last executing test programs: 3.848898919s ago: executing program 1 (id=2424): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e24, 0x4, @ipv4={'\x00', '\xff\xff', @local}, 0x7}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x3f}}, @in={0x2, 0x4e22, @multicast1}], 0x4c) r1 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x480283, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x7606, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x2, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x33, &(0x7f0000000040)={0x0, 0x0}, 0x10) 3.80143081s ago: executing program 1 (id=2426): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x19, 0x0, 0x0, 0x0, 0x8}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000810) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007800c00018008000140e00000020c0002800800"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) 3.76966611s ago: executing program 1 (id=2430): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x1, 0x6}, 0x2, 0x0, 0x2, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x2}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x20, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}, 0x440, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d370987f70e06d038e7ff7fc6e5539b0d650e8b089b3f353b6c090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000540)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a066f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0effeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r3, 0x4, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @void, @void}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x20004000) fchownat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000) 3.021166542s ago: executing program 1 (id=2448): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) writev(r2, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1) (fail_nth: 3) 2.694179348s ago: executing program 1 (id=2458): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f00000028c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="28000000140001ec4a2cec481e43a50001"], 0x28}}, 0x4000) getrusage(0x0, 0x0) 2.693811637s ago: executing program 1 (id=2459): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2008002, &(0x7f0000000380), 0x1, 0x55f, &(0x7f0000000d00)="$eJzs3c9vHFcdAPDvjH9t0zROoAeogAQoBBRlN960UdVLwwWEqkqIigPikBp7Y5nsZkN2XWoTCfdvAAkkTvAncEDigNQTB24cEELigBDlgFTAAsVIHBbN7Njd2rvNNl7v1t7PR5rMj/dmvu+ts/PevrXnBTC1LkXEdkTMR8RrEbFYHE+KJW52lyzfw50HK7s7D1aS6HRe/WeSp2fHoueczJPFNUsR8fWvRHw7ORy3tbl1Z7ler90v9ivtxr1Ka3Pr6npjea22Vrtbrd5YunHthevPVw+c+Ydzj1vXi41fvPPl9Ze/8etfffLt321/8ftZsc4Wab31GKVu1ef242RmI+Ll4wg2ATPFen7C5eDxpBHxkYj4TP7+X4yZ/H8nAHCadTqL0Vns3R+gNDAFADhh0nwMLEnLEZGmRSeg3B3DezrOpPVmq33ldnPj7mp3rOx8zKW31+u1axcW/vTdPPNcku0v5Wl5er5fPbB/PSIuRMSPFp7I98srzfrqZLo8ADD1nuxt/yPiPwtpWi4PdWqfb/UAgBOjNOkCAABjp/0HgOmj/QeA6TNE+1982b997GUBAMbD538AmD7afwCYPtp/AJgqX3vllWzp7BbPv159fXPjTvP1q6u11p1yY2OlvNK8f6+81myu5c/saTzqevVm897Sc7HxRqVda7Urrc2tW43mxt32rfy53rdqc2OpFQDwfi5cfOuPSURsv/hEvkTPXA7aajjd0hHmAk6WmaOcrIMAJ5rZvmB6DdWE552E3x57WYDJ6Psw71Lfzff6yQcI4veM4EPl8seHH/83xzOcLh9wZP/3xzJJPjARjzf+/9LIywGMn/F/mF6dTnJwzv/5/SQA4FQ6wq/wdX4wqk4IMFGPmsx7JN//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwClzNiK+E0lazucCT7N/03I54qmIOB9zye31eu1aRJyLixExt5DtL0260ADAEaV/T4r5vy4vPnv2YOp88t+FfB0R3/vpqz9+Y7ndvr+UHf/X/vGFvenDqu+ed4R5BQGA4f11mEx5+10t1j0f5B/uPFjZW46xjIe886X9yUdXdnce5Es3ZTY6nU4nopT3Jc78O4nZ4pxSRDwTETMjiL/9ZkR8rF/9k3xs5Hwx82lv/ChiPzXW+Ol74qd5WnedvXwfHUFZYNq8ld1/bvZ7/6VxKV/3f/+X8jvU0eX3v1LE3r1vtyf+bBFppk/87D1/adgYz/3mq4cOdha7aW9GPDPbL36yHz8ZEP/ZIeP/+ROf+uFLA9I6P4u4HP3j98aqtBv3Kq3NravrjeW12lrtbrV6Y+nGtReuP1+t5GPUlb2R6sP+8eKVc4PKltX/zID4pb71n98/93ND1v/n/3vtW59+d3fhYPwvfLb/z//pvvG7sjbx80PGXz7zy4HTd2fxVwfU/1E//ytDxn/7b1urQ2YFAMagtbl1Z7ler90/0kb2KXQU1zm0kRVxuMx73cXBeYoMN9/vOn+JfGNEL8uAjawzNkzmueN6VY99Y3a/rzjaK38zu+KYq5OOvBZH2ng4rliTuR8B43OoeQQAAAAAAAAAAAAAAD50xvGnS5OuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKfX/wMAAP//8RXBxA==") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='percpu_create_chunk\x00', r1}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc"], 0x50) 1.060021053s ago: executing program 0 (id=2491): fsmount(0xffffffffffffffff, 0x0, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x200500) write$usbip_server(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000040)={'bond0\x00', 0x1001}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x1468, 0x1170, 0x1170, 0x1398, 0x0, 0x1170, 0x1398, 0x1398, 0x1398, 0x1398, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], 'ip6tnl0\x00', 'veth0_to_hsr\x00', {}, {}, 0x6}, 0x0, 0x1128, 0x1170, 0x0, {}, [@common=@inet=@multiport={{0x50}}, @common=@unspec=@cgroup1={{0x1030}, {0x0, 0x2, 0x0, 0x0, './cgroup.net/syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@multicast2, 'netpci0\x00'}}}, {{@uncond, 0x0, 0x1e0, 0x228, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x23, 0x0, [@empty, @local, @remote, @mcast2, @loopback, @rand_addr=' \x01\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @local}, @mcast1, @loopback, @remote, @mcast2, @empty, @rand_addr=' \x01\x00', @mcast1, @remote]}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x14c8) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x16, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r3}, 0x18) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x18) openat$selinux_attr(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(0x0, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x3) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4006000}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0) pipe2$9p(&(0x7f0000000000), 0x4000) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 866.147356ms ago: executing program 0 (id=2498): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x35, 0x1, 0x2, 0x0, 0x0, 0x0, 0x2c450, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x0, 0xe145}, 0x105f5b, 0xfffd, 0x401, 0x8, 0x8, 0x20002, 0x40a, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r0, 0x7, &(0x7f00000003c0)={0x1, 0x2, 0x400, 0x7ff}) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x69) mq_open(0x0, 0x6e93ebbbcc0884f2, 0x196, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x14, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r2}, 0x10) unshare(0x2040400) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000008385000000710000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r5}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00', r4}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f00000002c0)={0x80, 0x0, 0x0, 0x0, 0x2}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 814.848987ms ago: executing program 0 (id=2499): prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000480)=ANY=[@ANYBLOB="08000000000000000a00000000000000ff"], 0x5000) 791.840448ms ago: executing program 0 (id=2500): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@alu={0x4, 0x0, 0xd, 0x0, 0x0, 0x100, 0x10}]}, &(0x7f0000000500)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x94) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000000)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0], 0x0, 0x84, &(0x7f0000000100)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000140), &(0x7f0000000240), 0x8, 0x1f, 0x8, 0x8, &(0x7f0000000300)}}, 0x10) bpf$TOKEN_CREATE(0x24, &(0x7f0000000380), 0x8) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYRES8=r1, @ANYRES32=r0, @ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6088}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) syz_usb_connect(0x4, 0x24, 0x0, 0x0) r4 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$selinux_access(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a637261636b5f657865635f743a7330202f7573722f7362696e2f637570732d62726f7773656420303030303030303030303030303030303030306ea0"], 0x4e) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{}, &(0x7f00000005c0), &(0x7f0000000600)=r2}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x70, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000001e80)={&(0x7f0000001dc0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001e40)={&(0x7f0000001e00)={0x24, 0x3f7, 0x1, 0x70bd25, 0x25dfdbff, {0x5, 0x7, './bus', './file0'}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000800)='rpcgss_upcall_msg\x00', r5}, 0x18) r6 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) sendmsg(r6, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 475.533463ms ago: executing program 2 (id=2514): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) add_key(&(0x7f0000000380)='asymmetric\x00', 0x0, &(0x7f0000000880)="10", 0x1, 0xffffffffffffffff) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94) 424.226164ms ago: executing program 2 (id=2515): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$SIOCX25SSUBSCRIP(r1, 0x89e1, &(0x7f0000000600)={'veth0\x00', 0x1, 0x81}) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001240)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001cc0)=@newtfilter={0x864, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xf}, {0x9}, {0x0, 0x5}}, [@filter_kind_options=@f_route={{0xa}, {0x834, 0x2, [@TCA_ROUTE4_POLICE={0x820, 0x5, [@TCA_POLICE_PEAKRATE64={0xc}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0xd4, 0x7, 0x0, 0x7, 0x5, 0x400, 0x7, 0x3, 0x8ad5e94, 0x81, 0x1, 0x1, 0x7, 0x4, 0x7fffffff, 0x100, 0x4, 0x3, 0x1, 0x3, 0x9, 0x2, 0x1, 0x401, 0x40, 0x3, 0x7, 0x6b84, 0x9, 0x2, 0x3, 0x1, 0x9, 0xd, 0x400, 0x9, 0x5, 0x3, 0x9, 0x9, 0x800, 0xfffffffc, 0x7, 0x2, 0x665, 0x0, 0x5b9, 0x9, 0xa33b, 0x8, 0xfffffffa, 0x7, 0x8001, 0x2, 0xa, 0x10001, 0x7, 0x7, 0x40, 0x6, 0xfc72, 0x23, 0x63d, 0x7, 0x85, 0x3, 0x80000000, 0x5, 0x1, 0x1, 0x36cebc92, 0x7cbfa57a, 0x0, 0x1, 0xbc, 0x4, 0x1, 0x1, 0xffff, 0x60, 0x7f, 0xc90, 0xae, 0x28e08e39, 0x401, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0xb, 0xffff, 0x1, 0xfffffff6, 0x6a, 0x4, 0x3, 0x7f, 0x7fffffff, 0x5, 0x8, 0xa, 0x101, 0x7, 0x9, 0x5, 0x0, 0x101, 0x5, 0x10, 0xffffffb7, 0x3, 0x6, 0x3, 0x7fff, 0x0, 0xffffffff, 0x7, 0x5, 0xec0, 0x3, 0x9, 0x9, 0xffff0000, 0x6, 0x3, 0xcc4, 0x9, 0x7, 0x80000000, 0x6, 0x800, 0x401, 0x6, 0x1, 0x5, 0x2aa, 0x1, 0x1, 0xa4, 0x6, 0x4, 0x7fffffff, 0x5, 0x7, 0x0, 0x29, 0x7fff, 0x97, 0x6, 0xffffffff, 0x0, 0x1, 0x101, 0x80, 0x7fffffff, 0x823, 0x7, 0xa99e, 0x3, 0x100, 0x400, 0x0, 0x2, 0xa, 0x5, 0x401, 0x2, 0xab, 0xffffffff, 0xa0, 0x10f, 0x0, 0x4, 0x7, 0x7, 0x2, 0x6, 0x9, 0x2, 0x6, 0x2a65, 0x6, 0x5, 0x7, 0x8, 0x0, 0x8, 0x4, 0x5, 0x800, 0x3, 0x2, 0x8, 0x2, 0x80000001, 0x1, 0x6, 0x3, 0xffff8000, 0x28e, 0x9, 0x5, 0x401, 0x5, 0xffffff01, 0x35, 0x7, 0x9, 0x2, 0x3, 0x8001, 0x5, 0x8, 0x5, 0x7, 0x4, 0x4, 0x2, 0x6, 0x5, 0x7, 0x5, 0xb, 0xb, 0x0, 0x434c, 0x4, 0x1ff, 0xfffffffc, 0xf5, 0xfffffffb, 0x75, 0x6, 0x45, 0x68, 0x2, 0x0, 0x5a, 0xc547, 0x4, 0x5, 0x2, 0x0, 0x4000000, 0x40, 0x6, 0x0, 0x10001, 0x2, 0xf, 0x0, 0xfffffffd, 0x4, 0x5]}, @TCA_POLICE_RATE={0x404, 0x2, [0xb44, 0x95, 0x4, 0x2, 0x2, 0x2, 0x5c3a, 0x1, 0x72, 0x4, 0x4, 0xfffffffc, 0x0, 0x2, 0x3, 0xe0ed, 0xcbd, 0x10001, 0x3, 0xf, 0xe744, 0x3, 0x10001, 0x2, 0x8, 0x7, 0x6, 0x8, 0x9, 0x0, 0x5, 0x7, 0x80000000, 0x8000, 0x4, 0x5, 0x0, 0x1, 0xfffffff8, 0x9, 0xd, 0x40, 0x70000000, 0x8, 0x4, 0x7fffffff, 0x3, 0xffff, 0x5, 0x8, 0x2, 0x8, 0x7fffffff, 0x3, 0x8, 0x5, 0x27, 0x8, 0x6, 0x7fff, 0x0, 0xd, 0xc14, 0xc, 0x100, 0x1000, 0x6, 0x1, 0x1ff, 0x800, 0xdd, 0x200, 0x41c0, 0x2, 0x5, 0xb, 0x9, 0x4, 0x7, 0x52, 0x6, 0x553d, 0xffffffff, 0xff, 0x6, 0x8, 0x8, 0x6, 0xffffffff, 0xffff3fc8, 0x8, 0x81, 0xa, 0x0, 0x7fffffff, 0x0, 0x63, 0x1ff, 0xfffffc00, 0xfff, 0x6, 0x30c, 0x8001, 0x0, 0x8, 0x1, 0x1ff, 0xfffffff0, 0x0, 0x4, 0x3, 0xfffffff5, 0xd9, 0x9, 0x8630d3c, 0x2, 0x3, 0x717, 0x9, 0x7b7, 0x2, 0xfffffc63, 0x0, 0x1, 0xffff0001, 0x7, 0x3, 0x4, 0x8, 0x10000, 0x7, 0x9, 0x8, 0x5, 0xc00, 0xffffffff, 0x6, 0x80000000, 0x0, 0x9, 0x0, 0x1, 0x83b4, 0x8d2c, 0x33e2, 0x83eb, 0x1, 0x1ff, 0x3d6, 0x7, 0xf, 0x6, 0x3ec, 0x932, 0x8000000, 0x7, 0xdd0211d9, 0x1, 0xfff, 0x0, 0x24e7, 0xd, 0x7fffffff, 0xffff, 0xfffffff8, 0xfffff001, 0x1, 0x3e, 0xfff, 0x2, 0xffffffc0, 0x5, 0x4, 0x9, 0x10000, 0x0, 0x8, 0x40, 0x80, 0xfffffff9, 0xfffffffb, 0x2, 0x1, 0x3, 0x8, 0x0, 0xf58747a5, 0xffffffff, 0x1, 0x1, 0x1, 0x561e, 0xfffffc00, 0x6, 0xffff, 0x79, 0x7fff, 0xd0e, 0x2, 0x8, 0x3, 0x8, 0x80000000, 0x12, 0x1, 0x6497, 0x200, 0x0, 0x6, 0x5, 0x7, 0x3, 0x0, 0x4, 0x8, 0x80000000, 0x6, 0x22133b4b, 0xfffffffe, 0x7f, 0x7, 0x8, 0x0, 0x9, 0x1, 0x100, 0x4, 0x101, 0x752, 0x1, 0x1, 0x1, 0xdd66, 0x9, 0x0, 0x1, 0x7, 0x1ff, 0x6, 0x401, 0x5, 0x2, 0x95a, 0x61b9d744, 0x4, 0x9b, 0x10, 0x900, 0xd, 0x1, 0x5, 0x0, 0x3, 0x4, 0x4, 0x80]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x9}]}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0x4, 0x10}}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0x8, 0xd}}]}}]}, 0x864}, 0x1, 0x0, 0x0, 0x1}, 0x0) 393.462884ms ago: executing program 2 (id=2517): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x2, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095", @ANYBLOB="2d65237cbaabe8f0b24232ef34e05d52da472a2c9a951817c19e618347b7bca7529ffc04c54a207d3087f9c6202fd0dfa7dabb866ea4dcbc64294e4ce8773f542ccadf1ebd2b40fab173cbf2772aa053b7cd24a80f0a028eeb8df8b9", @ANYBLOB="aa9cc9d694d6c4b861889e53ad25c1256daffb767c9e5e710a3ceaa77cd6252573a878272342e0c4d4665fa1d50e68ad87cd17e6a3668343173af4db2b13d53c3de56cc4ebd480e5624319143f4f4f7b552a04c20c0f8df48486a00c65d6ad075215ba28347714772a7d6cb45710368de28f1e846340d9bc9e7e7d703278c454761e77192230b72f1a1f60555c1d78d1674e810b0b32f978bf3c9cf35aa734948b60ecd426b8c1104cd744e95e0e25b828ea"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x12, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa8883, 0x0) ioctl$TIOCGPTPEER(r2, 0x5441, 0x401) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0x1}], 0x1}, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r4, &(0x7f0000005b40)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast2}}}], 0x20}}], 0x1, 0xc080) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802"], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a00)=ANY=[@ANYBLOB="140100002800010004000000fcdbdf250401f2800c00180008ac0f0000000000140001"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0}, 0x18) 344.227075ms ago: executing program 4 (id=2518): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r3, @ANYBLOB="010000000000000000000100"], 0x1c8}}, 0x0) 343.006725ms ago: executing program 3 (id=2519): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='dlm_lock_end\x00'}, 0x18) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) modify_ldt$write(0x1, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0xf, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) socket$kcm(0x29, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x2, [@typedef={0xa, 0x0, 0x0, 0x8, 0x5}, @union={0xd, 0x4, 0x0, 0x5, 0x0, 0x7ffffffc, [{0x7, 0x1}, {0x2, 0x5, 0xfecf}, {0xf, 0x8, 0x1}, {0xd, 0x4, 0xf}]}]}}, 0x0, 0x62, 0x0, 0x1, 0x0, 0x10000}, 0x28) gettid() r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r5, &(0x7f0000000000)={0x1f, 0x5, @none, 0x1d, 0x2}, 0xe) socket$inet6(0xa, 0x3, 0x5) socket$l2tp6(0xa, 0x2, 0x73) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r5, 0x40305829, &(0x7f0000000540)={0x1100, 0x8f, 0x8004f, 0x10000}) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000a00)={0xfdc}, 0x8) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000380)={0x1d, r7, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18) sendmmsg$sock(r6, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="1f", 0x206c}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) getsockopt$inet_int(r6, 0x0, 0xa, &(0x7f00000000c0), &(0x7f0000000140)=0x4) sendto$inet6(r6, 0x0, 0x0, 0x4004080, 0x0, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000025940000000c0a01030000000000000000070000080900020073"], 0x118}}, 0x0) 279.976406ms ago: executing program 4 (id=2520): bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000200000000000000000000000000432d7a9fcd269858fc935b0000000000000000"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000100000000000000", @ANYRES32=0x1], 0x50) socket$kcm(0xa, 0x5, 0x0) r0 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x2, 0x2, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f0000001800)='_', 0x1}], 0x1}, 0x64) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r2}, 0x10) r3 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0), 0x8, 0x0) faccessat2(r3, &(0x7f0000001400)='\x00', 0x0, 0x1100) 279.190376ms ago: executing program 2 (id=2521): close(0xffffffffffffffff) creat(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[], 0x15) r4 = dup(r3) write$P9_RLERRORu(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) creat(&(0x7f0000000000)='./file0\x00', 0x0) 243.012647ms ago: executing program 3 (id=2522): fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000580)='$\x00\x19y\x01\xff\xb4\x9e\x95oQE\xc9\x1f|\bZ\xf44\x7f)\x03c\x9a\x85\x01V\xb8p+\x84\xfb\xe6?\x88\xe9\x98Y\x0e\xd5P\xa2\xcc\x01*\xcd%v!\x82\xf1\xaaB\x04-\x88\xeb-q8\x03\xadO\xa0F\xc5Z\x0f\xee\x94\xfcy\xa5\xa4L\xa1\xd7g\x9d\xd2m5r\xef\xe1\xd1\x87\x1aM\xa6\xa8\xa2\xef\xb0\x9e\xa9d\xee\xacl\x9c\xcb\x03\x17\xbbG\x15\xba3\xa5r<]T\xc6R\x03\xee#\x0f\x88\xc4\xd3\x02\xd1 @\r\x1cc\xe4|\x13H\xc2\x1fq\x88\xdd\x98\xe1~\xb0\xedK\x17x\v\x9b\xaa\xb4\a\xb6\x8b\x9e*=\x8f\x05\x8b\x88\xc9\x12\xa6\x8fs\x98\xf1\xfe\xcdX\xce,AD\xd2v\xf4\xe5\xd3\xf3\xf1TY\x1c\x8a\x98\xf8\xcf6\xc3>]l\xdaQ\xac\n{)\xc9\x95\xb4\x12j}8\x03\xba&\xe8p\xe8\xf0\xa4\xa6e\xbc\xef\x93%/x\x19\xaa\xb5\x97\x98A\\\x91\x9a \xa8\xf8a\xd8\x97\x1eR\xaf\xc8\x9f', 0x0) socket(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(0x0, r0) sendmsg$TIPC_CMD_GET_NODES(r0, 0x0, 0x0) lsm_get_self_attr(0x67, 0x0, &(0x7f0000000080), 0x0) 242.553476ms ago: executing program 4 (id=2523): prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, 0x0, 0x5000) 229.866127ms ago: executing program 0 (id=2524): r0 = fsopen(&(0x7f0000000000)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000580)='$\x00\x19y\x01\xff\xb4\x9e\x95oQE\xc9\x1f|\bZ\xf44\x7f)\x03c\x9a\x85\x01V\xb8p+\x84\xfb\xe6?