 0: block 248: padding at end of block bitmap is not set [ 294.619742][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.631752][T21549] Quota error (device loop3): write_blk: dquota write failed [ 294.639228][T21549] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 294.649212][T21549] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.4143: Failed to acquire dquot type 1 [ 294.669618][T21549] EXT4-fs (loop3): 1 truncate cleaned up [ 294.677658][T21549] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 294.729663][T21549] ext4 filesystem being mounted at /334/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 294.755352][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.810335][ T29] audit: type=1400 audit(1765554696.701:34052): avc: denied { setopt } for pid=21567 comm="syz.2.4149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 294.873035][ T29] audit: type=1400 audit(1765554696.761:34053): avc: denied { cpu } for pid=21571 comm="syz.1.4150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 295.080929][T21588] loop3: detected capacity change from 0 to 512 [ 295.081938][ T29] audit: type=1326 audit(1765554696.961:34054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21580 comm="syz.3.4151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedb5f749 code=0x7ffc0000 [ 295.082049][ T29] audit: type=1326 audit(1765554696.961:34055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21580 comm="syz.3.4151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f5eedb5f749 code=0x7ffc0000 [ 295.082078][ T29] audit: type=1326 audit(1765554696.961:34056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21580 comm="syz.3.4151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedb5f749 code=0x7ffc0000 [ 295.082171][ T29] audit: type=1326 audit(1765554696.961:34057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21580 comm="syz.3.4151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5eedb5f749 code=0x7ffc0000 [ 295.103157][T21588] EXT4-fs (loop3): too many log groups per flexible block group [ 295.103232][T21588] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 295.103259][T21588] EXT4-fs (loop3): mount failed [ 295.109127][T21588] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 295.324384][T21599] loop2: detected capacity change from 0 to 512 [ 295.342903][T21599] EXT4-fs warning (device loop2): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 295.343165][T21599] EXT4-fs (loop2): mount failed [ 295.470652][T21615] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=21615 comm=syz.0.4159 [ 295.673619][T21633] netlink: 'syz.0.4164': attribute type 1 has an invalid length. [ 295.821108][T21645] FAULT_INJECTION: forcing a failure. [ 295.821108][T21645] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 295.834324][T21645] CPU: 0 UID: 0 PID: 21645 Comm: syz.0.4168 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 295.834356][T21645] Tainted: [W]=WARN [ 295.834362][T21645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 295.834446][T21645] Call Trace: [ 295.834453][T21645] [ 295.834462][T21645] __dump_stack+0x1d/0x30 [ 295.834497][T21645] dump_stack_lvl+0xe8/0x140 [ 295.834541][T21645] dump_stack+0x15/0x1b [ 295.834593][T21645] should_fail_ex+0x265/0x280 [ 295.834638][T21645] should_fail+0xb/0x20 [ 295.834729][T21645] should_fail_usercopy+0x1a/0x20 [ 295.834761][T21645] strncpy_from_user+0x27/0x260 [ 295.834802][T21645] getname_flags+0xae/0x3b0 [ 295.834860][T21645] user_path_at+0x28/0x130 [ 295.834898][T21645] do_fchownat+0xb0/0x210 [ 295.835039][T21645] __x64_sys_chown+0x47/0x60 [ 295.835073][T21645] x64_sys_call+0x2eb9/0x3000 [ 295.835105][T21645] do_syscall_64+0xd8/0x2a0 [ 295.835198][T21645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.835243][T21645] RIP: 0033:0x7f4ef5f0f749 [ 295.835262][T21645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.835286][T21645] RSP: 002b:00007f4ef4977038 EFLAGS: 00000246 ORIG_RAX: 000000000000005c [ 295.835311][T21645] RAX: ffffffffffffffda RBX: 00007f4ef6165fa0 RCX: 00007f4ef5f0f749 [ 295.835327][T21645] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 295.835344][T21645] RBP: 00007f4ef4977090 R08: 0000000000000000 R09: 0000000000000000 [ 295.835357][T21645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 295.835385][T21645] R13: 00007f4ef6166038 R14: 00007f4ef6165fa0 R15: 00007ffe336da988 [ 295.835409][T21645] [ 296.103138][T21655] loop3: detected capacity change from 0 to 4096 [ 296.138690][T21655] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 296.192752][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.301004][T21673] loop4: detected capacity change from 0 to 512 [ 296.379830][T21673] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.4173: bg 0: block 248: padding at end of block bitmap is not set [ 296.404580][T21673] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.4173: Failed to acquire dquot type 1 [ 296.454123][T21673] EXT4-fs (loop4): 1 truncate cleaned up [ 296.464332][T21687] loop3: detected capacity change from 0 to 128 [ 296.479068][T21673] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 296.503441][T21673] ext4 filesystem being mounted at /168/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 296.603358][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.810330][T21701] loop2: detected capacity change from 0 to 1024 [ 296.831915][T21701] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 296.852392][T21687] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 296.860165][T21687] FAT-fs (loop3): Filesystem has been set read-only [ 296.905765][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.981117][T21697] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 296.981117][T21697] program syz.4.4181 not setting count and/or reply_len properly [ 297.025736][T21716] FAULT_INJECTION: forcing a failure. [ 297.025736][T21716] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 297.038989][T21716] CPU: 1 UID: 0 PID: 21716 Comm: syz.2.4186 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 297.039068][T21716] Tainted: [W]=WARN [ 297.039077][T21716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 297.039095][T21716] Call Trace: [ 297.039104][T21716] [ 297.039114][T21716] __dump_stack+0x1d/0x30 [ 297.039145][T21716] dump_stack_lvl+0xe8/0x140 [ 297.039199][T21716] dump_stack+0x15/0x1b [ 297.039224][T21716] should_fail_ex+0x265/0x280 [ 297.039255][T21716] should_fail+0xb/0x20 [ 297.039279][T21716] should_fail_usercopy+0x1a/0x20 [ 297.039361][T21716] _copy_from_user+0x1c/0xb0 [ 297.039388][T21716] ___sys_sendmsg+0xc1/0x1d0 [ 297.039449][T21716] __x64_sys_sendmsg+0xd4/0x160 [ 297.039490][T21716] x64_sys_call+0x17ba/0x3000 [ 297.039572][T21716] do_syscall_64+0xd8/0x2a0 [ 297.039608][T21716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.039633][T21716] RIP: 0033:0x7fbd263df749 [ 297.039652][T21716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.039732][T21716] RSP: 002b:00007fbd24e3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 297.039755][T21716] RAX: ffffffffffffffda RBX: 00007fbd26635fa0 RCX: 00007fbd263df749 [ 297.039773][T21716] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005 [ 297.039804][T21716] RBP: 00007fbd24e3f090 R08: 0000000000000000 R09: 0000000000000000 [ 297.039817][T21716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 297.039835][T21716] R13: 00007fbd26636038 R14: 00007fbd26635fa0 R15: 00007ffd59b65088 [ 297.039932][T21716] [ 297.291770][T21722] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 297.556950][T21749] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 298.047361][T21804] loop3: detected capacity change from 0 to 512 [ 298.125976][T21808] loop4: detected capacity change from 0 to 512 [ 298.132948][T21804] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4210: bg 0: block 248: padding at end of block bitmap is not set [ 298.149774][T21808] EXT4-fs: dax option not supported [ 298.156136][T21804] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.4210: Failed to acquire dquot type 1 [ 298.216534][T21804] EXT4-fs (loop3): 1 truncate cleaned up [ 298.223283][T21804] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 298.236561][T21804] ext4 filesystem being mounted at /345/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 298.311793][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 298.378782][T21815] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 298.618707][T21823] __nla_validate_parse: 27 callbacks suppressed [ 298.618726][T21823] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4214'. [ 298.703308][T21828] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4215'. [ 298.873523][T21847] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4216'. [ 298.916261][T21819] Set syz1 is full, maxelem 65536 reached [ 299.681137][ T29] kauditd_printk_skb: 454 callbacks suppressed [ 299.681157][ T29] audit: type=1326 audit(1765554701.572:34507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21890 comm="syz.2.4224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 299.742553][T21897] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4226'. [ 299.758790][ T29] audit: type=1326 audit(1765554701.612:34508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21890 comm="syz.2.4224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 299.782697][ T29] audit: type=1326 audit(1765554701.612:34509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21890 comm="syz.2.4224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 299.806411][ T29] audit: type=1326 audit(1765554701.612:34510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21890 comm="syz.2.4224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 299.830065][ T29] audit: type=1326 audit(1765554701.612:34511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21890 comm="syz.2.4224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 299.853838][ T29] audit: type=1326 audit(1765554701.612:34512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21890 comm="syz.2.4224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 299.877547][ T29] audit: type=1326 audit(1765554701.612:34513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21890 comm="syz.2.4224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 299.901332][ T29] audit: type=1326 audit(1765554701.612:34514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21890 comm="syz.2.4224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 299.925215][ T29] audit: type=1326 audit(1765554701.612:34515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21890 comm="syz.2.4224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 299.949177][ T29] audit: type=1326 audit(1765554701.612:34516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21890 comm="syz.2.4224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 299.993257][T21901] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=21901 comm=syz.0.4225 [ 300.155491][T21910] loop2: detected capacity change from 0 to 512 [ 300.178480][T21910] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 300.195012][T21916] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4227'. [ 300.204474][T21921] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4229'. [ 300.223797][T21910] ext4 filesystem being mounted at /304/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 300.291753][T21923] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4230'. [ 300.340408][T21925] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 300.359312][T21928] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4230'. [ 300.368810][T21928] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4230'. [ 300.387279][T21928] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4230'. [ 300.566646][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 300.811072][T21950] loop4: detected capacity change from 0 to 512 [ 300.835448][T21950] EXT4-fs (loop4): too many log groups per flexible block group [ 300.901234][T21950] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 300.945474][T21950] EXT4-fs (loop4): mount failed [ 300.997281][T21950] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 301.444844][T22002] 9p: Could not find request transport: fd0x0000000000000005 [ 301.545182][T22015] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=22015 comm=syz.2.4247 [ 301.634935][T22021] xt_CT: You must specify a L4 protocol and not use inversions on it [ 301.921879][T22048] loop4: detected capacity change from 0 to 1024 [ 302.032065][T22048] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 302.116437][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 302.676963][T22092] xt_CT: You must specify a L4 protocol and not use inversions on it [ 303.143146][T22106] loop4: detected capacity change from 0 to 7 [ 303.167334][T22106] Buffer I/O error on dev loop4, logical block 0, async page read [ 303.216026][T22106] Buffer I/O error on dev loop4, logical block 0, async page read [ 303.223914][T22106] loop4: unable to read partition table [ 303.245795][T22114] 9p: Could not find request transport: fd0x0000000000000005 [ 303.268890][T22114] loop2: detected capacity change from 0 to 512 [ 303.278400][T22106] loop_reread_partitions: partition scan of loop4 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 303.279676][T22113] pim6reg: entered allmulticast mode [ 303.306823][T22114] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 303.336108][T22114] ext4 filesystem being mounted at /312/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 303.558792][T22106] pim6reg: left allmulticast mode [ 303.588561][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 303.698886][T22131] xt_CT: You must specify a L4 protocol and not use inversions on it [ 303.834416][T22131] __nla_validate_parse: 16 callbacks suppressed [ 303.834487][T22131] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4276'. [ 304.062990][T22145] FAULT_INJECTION: forcing a failure. [ 304.062990][T22145] name failslab, interval 1, probability 0, space 0, times 0 [ 304.075735][T22145] CPU: 0 UID: 0 PID: 22145 Comm: syz.4.4278 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 304.075806][T22145] Tainted: [W]=WARN [ 304.075815][T22145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 304.075831][T22145] Call Trace: [ 304.075840][T22145] [ 304.075916][T22145] __dump_stack+0x1d/0x30 [ 304.075948][T22145] dump_stack_lvl+0xe8/0x140 [ 304.075974][T22145] dump_stack+0x15/0x1b [ 304.075999][T22145] should_fail_ex+0x265/0x280 [ 304.076025][T22145] ? asymmetric_key_describe+0x81/0x150 [ 304.076136][T22145] should_failslab+0x8c/0xb0 [ 304.076161][T22145] __kmalloc_node_track_caller_noprof+0xb9/0x5b0 [ 304.076191][T22145] ? asymmetric_lookup_restriction+0x7b/0x370 [ 304.076265][T22145] ? asymmetric_key_describe+0x81/0x150 [ 304.076305][T22145] kstrndup+0x80/0x130 [ 304.076323][T22145] ? __pfx_asymmetric_lookup_restriction+0x10/0x10 [ 304.076389][T22145] asymmetric_lookup_restriction+0x7b/0x370 [ 304.076419][T22145] ? strcmp+0x22/0x50 [ 304.076491][T22145] ? __pfx_asymmetric_lookup_restriction+0x10/0x10 [ 304.076574][T22145] keyring_restrict+0xf7/0x280 [ 304.076607][T22145] keyctl_restrict_keyring+0x107/0x1b0 [ 304.076632][T22145] __se_sys_keyctl+0x1ed/0xb80 [ 304.076717][T22145] ? __rcu_read_unlock+0x4f/0x70 [ 304.076740][T22145] ? __fget_files+0x184/0x1c0 [ 304.076765][T22145] ? mutex_unlock+0x4f/0x90 [ 304.076792][T22145] ? fput+0x8f/0xc0 [ 304.076900][T22145] __x64_sys_keyctl+0x67/0x80 [ 304.076919][T22145] x64_sys_call+0x27b8/0x3000 [ 304.076947][T22145] do_syscall_64+0xd8/0x2a0 [ 304.077067][T22145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.077090][T22145] RIP: 0033:0x7f48665df749 [ 304.077149][T22145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.077169][T22145] RSP: 002b:00007f4865047038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 304.077188][T22145] RAX: ffffffffffffffda RBX: 00007f4866835fa0 RCX: 00007f48665df749 [ 304.077201][T22145] RDX: 0000200000000240 RSI: 00000000237775b0 RDI: 000000000000001d [ 304.077212][T22145] RBP: 00007f4865047090 R08: 0000000000000000 R09: 0000000000000000 [ 304.077224][T22145] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001 [ 304.077236][T22145] R13: 00007f4866836038 R14: 00007f4866835fa0 R15: 00007fff5e756018 [ 304.077282][T22145] [ 304.487321][T22149] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 304.572632][T22156] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4285'. [ 304.591707][T22156] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4285'. [ 304.613285][T22163] xt_CT: You must specify a L4 protocol and not use inversions on it [ 304.622407][T22156] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4285'. [ 304.637227][T22163] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4287'. [ 304.646535][T22156] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4285'. [ 304.687421][ T29] kauditd_printk_skb: 430 callbacks suppressed [ 304.687436][ T29] audit: type=1326 audit(1765554706.582:34947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22161 comm="syz.1.4284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f814f26f749 code=0x7ffc0000 [ 304.728714][ T29] audit: type=1326 audit(1765554706.622:34948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22159 comm="syz.0.4279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 304.759783][ T29] audit: type=1326 audit(1765554706.652:34949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22159 comm="syz.0.4279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 304.783650][ T29] audit: type=1326 audit(1765554706.652:34950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22159 comm="syz.0.4279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 304.807391][ T29] audit: type=1326 audit(1765554706.652:34951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22159 comm="syz.0.4279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 304.831573][ T29] audit: type=1326 audit(1765554706.652:34952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22159 comm="syz.0.4279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 304.855264][ T29] audit: type=1326 audit(1765554706.652:34953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22159 comm="syz.0.4279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 304.879134][ T29] audit: type=1326 audit(1765554706.652:34954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22159 comm="syz.0.4279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 304.880135][T22180] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4289'. [ 304.902888][ T29] audit: type=1326 audit(1765554706.652:34955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22159 comm="syz.0.4279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 304.935557][ T29] audit: type=1326 audit(1765554706.652:34956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22159 comm="syz.0.4279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef5f0f749 code=0x7ffc0000 [ 304.964200][T22179] loop3: detected capacity change from 0 to 512 [ 304.971915][T22179] EXT4-fs: Ignoring removed i_version option [ 304.978072][T22179] EXT4-fs: Ignoring removed bh option [ 304.985385][T22176] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 304.995820][T22176] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.010428][T22179] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 305.036001][T22179] ext4 filesystem being mounted at /363/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 305.062051][T22176] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 305.072463][T22176] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.122100][T22176] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 305.132523][T22176] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.147548][T22201] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4297'. [ 305.185464][T22200] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4296'. [ 305.316133][T22176] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 305.326524][T22176] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.430467][ T3489] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.438775][ T3489] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.482452][ T3489] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.490860][ T3489] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.500102][ T3489] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.508512][ T3489] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.589500][T22240] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22240 comm=syz.4.4304 [ 305.602707][ T3489] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.611020][ T3489] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.626241][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 305.984522][T22262] loop4: detected capacity change from 0 to 512 [ 306.153122][T22262] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 306.175758][T22262] ext4 filesystem being mounted at /196/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 306.336191][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 306.417622][T22277] loop4: detected capacity change from 0 to 128 [ 306.442217][T22275] xt_CT: You must specify a L4 protocol and not use inversions on it [ 306.463349][T22275] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4315'. [ 306.503128][T22282] loop4: detected capacity change from 0 to 1024 [ 306.542712][T22282] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 306.677562][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 306.876619][T22315] loop4: detected capacity change from 0 to 164 [ 306.897292][T22315] syz.4.4321: attempt to access beyond end of device [ 306.897292][T22315] loop4: rw=8912896, sector=263328, nr_sectors = 4 limit=164 [ 306.915608][T22315] syz.4.4321: attempt to access beyond end of device [ 306.915608][T22315] loop4: rw=8388608, sector=263328, nr_sectors = 4 limit=164 [ 307.061906][ T4143] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 307.149522][T22358] SELinux: failed to load policy [ 307.210206][T22370] loop4: detected capacity change from 0 to 512 [ 307.223647][T22363] bridge_slave_1: left allmulticast mode [ 307.229426][T22363] bridge_slave_1: left promiscuous mode [ 307.235239][T22363] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.244250][T22363] bridge_slave_0: left allmulticast mode [ 307.247126][T22370] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.4325: bg 0: block 248: padding at end of block bitmap is not set [ 307.250130][T22363] bridge_slave_0: left promiscuous mode [ 307.270045][T22363] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.271180][T22370] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.4325: Failed to acquire dquot type 1 [ 307.305372][T22370] EXT4-fs (loop4): 1 truncate cleaned up [ 307.312908][T22370] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 307.327038][T22370] ext4 filesystem being mounted at /202/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 307.417876][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 307.665771][T22407] loop2: detected capacity change from 0 to 1024 [ 307.697518][T22407] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 307.786748][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 308.038070][T22443] loop2: detected capacity change from 0 to 512 [ 308.047258][T22443] EXT4-fs (loop2): too many log groups per flexible block group [ 308.047312][T22443] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 308.047339][T22443] EXT4-fs (loop2): mount failed [ 308.065947][T22443] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2 [ 308.179163][T22457] loop3: detected capacity change from 0 to 512 [ 308.229735][T22457] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4350: bg 0: block 248: padding at end of block bitmap is not set [ 308.230125][T22457] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.4350: Failed to acquire dquot type 1 [ 308.230767][T22457] EXT4-fs (loop3): 1 truncate cleaned up [ 308.231250][T22457] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 308.231350][T22457] ext4 filesystem being mounted at /371/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 308.299528][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 308.400345][T22478] xt_CT: You must specify a L4 protocol and not use inversions on it [ 309.048115][T22519] __nla_validate_parse: 16 callbacks suppressed [ 309.048132][T22519] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4361'. [ 309.105862][T22521] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4362'. [ 309.293500][T22525] xt_CT: You must specify a L4 protocol and not use inversions on it [ 309.305321][T22525] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4365'. [ 309.524960][T22549] loop4: detected capacity change from 0 to 512 [ 309.531578][T22562] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4374'. [ 309.560188][T22549] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 309.577247][T22549] ext4 filesystem being mounted at /211/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 309.603785][T22549] EXT4-fs warning (device loop4): ext4_empty_dir:3087: inode #12: comm syz.4.4373: directory missing '.' [ 309.633230][T22578] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4377'. [ 309.666944][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 309.668126][T22582] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4376'. [ 309.747483][T22591] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4380'. [ 309.749244][T22585] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4378'. [ 309.777833][T22585] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4378'. [ 309.790071][T22585] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4378'. [ 309.881916][T22603] loop4: detected capacity change from 0 to 512 [ 309.926577][T22603] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.4379: bg 0: block 248: padding at end of block bitmap is