\x88\xe9\x98Y\x0e\xd5P\xa2\xcc\x01*\xcd%v!\x82\xf1\xaaB\x04-\x88\xeb-q8\x03\xadO\xa0F\xc5Z\x0f\xee\x94\xfcy\xa5\xa4L\xa1\xd7g\x9d\xd2m5r\xef\xe1\xd1\x87\x1aM\xa6\xa8\xa2\xef\xb0\x9e\xa9d\xee\xacl\x9c\xcb\x03\x17\xbbG\x15\xba3\xa5r<]T\xc6R\x03\xee#\x0f\x88\xc4\xd3\x02\xd1 @\r\x1cc\xe4|\x13H\xc2\x1fq\x88\xdd\x98\xe1~\xb0\xedK\x17x\v\x9b\xaa\xb4\a\xb6\x8b\x9e*=\x8f\x05\x8b\x88\xc9\x12\xa6\x8fs\x98\xf1\xfe\xcdX\xce,AD\xd2v\xf4\xe5\xd3\xf3\xf1TY\x1c\x8a\x98\xf8\xcf6\xc3>]l\xdaQ\xac\n{)\xc9\x95\xb4\x12j}8\x03\xba&\xe8p\xe8\xf0\xa4\xa6e\xbc\xef\x93%/x\x19\xaa\xb5\x97\x98A\\\x91\x9a \xa8\xf8a\xd8\x97\x1eR\xaf\xc8\x9f', 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x81) close(r1) socket$caif_stream(0x25, 0x1, 0x1) recvmsg$unix(r1, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x40010142) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r2 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x8f5, 0x100000000000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000440)=ANY=[@ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="0500"/12, @ANYRES32, @ANYBLOB="9ead89ef373bbcfb6e6aee40ce747ea9f73f018702a864988ca2633e2c09ac6253307a3c35aacedd8771521cd4eaa6e5ea3aa1c7d5cb5b53d5316481a89e3b5500239509fb949a38e3a40c8e15ce88bd4ea129a4fbc390f566f7593883bb518734e029d0ec4a9e37a63daaf815764f2cbdf67f7c82eff80edaf2a1e4b0f3570b40095c392fcc488fa1d4c442107e11d0240a5f6980086d5d4f5002bf4c334dcd639f791d00402c4ed853661ea1752c308fb5311612dc9200000000df85351105d4724797ba7a331a172a0d222efb58b0eb1624cee04f74d3aabf5bf9c3958a4809640d8e2b516021900a7145125a0b6104377355124194b2f413f054aeab", @ANYRES64=0x0], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r6}, &(0x7f00000006c0), &(0x7f0000000700)=r5}, 0x20) sendmsg$inet(r4, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000840), r2) sendmsg$TIPC_CMD_GET_NODES(r2, 0x0, 0x0) r9 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10) unshare(0x26000400) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r2, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8882000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x68, r8, 0x400, 0x70bd2a, 0x25dfdc02, {{}, {}, {0x4c, 0x18, {0x2, @media='ib\x00'}}}, ["", "", "", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x40024}, 0x4000) syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x80801c, &(0x7f0000000680), 0x1, 0x508, &(0x7f0000000dc0)="$eJzs3U9vI2cZAPBnnMRx0rRJSw+AgC6lsKDVOom3jaoeYDkhhCohegRpGxJvFMWOo9gpTdhD+h2QqMQJjnwAzj1x54LgxqUckPgTgZqVOBjNeLLrzdobs0nsKP79pNG8M+P4ed615n3jxxu/AYytGxFxGBHFiHg/Iubz80m+xd3Olj7us6MHa8dHD9aSaLff+2eSXU/PRdfPpF7In7MUET/6XsRPk6fjNvcPtlZrtepu53BmsVXfWWzuH9zerK9uVDeq25XKyvLK0tt33qpcWF9fqxfz1pc//cPht36epjWXn+nux0XqdH3qUZzUZET84DKCjcBE3p/iqBPhuRQi4pWIeD27/+djIns1AYDrrN2ej/Z89zEAcN0VshpYUijntYC5KBTK5U4N79WYLdQazdat+4297fVOrWwhpgrFzVp1Ka8VLsRUcn+zVl3O2o+PK6eO70TEyxHxi+mZ7Li81qitj/IXHwAYYy+cmv//M92Z/wGAa6406gQAgKEz/wPA+DH/A8D4Mf8DwPh5PP/fHWkeAMDweP8PAOPH/A8AY+WH776bbu3j/Puv1z/Y39tqfHB7vdrcKtf31sprjd2d8kajsZF9Z0/9rOerNRo7y2/G3ocL395pthab+wf36o297da97Hu971WnhtIrAOBZXn7tkz8nEXH4zky2RddaDuZquN4Ko04AGJmJUScAjIzVvmB8neM9vvIAXBM9luh9QikiZk6fbLfb7ctLCbhkN7+g/g/jqqv+738Bw5hR/4fxpf4P46vdTgZd8z8GfSAAcLWp8QN9Pv9/Jd//Nv9w4Cfrpx/x8WVmBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfbyfq/5Xwt8LkoFMrliBcjYiGmkvubtepSRLwUEX+anppOj5dHnDMAcF6FvyX5+l8359+YO321mDycTvczEfGzX733yw9XW63dP6bn/5WdL0ZE6+P8fGUU+QMAZzmZp7N91xv5z44erJ1sw8zn79+NiFIn/vFRMY4fxZ+MyWxfiqmImP13kh93JF21i/M4/CgiPt+r/0nMZTWQzsqnp+OnsV8cavzCE/EL2bXOPv23+NwF5ALj5pN0/Lnb6/4rxI1s3/v+L2Uj1Pnl41/6VGvH2Rj4OP7J+DfRZ/y7MWiMN3///U5r5ulrH0V8cTLiJPZx1/hzEj/pE/+NAeP/5Utfeb3ftfavI25G7/jdsRZb9Z3F5v7B7c366kZ1o7pdqawsryy9feetymJWo17sPxv8451bL2WNHg9J+z/bJ37pjP5/fcD+/+a/7//4q32upfG/+bVe8Qvx6jPip3PiNwaMvzr7u1K/a2n89T79P+v1vzVg/E//evDUsuEAwOg09w+2Vmu16u4wGye/SAw1qMZgjen8xbkq+TzRuLKJba3WvjOsWMX4v36q3X6uWP1GjIuougFXwaObPiIejjoZAAAAAAAAAAAAAACgp0v9Q6Wk0xh1HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALi+/hcAAP//rmTK3Q==") bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) 218.344777ms ago: executing program 2 (id=2525): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0xfff1, &(0x7f0000000240)={&(0x7f0000000800)=@newqdisc={0x60, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x6, 0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_QUANTUM={0x8}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0xc, 0xc89f, 0xffff5ef5, 0x0, 0x19, 0x3}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x803}, 0x20004004) 216.738357ms ago: executing program 3 (id=2526): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) msgrcv(0x0, 0x0, 0x0, 0x0, 0x3000) msgsnd(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="01"], 0x8, 0x0) 206.018937ms ago: executing program 4 (id=2527): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r0, 0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000540)}, 0x20) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYRES64=r0, @ANYRES64=r2], 0x20}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="bf000100000000006111140000000000040000000000000095000000000000001abe5201462857a3db65e291772afa2114f5963ed660b870d974d2252829f8290f8d02e3b0096b3df3e6585851cb7efb50a982b66e14716ffe33a164c3d1ff5798fc4bd6d3e5ab096e9ad743eb00"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1d43, 0x10, &(0x7f0000000000), 0x76}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r3 = inotify_init1(0x0) r4 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) openat(r5, &(0x7f0000000340)='.\x00', 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@bridge_delneigh={0x30, 0x1d, 0x1, 0x70bd26, 0x25dfdbfc, {0xa, 0x0, 0x0, 0x0, 0x20, 0x40, 0x6}, [@NDA_DST_IPV6={0x14, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4008000) setsockopt$inet6_int(r6, 0x29, 0x12, &(0x7f0000000640)=0x18007, 0x4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000240)={0x1, [0x0]}, &(0x7f00000002c0)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000300)={0x100, 0x8008, 0x1, 0x1, r8}, &(0x7f0000000400)=0x10) inotify_add_watch(r3, &(0x7f00000000c0)='.\x00', 0xa4000061) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000d40)=ANY=[@ANYBLOB="5c0000001000010037bd70ab2000f4dbdf250000", @ANYRES32=0x0, @ANYBLOB="00000000080002001400030076657468315f746f5f626174616476000a000100aaaaaaaaaaaa00001c0016801800018014000b"], 0x5c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) link(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', 0x0) 150.179648ms ago: executing program 3 (id=2528): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="bbfb01bd7000fddbdf25670000000800c400020000000800c3"], 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x0) 149.265098ms ago: executing program 4 (id=2529): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x35, 0x1, 0x2, 0x0, 0x0, 0x0, 0x2c450, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x0, 0xe145}, 0x105f5b, 0xfffd, 0x401, 0x8, 0x8, 0x20002, 0x40a, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r0, 0x7, &(0x7f00000003c0)={0x1, 0x2, 0x400, 0x7ff}) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x69) mq_open(0x0, 0x6e93ebbbcc0884f2, 0x196, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x14, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r2}, 0x10) unshare(0x2040400) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000008385000000710000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r5}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00', r4}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) r6 = syz_open_dev$usbfs(&(0x7f0000002000), 0xf, 0x20041) ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f00000002c0)={0x80, 0x0, 0x0, 0x0, 0x2}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 87.560479ms ago: executing program 3 (id=2530): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r0, 0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000540)}, 0x20) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYRES64=r0, @ANYRES64=r2], 0x20}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="bf000100000000006111140000000000040000000000000095000000000000001abe5201462857a3db65e291772afa2114f5963ed660b870d974d2252829f8290f8d02e3b0096b3df3e6585851cb7efb50a982b66e14716ffe33a164c3d1ff5798fc4bd6d3e5ab096e9ad743eb00"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1d43, 0x10, &(0x7f0000000000), 0x76}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r3 = inotify_init1(0x0) r4 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) openat(r5, &(0x7f0000000340)='.\x00', 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@bridge_delneigh={0x30, 0x1d, 0x1, 0x70bd26, 0x25dfdbfc, {0xa, 0x0, 0x0, 0x0, 0x20, 0x40, 0x6}, [@NDA_DST_IPV6={0x14, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4008000) setsockopt$inet6_int(r6, 0x29, 0x12, &(0x7f0000000640)=0x18007, 0x4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000240)={0x1, [0x0]}, &(0x7f00000002c0)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000300)={0x100, 0x8008, 0x1, 0x1, r8}, &(0x7f0000000400)=0x10) inotify_add_watch(r3, &(0x7f00000000c0)='.\x00', 0xa4000061) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000d40)=ANY=[@ANYBLOB="5c0000001000010037bd70ab2000f4dbdf250000", @ANYRES32=0x0, @ANYBLOB="00000000080002001400030076657468315f746f5f626174616476000a000100aaaaaaaaaaaa00001c0016801800018014000b"], 0x5c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) link(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', 0x0) 56.760099ms ago: executing program 0 (id=2531): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x8, &(0x7f0000001c80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4", @ANYRES8, @ANYBLOB="4f5dfe7c5a75107ccc058e27bda97802eaf84f954170cc2c38f5ec49c78d6f6fcf9874ab7dfa21e1121f6fa90f0e302d39afa8ccacf7c30d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0xfffffffffffffffe}, 0x18) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x4000000, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r2, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021840000000c0a01030000000000000000070000080900020073797a31000000000900010073797a30000000005800038054000080080003400000000248000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c0002400000000000000010180001800e000100636f6e6e6c696d697400000004000280140000001000010000000000000000000084000ad6a9"], 0x108}}, 0x0) 55.844289ms ago: executing program 2 (id=2532): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0xfff1, &(0x7f0000000240)={&(0x7f0000000800)=@newqdisc={0x60, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x6, 0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_QUANTUM={0x8}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0xc, 0xc89f, 0xffff5ef5, 0x0, 0x19, 0x3}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x803}, 0x20004004) 5.88226ms ago: executing program 4 (id=2533): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) syz_clone3(&(0x7f0000000740)={0x8180080, &(0x7f0000000000), 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x58) 0s ago: executing program 3 (id=2534): r0 = socket(0x10, 0x3, 0x9) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14}}, 0x28}}, 0x0) (fail_nth: 3) kernel console output (not intermixed with test programs): ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 141.974776][ T8620] ? clear_bhb_loop+0x40/0x90 [ 141.974931][ T8620] ? clear_bhb_loop+0x40/0x90 [ 141.975019][ T8620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.975046][ T8620] RIP: 0033:0x7f010b77e9a9 [ 141.975066][ T8620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.975189][ T8620] RSP: 002b:00007f0109dc6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 141.975212][ T8620] RAX: ffffffffffffffda RBX: 00007f010b9a6080 RCX: 00007f010b77e9a9 [ 141.975228][ T8620] RDX: 0000000000040004 RSI: 0000200000000280 RDI: 0000000000000007 [ 141.975251][ T8620] RBP: 00007f0109dc6090 R08: 0000000000000000 R09: 0000000000000000 [ 141.975266][ T8620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.975281][ T8620] R13: 0000000000000000 R14: 00007f010b9a6080 R15: 00007ffe7e89dd48 [ 141.975301][ T8620] [ 142.347675][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.355914][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.363602][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.389064][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.396547][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.404292][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.412387][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.419910][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.427414][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.434859][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.442851][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.450292][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.458028][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.466460][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.474803][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.482441][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.490164][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.490193][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.490262][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.490289][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.490315][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.490335][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.490356][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.490376][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.490405][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.490484][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.490512][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.490540][ T3394] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 142.491242][ T3394] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 142.512205][ T8635] loop2: detected capacity change from 0 to 512 [ 142.519064][ T8635] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843c02c, mo2=0102] [ 142.519102][ T8635] System zones: 1-12 [ 142.519747][ T8635] EXT4-fs error (device loop2): ext4_xattr_inode_iget:442: comm syz.2.1849: error while reading EA inode 32 err=-116 [ 142.519925][ T8635] EXT4-fs (loop2): Remounting filesystem read-only [ 142.519945][ T8635] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 142.519976][ T8635] EXT4-fs (loop2): 1 orphan inode deleted [ 142.520240][ T8635] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.520869][ T8635] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.744742][ T8658] FAULT_INJECTION: forcing a failure. [ 142.744742][ T8658] name failslab, interval 1, probability 0, space 0, times 0 [ 142.758423][ T8658] CPU: 0 UID: 0 PID: 8658 Comm: syz.3.1860 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 142.758461][ T8658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 142.758477][ T8658] Call Trace: [ 142.758484][ T8658] [ 142.758493][ T8658] __dump_stack+0x1d/0x30 [ 142.758520][ T8658] dump_stack_lvl+0xe8/0x140 [ 142.758544][ T8658] dump_stack+0x15/0x1b [ 142.758630][ T8658] should_fail_ex+0x265/0x280 [ 142.758668][ T8658] should_failslab+0x8c/0xb0 [ 142.758733][ T8658] kmem_cache_alloc_noprof+0x50/0x310 [ 142.758764][ T8658] ? skb_clone+0x151/0x1f0 [ 142.758788][ T8658] skb_clone+0x151/0x1f0 [ 142.758810][ T8658] nfnetlink_rcv+0x305/0x1690 [ 142.758844][ T8658] ? __kfree_skb+0x109/0x150 [ 142.758925][ T8658] ? nlmon_xmit+0x4f/0x60 [ 142.758972][ T8658] ? nlmon_xmit+0x4f/0x60 [ 142.758998][ T8658] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 142.759040][ T8658] ? __dev_queue_xmit+0x11c0/0x1fb0 [ 142.759080][ T8658] ? __dev_queue_xmit+0x182/0x1fb0 [ 142.759134][ T8658] ? __account_obj_stock+0x211/0x350 [ 142.759163][ T8658] ? ref_tracker_free+0x37d/0x3e0 [ 142.759214][ T8658] netlink_unicast+0x5a8/0x680 [ 142.759271][ T8658] netlink_sendmsg+0x58b/0x6b0 [ 142.759320][ T8658] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.759345][ T8658] __sock_sendmsg+0x145/0x180 [ 142.759372][ T8658] ____sys_sendmsg+0x31e/0x4e0 [ 142.759408][ T8658] ___sys_sendmsg+0x17b/0x1d0 [ 142.759539][ T8658] __x64_sys_sendmsg+0xd4/0x160 [ 142.759587][ T8658] x64_sys_call+0x2999/0x2fb0 [ 142.759613][ T8658] do_syscall_64+0xd2/0x200 [ 142.759635][ T8658] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 142.759674][ T8658] ? clear_bhb_loop+0x40/0x90 [ 142.759712][ T8658] ? clear_bhb_loop+0x40/0x90 [ 142.759740][ T8658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.759765][ T8658] RIP: 0033:0x7f590cd7e9a9 [ 142.759783][ T8658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.759857][ T8658] RSP: 002b:00007f590b3df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 142.759880][ T8658] RAX: ffffffffffffffda RBX: 00007f590cfa5fa0 RCX: 00007f590cd7e9a9 [ 142.759896][ T8658] RDX: 0000000020050800 RSI: 00002000000000c0 RDI: 0000000000000005 [ 142.759911][ T8658] RBP: 00007f590b3df090 R08: 0000000000000000 R09: 0000000000000000 [ 142.759927][ T8658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.759943][ T8658] R13: 0000000000000000 R14: 00007f590cfa5fa0 R15: 00007ffe2f9b9d68 [ 142.759968][ T8658] [ 143.028890][ T8664] syz_tun: entered allmulticast mode [ 143.053718][ T8666] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1862'. [ 143.191321][ T8669] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1863'. [ 143.335767][ T8677] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1866'. [ 143.344833][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1866'. [ 143.538307][ T8688] loop0: detected capacity change from 0 to 1024 [ 143.546900][ T8688] EXT4-fs: Ignoring removed bh option [ 143.553998][ T8688] EXT4-fs: inline encryption not supported [ 143.560439][ T8688] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 143.592028][ T8691] openvswitch: netlink: Message has 6 unknown bytes. [ 143.604190][ T8688] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 143.614539][ T8688] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 2: comm syz.0.1872: lblock 2 mapped to illegal pblock 2 (length 1) [ 143.646255][ T8693] syzkaller0: entered promiscuous