not set [ 309.965984][T22603] __quota_error: 942 callbacks suppressed [ 309.966017][T22603] Quota error (device loop4): write_blk: dquota write failed [ 309.979432][T22603] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 309.989506][T22603] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.4379: Failed to acquire dquot type 1 [ 310.032204][T22603] EXT4-fs (loop4): 1 truncate cleaned up [ 310.046054][T22603] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 310.063725][T22612] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 310.068386][T22603] ext4 filesystem being mounted at /212/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 310.088889][ T29] audit: type=1326 audit(1765554711.983:35895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22611 comm="syz.3.4385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5eedb565e7 code=0x7ffc0000 [ 310.123516][ T29] audit: type=1326 audit(1765554712.013:35896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22611 comm="syz.3.4385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5eedafb829 code=0x7ffc0000 [ 310.147510][ T29] audit: type=1326 audit(1765554712.013:35897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22611 comm="syz.3.4385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5eedb565e7 code=0x7ffc0000 [ 310.171132][ T29] audit: type=1326 audit(1765554712.013:35898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22611 comm="syz.3.4385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5eedafb829 code=0x7ffc0000 [ 310.195015][ T29] audit: type=1326 audit(1765554712.013:35899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22611 comm="syz.3.4385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedb5f749 code=0x7ffc0000 [ 310.218755][ T29] audit: type=1326 audit(1765554712.013:35900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22611 comm="syz.3.4385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5eedb5f749 code=0x7ffc0000 [ 310.242600][ T29] audit: type=1326 audit(1765554712.013:35901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22611 comm="syz.3.4385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedb5f749 code=0x7ffc0000 [ 310.266370][ T29] audit: type=1326 audit(1765554712.013:35902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22611 comm="syz.3.4385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedb5f749 code=0x7ffc0000 [ 310.302882][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.333411][T12616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.408968][T22629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 310.431403][T22629] bond0: (slave ip6tnl0): The slave device specified does not support setting the MAC address [ 310.443103][T22629] bond0: (slave ip6tnl0): Error -95 calling set_mac_address [ 310.485733][T22641] FAULT_INJECTION: forcing a failure. [ 310.485733][T22641] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 310.498996][T22641] CPU: 1 UID: 0 PID: 22641 Comm: syz.0.4393 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 310.499036][T22641] Tainted: [W]=WARN [ 310.499045][T22641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 310.499062][T22641] Call Trace: [ 310.499071][T22641] [ 310.499081][T22641] __dump_stack+0x1d/0x30 [ 310.499113][T22641] dump_stack_lvl+0xe8/0x140 [ 310.499141][T22641] dump_stack+0x15/0x1b [ 310.499166][T22641] should_fail_ex+0x265/0x280 [ 310.499265][T22641] should_fail+0xb/0x20 [ 310.499317][T22641] should_fail_usercopy+0x1a/0x20 [ 310.499414][T22641] strncpy_from_user+0x27/0x260 [ 310.499457][T22641] __se_sys_memfd_create+0x206/0x6b0 [ 310.499500][T22641] __x64_sys_memfd_create+0x31/0x40 [ 310.499541][T22641] x64_sys_call+0x28cb/0x3000 [ 310.499588][T22641] do_syscall_64+0xd8/0x2a0 [ 310.499629][T22641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.499650][T22641] RIP: 0033:0x7f4ef5f0f749 [ 310.499670][T22641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.499706][T22641] RSP: 002b:00007f4ef4976e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 310.499730][T22641] RAX: ffffffffffffffda RBX: 0000000000000483 RCX: 00007f4ef5f0f749 [ 310.499747][T22641] RDX: 00007f4ef4976ef0 RSI: 0000000000000000 RDI: 00007f4ef5f94960 [ 310.499764][T22641] RBP: 0000200000001040 R08: 00007f4ef4976bb7 R09: 00007f4ef4976e40 [ 310.499798][T22641] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000001c0 [ 310.499821][T22641] R13: 00007f4ef4976ef0 R14: 00007f4ef4976eb0 R15: 00002000000002c0 [ 310.499846][T22641] [ 310.742133][T22652] 9pnet_fd: Insufficient options for proto=fd [ 310.782619][T22652] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 310.782764][T22652] ext4 filesystem being mounted at /327/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 310.807862][T22659] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 310.808024][T22659] ext4 filesystem being mounted at /381/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 310.906244][T22654] EXT4-fs (loop4): too many log groups per flexible block group [ 310.926636][T22654] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 310.972571][T22685] FAULT_INJECTION: forcing a failure. [ 310.972571][T22685] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 310.985770][T22685] CPU: 1 UID: 0 PID: 22685 Comm: syz.3.4404 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 310.985880][T22685] Tainted: [W]=WARN [ 310.985890][T22685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 310.985944][T22685] Call Trace: [ 310.985953][T22685] [ 310.985964][T22685] __dump_stack+0x1d/0x30 [ 310.986063][T22685] dump_stack_lvl+0xe8/0x140 [ 310.986093][T22685] dump_stack+0x15/0x1b [ 310.986119][T22685] should_fail_ex+0x265/0x280 [ 310.986179][T22685] should_fail+0xb/0x20 [ 310.986198][T22685] should_fail_usercopy+0x1a/0x20 [ 310.986222][T22685] _copy_to_user+0x20/0xa0 [ 310.986256][T22685] copy_siginfo_to_user+0x22/0xb0 [ 310.986341][T22685] x64_setup_rt_frame+0x2b5/0x580 [ 310.986372][T22685] arch_do_signal_or_restart+0x24c/0x450 [ 310.986407][T22685] exit_to_user_mode_loop+0x6a/0x740 [ 310.986440][T22685] do_syscall_64+0x202/0x2a0 [ 310.986495][T22685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.986558][T22685] RIP: 0033:0x7f5eedb5f749 [ 310.986598][T22685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.986629][T22685] RSP: 002b:00007f5eec5bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 310.986654][T22685] RAX: fffffffffffffff2 RBX: 00007f5eeddb5fa0 RCX: 00007f5eedb5f749 [ 310.986724][T22685] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 310.986737][T22685] RBP: 00007f5eec5bf090 R08: 0000000000000000 R09: 0000000000000000 [ 310.986750][T22685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 310.986766][T22685] R13: 00007f5eeddb6038 R14: 00007f5eeddb5fa0 R15: 00007fffb6ff40a8 [ 310.986792][T22685] [ 311.047440][T22654] EXT4-fs (loop4): mount failed [ 311.176586][T22654] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 311.295962][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 311.370086][T22713] set_capacity_and_notify: 4 callbacks suppressed [ 311.370106][T22713] loop2: detected capacity change from 0 to 512 [ 311.387530][T22713] ext4 filesystem being mounted at /333/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 311.425533][T22723] loop2: detected capacity change from 0 to 512 [ 311.434688][T22723] EXT4-fs warning (device loop2): ext4_xattr_inode_get:560: inode #11: comm syz.2.4413: EA inode hash validation failed [ 311.448121][T22723] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #15: comm syz.2.4413: corrupted inode contents [ 311.460949][T22723] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #15: comm syz.2.4413: mark_inode_dirty error [ 311.477843][T22723] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #15: comm syz.2.4413: corrupted inode contents [ 311.490577][T22723] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3000: inode #15: comm syz.2.4413: mark_inode_dirty error [ 311.504332][T22723] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3003: inode #15: comm syz.2.4413: mark inode dirty (error -117) [ 311.517579][T22723] EXT4-fs warning (device loop2): ext4_evict_inode:273: xattr delete (err -117) [ 311.526864][T22723] EXT4-fs (loop2): 1 orphan inode deleted [ 311.738968][T22747] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 311.770383][T22747] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 311.770407][T22747] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 311.770448][T22747] vhci_hcd vhci_hcd.0: Device attached [ 311.778817][T22747] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(9) [ 311.778844][T22747] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 311.778895][T22747] vhci_hcd vhci_hcd.0: Device attached [ 311.786794][T22760] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=22760 comm=syz.1.4422 [ 311.791883][T22747] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(11) [ 311.835191][T22747] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 311.835517][T22747] vhci_hcd vhci_hcd.0: Device attached [ 311.846920][T22756] vhci_hcd: connection closed [ 311.847009][T22753] vhci_hcd: connection closed [ 311.852408][T16069] vhci_hcd vhci_hcd.0: stop threads [ 311.852429][T16069] vhci_hcd vhci_hcd.0: release socket [ 311.852445][T16069] vhci_hcd vhci_hcd.0: disconnect device [ 311.852504][T16069] vhci_hcd vhci_hcd.0: stop threads [ 311.852521][T16069] vhci_hcd vhci_hcd.0: release socket [ 311.852536][T16069] vhci_hcd vhci_hcd.0: disconnect device [ 311.858852][T22761] vhci_hcd: connection closed [ 311.871722][T22768] loop4: detected capacity change from 0 to 512 [ 311.874105][ T388] vhci_hcd vhci_hcd.0: stop threads [ 311.874176][ T388] vhci_hcd vhci_hcd.0: release socket [ 311.874193][ T388] vhci_hcd vhci_hcd.0: disconnect device [ 311.939845][T22768] EXT4-fs (loop4): too many log groups per flexible block group [ 311.968304][T22768] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 311.968339][T22768] EXT4-fs (loop4): mount failed [ 312.025295][T22768] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 312.222692][T22786] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 312.222692][T22786] program syz.2.4427 not setting count and/or reply_len properly [ 312.309314][T22792] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 312.309314][T22792] program syz.4.4429 not setting count and/or reply_len properly [ 312.724885][T22819] loop4: detected capacity change from 0 to 7 [ 312.743583][T22819] Buffer I/O error on dev loop4, logical block 0, async page read [ 312.771302][T22819] Buffer I/O error on dev loop4, logical block 0, async page read [ 312.779312][T22819] loop4: unable to read partition table [ 312.797914][T22819] loop_reread_partitions: partition scan of loop4 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 312.811174][T22822] pim6reg: entered allmulticast mode [ 312.829988][T22819] pim6reg: left allmulticast mode [ 312.878488][T22823] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=22823 comm=syz.3.4441 [ 313.578355][T22866] 9pnet_fd: Insufficient options for proto=fd [ 313.975748][T22870] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 313.975748][T22870] program syz.0.4453 not setting count and/or reply_len properly [ 314.171915][T22888] __nla_validate_parse: 34 callbacks suppressed [ 314.171937][T22888] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4456'. [ 314.325300][T22900] xt_CT: You must specify a L4 protocol and not use inversions on it [ 314.341890][T22896] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4462'. [ 314.390341][T22906] 9pnet_fd: Insufficient options for proto=fd [ 314.417367][T22906] loop2: detected capacity change from 0 to 512 [ 314.433024][T22911] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 314.460733][T22906] EXT4-fs mount: 6 callbacks suppressed [ 314.460754][T22906] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 314.517639][T22906] ext4 filesystem being mounted at /347/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 314.647054][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 314.693385][T22933] FAULT_INJECTION: forcing a failure. [ 314.693385][T22933] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 314.706686][T22933] CPU: 1 UID: 0 PID: 22933 Comm: syz.0.4475 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 314.706767][T22933] Tainted: [W]=WARN [ 314.706776][T22933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 314.706791][T22933] Call Trace: [ 314.706799][T22933] [ 314.706808][T22933] __dump_stack+0x1d/0x30 [ 314.706855][T22933] dump_stack_lvl+0xe8/0x140 [ 314.706946][T22933] dump_stack+0x15/0x1b [ 314.706968][T22933] should_fail_ex+0x265/0x280 [ 314.707049][T22933] should_fail+0xb/0x20 [ 314.707073][T22933] should_fail_usercopy+0x1a/0x20 [ 314.707169][T22933] _copy_from_user+0x1c/0xb0 [ 314.707201][T22933] ___sys_recvmsg+0xaa/0x370 [ 314.707235][T22933] ? _parse_integer+0x27/0x40 [ 314.707268][T22933] do_recvmmsg+0x1ef/0x540 [ 314.707337][T22933] ? get_timespec64+0xc9/0x100 [ 314.707407][T22933] __x64_sys_recvmmsg+0xfb/0x170 [ 314.707437][T22933] x64_sys_call+0x2b75/0x3000 [ 314.707467][T22933] do_syscall_64+0xd8/0x2a0 [ 314.707512][T22933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.707534][T22933] RIP: 0033:0x7f4ef5f0f749 [ 314.707553][T22933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.707573][T22933] RSP: 002b:00007f4ef4977038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 314.707598][T22933] RAX: ffffffffffffffda RBX: 00007f4ef6165fa0 RCX: 00007f4ef5f0f749 [ 314.707610][T22933] RDX: 0000000000000001 RSI: 00002000000037c0 RDI: 0000000000000003 [ 314.707632][T22933] RBP: 00007f4ef4977090 R08: 0000200000003700 R09: 0000000000000000 [ 314.707647][T22933] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000001 [ 314.707663][T22933] R13: 00007f4ef6166038 R14: 00007f4ef6165fa0 R15: 00007ffe336da988 [ 314.707685][T22933] [ 314.918282][T22929] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4472'. [ 314.977992][T22941] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4478'. [ 315.011237][T22944] loop2: detected capacity change from 0 to 512 [ 315.063280][T22949] xt_CT: You must specify a L4 protocol and not use inversions on it [ 315.063354][T22944] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 315.082905][T22949] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4480'. [ 315.103074][T22944] EXT4-fs (loop2): orphan cleanup on readonly fs [ 315.110957][T22944] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.4473: corrupted inode contents [ 315.162427][T22944] EXT4-fs (loop2): Remounting filesystem read-only [ 315.178023][T22944] EXT4-fs (loop2): 1 truncate cleaned up [ 315.183974][ T3645] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 315.194581][ T3645] __quota_error: 598 callbacks suppressed [ 315.194600][ T3645] Quota error (device loop2): write_blk: dquota write failed [ 315.207906][ T3645] Quota error (device loop2): remove_free_dqentry: Can't write block (5) with free entries [ 315.217940][ T3645] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 315.228508][ T3645] Quota error (device loop2): write_blk: dquota write failed [ 315.235936][ T3645] Quota error (device loop2): free_dqentry: Can't move quota data block (5) to free list [ 315.246503][ T3645] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 315.256668][ T3645] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 315.270740][ T3645] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 315.281412][T22944] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 315.288810][T22954] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 315.288810][T22954] program syz.4.4479 not setting count and/or reply_len properly [ 315.328533][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.403012][ T29] audit: type=1326 audit(1765554717.294:36499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22967 comm="syz.3.4485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedb5f749 code=0x7ffc0000 [ 315.426953][ T29] audit: type=1326 audit(1765554717.294:36500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22967 comm="syz.3.4485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedb5f749 code=0x7ffc0000 [ 315.427571][T22968] loop3: detected capacity change from 0 to 512 [ 315.450551][ T29] audit: type=1326 audit(1765554717.294:36501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22967 comm="syz.3.4485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f5eedb5f749 code=0x7ffc0000 [ 315.450591][ T29] audit: type=1326 audit(1765554717.294:36502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22967 comm="syz.3.4485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedb5f749 code=0x7ffc0000 [ 315.525221][T22968] EXT4-fs (loop3): too many log groups per flexible block group [ 315.533028][T22968] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 315.549155][T22968] EXT4-fs (loop3): mount failed [ 315.590483][T22980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4486'. [ 315.615900][T22980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4486'. [ 315.629427][T22988] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4488'. [ 315.637403][T22980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4486'. [ 315.651559][T22980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4486'. [ 315.796377][T23003] loop4: detected capacity change from 0 to 7 [ 315.803135][T23003] Buffer I/O error on dev loop4, logical block 0, async page read [ 315.812747][T23003] Buffer I/O error on dev loop4, logical block 0, async page read [ 315.820671][T23003] loop4: unable to read partition table [ 315.828942][T23003] loop_reread_partitions: partition scan of loop4 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 315.845902][T23003] pim6reg: entered allmulticast mode [ 315.925658][T23003] pim6reg: left allmulticast mode [ 315.942264][T23015] 9p: Bad value for 'wfdno' [ 316.337192][T23038] pim6reg: entered allmulticast mode [ 316.353883][T23038] pim6reg: left allmulticast mode [ 316.449906][T23050] 9pnet_fd: Insufficient options for proto=fd [ 316.729779][T23067] pim6reg: entered allmulticast mode [ 316.738361][T23067] pim6reg: left allmulticast mode [ 317.058400][T23087] loop4: detected capacity change from 0 to 512 [ 317.098405][T23087] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.4520: bg 0: block 248: padding at end of block bitmap is not set [ 317.153671][T23087] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.4520: Failed to acquire dquot type 1 [ 317.205001][T23087] EXT4-fs (loop4): 1 truncate cleaned up [ 317.214949][T23087] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 317.248080][T23087] ext4 filesystem being mounted at /239/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 317.334049][T17007] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 317.455961][T23120] 9pnet_fd: Insufficient options for proto=fd [ 317.687695][T23142] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=23142 comm=syz.4.4535 [ 318.220104][T23195] 9pnet_fd: Insufficient options for proto=fd [ 318.230195][T23195] loop2: detected capacity change from 0 to 512 [ 318.253757][T23195] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 318.278668][T23195] ext4 filesystem being mounted at /355/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 318.414112][T23206] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=23206 comm=syz.1.4548 [ 318.522102][T14751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 