mode [ 143.651848][ T8693] syzkaller0: entered allmulticast mode [ 143.660769][ T8695] SELinux: Context system_u:object_r:memory_device_t:s0 is not valid (left unmapped). [ 143.671171][ T8688] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 48: comm syz.0.1872: lblock 0 mapped to illegal pblock 48 (length 1) [ 143.692120][ T8688] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.1872: Failed to acquire dquot type 0 [ 143.705713][ T8688] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 143.716249][ T8688] EXT4-fs error (device loop0): ext4_evict_inode:254: inode #11: comm syz.0.1872: mark_inode_dirty error [ 143.728044][ T8688] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 143.740923][ T8688] EXT4-fs (loop0): 1 orphan inode deleted [ 143.747933][ T8688] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.760835][ T3436] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:7: lblock 1 mapped to illegal pblock 1 (length 1) [ 143.777603][ T3436] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 0 [ 143.797218][ T8688] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 143.801572][ T8695] lo speed is unknown, defaulting to 1000 [ 143.834201][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.850830][ T8700] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1877'. [ 143.854275][ T8695] lo speed is unknown, defaulting to 1000 [ 143.911375][ T8705] loop0: detected capacity change from 0 to 512 [ 143.932332][ T8705] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.945342][ T8705] ext4 filesystem being mounted at /356/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.961785][ T8705] SELinux: syz.0.1876 (8705) set checkreqprot to 1. This is no longer supported. [ 143.987930][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.028057][ T8721] openvswitch: netlink: Message has 6 unknown bytes. [ 144.081077][ T8723] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1885'. [ 144.202129][ T8742] FAULT_INJECTION: forcing a failure. [ 144.202129][ T8742] name failslab, interval 1, probability 0, space 0, times 0 [ 144.214937][ T8742] CPU: 0 UID: 0 PID: 8742 Comm: syz.2.1892 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 144.214970][ T8742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 144.214985][ T8742] Call Trace: [ 144.214993][ T8742] [ 144.215016][ T8742] __dump_stack+0x1d/0x30 [ 144.215114][ T8742] dump_stack_lvl+0xe8/0x140 [ 144.215135][ T8742] dump_stack+0x15/0x1b [ 144.215155][ T8742] should_fail_ex+0x265/0x280 [ 144.215220][ T8742] should_failslab+0x8c/0xb0 [ 144.215264][ T8742] kmem_cache_alloc_noprof+0x50/0x310 [ 144.215314][ T8742] ? alloc_empty_file+0x76/0x200 [ 144.215345][ T8742] alloc_empty_file+0x76/0x200 [ 144.215368][ T8742] path_openat+0x68/0x2170 [ 144.215445][ T8742] ? _parse_integer_limit+0x170/0x190 [ 144.215498][ T8742] ? _parse_integer+0x27/0x40 [ 144.215529][ T8742] ? kstrtoull+0x111/0x140 [ 144.215561][ T8742] ? kstrtouint+0x76/0xc0 [ 144.215594][ T8742] do_filp_open+0x109/0x230 [ 144.215715][ T8742] do_sys_openat2+0xa6/0x110 [ 144.215769][ T8742] __x64_sys_creat+0x65/0x90 [ 144.215797][ T8742] x64_sys_call+0x114d/0x2fb0 [ 144.215823][ T8742] do_syscall_64+0xd2/0x200 [ 144.215888][ T8742] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 144.215969][ T8742] ? clear_bhb_loop+0x40/0x90 [ 144.215995][ T8742] ? clear_bhb_loop+0x40/0x90 [ 144.216023][ T8742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.216102][ T8742] RIP: 0033:0x7f42a7e7e9a9 [ 144.216166][ T8742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.216183][ T8742] RSP: 002b:00007f42a64e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 144.216201][ T8742] RAX: ffffffffffffffda RBX: 00007f42a80a5fa0 RCX: 00007f42a7e7e9a9 [ 144.216215][ T8742] RDX: 0000000000000000 RSI: 0000000000000036 RDI: 00002000000003c0 [ 144.216230][ T8742] RBP: 00007f42a64e7090 R08: 0000000000000000 R09: 0000000000000000 [ 144.216245][ T8742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.216259][ T8742] R13: 0000000000000000 R14: 00007f42a80a5fa0 R15: 00007ffe81b134c8 [ 144.216341][ T8742] [ 144.262917][ T8746] openvswitch: netlink: Message has 6 unknown bytes. [ 144.518796][ T8756] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1898'. [ 144.527843][ T8756] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1898'. [ 144.709941][ T8766] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 144.723846][ T8768] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1905'. [ 144.768179][ T8771] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 145.561278][ T8791] loop0: detected capacity change from 0 to 512 [ 145.590577][ T8791] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 145.621666][ T8791] EXT4-fs (loop0): 1 truncate cleaned up [ 145.627976][ T8791] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 145.803613][ T29] kauditd_printk_skb: 115 callbacks suppressed [ 145.803633][ T29] audit: type=1326 audit(1753221004.668:4872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed079e9a9 code=0x7ffc0000 [ 145.833785][ T29] audit: type=1326 audit(1753221004.668:4873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed079e9a9 code=0x7ffc0000 [ 145.863594][ T8802] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 145.871720][ T29] audit: type=1326 audit(1753221004.668:4874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f1ed07a083c code=0x7ffc0000 [ 145.895588][ T29] audit: type=1326 audit(1753221004.668:4875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f1ed07a0774 code=0x7ffc0000 [ 145.919115][ T29] audit: type=1400 audit(1753221004.668:4876): avc: denied { read } for pid=8799 comm="syz.1.1917" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 145.939237][ T29] audit: type=1326 audit(1753221004.668:4877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed079e9a9 code=0x7ffc0000 [ 145.962685][ T29] audit: type=1326 audit(1753221004.668:4878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed079e9a9 code=0x7ffc0000 [ 145.986601][ T29] audit: type=1326 audit(1753221004.668:4879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7f1ed079e9a9 code=0x7ffc0000 [ 146.010077][ T29] audit: type=1326 audit(1753221004.668:4880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed079e9a9 code=0x7ffc0000 [ 146.033609][ T29] audit: type=1326 audit(1753221004.668:4881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f1ed079e9a9 code=0x7ffc0000 [ 146.061052][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.086574][ T8815] netlink: 'syz.0.1918': attribute type 21 has an invalid length. [ 146.134736][ T8819] __nla_validate_parse: 1 callbacks suppressed [ 146.134758][ T8819] netlink: 197276 bytes leftover after parsing attributes in process `syz.1.1923'. [ 146.147491][ T8824] loop0: detected capacity change from 0 to 512 [ 146.422990][ T8865] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1940'. [ 146.483512][ T8871] netlink: 'syz.4.1943': attribute type 4 has an invalid length. [ 146.594749][ T8882] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1946'. [ 147.396046][ T8889] syzkaller1: entered promiscuous mode [ 147.401648][ T8889] syzkaller1: entered allmulticast mode [ 147.759325][ T8918] loop4: detected capacity change from 0 to 736 [ 147.822966][ T8937] capability: warning: `syz.1.1967' uses 32-bit capabilities (legacy support in use) [ 147.893662][ T8934] loop0: detected capacity change from 0 to 4096 [ 147.908074][ T8921] lo speed is unknown, defaulting to 1000 [ 147.921806][ T8934] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.925222][ T8918] rock: directory entry would overflow storage [ 147.942731][ T8943] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=104 sclass=netlink_tcpdiag_socket pid=8943 comm=syz.3.1970 [ 147.943185][ T8918] rock: sig=0x3b10, size=4, remaining=3 [ 147.995647][ T8921] lo speed is unknown, defaulting to 1000 [ 148.031028][ T8934] FAULT_INJECTION: forcing a failure. [ 148.031028][ T8934] name failslab, interval 1, probability 0, space 0, times 0 [ 148.044188][ T8934] CPU: 1 UID: 0 PID: 8934 Comm: syz.0.1966 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 148.044218][ T8934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 148.044293][ T8934] Call Trace: [ 148.044302][ T8934] [ 148.044312][ T8934] __dump_stack+0x1d/0x30 [ 148.044339][ T8934] dump_stack_lvl+0xe8/0x140 [ 148.044364][ T8934] dump_stack+0x15/0x1b [ 148.044385][ T8934] should_fail_ex+0x265/0x280 [ 148.044477][ T8934] should_failslab+0x8c/0xb0 [ 148.044506][ T8934] kmem_cache_alloc_noprof+0x50/0x310 [ 148.044538][ T8934] ? getname_flags+0x80/0x3b0 [ 148.044560][ T8934] ? __se_sys_mount+0xef/0x2e0 [ 148.044600][ T8934] getname_flags+0x80/0x3b0 [ 148.044656][ T8934] user_path_at+0x28/0x130 [ 148.044680][ T8934] __se_sys_mount+0x25b/0x2e0 [ 148.044722][ T8934] ? fput+0x8f/0xc0 [ 148.044752][ T8934] __x64_sys_mount+0x67/0x80 [ 148.044825][ T8934] x64_sys_call+0xd36/0x2fb0 [ 148.044850][ T8934] do_syscall_64+0xd2/0x200 [ 148.044873][ T8934] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 148.044939][ T8934] ? clear_bhb_loop+0x40/0x90 [ 148.044966][ T8934] ? clear_bhb_loop+0x40/0x90 [ 148.044993][ T8934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.045019][ T8934] RIP: 0033:0x7f51626ae9a9 [ 148.045045][ T8934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.045062][ T8934] RSP: 002b:00007f5160d17038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 148.045080][ T8934] RAX: ffffffffffffffda RBX: 00007f51628d5fa0 RCX: 00007f51626ae9a9 [ 148.045092][ T8934] RDX: 0000200000000140 RSI: 0000200000000200 RDI: 0000000000000000 [ 148.045104][ T8934] RBP: 00007f5160d17090 R08: 00002000000002c0 R09: 0000000000000000 [ 148.045118][ T8934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.045133][ T8934] R13: 0000000000000000 R14: 00007f51628d5fa0 R15: 00007fff6457de68 [ 148.045153][ T8934] [ 148.259873][ T8943] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1970'. [ 148.270644][ T8943] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1970'. [ 148.323444][ T8949] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1972'. [ 148.455733][ T8959] FAULT_INJECTION: forcing a failure. [ 148.455733][ T8959] name failslab, interval 1, probability 0, space 0, times 0 [ 148.469121][ T8959] CPU: 0 UID: 0 PID: 8959 Comm: syz.3.1975 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 148.469154][ T8959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 148.469167][ T8959] Call Trace: [ 148.469174][ T8959] [ 148.469183][ T8959] __dump_stack+0x1d/0x30 [ 148.469208][ T8959] dump_stack_lvl+0xe8/0x140 [ 148.469234][ T8959] dump_stack+0x15/0x1b [ 148.469262][ T8959] should_fail_ex+0x265/0x280 [ 148.469327][ T8959] should_failslab+0x8c/0xb0 [ 148.469416][ T8959] kmem_cache_alloc_node_noprof+0x57/0x320 [ 148.469533][ T8959] ? __alloc_skb+0x101/0x320 [ 148.469572][ T8959] __alloc_skb+0x101/0x320 [ 148.469608][ T8959] netlink_alloc_large_skb+0xba/0xf0 [ 148.469641][ T8959] netlink_sendmsg+0x3cf/0x6b0 [ 148.469731][ T8959] ? __pfx_netlink_sendmsg+0x10/0x10 [ 148.469757][ T8959] __sock_sendmsg+0x145/0x180 [ 148.469785][ T8959] ____sys_sendmsg+0x31e/0x4e0 [ 148.469824][ T8959] ___sys_sendmsg+0x17b/0x1d0 [ 148.469938][ T8959] __x64_sys_sendmsg+0xd4/0x160 [ 148.469987][ T8959] x64_sys_call+0x2999/0x2fb0 [ 148.470015][ T8959] do_syscall_64+0xd2/0x200 [ 148.470052][ T8959] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 148.470130][ T8959] ? clear_bhb_loop+0x40/0x90 [ 148.470155][ T8959] ? clear_bhb_loop+0x40/0x90 [ 148.470195][ T8959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.470216][ T8959] RIP: 0033:0x7f590cd7e9a9 [ 148.470232][ T8959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.470303][ T8959] RSP: 002b:00007f590b3df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 148.470321][ T8959] RAX: ffffffffffffffda RBX: 00007f590cfa5fa0 RCX: 00007f590cd7e9a9 [ 148.470334][ T8959] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 148.470346][ T8959] RBP: 00007f590b3df090 R08: 0000000000000000 R09: 0000000000000000 [ 148.470359][ T8959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.470373][ T8959] R13: 0000000000000000 R14: 00007f590cfa5fa0 R15: 00007ffe2f9b9d68 [ 148.470399][ T8959] [ 148.705884][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.827023][ T8970] program syz.3.1978 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 148.929869][ T8977] loop0: detected capacity change from 0 to 1024 [ 148.936926][ T8977] EXT4-fs: Ignoring removed nomblk_io_submit option [ 148.979940][ T8918] netlink: 'syz.4.1959': attribute type 27 has an invalid length. [ 149.173746][ T8977] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 149.211949][ T8993] FAULT_INJECTION: forcing a failure. [ 149.211949][ T8993] name failslab, interval 1, probability 0, space 0, times 0 [ 149.224719][ T8993] CPU: 0 UID: 0 PID: 8993 Comm: syz.3.1984 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 149.224819][ T8993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 149.224831][ T8993] Call Trace: [ 149.224838][ T8993] [ 149.224847][ T8993] __dump_stack+0x1d/0x30 [ 149.224873][ T8993] dump_stack_lvl+0xe8/0x140 [ 149.224898][ T8993] dump_stack+0x15/0x1b [ 149.224947][ T8993] should_fail_ex+0x265/0x280 [ 149.224984][ T8993] ? alloc_pipe_info+0xae/0x350 [ 149.225016][ T8993] should_failslab+0x8c/0xb0 [ 149.225038][ T8993] __kmalloc_cache_noprof+0x4c/0x320 [ 149.225119][ T8993] alloc_pipe_info+0xae/0x350 [ 149.225151][ T8993] splice_direct_to_actor+0x592/0x680 [ 149.225231][ T8993] ? kstrtouint_from_user+0x9f/0xf0 [ 149.225315][ T8993] ? __pfx_direct_splice_actor+0x10/0x10 [ 149.225351][ T8993] ? __rcu_read_unlock+0x4f/0x70 [ 149.225402][ T8993] ? get_pid_task+0x96/0xd0 [ 149.225420][ T8993] ? avc_policy_seqno+0x15/0x30 [ 149.225445][ T8993] ? selinux_file_permission+0x1e4/0x320 [ 149.225498][ T8993] do_splice_direct+0xda/0x150 [ 149.225524][ T8993] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 149.225581][ T8993] do_sendfile+0x380/0x650 [ 149.225607][ T8993] __x64_sys_sendfile64+0x105/0x150 [ 149.225700][ T8993] x64_sys_call+0xb39/0x2fb0 [ 149.225724][ T8993] do_syscall_64+0xd2/0x200 [ 149.225742][ T8993] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 149.225818][ T8993] ? clear_bhb_loop+0x40/0x90 [ 149.225844][ T8993] ? clear_bhb_loop+0x40/0x90 [ 149.225865][ T8993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.225884][ T8993] RIP: 0033:0x7f590cd7e9a9 [ 149.225898][ T8993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.225916][ T8993] RSP: 002b:00007f590b3df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 149.225951][ T8993] RAX: ffffffffffffffda RBX: 00007f590cfa5fa0 RCX: 00007f590cd7e9a9 [ 149.225963][ T8993] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 149.225979][ T8993] RBP: 00007f590b3df090 R08: 0000000000000000 R09: 0000000000000000 [ 149.225994][ T8993] R10: 0000000000000104 R11: 0000000000000246 R12: 0000000000000001 [ 149.226010][ T8993] R13: 0000000000000000 R14: 00007f590cfa5fa0 R15: 00007ffe2f9b9d68 [ 149.226035][ T8993] [ 149.473374][ T8994] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1980'. [ 149.586844][ T9005] FAULT_INJECTION: forcing a failure. [ 149.586844][ T9005] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 149.600272][ T9005] CPU: 1 UID: 0 PID: 9005 Comm: syz.1.1986 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 149.600317][ T9005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 149.600331][ T9005] Call Trace: [ 149.600338][ T9005] [ 149.600347][ T9005] __dump_stack+0x1d/0x30 [ 149.600422][ T9005] dump_stack_lvl+0xe8/0x140 [ 149.600449][ T9005] dump_stack+0x15/0x1b [ 149.600467][ T9005] should_fail_ex+0x265/0x280 [ 149.600545][ T9005] should_fail+0xb/0x20 [ 149.600581][ T9005] should_fail_usercopy+0x1a/0x20 [ 149.600696][ T9005] _copy_to_user+0x20/0xa0 [ 149.600718][ T9005] simple_read_from_buffer+0xb5/0x130 [ 149.600757][ T9005] proc_fail_nth_read+0x100/0x140 [ 149.600822][ T9005] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 149.600862][ T9005] vfs_read+0x19d/0x6f0 [ 149.600899][ T9005] ? __rcu_read_unlock+0x4f/0x70 [ 149.600982][ T9005] ? __fget_files+0x184/0x1c0 [ 149.601011][ T9005] ksys_read+0xda/0x1a0 [ 149.601067][ T9005] __x64_sys_read+0x40/0x50 [ 149.601103][ T9005] x64_sys_call+0x2d77/0x2fb0 [ 149.601130][ T9005] do_syscall_64+0xd2/0x200 [ 149.601150][ T9005] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 149.601278][ T9005] ? clear_bhb_loop+0x40/0x90 [ 149.601304][ T9005] ? clear_bhb_loop+0x40/0x90 [ 149.601333][ T9005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.601510][ T9005] RIP: 0033:0x7f1ed079d3bc [ 149.601531][ T9005] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 149.601556][ T9005] RSP: 002b:00007f1ecedff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 149.601581][ T9005] RAX: ffffffffffffffda RBX: 00007f1ed09c5fa0 RCX: 00007f1ed079d3bc [ 149.601674][ T9005] RDX: 000000000000000f RSI: 00007f1ecedff0a0 RDI: 0000000000000004 [ 149.601756][ T9005] RBP: 00007f1ecedff090 R08: 0000000000000000 R09: 0000000000000000 [ 149.601771][ T9005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.601787][ T9005] R13: 0000000000000000 R14: 00007f1ed09c5fa0 R15: 00007ffd742fb3b8 [ 149.601814][ T9005] [ 149.956439][ T9013] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1990'. [ 149.965428][ T9013] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1990'. [ 150.089635][ T8918] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.098959][ T8918] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.107869][ T8918] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.117315][ T8918] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.129517][ T8918] geneve2: left allmulticast mode [ 150.140888][ T8918] macvlan2: left promiscuous mode [ 150.242336][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.246341][ T9018] loop2: detected capacity change from 0 to 512 [ 150.253167][ T9020] loop4: detected capacity change from 0 to 512 [ 150.262853][ T9018] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 150.304173][ T9025] loop4: detected capacity change from 0 to 1024 [ 150.312330][ T9025] EXT4-fs: test_dummy_encryption option not supported [ 150.321745][ T9018] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 150.337913][ T9018] EXT4-fs (loop2): 1 truncate cleaned up [ 150.344664][ T9018] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.399362][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.413339][ T9025] +}[@ (9025): attempted to duplicate a private mapping with mremap. This is not supported. [ 150.580001][ T9048] loop2: detected capacity change from 0 to 2048 [ 150.593408][ T9052] loop4: detected capacity change from 0 to 512 [ 150.650075][ T9048] loop2: p4 < > [ 150.691058][ T9048] macsec1: entered promiscuous mode [ 150.696620][ T9048] bridge0: entered promiscuous mode [ 150.699980][ T9060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.720066][ T9054] loop4: detected capacity change from 0 to 512 [ 150.722600][ T9060] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.729986][ T9048] bridge0: port 3(macsec1) entered blocking state [ 150.740895][ T9048] bridge0: port 3(macsec1) entered disabled state [ 150.749586][ T9054] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 150.761841][ T9054] EXT4-fs (loop4): 1 truncate cleaned up [ 150.768024][ T9054] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.784699][ T9048] macsec1: entered allmulticast mode [ 150.790052][ T9048] bridge0: entered allmulticast mode [ 150.808739][ T9048] macsec1: left allmulticast mode [ 150.813848][ T9048] bridge0: left allmulticast mode [ 150.824634][ T9048] bridge0: left promiscuous mode [ 150.857637][ T29] kauditd_printk_skb: 319 callbacks suppressed [ 150.857655][ T29] audit: type=1326 audit(1753221009.718:5201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9064 comm="syz.0.