319.141205][T23244] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 319.277321][T23231] sg_write: data in/out 134243804/1 bytes for SCSI command 0xc4-- guessing data in; [ 319.277321][T23231] program syz.2.4554 not setting count and/or reply_len properly [ 319.757519][T23274] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=23274 comm=syz.0.4561 [ 319.773975][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 320.059901][T23297] __nla_validate_parse: 20 callbacks suppressed [ 320.059950][T23297] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4568'. [ 320.082467][T23297] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4568'. [ 320.095559][T23297] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4568'. [ 320.107193][T23294] xt_CT: You must specify a L4 protocol and not use inversions on it [ 320.117355][T23297] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4568'. [ 320.128537][T23294] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4566'. [ 320.157102][T23299] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4567'. [ 320.200096][T23301] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4569'. [ 320.218958][T23303] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4570'. [ 320.228688][T23301] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4569'. [ 320.241353][T23301] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4569'. [ 320.907093][T23313] ================================================================== [ 320.915235][T23313] BUG: KCSAN: data-race in __filemap_remove_folio / folio_mapping [ 320.923355][T23313] [ 320.925722][T23313] write to 0xffffea0004246818 of 8 bytes by task 23211 on cpu 1: [ 320.933434][T23313] __filemap_remove_folio+0x1a5/0x2a0 [ 320.938819][T23313] filemap_remove_folio+0x6d/0x1d0 [ 320.943947][T23313] truncate_inode_folio+0x42/0x50 [ 320.948982][T23313] shmem_undo_range+0x244/0xa80 [ 320.953871][T23313] shmem_evict_inode+0x12e/0x510 [ 320.958849][T23313] evict+0x2af/0x510 [ 320.962788][T23313] iput+0x4bd/0x650 [ 320.966623][T23313] dentry_unlink_inode+0x24f/0x260 [ 320.971752][T23313] __dentry_kill+0x18d/0x4b0 [ 320.976458][T23313] finish_dput+0x2b/0x200 [ 320.980798][T23313] dput+0x52/0x60 [ 320.984436][T23313] __fput+0x444/0x650 [ 320.988424][T23313] ____fput+0x1c/0x30 [ 320.992412][T23313] task_work_run+0x131/0x1a0 [ 320.997000][T23313] do_exit+0x493/0x15d0 [ 321.001162][T23313] do_group_exit+0xff/0x140 [ 321.005669][T23313] get_signal+0xe58/0xf70 [ 321.010004][T23313] arch_do_signal_or_restart+0x96/0x450 [ 321.015563][T23313] irqentry_exit+0xfb/0x560 [ 321.020074][T23313] asm_exc_page_fault+0x26/0x30 [ 321.025010][T23313] [ 321.027335][T23313] read to 0xffffea0004246818 of 8 bytes by task 23313 on cpu 0: [ 321.034962][T23313] folio_mapping+0xa1/0xe0 [ 321.039402][T23313] evict_folios+0xe05/0x3590 [ 321.043995][T23313] try_to_shrink_lruvec+0x5b5/0x950 [ 321.049251][T23313] shrink_lruvec+0x22e/0x1b50 [ 321.053950][T23313] shrink_node+0x66c/0x2010 [ 321.058460][T23313] do_try_to_free_pages+0x3f6/0xcd0 [ 321.063668][T23313] try_to_free_mem_cgroup_pages+0x1ab/0x410 [ 321.069574][T23313] try_charge_memcg+0x383/0xa10 [ 321.074430][T23313] obj_cgroup_charge_pages+0xa6/0x150 [ 321.079910][T23313] __memcg_kmem_charge_page+0x9f/0x170 [ 321.085393][T23313] __alloc_frozen_pages_noprof+0x18f/0x360 [ 321.091216][T23313] alloc_pages_mpol+0xb3/0x260 [ 321.095991][T23313] alloc_pages_noprof+0x90/0x130 [ 321.100977][T23313] io_region_allocate_pages+0xd8/0x330 [ 321.106454][T23313] io_create_region+0x2b2/0x330 [ 321.111315][T23313] io_allocate_scq_urings+0x248/0x390 [ 321.116696][T23313] io_uring_create+0x2d4/0x4e0 [ 321.121466][T23313] __se_sys_io_uring_setup+0x1be/0x1d0 [ 321.126924][T23313] __x64_sys_io_uring_setup+0x31/0x40 [ 321.132398][T23313] x64_sys_call+0x244c/0x3000 [ 321.137082][T23313] do_syscall_64+0xd8/0x2a0 [ 321.141595][T23313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.147497][T23313] [ 321.149907][T23313] value changed: 0xffff8881061d7ef8 -> 0x0000000000000000 [ 321.157020][T23313] [ 321.159337][T23313] Reported by Kernel Concurrency Sanitizer on: [ 321.165488][T23313] CPU: 0 UID: 0 PID: 23313 Comm: syz.1.4571 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 321.176865][T23313] Tainted: [W]=WARN [ 321.180688][T23313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 321.190768][T23313] ================================================================== [ 321.214457][ T29] kauditd_printk_skb: 464 callbacks suppressed [ 321.214471][ T29] audit: type=1326 audit(1765554723.114:36965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23332 comm="syz.2.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbd263d65e7 code=0x7ffc0000 [ 321.282194][ T29] audit: type=1326 audit(1765554723.114:36966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23332 comm="syz.2.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbd2637b829 code=0x7ffc0000 [ 321.305917][ T29] audit: type=1326 audit(1765554723.114:36967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23332 comm="syz.2.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbd263d65e7 code=0x7ffc0000 [ 321.329774][ T29] audit: type=1326 audit(1765554723.114:36968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23332 comm="syz.2.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbd2637b829 code=0x7ffc0000 [ 321.353361][ T29] audit: type=1326 audit(1765554723.114:36969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23332 comm="syz.2.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 321.377121][ T29] audit: type=1326 audit(1765554723.114:36970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23332 comm="syz.2.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 321.400797][ T29] audit: type=1326 audit(1765554723.114:36971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23332 comm="syz.2.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 321.425903][ T29] audit: type=1326 audit(1765554723.114:36972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23332 comm="syz.2.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 321.449560][ T29] audit: type=1326 audit(1765554723.114:36973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23332 comm="syz.2.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbd263df749 code=0x7ffc0000 [ 321.473364][ T29] audit: type=1326 audit(1765554723.114:36974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23332 comm="syz.2.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbd263d65e7 code=0x7ffc0000