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51626ae9a9 code=0x7ffc0000 [ 150.890876][ T29] audit: type=1326 audit(1753221009.758:5202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9064 comm="syz.0.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f51626ae9a9 code=0x7ffc0000 [ 150.915075][ T29] audit: type=1326 audit(1753221009.758:5203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9064 comm="syz.0.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51626ae9a9 code=0x7ffc0000 [ 150.938562][ T29] audit: type=1326 audit(1753221009.758:5204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9064 comm="syz.0.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51626ae9a9 code=0x7ffc0000 [ 150.981020][ T3962] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.983789][ T29] audit: type=1326 audit(1753221009.828:5205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9047 comm="syz.2.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42a7e7e9a9 code=0x7ffc0000 [ 151.014323][ T29] audit: type=1326 audit(1753221009.828:5206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9047 comm="syz.2.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42a7e7e9a9 code=0x7ffc0000 [ 151.075972][ T9072] loop4: detected capacity change from 0 to 128 [ 151.085596][ T9072] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 151.097792][ T29] audit: type=1326 audit(1753221009.938:5207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9071 comm="syz.4.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f010b77e9a9 code=0x7ffc0000 [ 151.122051][ T29] audit: type=1326 audit(1753221009.938:5208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9071 comm="syz.4.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f010b77e9a9 code=0x7ffc0000 [ 151.145962][ T29] audit: type=1326 audit(1753221009.938:5209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9071 comm="syz.4.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f010b77e9e3 code=0x7ffc0000 [ 151.165071][ T9072] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 151.170615][ T29] audit: type=1326 audit(1753221009.938:5210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9071 comm="syz.4.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f010b77d45f code=0x7ffc0000 [ 151.195131][ T9076] FAULT_INJECTION: forcing a failure. [ 151.195131][ T9076] name failslab, interval 1, probability 0, space 0, times 0 [ 151.215534][ T9076] CPU: 1 UID: 0 PID: 9076 Comm: syz.0.2017 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 151.215586][ T9076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 151.215607][ T9076] Call Trace: [ 151.215615][ T9076] [ 151.215624][ T9076] __dump_stack+0x1d/0x30 [ 151.215651][ T9076] dump_stack_lvl+0xe8/0x140 [ 151.215677][ T9076] dump_stack+0x15/0x1b [ 151.215699][ T9076] should_fail_ex+0x265/0x280 [ 151.215759][ T9076] should_failslab+0x8c/0xb0 [ 151.215787][ T9076] kmem_cache_alloc_node_noprof+0x57/0x320 [ 151.215825][ T9076] ? __alloc_skb+0x101/0x320 [ 151.215912][ T9076] __alloc_skb+0x101/0x320 [ 151.215951][ T9076] netlink_alloc_large_skb+0xba/0xf0 [ 151.215985][ T9076] netlink_sendmsg+0x3cf/0x6b0 [ 151.216006][ T9076] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.216212][ T9076] __sock_sendmsg+0x145/0x180 [ 151.216237][ T9076] ____sys_sendmsg+0x31e/0x4e0 [ 151.216275][ T9076] ___sys_sendmsg+0x17b/0x1d0 [ 151.216391][ T9076] __x64_sys_sendmsg+0xd4/0x160 [ 151.216429][ T9076] x64_sys_call+0x2999/0x2fb0 [ 151.216511][ T9076] do_syscall_64+0xd2/0x200 [ 151.216556][ T9076] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 151.216588][ T9076] ? clear_bhb_loop+0x40/0x90 [ 151.216613][ T9076] ? clear_bhb_loop+0x40/0x90 [ 151.216639][ T9076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.216733][ T9076] RIP: 0033:0x7f51626ae9a9 [ 151.216754][ T9076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.216777][ T9076] RSP: 002b:00007f5160d17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.216800][ T9076] RAX: ffffffffffffffda RBX: 00007f51628d5fa0 RCX: 00007f51626ae9a9 [ 151.216816][ T9076] RDX: 0000000000000800 RSI: 00002000000003c0 RDI: 0000000000000004 [ 151.216831][ T9076] RBP: 00007f5160d17090 R08: 0000000000000000 R09: 0000000000000000 [ 151.216862][ T9076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.216878][ T9076] R13: 0000000000000000 R14: 00007f51628d5fa0 R15: 00007fff6457de68 [ 151.216909][ T9076] [ 151.431231][ T9078] loop2: detected capacity change from 0 to 136 [ 151.437913][ T9078] iso9660: Unknown parameter '' [ 151.447475][ T9078] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2016'. [ 151.461380][ T9078] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2016'. [ 151.532520][ T9084] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 20001 - 0 [ 151.541585][ T9084] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 20001 - 0 [ 151.550606][ T9084] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 20001 - 0 [ 151.559595][ T9084] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 20001 - 0 [ 151.582413][ T9090] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2022'. [ 151.602155][ T9096] loop0: detected capacity change from 0 to 512 [ 151.609763][ T9096] EXT4-fs: Ignoring removed i_version option [ 151.616684][ T9096] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 151.631726][ T9096] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e12c, mo2=0002] [ 151.641084][ T9096] System zones: 1-12 [ 151.645440][ T9096] EXT4-fs (loop0): orphan cleanup on readonly fs [ 151.655992][ T9096] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.2024: invalid indirect mapped block 12 (level 1) [ 151.672430][ T9096] EXT4-fs (loop0): Remounting filesystem read-only [ 151.680288][ T9096] EXT4-fs (loop0): 1 truncate cleaned up [ 151.686543][ T9096] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 151.712423][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 151.792314][ T9118] loop0: detected capacity change from 0 to 512 [ 151.970998][ T9136] FAULT_INJECTION: forcing a failure. [ 151.970998][ T9136] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 151.984590][ T9136] CPU: 1 UID: 0 PID: 9136 Comm: syz.0.2039 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 151.984620][ T9136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 151.984634][ T9136] Call Trace: [ 151.984642][ T9136] [ 151.984651][ T9136] __dump_stack+0x1d/0x30 [ 151.984745][ T9136] dump_stack_lvl+0xe8/0x140 [ 151.984766][ T9136] dump_stack+0x15/0x1b [ 151.984784][ T9136] should_fail_ex+0x265/0x280 [ 151.984845][ T9136] should_fail+0xb/0x20 [ 151.984884][ T9136] should_fail_usercopy+0x1a/0x20 [ 151.984963][ T9136] _copy_from_user+0x1c/0xb0 [ 151.984986][ T9136] do_sock_getsockopt+0xf1/0x240 [ 151.985095][ T9136] __x64_sys_getsockopt+0x11e/0x1a0 [ 151.985194][ T9136] x64_sys_call+0x12aa/0x2fb0 [ 151.985217][ T9136] do_syscall_64+0xd2/0x200 [ 151.985237][ T9136] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 151.985281][ T9136] ? clear_bhb_loop+0x40/0x90 [ 151.985309][ T9136] ? clear_bhb_loop+0x40/0x90 [ 151.985338][ T9136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.985361][ T9136] RIP: 0033:0x7f51626ae9a9 [ 151.985378][ T9136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.985439][ T9136] RSP: 002b:00007f5160cf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 151.985459][ T9136] RAX: ffffffffffffffda RBX: 00007f51628d6080 RCX: 00007f51626ae9a9 [ 151.985472][ T9136] RDX: 0000000000000075 RSI: 0000000000000084 RDI: 0000000000000003 [ 151.985487][ T9136] RBP: 00007f5160cf6090 R08: 0000200000000400 R09: 0000000000000000 [ 151.985503][ T9136] R10: 00002000000003c0 R11: 0000000000000246 R12: 0000000000000001 [ 151.985519][ T9136] R13: 0000000000000001 R14: 00007f51628d6080 R15: 00007fff6457de68 [ 151.985544][ T9136] [ 152.243059][ T9140] 9pnet_virtio: no channels available for device [ 152.799502][ T9161] netlink: 'syz.2.2050': attribute type 10 has an invalid length. [ 152.953046][ T9169] loop0: detected capacity change from 0 to 1024 [ 152.989898][ T9169] EXT4-fs: Ignoring removed nomblk_io_submit option [ 153.025977][ T9169] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 153.196404][ T9178] netlink: 'syz.4.2057': attribute type 21 has an invalid length. [ 153.204390][ T9178] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2057'. [ 153.245302][ T9178] netlink: 'syz.4.2057': attribute type 5 has an invalid length. [ 153.254107][ T9178] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2057'. [ 153.318355][ T9178] FAULT_INJECTION: forcing a failure. [ 153.318355][ T9178] name failslab, interval 1, probability 0, space 0, times 0 [ 153.331314][ T9178] CPU: 1 UID: 0 PID: 9178 Comm: syz.4.2057 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 153.331432][ T9178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 153.331447][ T9178] Call Trace: [ 153.331452][ T9178] [ 153.331459][ T9178] __dump_stack+0x1d/0x30 [ 153.331481][ T9178] dump_stack_lvl+0xe8/0x140 [ 153.331506][ T9178] dump_stack+0x15/0x1b [ 153.331527][ T9178] should_fail_ex+0x265/0x280 [ 153.331569][ T9178] should_failslab+0x8c/0xb0 [ 153.331635][ T9178] kmem_cache_alloc_noprof+0x50/0x310 [ 153.331679][ T9178] ? fib_insert_alias+0x16c/0x770 [ 153.331789][ T9178] fib_insert_alias+0x16c/0x770 [ 153.331821][ T9178] ? kmem_cache_alloc_noprof+0x220/0x310 [ 153.331847][ T9178] ? fib_table_insert+0x1ab/0xeb0 [ 153.331877][ T9178] fib_table_insert+0x2a6/0xeb0 [ 153.331946][ T9178] ? __schedule+0x664/0xb30 [ 153.331976][ T9178] ? fib_new_table+0xad/0x1c0 [ 153.332008][ T9178] inet_rtm_newroute+0xab/0x140 [ 153.332104][ T9178] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 153.332143][ T9178] rtnetlink_rcv_msg+0x5fe/0x6d0 [ 153.332203][ T9178] ? avc_has_perm_noaudit+0x1b1/0x200 [ 153.332243][ T9178] netlink_rcv_skb+0x120/0x220 [ 153.332340][ T9178] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 153.332456][ T9178] rtnetlink_rcv+0x1c/0x30 [ 153.332505][ T9178] netlink_unicast+0x5a8/0x680 [ 153.332550][ T9178] netlink_sendmsg+0x58b/0x6b0 [ 153.332587][ T9178] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.332608][ T9178] __sock_sendmsg+0x145/0x180 [ 153.332642][ T9178] ____sys_sendmsg+0x31e/0x4e0 [ 153.332696][ T9178] ___sys_sendmsg+0x17b/0x1d0 [ 153.332764][ T9178] __x64_sys_sendmsg+0xd4/0x160 [ 153.332891][ T9178] x64_sys_call+0x2999/0x2fb0 [ 153.332914][ T9178] do_syscall_64+0xd2/0x200 [ 153.332934][ T9178] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 153.332970][ T9178] ? clear_bhb_loop+0x40/0x90 [ 153.333066][ T9178] ? clear_bhb_loop+0x40/0x90 [ 153.333089][ T9178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.333110][ T9178] RIP: 0033:0x7f010b77e9a9 [ 153.333126][ T9178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.333149][ T9178] RSP: 002b:00007f0109de7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 153.333247][ T9178] RAX: ffffffffffffffda RBX: 00007f010b9a5fa0 RCX: 00007f010b77e9a9 [ 153.333261][ T9178] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 153.333275][ T9178] RBP: 00007f0109de7090 R08: 0000000000000000 R09: 0000000000000000 [ 153.333292][ T9178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.333308][ T9178] R13: 0000000000000000 R14: 00007f010b9a5fa0 R15: 00007ffe7e89dd48 [ 153.333333][ T9178] [ 153.847395][ T9192] wireguard0: entered promiscuous mode [ 153.853029][ T9192] wireguard0: entered allmulticast mode [ 153.878516][ T9195] loop4: detected capacity change from 0 to 512 [ 154.019294][ T9204] loop4: detected capacity change from 0 to 512 [ 154.056398][ T9204] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.076840][ T9204] ext4 filesystem being mounted at /372/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.119395][ T9204] SELinux: syz.4.2066 (9204) set checkreqprot to 1. This is no longer supported. [ 154.170963][ T3962] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.227900][ T9214] loop2: detected capacity change from 0 to 512 [ 154.259708][ T9214] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.272938][ T9214] ext4 filesystem being mounted at /414/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.298804][ T9214] SELinux: syz.2.2070 (9214) set checkreqprot to 1. This is no longer supported. [ 154.351717][ T9216] lo speed is unknown, defaulting to 1000 [ 154.387017][ T9216] lo speed is unknown, defaulting to 1000 [ 154.413454][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.484020][ T9233] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2079'. [ 154.512415][ T9234] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2078'. [ 154.564200][ T9244] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2082'. [ 154.579146][ T9242] FAULT_INJECTION: forcing a failure. [ 154.579146][ T9242] name failslab, interval 1, probability 0, space 0, times 0 [ 154.591896][ T9242] CPU: 1 UID: 0 PID: 9242 Comm: syz.1.2081 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 154.591964][ T9242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 154.591980][ T9242] Call Trace: [ 154.591988][ T9242] [ 154.592050][ T9242] __dump_stack+0x1d/0x30 [ 154.592075][ T9242] dump_stack_lvl+0xe8/0x140 [ 154.592100][ T9242] dump_stack+0x15/0x1b [ 154.592119][ T9242] should_fail_ex+0x265/0x280 [ 154.592149][ T9242] should_failslab+0x8c/0xb0 [ 154.592194][ T9242] kmem_cache_alloc_noprof+0x50/0x310 [ 154.592226][ T9242] ? audit_log_start+0x365/0x6c0 [ 154.592265][ T9242] audit_log_start+0x365/0x6c0 [ 154.592334][ T9242] audit_seccomp+0x48/0x100 [ 154.592362][ T9242] ? __seccomp_filter+0x68c/0x10d0 [ 154.592386][ T9242] __seccomp_filter+0x69d/0x10d0 [ 154.592407][ T9242] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 154.592503][ T9242] ? vfs_write+0x75e/0x8e0 [ 154.592534][ T9242] ? __rcu_read_unlock+0x4f/0x70 [ 154.592648][ T9242] ? __fget_files+0x184/0x1c0 [ 154.592674][ T9242] __secure_computing+0x82/0x150 [ 154.592695][ T9242] syscall_trace_enter+0xcf/0x1e0 [ 154.592745][ T9242] do_syscall_64+0xac/0x200 [ 154.592776][ T9242] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 154.592825][ T9242] ? clear_bhb_loop+0x40/0x90 [ 154.592856][ T9242] ? clear_bhb_loop+0x40/0x90 [ 154.592884][ T9242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.592911][ T9242] RIP: 0033:0x7f1ed079e9a9 [ 154.592930][ T9242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.592952][ T9242] RSP: 002b:00007f1ecedff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 154.592971][ T9242] RAX: ffffffffffffffda RBX: 00007f1ed09c5fa0 RCX: 00007f1ed079e9a9 [ 154.593003][ T9242] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000005 [ 154.593018][ T9242] RBP: 00007f1ecedff090 R08: 0000000000000010 R09: 0000000000000000 [ 154.593066][ T9242] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001 [ 154.593078][ T9242] R13: 0000000000000000 R14: 00007f1ed09c5fa0 R15: 00007ffd742fb3b8 [ 154.593097][ T9242] [ 154.595864][ T9244] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2082'. [ 154.815995][ T9253] syzkaller1: entered promiscuous mode [ 154.829581][ T9253] syzkaller1: entered allmulticast mode [ 154.839484][ T9255] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2084'. [ 155.010601][ T9268] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check. [ 155.986792][ T29] kauditd_printk_skb: 255 callbacks suppressed [ 155.986806][ T29] audit: type=1400 audit(1753221014.848:5464): avc: denied { create } for pid=9303 comm="syz.4.2102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 156.058780][ T29] audit: type=1400 audit(1753221014.858:5465): avc: denied { write } for pid=9303 comm="syz.4.2102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 156.338555][ T29] audit: type=1400 audit(1753221015.188:5466): avc: denied { open } for pid=9316 comm="syz.1.2108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 156.340590][ T9317] syzkaller1: entered promiscuous mode [ 156.357906][ T29] audit: type=1400 audit(1753221015.188:5467): avc: denied { kernel } for pid=9316 comm="syz.1.2108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 156.363773][ T9317] syzkaller1: entered allmulticast mode [ 156.383288][ T29] audit: type=1400 audit(1753221015.198:5468): avc: denied { tracepoint } for pid=9316 comm="syz.1.2108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 156.383319][ T29] audit: type=1400 audit(1753221015.198:5469): avc: denied { write } for pid=9316 comm="syz.1.2108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 156.436444][ T9314] loop2: detected capacity change from 0 to 512 [ 156.455737][ T29] audit: type=1400 audit(1753221015.208:5470): avc: denied { ioctl } for pid=9316 comm="syz.1.2108" path="socket:[24917]" dev="sockfs" ino=24917 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 156.482081][ T29] audit: type=1400 audit(1753221015.248:5471): avc: denied { create } for pid=9310 comm="syz.3.2106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 156.502107][ T29] audit: type=1400 audit(1753221015.318:5472): avc: denied { unmount } for pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 156.503816][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.522585][ T29] audit: type=1400 audit(1753221015.318:5473): avc: denied { name_bind } for pid=9320 comm="syz.4.2109" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 156.588803][ T9314] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 156.602504][ T9314] ext4 filesystem being mounted at /424/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 156.624297][ T9314] SELinux: syz.2.2107 (9314) set checkreqprot to 1. This is no longer supported. [ 156.707805][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.933592][ T9346] xt_hashlimit: max too large, truncated to 1048576 [ 157.360124][ T9346] syzkaller0: entered promiscuous mode [ 157.365682][ T9346] syzkaller0: entered allmulticast mode [ 157.515552][ T9372] __nla_validate_parse: 2 callbacks suppressed [ 157.515573][ T9372] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2122'. [ 157.623503][ T9376] SELinux: syz.1.2124 (9376) set checkreqprot to 1. This is no longer supported. [ 157.759744][ T9382] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2128'. [ 158.075867][ T9401] FAULT_INJECTION: forcing a failure. [ 158.075867][ T9401] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.089716][ T9401] CPU: 1 UID: 0 PID: 9401 Comm: wÞ¡ÿ Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 158.089820][ T9401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 158.089898][ T9401] Call Trace: [ 158.089907][ T9401] [ 158.089917][ T9401] __dump_stack+0x1d/0x30 [ 158.089945][ T9401] dump_stack_lvl+0xe8/0x140 [ 158.089970][ T9401] dump_stack+0x15/0x1b [ 158.089991][ T9401] should_fail_ex+0x265/0x280 [ 158.090048][ T9401] should_fail+0xb/0x20 [ 158.090074][ T9401] should_fail_usercopy+0x1a/0x20 [ 158.090291][ T9401] _copy_from_user+0x1c/0xb0 [ 158.090317][ T9401] ___sys_recvmsg+0xaa/0x370 [ 158.090415][ T9401] ? _parse_integer+0x27/0x40 [ 158.090454][ T9401] do_recvmmsg+0x1ef/0x540 [ 158.090556][ T9401] ? get_timespec64+0xc9/0x100 [ 158.090580][ T9401] __x64_sys_recvmmsg+0xfb/0x170 [ 158.090679][ T9401] x64_sys_call+0x1c6a/0x2fb0 [ 158.090718][ T9401] do_syscall_64+0xd2/0x200 [ 158.090797][ T9401] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 158.090845][ T9401] ? clear_bhb_loop+0x40/0x90 [ 158.090868][ T9401] ? clear_bhb_loop+0x40/0x90 [ 158.090909][ T9401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.090934][ T9401] RIP: 0033:0x7f42a7e7e9a9 [ 158.090955][ T9401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.090979][ T9401] RSP: 002b:00007f42a64e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 158.091030][ T9401] RAX: ffffffffffffffda RBX: 00007f42a80a5fa0 RCX: 00007f42a7e7e9a9 [ 158.091044][ T9401] RDX: 0400000000000ec0 RSI: 0000200000002ec0 RDI: 0000000000000003 [ 158.091056][ T9401] RBP: 00007f42a64e7090 R08: 00002000000001c0 R09: 0000000000000000 [ 158.091068][ T9401] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 158.091091][ T9401] R13: 0000000000000000 R14: 00007f42a80a5fa0 R15: 00007ffe81b134c8 [ 158.091114][ T9401] [ 158.509166][ T9420] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2142'. [ 158.547773][ T9425] FAULT_INJECTION: forcing a failure. [ 158.547773][ T9425] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.561632][ T9425] CPU: 0 UID: 0 PID: 9425 Comm: syz.1.2143 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 158.561661][ T9425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 158.561739][ T9425] Call Trace: [ 158.561747][ T9425] [ 158.561757][ T9425] __dump_stack+0x1d/0x30 [ 158.561783][ T9425] dump_stack_lvl+0xe8/0x140 [ 158.561804][ T9425] dump_stack+0x15/0x1b [ 158.561822][ T9425] should_fail_ex+0x265/0x280 [ 158.561860][ T9425] should_fail+0xb/0x20 [ 158.561965][ T9425] should_fail_usercopy+0x1a/0x20 [ 158.562004][ T9425] _copy_to_user+0x20/0xa0 [ 158.562036][ T9425] simple_read_from_buffer+0xb5/0x130 [ 158.562100][ T9425] proc_fail_nth_read+0x100/0x140 [ 158.562289][ T9425] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 158.562324][ T9425] vfs_read+0x19d/0x6f0 [ 158.562364][ T9425] ? __rcu_read_unlock+0x4f/0x70 [ 158.562392][ T9425] ? __fget_files+0x184/0x1c0 [ 158.562419][ T9425] ksys_read+0xda/0x1a0 [ 158.562496][ T9425] __x64_sys_read+0x40/0x50 [ 158.562533][ T9425] x64_sys_call+0x2d77/0x2fb0 [ 158.562560][ T9425] do_syscall_64+0xd2/0x200 [ 158.562583][ T9425] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 158.562659][ T9425] ? clear_bhb_loop+0x40/0x90 [ 158.562679][ T9425] ? clear_bhb_loop+0x40/0x90 [ 158.562700][ T9425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.562805][ T9425] RIP: 0033:0x7f1ed079d3bc [ 158.562823][ T9425] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 158.562847][ T9425] RSP: 002b:00007f1ecedff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 158.562867][ T9425] RAX: ffffffffffffffda RBX: 00007f1ed09c5fa0 RCX: 00007f1ed079d3bc [ 158.562911][ T9425] RDX: 000000000000000f RSI: 00007f1ecedff0a0 RDI: 0000000000000006 [ 158.562926][ T9425] RBP: 00007f1ecedff090 R08: 0000000000000000 R09: 0000000000000000 [ 158.562999][ T9425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.563010][ T9425] R13: 0000000000000000 R14: 00007f1ed09c5fa0 R15: 00007ffd742fb3b8 [ 158.563042][ T9425] [ 158.866398][ T9435] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2147'. [ 158.907795][ T9436] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2145'. [ 159.078145][ T9442] SELinux: syz.3.2149 (9442) set checkreqprot to 1. This is no longer supported. [ 159.514155][ T9462] syzkaller0: entered promiscuous mode [ 159.519746][ T9462] syzkaller0: entered allmulticast mode [ 159.857763][ T9485] FAULT_INJECTION: forcing a failure. [ 159.857763][ T9485] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 159.871549][ T9485] CPU: 0 UID: 0 PID: 9485 Comm: syz.0.2168 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 159.871574][ T9485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 159.871585][ T9485] Call Trace: [ 159.871591][ T9485] [ 159.871598][ T9485] __dump_stack+0x1d/0x30 [ 159.871630][ T9485] dump_stack_lvl+0xe8/0x140 [ 159.871648][ T9485] dump_stack+0x15/0x1b [ 159.871665][ T9485] should_fail_ex+0x265/0x280 [ 159.871701][ T9485] should_fail+0xb/0x20 [ 159.871723][ T9485] should_fail_usercopy+0x1a/0x20 [ 159.871750][ T9485] _copy_to_user+0x20/0xa0 [ 159.871768][ T9485] simple_read_from_buffer+0xb5/0x130 [ 159.871842][ T9485] proc_fail_nth_read+0x100/0x140 [ 159.871878][ T9485] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 159.871976][ T9485] vfs_read+0x19d/0x6f0 [ 159.872007][ T9485] ? __rcu_read_unlock+0x4f/0x70 [ 159.872047][ T9485] ? __fget_files+0x184/0x1c0 [ 159.872116][ T9485] ? finish_task_switch+0xad/0x2b0 [ 159.872138][ T9485] ksys_read+0xda/0x1a0 [ 159.872190][ T9485] __x64_sys_read+0x40/0x50 [ 159.872294][ T9485] x64_sys_call+0x2d77/0x2fb0 [ 159.872313][ T9485] do_syscall_64+0xd2/0x200 [ 159.872329][ T9485] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 159.872407][ T9485] ? clear_bhb_loop+0x40/0x90 [ 159.872434][ T9485] ? clear_bhb_loop+0x40/0x90 [ 159.872454][ T9485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.872498][ T9485] RIP: 0033:0x7f51626ad3bc [ 159.872511][ T9485] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 159.872527][ T9485] RSP: 002b:00007f5160d17030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 159.872622][ T9485] RAX: ffffffffffffffda RBX: 00007f51628d5fa0 RCX: 00007f51626ad3bc [ 159.872633][ T9485] RDX: 000000000000000f RSI: 00007f5160d170a0 RDI: 0000000000000006 [ 159.872697][ T9485] RBP: 00007f5160d17090 R08: 0000000000000000 R09: 0000000000000000 [ 159.872708][ T9485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.872719][ T9485] R13: 0000000000000000 R14: 00007f51628d5fa0 R15: 00007fff6457de68 [ 159.872736][ T9485] [ 160.263114][ T9516] loop2: detected capacity change from 0 to 512 [ 160.281405][ T9516] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 160.296254][ T9523] tipc: Started in network mode [ 160.301246][ T9523] tipc: Node identity ac14140f, cluster identity 4711 [ 160.311731][ T9523] tipc: New replicast peer: 255.255.255.83 [ 160.317791][ T9523] tipc: Enabled bearer , priority 10 [ 160.324696][ T9516] ext4 filesystem being mounted at /440/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 160.342553][ T9516] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.2180: corrupted inode contents [ 160.355966][ T9516] EXT4-fs error (device loop2): ext4_dirty_inode:6459: inode #2: comm syz.2.2180: mark_inode_dirty error [ 160.368386][ T9516] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.2180: corrupted inode contents [ 160.382287][ T9516] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.2180: mark_inode_dirty error [ 160.407061][ T9516] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.431352][ T9512] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2179'. [ 160.449872][ T9512] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 160.459874][ T9529] netlink: 'syz.2.2180': attribute type 10 has an invalid length. [ 160.467751][ T9529] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2180'. [ 160.482053][ T9529] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.490618][ T9529] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.499198][ T9512] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 160.499186][ T9529] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.518113][ T9529] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 160.565010][ T9536] loop4: detected capacity change from 0 to 1024 [ 160.591183][ T9536] EXT4-fs: Ignoring removed nomblk_io_submit option [ 160.611522][ T9536] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.655538][ T3962] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.766507][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.797775][ T9557] loop4: detected capacity change from 0 to 1024 [ 160.805407][ T9557] EXT4-fs: Ignoring removed nomblk_io_submit option [ 160.833031][ T9557] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.920335][ T3962] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.996389][ T29] kauditd_printk_skb: 127 callbacks suppressed [ 160.996404][ T29] audit: type=1400 audit(1753221019.858:5601): avc: denied { mounton } for pid=9566 comm="syz.2.2198" path="/444/file0" dev="tmpfs" ino=2368 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 161.133158][ T29] audit: type=1400 audit(1753221019.998:5602): avc: denied { unlink } for pid=3310 comm="syz-executor" name="file0" dev="tmpfs" ino=2368 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 161.223719][ T9578] loop2: detected capacity change from 0 to 512 [ 161.325670][ T29] audit: type=1326 audit(1753221020.188:5603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9572 comm="syz.0.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51626ae9a9 code=0x7ffc0000 [ 161.361026][ T9578] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 161.385764][ T9578] ext4 filesystem being mounted at /445/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 161.390096][ T29] audit: type=1326 audit(1753221020.218:5604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9572 comm="syz.0.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51626ae9a9 code=0x7ffc0000 [ 161.429513][ T3647] tipc: Node number set to 2886997007 [ 161.456055][ T9574] SELinux: syz.2.2201 (9574) set checkreqprot to 1. This is no longer supported. [ 161.466894][ T29] audit: type=1400 audit(1753221020.328:5605): avc: denied { remove_name } for pid=9573 comm="syz.2.2201" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 161.490817][ T29] audit: type=1400 audit(1753221020.328:5606): avc: denied { unlink } for pid=9573 comm="syz.2.2201" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 161.513648][ T9585] loop0: detected capacity change from 0 to 1024 [ 161.521272][ T9585] EXT4-fs: Ignoring removed nomblk_io_submit option [ 161.551287][ T9585] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 161.579621][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.683708][ T29] audit: type=1400 audit(1753221020.538:5607): avc: denied { create } for pid=9592 comm="syz.4.2207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 161.703368][ T29] audit: type=1400 audit(1753221020.538:5608): avc: denied { bind } for pid=9592 comm="syz.4.2207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 161.723423][ T29] audit: type=1400 audit(1753221020.538:5609): avc: denied { write } for pid=9592 comm="syz.4.2207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 161.745289][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.777611][ T9597] loop4: detected capacity change from 0 to 512 [ 161.798391][ T29] audit: type=1400 audit(1753221020.658:5610): avc: denied { listen } for pid=9598 comm="syz.1.2210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 161.821915][ T9599] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2210'. [ 161.839770][ T9599] vlan2: entered promiscuous mode [ 161.843241][ T9603] FAULT_INJECTION: forcing a failure. [ 161.843241][ T9603] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 161.844866][ T9599] ip6gretap0: entered promiscuous mode [ 161.857931][ T9603] CPU: 1 UID: 0 PID: 9603 Comm: syz.2.2211 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 161.857964][ T9603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 161.858035][ T9603] Call Trace: [ 161.858042][ T9603] [ 161.858050][ T9603] __dump_stack+0x1d/0x30 [ 161.858074][ T9603] dump_stack_lvl+0xe8/0x140 [ 161.858094][ T9603] dump_stack+0x15/0x1b [ 161.858115][ T9603] should_fail_ex+0x265/0x280 [ 161.858273][ T9603] should_fail+0xb/0x20 [ 161.858304][ T9603] should_fail_usercopy+0x1a/0x20 [ 161.858339][ T9603] _copy_from_iter+0xcf/0xe40 [ 161.858393][ T9603] ? __build_skb_around+0x1a0/0x200 [ 161.858430][ T9603] ? __alloc_skb+0x223/0x320 [ 161.858609][ T9603] netlink_sendmsg+0x471/0x6b0 [ 161.858638][ T9603] ? __pfx_netlink_sendmsg+0x10/0x10 [ 161.858662][ T9603] __sock_sendmsg+0x145/0x180 [ 161.858709][ T9603] ____sys_sendmsg+0x31e/0x4e0 [ 161.858760][ T9603] ___sys_sendmsg+0x17b/0x1d0 [ 161.858826][ T9603] __x64_sys_sendmsg+0xd4/0x160 [ 161.858886][ T9603] x64_sys_call+0x2999/0x2fb0 [ 161.858955][ T9603] do_syscall_64+0xd2/0x200 [ 161.858981][ T9603] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 161.859017][ T9603] ? clear_bhb_loop+0x40/0x90 [ 161.859084][ T9603] ? clear_bhb_loop+0x40/0x90 [ 161.859114][ T9603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.859144][ T9603] RIP: 0033:0x7f42a7e7e9a9 [ 161.859165][ T9603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.859190][ T9603] RSP: 002b:00007f42a64e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 161.859253][ T9603] RAX: ffffffffffffffda RBX: 00007f42a80a5fa0 RCX: 00007f42a7e7e9a9 [ 161.859270][ T9603] RDX: 0000000000000000 RSI: 0000200000000680 RDI: 0000000000000007 [ 161.859288][ T9603] RBP: 00007f42a64e7090 R08: 0000000000000000 R09: 0000000000000000 [ 161.859305][ T9603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.859323][ T9603] R13: 0000000000000000 R14: 00007f42a80a5fa0 R15: 00007ffe81b134c8 [ 161.859415][ T9603] [ 161.991136][ T9597] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.086440][ T9597] ext4 filesystem being mounted at /403/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 162.120564][ T9606] syzkaller1: entered promiscuous mode [ 162.126602][ T9606] syzkaller1: entered allmulticast mode [ 162.136860][ T9616] FAULT_INJECTION: forcing a failure. [ 162.136860][ T9616] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 162.150062][ T9616] CPU: 1 UID: 0 PID: 9616 Comm: syz.0.2215 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 162.150173][ T9616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 162.150192][ T9616] Call Trace: [ 162.150200][ T9616] [ 162.150232][ T9616] __dump_stack+0x1d/0x30 [ 162.150264][ T9616] dump_stack_lvl+0xe8/0x140 [ 162.150292][ T9616] dump_stack+0x15/0x1b [ 162.150355][ T9616] should_fail_ex+0x265/0x280 [ 162.150402][ T9616] should_fail+0xb/0x20 [ 162.150440][ T9616] should_fail_usercopy+0x1a/0x20 [ 162.150535][ T9616] _copy_from_user+0x1c/0xb0 [ 162.150564][ T9616] ____sys_sendmsg+0x1c5/0x4e0 [ 162.150616][ T9616] ___sys_sendmsg+0x17b/0x1d0 [ 162.150767][ T9616] __x64_sys_sendmsg+0xd4/0x160 [ 162.150900][ T9616] x64_sys_call+0x2999/0x2fb0 [ 162.150932][ T9616] do_syscall_64+0xd2/0x200 [ 162.150954][ T9616] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 162.150984][ T9616] ? clear_bhb_loop+0x40/0x90 [ 162.151019][ T9616] ? clear_bhb_loop+0x40/0x90 [ 162.151047][ T9616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.151078][ T9616] RIP: 0033:0x7f51626ae9a9 [ 162.151101][ T9616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.151127][ T9616] RSP: 002b:00007f5160d17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 162.151164][ T9616] RAX: ffffffffffffffda RBX: 00007f51628d5fa0 RCX: 00007f51626ae9a9 [ 162.151183][ T9616] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 162.151198][ T9616] RBP: 00007f5160d17090 R08: 0000000000000000 R09: 0000000000000000 [ 162.151212][ T9616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.151225][ T9616] R13: 0000000000000000 R14: 00007f51628d5fa0 R15: 00007fff6457de68 [ 162.151252][ T9616] [ 162.152219][ T9597] SELinux: syz.4.2208 (9597) set checkreqprot to 1. This is no longer supported. [ 162.240883][ T9620] SELinux: syz.1.2216 (9620) set checkreqprot to 1. This is no longer supported. [ 162.493789][ T3962] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.670123][ T9634] FAULT_INJECTION: forcing a failure. [ 162.670123][ T9634] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 162.683292][ T9634] CPU: 0 UID: 0 PID: 9634 Comm: syz.4.2218 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 162.683322][ T9634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 162.683381][ T9634] Call Trace: [ 162.683390][ T9634] [ 162.683400][ T9634] __dump_stack+0x1d/0x30 [ 162.683425][ T9634] dump_stack_lvl+0xe8/0x140 [ 162.683449][ T9634] dump_stack+0x15/0x1b [ 162.683469][ T9634] should_fail_ex+0x265/0x280 [ 162.683506][ T9634] should_fail+0xb/0x20 [ 162.683560][ T9634] should_fail_usercopy+0x1a/0x20 [ 162.683593][ T9634] _copy_from_user+0x1c/0xb0 [ 162.683616][ T9634] memdup_user+0x5e/0xd0 [ 162.683638][ T9634] strndup_user+0x68/0xb0 [ 162.683685][ T9634] perf_uprobe_init+0x48/0x150 [ 162.683717][ T9634] perf_uprobe_event_init+0xc4/0x140 [ 162.683797][ T9634] perf_try_init_event+0xd6/0x540 [ 162.683821][ T9634] ? perf_event_alloc+0xb1c/0x1680 [ 162.683847][ T9634] perf_event_alloc+0xb27/0x1680 [ 162.683885][ T9634] __se_sys_perf_event_open+0x615/0x11c0 [ 162.683944][ T9634] ? __rcu_read_unlock+0x4f/0x70 [ 162.683977][ T9634] __x64_sys_perf_event_open+0x67/0x80 [ 162.684027][ T9634] x64_sys_call+0x27ec/0x2fb0 [ 162.684054][ T9634] do_syscall_64+0xd2/0x200 [ 162.684074][ T9634] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 162.684123][ T9634] ? clear_bhb_loop+0x40/0x90 [ 162.684145][ T9634] ? clear_bhb_loop+0x40/0x90 [ 162.684220][ T9634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.684241][ T9634] RIP: 0033:0x7f010b77e9a9 [ 162.684256][ T9634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.684275][ T9634] RSP: 002b:00007f0109de7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 162.684299][ T9634] RAX: ffffffffffffffda RBX: 00007f010b9a5fa0 RCX: 00007f010b77e9a9 [ 162.684342][ T9634] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 162.684400][ T9634] RBP: 00007f0109de7090 R08: 0000000000000000 R09: 0000000000000000 [ 162.684415][ T9634] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 162.684431][ T9634] R13: 0000000000000000 R14: 00007f010b9a5fa0 R15: 00007ffe7e89dd48 [ 162.684456][ T9634] [ 163.017341][ T9645] loop4: detected capacity change from 0 to 764 [ 163.025390][ T9645] rock: directory entry would overflow storage [ 163.032387][ T9645] rock: sig=0x4654, size=5, remaining=4 [ 163.045690][ T9645] rock: directory entry would overflow storage [ 163.051938][ T9645] rock: sig=0x4f50, size=4, remaining=3 [ 163.057526][ T9645] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 163.215082][ T9652] FAULT_INJECTION: forcing a failure. [ 163.215082][ T9652] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 163.228870][ T9652] CPU: 0 UID: 0 PID: 9652 Comm: syz.4.2227 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 163.228905][ T9652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.228957][ T9652] Call Trace: [ 163.228964][ T9652] [ 163.228972][ T9652] __dump_stack+0x1d/0x30 [ 163.228992][ T9652] dump_stack_lvl+0xe8/0x140 [ 163.229077][ T9652] dump_stack+0x15/0x1b [ 163.229098][ T9652] should_fail_ex+0x265/0x280 [ 163.229131][ T9652] should_fail+0xb/0x20 [ 163.229161][ T9652] should_fail_usercopy+0x1a/0x20 [ 163.229204][ T9652] _copy_to_user+0x20/0xa0 [ 163.229230][ T9652] simple_read_from_buffer+0xb5/0x130 [ 163.229270][ T9652] proc_fail_nth_read+0x100/0x140 [ 163.229312][ T9652] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 163.229395][ T9652] vfs_read+0x19d/0x6f0 [ 163.229432][ T9652] ? __rcu_read_unlock+0x4f/0x70 [ 163.229453][ T9652] ? __fget_files+0x184/0x1c0 [ 163.229484][ T9652] ? finish_task_switch+0xad/0x2b0 [ 163.229511][ T9652] ksys_read+0xda/0x1a0 [ 163.229551][ T9652] __x64_sys_read+0x40/0x50 [ 163.229589][ T9652] x64_sys_call+0x2d77/0x2fb0 [ 163.229652][ T9652] do_syscall_64+0xd2/0x200 [ 163.229676][ T9652] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 163.229709][ T9652] ? clear_bhb_loop+0x40/0x90 [ 163.229811][ T9652] ? clear_bhb_loop+0x40/0x90 [ 163.229886][ T9652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.229913][ T9652] RIP: 0033:0x7f010b77d3bc [ 163.229932][ T9652] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 163.229994][ T9652] RSP: 002b:00007f0109de7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 163.230017][ T9652] RAX: ffffffffffffffda RBX: 00007f010b9a5fa0 RCX: 00007f010b77d3bc [ 163.230033][ T9652] RDX: 000000000000000f RSI: 00007f0109de70a0 RDI: 0000000000000007 [ 163.230077][ T9652] RBP: 00007f0109de7090 R08: 0000000000000000 R09: 0000000000000000 [ 163.230091][ T9652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 163.230103][ T9652] R13: 0000000000000000 R14: 00007f010b9a5fa0 R15: 00007ffe7e89dd48 [ 163.230121][ T9652] [ 163.693151][ T9666] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 163.727666][ T9658] loop4: detected capacity change from 0 to 8192 [ 163.752287][ T9658] vfat: Unknown parameter 'é' [ 163.759686][ T9666] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 163.871110][ T9666] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 163.929893][ T9666] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 163.998384][ T9674] SELinux: syz.1.2235 (9674) set checkreqprot to 1. This is no longer supported. [ 164.024173][ T9666] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 256 - 0 [ 164.041781][ T9666] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 256 - 0 [ 164.054013][ T9666] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 256 - 0 [ 164.121146][ T9666] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 256 - 0 [ 164.169729][ T9677] tipc: Enabled bearer , priority 0 [ 164.189810][ T9677] syzkaller0: entered promiscuous mode [ 164.195474][ T9677] syzkaller0: entered allmulticast mode [ 164.220515][ T9681] tipc: Started in network mode [ 164.225493][ T9681] tipc: Node identity eef5f0bb92f2, cluster identity 4711 [ 164.232802][ T9681] tipc: Enabled bearer , priority 0 [ 164.241540][ T9677] syzkaller0: mtu less than device minimum [ 164.248015][ T9670] tipc: Resetting bearer [ 164.265372][ T9670] tipc: Disabling bearer [ 164.285013][ T9681] syzkaller0: entered promiscuous mode [ 164.290610][ T9681] syzkaller0: entered allmulticast mode [ 164.310947][ T9681] tipc: Resetting bearer [ 164.317262][ T9680] tipc: Resetting bearer [ 164.323576][ T9686] loop2: detected capacity change from 0 to 8192 [ 164.348890][ T9680] tipc: Disabling bearer [ 164.492603][ T9696] FAULT_INJECTION: forcing a failure. [ 164.492603][ T9696] name failslab, interval 1, probability 0, space 0, times 0 [ 164.505385][ T9696] CPU: 0 UID: 0 PID: 9696 Comm: syz.2.2242 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 164.505412][ T9696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 164.505425][ T9696] Call Trace: [ 164.505433][ T9696] [ 164.505448][ T9696] __dump_stack+0x1d/0x30 [ 164.505522][ T9696] dump_stack_lvl+0xe8/0x140 [ 164.505547][ T9696] dump_stack+0x15/0x1b [ 164.505569][ T9696] should_fail_ex+0x265/0x280 [ 164.505608][ T9696] should_failslab+0x8c/0xb0 [ 164.505636][ T9696] kmem_cache_alloc_node_noprof+0x57/0x320 [ 164.505734][ T9696] ? __alloc_skb+0x101/0x320 [ 164.505771][ T9696] __alloc_skb+0x101/0x320 [ 164.505807][ T9696] netlink_alloc_large_skb+0xba/0xf0 [ 164.505885][ T9696] netlink_sendmsg+0x3cf/0x6b0 [ 164.505906][ T9696] ? __pfx_netlink_sendmsg+0x10/0x10 [ 164.505931][ T9696] __sock_sendmsg+0x145/0x180 [ 164.505961][ T9696] ____sys_sendmsg+0x31e/0x4e0 [ 164.506091][ T9696] ___sys_sendmsg+0x17b/0x1d0 [ 164.506150][ T9696] __x64_sys_sendmsg+0xd4/0x160 [ 164.506198][ T9696] x64_sys_call+0x2999/0x2fb0 [ 164.506267][ T9696] do_syscall_64+0xd2/0x200 [ 164.506285][ T9696] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 164.506309][ T9696] ? clear_bhb_loop+0x40/0x90 [ 164.506353][ T9696] ? clear_bhb_loop+0x40/0x90 [ 164.506380][ T9696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.506402][ T9696] RIP: 0033:0x7f42a7e7e9a9 [ 164.506416][ T9696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.506434][ T9696] RSP: 002b:00007f42a64e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 164.506465][ T9696] RAX: ffffffffffffffda RBX: 00007f42a80a5fa0 RCX: 00007f42a7e7e9a9 [ 164.506506][ T9696] RDX: ff0f000020000080 RSI: 0000200000000000 RDI: 0000000000000006 [ 164.506559][ T9696] RBP: 00007f42a64e7090 R08: 0000000000000000 R09: 0000000000000000 [ 164.506575][ T9696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.506591][ T9696] R13: 0000000000000000 R14: 00007f42a80a5fa0 R15: 00007ffe81b134c8 [ 164.506709][ T9696] [ 164.934197][ T9718] FAULT_INJECTION: forcing a failure. [ 164.934197][ T9718] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 164.947545][ T9718] CPU: 0 UID: 0 PID: 9718 Comm: syz.2.2252 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 164.947578][ T9718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 164.947594][ T9718] Call Trace: [ 164.947603][ T9718] [ 164.947613][ T9718] __dump_stack+0x1d/0x30 [ 164.947639][ T9718] dump_stack_lvl+0xe8/0x140 [ 164.947664][ T9718] dump_stack+0x15/0x1b [ 164.947684][ T9718] should_fail_ex+0x265/0x280 [ 164.947750][ T9718] should_fail+0xb/0x20 [ 164.947776][ T9718] should_fail_usercopy+0x1a/0x20 [ 164.947812][ T9718] _copy_from_iter+0xcf/0xe40 [ 164.947881][ T9718] ? __build_skb_around+0x1a0/0x200 [ 164.947971][ T9718] ? __alloc_skb+0x223/0x320 [ 164.948011][ T9718] netlink_sendmsg+0x471/0x6b0 [ 164.948100][ T9718] ? __pfx_netlink_sendmsg+0x10/0x10 [ 164.948124][ T9718] __sock_sendmsg+0x145/0x180 [ 164.948172][ T9718] ____sys_sendmsg+0x31e/0x4e0 [ 164.948242][ T9718] ___sys_sendmsg+0x17b/0x1d0 [ 164.948300][ T9718] __x64_sys_sendmsg+0xd4/0x160 [ 164.948363][ T9718] x64_sys_call+0x2999/0x2fb0 [ 164.948390][ T9718] do_syscall_64+0xd2/0x200 [ 164.948408][ T9718] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 164.948442][ T9718] ? clear_bhb_loop+0x40/0x90 [ 164.948473][ T9718] ? clear_bhb_loop+0x40/0x90 [ 164.948544][ T9718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.948570][ T9718] RIP: 0033:0x7f42a7e7e9a9 [ 164.948588][ T9718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.948608][ T9718] RSP: 002b:00007f42a64e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 164.948631][ T9718] RAX: ffffffffffffffda RBX: 00007f42a80a5fa0 RCX: 00007f42a7e7e9a9 [ 164.948647][ T9718] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000006 [ 164.948663][ T9718] RBP: 00007f42a64e7090 R08: 0000000000000000 R09: 0000000000000000 [ 164.948702][ T9718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.948718][ T9718] R13: 0000000000000000 R14: 00007f42a80a5fa0 R15: 00007ffe81b134c8 [ 164.948743][ T9718] [ 164.989050][ T9719] netlink: 92 bytes leftover after parsing attributes in process `syz.4.2251'. [ 165.171027][ T9719] tipc: Started in network mode [ 165.175981][ T9719] tipc: Node identity 030000000000000004, cluster identity 4711 [ 165.509311][ T9733] netlink: 'syz.1.2257': attribute type 4 has an invalid length. [ 165.698563][ T9744] pim6reg1: entered promiscuous mode [ 165.703949][ T9744] pim6reg1: entered allmulticast mode [ 165.720192][ T9745] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2261'. [ 165.781034][ T9749] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2264'. [ 165.808667][ T9751] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2265'. [ 165.915028][ T9761] pim6reg1: entered promiscuous mode [ 165.920631][ T9761] pim6reg1: entered allmulticast mode [ 166.098838][ T9772] FAULT_INJECTION: forcing a failure. [ 166.098838][ T9772] name failslab, interval 1, probability 0, space 0, times 0 [ 166.112388][ T9772] CPU: 0 UID: 0 PID: 9772 Comm: syz.0.2275 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 166.112465][ T9772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.112477][ T9772] Call Trace: [ 166.112485][ T9772] [ 166.112494][ T9772] __dump_stack+0x1d/0x30 [ 166.112520][ T9772] dump_stack_lvl+0xe8/0x140 [ 166.112545][ T9772] dump_stack+0x15/0x1b [ 166.112565][ T9772] should_fail_ex+0x265/0x280 [ 166.112670][ T9772] should_failslab+0x8c/0xb0 [ 166.112696][ T9772] kmem_cache_alloc_noprof+0x50/0x310 [ 166.112728][ T9772] ? security_file_alloc+0x32/0x100 [ 166.112754][ T9772] security_file_alloc+0x32/0x100 [ 166.112813][ T9772] init_file+0x5c/0x1d0 [ 166.112842][ T9772] alloc_empty_file+0x8b/0x200 [ 166.112871][ T9772] path_openat+0x68/0x2170 [ 166.112903][ T9772] ? _parse_integer_limit+0x170/0x190 [ 166.112961][ T9772] ? kstrtoull+0x111/0x140 [ 166.112993][ T9772] ? kstrtouint+0x76/0xc0 [ 166.113027][ T9772] do_filp_open+0x109/0x230 [ 166.113085][ T9772] do_sys_openat2+0xa6/0x110 [ 166.113135][ T9772] __x64_sys_openat+0xf2/0x120 [ 166.113233][ T9772] x64_sys_call+0x1af/0x2fb0 [ 166.113259][ T9772] do_syscall_64+0xd2/0x200 [ 166.113277][ T9772] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 166.113324][ T9772] ? clear_bhb_loop+0x40/0x90 [ 166.113352][ T9772] ? clear_bhb_loop+0x40/0x90 [ 166.113374][ T9772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.113429][ T9772] RIP: 0033:0x7f51626ae9a9 [ 166.113448][ T9772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.113547][ T9772] RSP: 002b:00007f5160cf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 166.113567][ T9772] RAX: ffffffffffffffda RBX: 00007f51628d6080 RCX: 00007f51626ae9a9 [ 166.113605][ T9772] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 166.113617][ T9772] RBP: 00007f5160cf6090 R08: 0000000000000000 R09: 0000000000000000 [ 166.113629][ T9772] R10: 00000000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 166.113667][ T9772] R13: 0000000000000001 R14: 00007f51628d6080 R15: 00007fff6457de68 [ 166.113690][ T9772] [ 166.417306][ T29] kauditd_printk_skb: 118 callbacks suppressed [ 166.417324][ T29] audit: type=1400 audit(1753221025.278:5729): avc: denied { ioctl } for pid=9775 comm="syz.4.2278" path="socket:[26944]" dev="sockfs" ino=26944 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 166.570427][ T9780] loop4: detected capacity change from 0 to 8192 [ 166.580279][ T29] audit: type=1400 audit(1753221025.448:5730): avc: denied { ioctl } for pid=9783 comm="syz.1.2281" path="socket:[27752]" dev="sockfs" ino=27752 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 166.685178][ T9788] netlink: 'syz.2.2283': attribute type 4 has an invalid length. [ 166.691290][ T9784] lo speed is unknown, defaulting to 1000 [ 166.705521][ T29] audit: type=1400 audit(1753221025.568:5731): avc: denied { write } for pid=9790 comm="syz.3.2285" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 166.755322][ T29] audit: type=1400 audit(1753221025.598:5732): avc: denied { ioctl } for pid=9790 comm="syz.3.2285" path="socket:[26993]" dev="sockfs" ino=26993 ioctlcmd=0x4947 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 166.790271][ T9802] FAULT_INJECTION: forcing a failure. [ 166.790271][ T9802] name failslab, interval 1, probability 0, space 0, times 0 [ 166.803019][ T9802] CPU: 0 UID: 0 PID: 9802 Comm: syz.4.2289 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 166.803047][ T9802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.803059][ T9802] Call Trace: [ 166.803065][ T9802] [ 166.803073][ T9802] __dump_stack+0x1d/0x30 [ 166.803097][ T9802] dump_stack_lvl+0xe8/0x140 [ 166.803143][ T9802] dump_stack+0x15/0x1b [ 166.803164][ T9802] should_fail_ex+0x265/0x280 [ 166.803216][ T9802] should_failslab+0x8c/0xb0 [ 166.803237][ T9802] kmem_cache_alloc_noprof+0x50/0x310 [ 166.803398][ T9802] ? alloc_empty_file+0x76/0x200 [ 166.803431][ T9802] alloc_empty_file+0x76/0x200 [ 166.803459][ T9802] alloc_file_pseudo+0xc6/0x160 [ 166.803516][ T9802] __shmem_file_setup+0x1de/0x210 [ 166.803553][ T9802] shmem_file_setup+0x3b/0x50 [ 166.803597][ T9802] __se_sys_memfd_create+0x2c3/0x590 [ 166.803708][ T9802] __x64_sys_memfd_create+0x31/0x40 [ 166.803747][ T9802] x64_sys_call+0x122f/0x2fb0 [ 166.803813][ T9802] do_syscall_64+0xd2/0x200 [ 166.803834][ T9802] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 166.803866][ T9802] ? clear_bhb_loop+0x40/0x90 [ 166.803886][ T9802] ? clear_bhb_loop+0x40/0x90 [ 166.804001][ T9802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.804023][ T9802] RIP: 0033:0x7f010b77e9a9 [ 166.804043][ T9802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.804109][ T9802] RSP: 002b:00007f0109de6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 166.804129][ T9802] RAX: ffffffffffffffda RBX: 00000000000005ad RCX: 00007f010b77e9a9 [ 166.804145][ T9802] RDX: 00007f0109de6ef0 RSI: 0000000000000000 RDI: 00007f010b8016fc [ 166.804160][ T9802] RBP: 0000200000000180 R08: 00007f0109de6bb7 R09: 00007f0109de6e40 [ 166.804212][ T9802] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000040 [ 166.804224][ T9802] R13: 00007f0109de6ef0 R14: 00007f0109de6eb0 R15: 0000200000000080 [ 166.804243][ T9802] [ 167.010522][ T9784] lo speed is unknown, defaulting to 1000 [ 167.024137][ T9796] SELinux: syz.3.2287 (9796) set checkreqprot to 1. This is no longer supported. [ 167.035324][ T29] audit: type=1326 audit(1753221025.618:5733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9797 comm="syz.0.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51626ae9a9 code=0x7ffc0000 [ 167.059519][ T29] audit: type=1326 audit(1753221025.618:5734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9797 comm="syz.0.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51626ae9a9 code=0x7ffc0000 [ 167.083288][ T29] audit: type=1326 audit(1753221025.618:5735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9797 comm="syz.0.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f51626ae9a9 code=0x7ffc0000 [ 167.107350][ T29] audit: type=1326 audit(1753221025.618:5736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9797 comm="syz.0.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51626ae9a9 code=0x7ffc0000 [ 167.131497][ T29] audit: type=1326 audit(1753221025.618:5737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9797 comm="syz.0.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51626ae9a9 code=0x7ffc0000 [ 167.155220][ T29] audit: type=1326 audit(1753221025.618:5738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9797 comm="syz.0.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f51626ae9a9 code=0x7ffc0000 [ 167.216161][ T9805] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2291'. [ 167.282866][ T9809] FAULT_INJECTION: forcing a failure. [ 167.282866][ T9809] name failslab, interval 1, probability 0, space 0, times 0 [ 167.295570][ T9809] CPU: 1 UID: 0 PID: 9809 Comm: syz.0.2290 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 167.295603][ T9809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.295618][ T9809] Call Trace: [ 167.295627][ T9809] [ 167.295637][ T9809] __dump_stack+0x1d/0x30 [ 167.295663][ T9809] dump_stack_lvl+0xe8/0x140 [ 167.295687][ T9809] dump_stack+0x15/0x1b [ 167.295708][ T9809] should_fail_ex+0x265/0x280 [ 167.295785][ T9809] ? register_netdevice+0x1e8/0xf00 [ 167.295824][ T9809] should_failslab+0x8c/0xb0 [ 167.295845][ T9809] __kmalloc_cache_noprof+0x4c/0x320 [ 167.295957][ T9809] register_netdevice+0x1e8/0xf00 [ 167.295993][ T9809] ? snprintf+0x86/0xb0 [ 167.296025][ T9809] ppp_dev_configure+0x623/0x6e0 [ 167.296108][ T9809] ppp_ioctl+0x523/0x11c0 [ 167.296189][ T9809] ? __fget_files+0x184/0x1c0 [ 167.296206][ T9809] ? __cond_resched+0x4e/0x90 [ 167.296237][ T9809] ? __pfx_ppp_ioctl+0x10/0x10 [ 167.296265][ T9809] __se_sys_ioctl+0xcb/0x140 [ 167.296321][ T9809] __x64_sys_ioctl+0x43/0x50 [ 167.296362][ T9809] x64_sys_call+0x19a8/0x2fb0 [ 167.296401][ T9809] do_syscall_64+0xd2/0x200 [ 167.296424][ T9809] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 167.296453][ T9809] ? clear_bhb_loop+0x40/0x90 [ 167.296473][ T9809] ? clear_bhb_loop+0x40/0x90 [ 167.296517][ T9809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.296668][ T9809] RIP: 0033:0x7f51626ae9a9 [ 167.296688][ T9809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.296705][ T9809] RSP: 002b:00007f5160d17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 167.296727][ T9809] RAX: ffffffffffffffda RBX: 00007f51628d5fa0 RCX: 00007f51626ae9a9 [ 167.296742][ T9809] RDX: 0000200000000140 RSI: 00000000c004743e RDI: 0000000000000003 [ 167.296757][ T9809] RBP: 00007f5160d17090 R08: 0000000000000000 R09: 0000000000000000 [ 167.296769][ T9809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.296781][ T9809] R13: 0000000000000000 R14: 00007f51628d5fa0 R15: 00007fff6457de68 [ 167.296828][ T9809] [ 167.606040][ T9814] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2292'. [ 167.642189][ T9816] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2295'. [ 167.711428][ T9826] FAULT_INJECTION: forcing a failure. [ 167.711428][ T9826] name failslab, interval 1, probability 0, space 0, times 0 [ 167.724234][ T9826] CPU: 1 UID: 0 PID: 9826 Comm: syz.0.2297 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 167.724268][ T9826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.724284][ T9826] Call Trace: [ 167.724292][ T9826] [ 167.724301][ T9826] __dump_stack+0x1d/0x30 [ 167.724323][ T9826] dump_stack_lvl+0xe8/0x140 [ 167.724389][ T9826] dump_stack+0x15/0x1b [ 167.724409][ T9826] should_fail_ex+0x265/0x280 [ 167.724440][ T9826] should_failslab+0x8c/0xb0 [ 167.724479][ T9826] kmem_cache_alloc_noprof+0x50/0x310 [ 167.724580][ T9826] ? skb_clone+0x151/0x1f0 [ 167.724605][ T9826] skb_clone+0x151/0x1f0 [ 167.724627][ T9826] __netlink_deliver_tap+0x2c9/0x500 [ 167.724676][ T9826] netlink_unicast+0x653/0x680 [ 167.724743][ T9826] netlink_sendmsg+0x58b/0x6b0 [ 167.724770][ T9826] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.724796][ T9826] __sock_sendmsg+0x145/0x180 [ 167.724860][ T9826] ____sys_sendmsg+0x31e/0x4e0 [ 167.724928][ T9826] ___sys_sendmsg+0x17b/0x1d0 [ 167.724978][ T9826] __x64_sys_sendmsg+0xd4/0x160 [ 167.725096][ T9826] x64_sys_call+0x2999/0x2fb0 [ 167.725178][ T9826] do_syscall_64+0xd2/0x200 [ 167.725201][ T9826] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 167.725274][ T9826] ? clear_bhb_loop+0x40/0x90 [ 167.725297][ T9826] ? clear_bhb_loop+0x40/0x90 [ 167.725323][ T9826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.725430][ T9826] RIP: 0033:0x7f51626ae9a9 [ 167.725487][ T9826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.725509][ T9826] RSP: 002b:00007f5160d17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 167.725531][ T9826] RAX: ffffffffffffffda RBX: 00007f51628d5fa0 RCX: 00007f51626ae9a9 [ 167.725546][ T9826] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000006 [ 167.725561][ T9826] RBP: 00007f5160d17090 R08: 0000000000000000 R09: 0000000000000000 [ 167.725576][ T9826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.725592][ T9826] R13: 0000000000000000 R14: 00007f51628d5fa0 R15: 00007fff6457de68 [ 167.725658][ T9826] [ 167.941691][ T9824] netlink: 'syz.2.2298': attribute type 4 has an invalid length. [ 167.993214][ T9831] netlink: 33912 bytes leftover after parsing attributes in process `syz.3.2302'. [ 168.029238][ T9837] FAULT_INJECTION: forcing a failure. [ 168.029238][ T9837] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 168.042514][ T9837] CPU: 1 UID: 0 PID: 9837 Comm: syz.0.2304 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 168.042545][ T9837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.042560][ T9837] Call Trace: [ 168.042568][ T9837] [ 168.042576][ T9837] __dump_stack+0x1d/0x30 [ 168.042642][ T9837] dump_stack_lvl+0xe8/0x140 [ 168.042661][ T9837] dump_stack+0x15/0x1b [ 168.042677][ T9837] should_fail_ex+0x265/0x280 [ 168.042712][ T9837] should_fail+0xb/0x20 [ 168.042783][ T9837] should_fail_usercopy+0x1a/0x20 [ 168.042821][ T9837] strncpy_from_user+0x25/0x230 [ 168.042848][ T9837] ? kmem_cache_alloc_noprof+0x186/0x310 [ 168.042915][ T9837] ? getname_flags+0x80/0x3b0 [ 168.042937][ T9837] getname_flags+0xae/0x3b0 [ 168.042975][ T9837] do_sys_openat2+0x60/0x110 [ 168.043073][ T9837] __x64_sys_creat+0x65/0x90 [ 168.043104][ T9837] x64_sys_call+0x114d/0x2fb0 [ 168.043132][ T9837] do_syscall_64+0xd2/0x200 [ 168.043153][ T9837] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 168.043315][ T9837] ? clear_bhb_loop+0x40/0x90 [ 168.043338][ T9837] ? clear_bhb_loop+0x40/0x90 [ 168.043389][ T9837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.043415][ T9837] RIP: 0033:0x7f51626ae9a9 [ 168.043434][ T9837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.043539][ T9837] RSP: 002b:00007f5160d17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 168.043563][ T9837] RAX: ffffffffffffffda RBX: 00007f51628d5fa0 RCX: 00007f51626ae9a9 [ 168.043579][ T9837] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000380 [ 168.043595][ T9837] RBP: 00007f5160d17090 R08: 0000000000000000 R09: 0000000000000000 [ 168.043662][ T9837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.043676][ T9837] R13: 0000000000000000 R14: 00007f51628d5fa0 R15: 00007fff6457de68 [ 168.043701][ T9837] [ 168.262874][ T9841] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2306'. [ 168.272073][ T9822] lo speed is unknown, defaulting to 1000 [ 168.297578][ T9844] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2309'. [ 168.309426][ T9822] lo speed is unknown, defaulting to 1000 [ 168.350598][ T9852] loop0: detected capacity change from 0 to 512 [ 168.373704][ T9852] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 168.397412][ T9852] EXT4-fs (loop0): 1 truncate cleaned up [ 168.403833][ T9852] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.422808][ T9852] netlink: 'syz.0.2308': attribute type 1 has an invalid length. [ 168.444567][ T9852] 8021q: adding VLAN 0 to HW filter on device bond5 [ 168.475152][ T9858] FAULT_INJECTION: forcing a failure. [ 168.475152][ T9858] name failslab, interval 1, probability 0, space 0, times 0 [ 168.487942][ T9858] CPU: 0 UID: 0 PID: 9858 Comm: syz.4.2312 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 168.487971][ T9858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.487999][ T9858] Call Trace: [ 168.488006][ T9858] [ 168.488015][ T9858] __dump_stack+0x1d/0x30 [ 168.488037][ T9858] dump_stack_lvl+0xe8/0x140 [ 168.488072][ T9858] dump_stack+0x15/0x1b [ 168.488094][ T9858] should_fail_ex+0x265/0x280 [ 168.488132][ T9858] ? v9fs_mount+0x51/0x590 [ 168.488168][ T9858] should_failslab+0x8c/0xb0 [ 168.488220][ T9858] __kmalloc_cache_noprof+0x4c/0x320 [ 168.488258][ T9858] v9fs_mount+0x51/0x590 [ 168.488295][ T9858] ? __pfx_v9fs_mount+0x10/0x10 [ 168.488401][ T9858] legacy_get_tree+0x75/0xd0 [ 168.488443][ T9858] vfs_get_tree+0x57/0x1d0 [ 168.488481][ T9858] do_new_mount+0x207/0x680 [ 168.488517][ T9858] path_mount+0x4a4/0xb20 [ 168.488573][ T9858] ? user_path_at+0x109/0x130 [ 168.488668][ T9858] __se_sys_mount+0x28f/0x2e0 [ 168.488720][ T9858] ? fput+0x8f/0xc0 [ 168.488751][ T9858] __x64_sys_mount+0x67/0x80 [ 168.488864][ T9858] x64_sys_call+0xd36/0x2fb0 [ 168.488902][ T9858] do_syscall_64+0xd2/0x200 [ 168.488957][ T9858] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 168.488985][ T9858] ? clear_bhb_loop+0x40/0x90 [ 168.489005][ T9858] ? clear_bhb_loop+0x40/0x90 [ 168.489026][ T9858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.489046][ T9858] RIP: 0033:0x7f010b77e9a9 [ 168.489115][ T9858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.489138][ T9858] RSP: 002b:00007f0109de7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 168.489161][ T9858] RAX: ffffffffffffffda RBX: 00007f010b9a5fa0 RCX: 00007f010b77e9a9 [ 168.489177][ T9858] RDX: 00002000000002c0 RSI: 0000200000000080 RDI: 0000000000000000 [ 168.489192][ T9858] RBP: 00007f0109de7090 R08: 0000200000000240 R09: 0000000000000000 [ 168.489205][ T9858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.489216][ T9858] R13: 0000000000000000 R14: 00007f010b9a5fa0 R15: 00007ffe7e89dd48 [ 168.489234][ T9858] [ 168.712335][ T9852] bond5 (unregistering): Released all slaves [ 168.733415][ T9868] x_tables: ip_tables: ah match: only valid for protocol 51 [ 168.741973][ T9862] netlink: 'syz.3.2313': attribute type 4 has an invalid length. [ 168.816584][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.910721][ T9891] netlink: 'syz.3.2327': attribute type 4 has an invalid length. [ 169.280430][ T9910] syzkaller1: tun_chr_ioctl cmd 2147767506 [ 169.368223][ T9918] xt_CT: You must specify a L4 protocol and not use inversions on it [ 169.454102][ T9930] syzkaller1: entered promiscuous mode [ 169.459799][ T9930] syzkaller1: entered allmulticast mode [ 169.705011][ T9945] 9pnet: Could not find request transport: 0xffffffffffffffff [ 169.821369][ T9965] syzkaller0: tun_chr_ioctl cmd 35111 [ 169.955362][ T9965] vlan2: entered allmulticast mode [ 169.960634][ T9965] bond0: entered allmulticast mode [ 169.965773][ T9965] bond_slave_0: entered allmulticast mode [ 169.971574][ T9965] bond_slave_1: entered allmulticast mode [ 169.977309][ T9965] dummy0: entered allmulticast mode [ 169.994757][ T9972] loop4: detected capacity change from 0 to 512 [ 170.027226][ T9972] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.045704][ T9972] ext4 filesystem being mounted at /427/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 170.067318][ T9972] SELinux: syz.4.2358 (9972) set checkreqprot to 1. This is no longer supported. [ 170.085702][ T9986] FAULT_INJECTION: forcing a failure. [ 170.085702][ T9986] name failslab, interval 1, probability 0, space 0, times 0 [ 170.098451][ T9986] CPU: 1 UID: 0 PID: 9986 Comm: syz.3.2364 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 170.098556][ T9986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.098573][ T9986] Call Trace: [ 170.098580][ T9986] [ 170.098590][ T9986] __dump_stack+0x1d/0x30 [ 170.098617][ T9986] dump_stack_lvl+0xe8/0x140 [ 170.098641][ T9986] dump_stack+0x15/0x1b [ 170.098736][ T9986] should_fail_ex+0x265/0x280 [ 170.098847][ T9986] should_failslab+0x8c/0xb0 [ 170.098871][ T9986] kmem_cache_alloc_noprof+0x50/0x310 [ 170.098947][ T9986] ? audit_log_start+0x365/0x6c0 [ 170.098987][ T9986] audit_log_start+0x365/0x6c0 [ 170.099029][ T9986] audit_seccomp+0x48/0x100 [ 170.099070][ T9986] ? __seccomp_filter+0x68c/0x10d0 [ 170.099091][ T9986] __seccomp_filter+0x69d/0x10d0 [ 170.099113][ T9986] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 170.099155][ T9986] ? vfs_write+0x75e/0x8e0 [ 170.099207][ T9986] ? __rcu_read_unlock+0x4f/0x70 [ 170.099234][ T9986] ? __fget_files+0x184/0x1c0 [ 170.099261][ T9986] __secure_computing+0x82/0x150 [ 170.099287][ T9986] syscall_trace_enter+0xcf/0x1e0 [ 170.099384][ T9986] do_syscall_64+0xac/0x200 [ 170.099407][ T9986] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 170.099432][ T9986] ? clear_bhb_loop+0x40/0x90 [ 170.099452][ T9986] ? clear_bhb_loop+0x40/0x90 [ 170.099472][ T9986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.099572][ T9986] RIP: 0033:0x7f590cd7e9a9 [ 170.099586][ T9986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.099674][ T9986] RSP: 002b:00007f590b3df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000069 [ 170.099698][ T9986] RAX: ffffffffffffffda RBX: 00007f590cfa5fa0 RCX: 00007f590cd7e9a9 [ 170.099714][ T9986] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee00 [ 170.099728][ T9986] RBP: 00007f590b3df090 R08: 0000000000000000 R09: 0000000000000000 [ 170.099740][ T9986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.099751][ T9986] R13: 0000000000000000 R14: 00007f590cfa5fa0 R15: 00007ffe2f9b9d68 [ 170.099770][ T9986] [ 170.387660][ T9996] FAULT_INJECTION: forcing a failure. [ 170.387660][ T9996] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 170.387692][ T9996] CPU: 0 UID: 0 PID: 9996 Comm: syz.2.2370 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 170.387728][ T9996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.387747][ T9996] Call Trace: [ 170.387757][ T9996] [ 170.387766][ T9996] __dump_stack+0x1d/0x30 [ 170.387793][ T9996] dump_stack_lvl+0xe8/0x140 [ 170.387881][ T9996] dump_stack+0x15/0x1b [ 170.387905][ T9996] should_fail_ex+0x265/0x280 [ 170.387947][ T9996] should_fail+0xb/0x20 [ 170.388035][ T9996] should_fail_usercopy+0x1a/0x20 [ 170.388151][ T9996] _copy_from_iter+0xcf/0xe40 [ 170.388195][ T9996] ? __build_skb_around+0x1a0/0x200 [ 170.388334][ T9996] ? __alloc_skb+0x223/0x320 [ 170.388378][ T9996] netlink_sendmsg+0x471/0x6b0 [ 170.388410][ T9996] ? __pfx_netlink_sendmsg+0x10/0x10 [ 170.388442][ T9996] __sock_sendmsg+0x145/0x180 [ 170.388534][ T9996] ____sys_sendmsg+0x31e/0x4e0 [ 170.388665][ T9996] ___sys_sendmsg+0x17b/0x1d0 [ 170.388730][ T9996] __x64_sys_sendmsg+0xd4/0x160 [ 170.388782][ T9996] x64_sys_call+0x2999/0x2fb0 [ 170.388863][ T9996] do_syscall_64+0xd2/0x200 [ 170.388947][ T9996] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 170.388983][ T9996] ? clear_bhb_loop+0x40/0x90 [ 170.389013][ T9996] ? clear_bhb_loop+0x40/0x90 [ 170.389043][ T9996] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.389119][ T9996] RIP: 0033:0x7f42a7e7e9a9 [ 170.389139][ T9996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.389165][ T9996] RSP: 002b:00007f42a64e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 170.389191][ T9996] RAX: ffffffffffffffda RBX: 00007f42a80a5fa0 RCX: 00007f42a7e7e9a9 [ 170.389232][ T9996] RDX: 0000000000004000 RSI: 0000200000000180 RDI: 0000000000000006 [ 170.389249][ T9996] RBP: 00007f42a64e7090 R08: 0000000000000000 R09: 0000000000000000 [ 170.389267][ T9996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.389285][ T9996] R13: 0000000000000000 R14: 00007f42a80a5fa0 R15: 00007ffe81b134c8 [ 170.389391][ T9996] [ 170.390679][ T3962] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.453603][ T9999] vlan2: entered allmulticast mode [ 170.506342][T10003] loop2: detected capacity change from 0 to 1024 [ 170.631995][T10003] EXT4-fs: Ignoring removed nomblk_io_submit option [ 170.660308][T10003] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 170.728716][T10011] xt_hashlimit: max too large, truncated to 1048576 [ 170.736010][T10011] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 170.755447][T10014] loop0: detected capacity change from 0 to 8192 [ 170.802589][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.838142][T10022] SELinux: syz.1.2376 (10022) set checkreqprot to 1. This is no longer supported. [ 170.849381][T10024] __nla_validate_parse: 5 callbacks suppressed [ 170.849394][T10024] netlink: 136 bytes leftover after parsing attributes in process `syz.4.2379'. [ 171.224691][T10035] loop2: detected capacity change from 0 to 1024 [ 171.352185][T10035] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 171.373536][T10035] ext4 filesystem being mounted at /486/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 171.426529][ T29] kauditd_printk_skb: 332 callbacks suppressed [ 171.426548][ T29] audit: type=1400 audit(1753221030.288:6069): avc: denied { add_name } for pid=10034 comm="syz.2.2384" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 171.453791][ T29] audit: type=1400 audit(1753221030.288:6070): avc: denied { create } for pid=10034 comm="syz.2.2384" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 171.510088][ T29] audit: type=1400 audit(1753221030.348:6071): avc: denied { read write } for pid=10034 comm="syz.2.2384" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 171.532916][ T29] audit: type=1400 audit(1753221030.348:6072): avc: denied { open } for pid=10034 comm="syz.2.2384" path="/486/file1/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 171.556150][ T29] audit: type=1400 audit(1753221030.348:6073): avc: denied { mounton } for pid=10071 comm="syz.3.2397" path="/512/file0" dev="tmpfs" ino=2701 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 171.579301][ T29] audit: type=1400 audit(1753221030.358:6074): avc: denied { mount } for pid=10071 comm="syz.3.2397" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 171.601573][ T29] audit: type=1400 audit(1753221030.358:6075): avc: denied { write } for pid=10071 comm="syz.3.2397" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 171.622520][ T29] audit: type=1400 audit(1753221030.358:6076): avc: denied { open } for pid=10071 comm="syz.3.2397" path="/512/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 171.644875][ T29] audit: type=1400 audit(1753221030.368:6077): avc: denied { read } for pid=10073 comm="syz.4.2398" dev="nsfs" ino=4026532518 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 171.666222][ T29] audit: type=1400 audit(1753221030.368:6078): avc: denied { open } for pid=10073 comm="syz.4.2398" path="net:[4026532518]" dev="nsfs" ino=4026532518 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 171.692739][T10035] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 171.710718][T10079] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2400'. [ 171.933206][T10099] loop0: detected capacity change from 0 to 1024 [ 171.941761][T10099] EXT4-fs: Ignoring removed nobh option [ 171.947514][T10099] EXT4-fs: Ignoring removed bh option [ 171.962029][T10099] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.002583][T10111] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 172.090283][T10111] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 172.117884][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.149681][T10111] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 172.199574][T10111] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 172.203889][T10127] loop0: detected capacity change from 0 to 2048 [ 172.245547][T10127] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.265546][T10111] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20001 - 0 [ 172.278948][T10111] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20001 - 0 [ 172.288284][T10138] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2422'. [ 172.291641][T10111] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20001 - 0 [ 172.299590][ T3312] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 172.310902][T10111] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20001 - 0 [ 172.329012][ T3312] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 172.362640][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.419905][T10152] netlink: 'syz.0.2428': attribute type 4 has an invalid length. [ 172.439383][T10154] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2429'. [ 172.448472][T10154] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2429'. [ 172.694750][T10167] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=35 sclass=netlink_tcpdiag_socket pid=10167 comm=syz.1.2430 [ 172.735344][T10179] FAULT_INJECTION: forcing a failure. [ 172.735344][T10179] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 172.748791][T10179] CPU: 1 UID: 0 PID: 10179 Comm: syz.3.2439 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 172.748821][T10179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 172.748836][T10179] Call Trace: [ 172.748844][T10179] [ 172.748900][T10179] __dump_stack+0x1d/0x30 [ 172.748925][T10179] dump_stack_lvl+0xe8/0x140 [ 172.748949][T10179] dump_stack+0x15/0x1b [ 172.748970][T10179] should_fail_ex+0x265/0x280 [ 172.749041][T10179] should_fail+0xb/0x20 [ 172.749068][T10179] should_fail_usercopy+0x1a/0x20 [ 172.749117][T10179] strncpy_from_user+0x25/0x230 [ 172.749143][T10179] ? kmem_cache_alloc_noprof+0x186/0x310 [ 172.749169][T10179] ? getname_flags+0x80/0x3b0 [ 172.749196][T10179] getname_flags+0xae/0x3b0 [ 172.749286][T10179] path_setxattrat+0x223/0x310 [ 172.749323][T10179] __x64_sys_setxattr+0x6e/0x90 [ 172.749397][T10179] x64_sys_call+0x28a7/0x2fb0 [ 172.749423][T10179] do_syscall_64+0xd2/0x200 [ 172.749506][T10179] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 172.749537][T10179] ? clear_bhb_loop+0x40/0x90 [ 172.749614][T10179] ? clear_bhb_loop+0x40/0x90 [ 172.749637][T10179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.749657][T10179] RIP: 0033:0x7f590cd7e9a9 [ 172.749671][T10179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.749689][T10179] RSP: 002b:00007f590b3df038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 172.749720][T10179] RAX: ffffffffffffffda RBX: 00007f590cfa5fa0 RCX: 00007f590cd7e9a9 [ 172.749735][T10179] RDX: 0000000000000000 RSI: 0000200000002a40 RDI: 0000200000002a00 [ 172.749749][T10179] RBP: 00007f590b3df090 R08: 0000000000000000 R09: 0000000000000000 [ 172.749760][T10179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 172.749771][T10179] R13: 0000000000000001 R14: 00007f590cfa5fa0 R15: 00007ffe2f9b9d68 [ 172.749810][T10179] [ 173.049344][T10188] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2442'. [ 173.175306][T10202] FAULT_INJECTION: forcing a failure. [ 173.175306][T10202] name failslab, interval 1, probability 0, space 0, times 0 [ 173.188094][T10202] CPU: 1 UID: 0 PID: 10202 Comm: syz.3.2449 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 173.188202][T10202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 173.188217][T10202] Call Trace: [ 173.188224][T10202] [ 173.188232][T10202] __dump_stack+0x1d/0x30 [ 173.188265][T10202] dump_stack_lvl+0xe8/0x140 [ 173.188360][T10202] dump_stack+0x15/0x1b [ 173.188382][T10202] should_fail_ex+0x265/0x280 [ 173.188423][T10202] ? legacy_init_fs_context+0x31/0x80 [ 173.188454][T10202] should_failslab+0x8c/0xb0 [ 173.188475][T10202] __kmalloc_cache_noprof+0x4c/0x320 [ 173.188636][T10202] legacy_init_fs_context+0x31/0x80 [ 173.188671][T10202] alloc_fs_context+0x3ec/0x4e0 [ 173.188702][T10195] loop2: detected capacity change from 0 to 512 [ 173.188706][T10202] fs_context_for_mount+0x22/0x30 [ 173.188743][T10202] do_new_mount+0xe9/0x680 [ 173.188785][T10202] path_mount+0x4a4/0xb20 [ 173.188863][T10202] ? user_path_at+0x109/0x130 [ 173.188930][T10202] __se_sys_mount+0x28f/0x2e0 [ 173.189052][T10202] ? fput+0x8f/0xc0 [ 173.189168][T10202] __x64_sys_mount+0x67/0x80 [ 173.189282][T10202] x64_sys_call+0xd36/0x2fb0 [ 173.189313][T10202] do_syscall_64+0xd2/0x200 [ 173.189360][T10202] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 173.189396][T10202] ? clear_bhb_loop+0x40/0x90 [ 173.189426][T10202] ? clear_bhb_loop+0x40/0x90 [ 173.189457][T10202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.189485][T10202] RIP: 0033:0x7f590cd7e9a9 [ 173.189526][T10202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.189597][T10202] RSP: 002b:00007f590b3df038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 173.189624][T10202] RAX: ffffffffffffffda RBX: 00007f590cfa5fa0 RCX: 00007f590cd7e9a9 [ 173.189642][T10202] RDX: 00002000000002c0 RSI: 0000200000000080 RDI: 0000000000000000 [ 173.189659][T10202] RBP: 00007f590b3df090 R08: 0000200000000240 R09: 0000000000000000 [ 173.189676][T10202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.189738][T10202] R13: 0000000000000000 R14: 00007f590cfa5fa0 R15: 00007ffe2f9b9d68 [ 173.189766][T10202] [ 173.447047][T10195] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.467176][T10223] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2456'. [ 173.477291][T10195] ext4 filesystem being mounted at /495/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 173.552744][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.649504][T10240] netlink: 'syz.3.2466': attribute type 10 has an invalid length. [ 173.661901][T10241] loop0: detected capacity change from 0 to 1024 [ 173.668851][T10240] veth1_vlan: entered allmulticast mode [ 173.675168][T10240] veth1_vlan: left promiscuous mode [ 173.681512][T10240] team0: Device veth1_vlan failed to register rx_handler [ 173.713347][T10243] loop2: detected capacity change from 0 to 8192 [ 173.722209][T10241] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 173.803822][T10255] FAULT_INJECTION: forcing a failure. [ 173.803822][T10255] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.817125][T10255] CPU: 1 UID: 0 PID: 10255 Comm: syz.0.2465 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 173.817155][T10255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 173.817169][T10255] Call Trace: [ 173.817175][T10255] [ 173.817184][T10255] __dump_stack+0x1d/0x30 [ 173.817206][T10255] dump_stack_lvl+0xe8/0x140 [ 173.817289][T10255] dump_stack+0x15/0x1b [ 173.817306][T10255] should_fail_ex+0x265/0x280 [ 173.817339][T10255] should_fail+0xb/0x20 [ 173.817397][T10255] should_fail_usercopy+0x1a/0x20 [ 173.817432][T10255] _copy_from_iter+0xcf/0xe40 [ 173.817468][T10255] ? __build_skb_around+0x1a0/0x200 [ 173.817501][T10255] ? __build_skb+0x59/0x70 [ 173.817572][T10255] ? is_vmalloc_addr+0x37/0x90 [ 173.817602][T10255] netlink_sendmsg+0x471/0x6b0 [ 173.817628][T10255] ? __pfx_netlink_sendmsg+0x10/0x10 [ 173.817652][T10255] __sock_sendmsg+0x145/0x180 [ 173.817707][T10255] sock_write_iter+0x165/0x1b0 [ 173.817737][T10255] ? __pfx_sock_write_iter+0x10/0x10 [ 173.817760][T10255] vfs_write+0x49d/0x8e0 [ 173.817800][T10255] ksys_write+0xda/0x1a0 [ 173.817858][T10255] __x64_sys_write+0x40/0x50 [ 173.817895][T10255] x64_sys_call+0x2cdd/0x2fb0 [ 173.817919][T10255] do_syscall_64+0xd2/0x200 [ 173.817939][T10255] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 173.817970][T10255] ? clear_bhb_loop+0x40/0x90 [ 173.817993][T10255] ? clear_bhb_loop+0x40/0x90 [ 173.818017][T10255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.818134][T10255] RIP: 0033:0x7f51626ae9a9 [ 173.818152][T10255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.818172][T10255] RSP: 002b:00007f5160cf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 173.818193][T10255] RAX: ffffffffffffffda RBX: 00007f51628d6080 RCX: 00007f51626ae9a9 [ 173.818267][T10255] RDX: 000000000000fe33 RSI: 0000200000000000 RDI: 0000000000000009 [ 173.818281][T10255] RBP: 00007f5160cf6090 R08: 0000000000000000 R09: 0000000000000000 [ 173.818294][T10255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.818308][T10255] R13: 0000000000000001 R14: 00007f51628d6080 R15: 00007fff6457de68 [ 173.818388][T10255] [ 174.086740][T10259] netlink: 'syz.3.2471': attribute type 4 has an invalid length. [ 174.137731][T10264] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2470'. [ 174.158132][T10264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2470'. [ 174.572295][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.730002][T10310] FAULT_INJECTION: forcing a failure. [ 174.730002][T10310] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 174.743155][T10310] CPU: 0 UID: 0 PID: 10310 Comm: syz.4.2480 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 174.743186][T10310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 174.743202][T10310] Call Trace: [ 174.743210][T10310] [ 174.743220][T10310] __dump_stack+0x1d/0x30 [ 174.743264][T10310] dump_stack_lvl+0xe8/0x140 [ 174.743286][T10310] dump_stack+0x15/0x1b [ 174.743301][T10310] should_fail_ex+0x265/0x280 [ 174.743342][T10310] should_fail+0xb/0x20 [ 174.743377][T10310] should_fail_usercopy+0x1a/0x20 [ 174.743455][T10310] _copy_to_user+0x20/0xa0 [ 174.743508][T10310] simple_read_from_buffer+0xb5/0x130 [ 174.743539][T10310] proc_fail_nth_read+0x100/0x140 [ 174.743606][T10310] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 174.743647][T10310] vfs_read+0x19d/0x6f0 [ 174.743676][T10310] ? __rcu_read_unlock+0x4f/0x70 [ 174.743776][T10310] ? __fget_files+0x184/0x1c0 [ 174.743798][T10310] ksys_read+0xda/0x1a0 [ 174.743837][T10310] __x64_sys_read+0x40/0x50 [ 174.743896][T10310] x64_sys_call+0x2d77/0x2fb0 [ 174.743917][T10310] do_syscall_64+0xd2/0x200 [ 174.743935][T10310] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 174.743967][T10310] ? clear_bhb_loop+0x40/0x90 [ 174.744069][T10310] ? clear_bhb_loop+0x40/0x90 [ 174.744142][T10310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.744236][T10310] RIP: 0033:0x7f010b77d3bc [ 174.744254][T10310] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 174.744272][T10310] RSP: 002b:00007f0109de7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 174.744290][T10310] RAX: ffffffffffffffda RBX: 00007f010b9a5fa0 RCX: 00007f010b77d3bc [ 174.744302][T10310] RDX: 000000000000000f RSI: 00007f0109de70a0 RDI: 0000000000000004 [ 174.744323][T10310] RBP: 00007f0109de7090 R08: 0000000000000000 R09: 0000000000000000 [ 174.744339][T10310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.744432][T10310] R13: 0000000000000000 R14: 00007f010b9a5fa0 R15: 00007ffe7e89dd48 [ 174.744507][T10310] [ 175.018176][T10312] SELinux: syz.3.2481 (10312) set checkreqprot to 1. This is no longer supported. [ 175.162876][T10332] : renamed from bond0 (while UP) [ 175.182794][T10332] xt_CT: You must specify a L4 protocol and not use inversions on it [ 175.462042][T10356] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2502'. [ 175.527612][T10354] loop2: detected capacity change from 0 to 8192 [ 175.538002][T10360] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check. [ 175.608114][T10364] netlink: 'syz.4.2507': attribute type 4 has an invalid length. [ 175.825470][T10389] netlink: 'syz.2.2517': attribute type 1 has an invalid length. [ 175.872146][T10391] __nla_validate_parse: 3 callbacks suppressed [ 175.872166][T10391] netlink: 436 bytes leftover after parsing attributes in process `syz.4.2518'. [ 175.891445][T10393] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2519'. [ 176.006831][T10408] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check. [ 176.029722][T10404] loop0: detected capacity change from 0 to 512 [ 176.056326][T10412] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2525'. [ 176.068970][T10404] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.098114][T10404] ext4 filesystem being mounted at /491/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.132166][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.166639][T10422] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check. [ 176.187101][T10421] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2532'. [ 176.200973][ T3312] ================================================================== [ 176.209116][ T3312] BUG: KCSAN: data-race in find_get_block_common / has_bh_in_lru [ 176.216881][ T3312] [ 176.219225][ T3312] read-write to 0xffff888237d26f10 of 8 bytes by task 3294 on cpu 1: [ 176.227310][ T3312] find_get_block_common+0x4f0/0x960 [ 176.232632][ T3312] bdev_getblk+0x83/0x3d0 [ 176.237004][ T3312] __ext4_get_inode_loc+0x303/0x930 [ 176.242230][ T3312] ext4_reserve_inode_write+0xd7/0x250 [ 176.247731][ T3312] __ext4_mark_inode_dirty+0x8c/0x3f0 [ 176.253140][ T3312] ext4_dirty_inode+0x92/0xc0 [ 176.257844][ T3312] __mark_inode_dirty+0x15f/0x760 [ 176.262900][ T3312] file_update_time+0x288/0x2b0 [ 176.267784][ T3312] ext4_page_mkwrite+0x18b/0xba0 [ 176.272758][ T3312] do_wp_page+0xe5a/0x2400 [ 176.277199][ T3312] handle_mm_fault+0x77d/0x2be0 [ 176.282083][ T3312] do_user_addr_fault+0x636/0x1090 [ 176.287230][ T3312] exc_page_fault+0x62/0xa0 [ 176.291763][ T3312] asm_exc_page_fault+0x26/0x30 [ 176.296627][ T3312] [ 176.298960][ T3312] read to 0xffff888237d26f10 of 8 bytes by task 3312 on cpu 0: [ 176.306513][ T3312] has_bh_in_lru+0x35/0x1f0 [ 176.311043][ T3312] smp_call_function_many_cond+0x38c/0xbf0 [ 176.316882][ T3312] on_each_cpu_cond_mask+0x3c/0x80 [ 176.322014][ T3312] invalidate_bh_lrus+0x2a/0x30 [ 176.326895][ T3312] blkdev_flush_mapping+0x9a/0x1a0 [ 176.332029][ T3312] bdev_release+0x2bf/0x3d0 [ 176.336572][ T3312] blkdev_release+0x15/0x20 [ 176.341110][ T3312] __fput+0x29b/0x650 [ 176.345127][ T3312] ____fput+0x1c/0x30 [ 176.349134][ T3312] task_work_run+0x131/0x1a0 [ 176.353755][ T3312] exit_to_user_mode_loop+0xe4/0x100 [ 176.359081][ T3312] do_syscall_64+0x1d6/0x200 [ 176.363690][ T3312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.369613][ T3312] [ 176.371945][ T3312] value changed: 0x0000000000000000 -> 0xffff8881057223a8 [ 176.379069][ T3312] [ 176.381411][ T3312] Reported by Kernel Concurrency Sanitizer on: [ 176.387566][ T3312] CPU: 0 UID: 0 PID: 3312 Comm: syz-executor Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 176.398516][ T3312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 176.408581][ T3312] ================================================================== [ 176.430300][T10426] FAULT_INJECTION: forcing a failure. [ 176.430300][T10426] name failslab, interval 1, probability 0, space 0, times 0 [ 176.443616][T10426] CPU: 0 UID: 0 PID: 10426 Comm: syz.3.2534 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) [ 176.443656][T10426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 176.443672][T10426] Call Trace: [ 176.443679][T10426] [ 176.443688][T10426] __dump_stack+0x1d/0x30 [ 176.443748][T10426] dump_stack_lvl+0xe8/0x140 [ 176.443773][T10426] dump_stack+0x15/0x1b [ 176.443792][T10426] should_fail_ex+0x265/0x280 [ 176.443822][T10426] should_failslab+0x8c/0xb0 [ 176.443849][T10426] kmem_cache_alloc_node_noprof+0x57/0x320 [ 176.443924][T10426] ? __alloc_skb+0x101/0x320 [ 176.443954][T10426] __alloc_skb+0x101/0x320 [ 176.444040][T10426] netlink_alloc_large_skb+0xba/0xf0 [ 176.444095][T10426] netlink_sendmsg+0x3cf/0x6b0 [ 176.444118][T10426] ? __pfx_netlink_sendmsg+0x10/0x10 [ 176.444137][T10426] __sock_sendmsg+0x145/0x180 [ 176.444160][T10426] ____sys_sendmsg+0x31e/0x4e0 [ 176.444237][T10426] ___sys_sendmsg+0x17b/0x1d0 [ 176.444296][T10426] __x64_sys_sendmsg+0xd4/0x160 [ 176.444366][T10426] x64_sys_call+0x2999/0x2fb0 [ 176.444468][T10426] do_syscall_64+0xd2/0x200 [ 176.444490][T10426] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 176.444515][T10426] ? clear_bhb_loop+0x40/0x90 [ 176.444543][T10426] ? clear_bhb_loop+0x40/0x90 [ 176.444565][T10426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.444588][T10426] RIP: 0033:0x7f590cd7e9a9 [ 176.444608][T10426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.444625][T10426] RSP: 002b:00007f590b3df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 176.444711][T10426] RAX: ffffffffffffffda RBX: 00007f590cfa5fa0 RCX: 00007f590cd7e9a9 [ 176.444789][T10426] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 176.444802][T10426] RBP: 00007f590b3df090 R08: 0000000000000000 R09: 0000000000000000 [ 176.444818][T10426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.444833][T10426] R13: 0000000000000000 R14: 00007f590cfa5fa0 R15: 00007ffe2f9b9d68 [ 176.444922][T10426] [ 176.677710][T10432] syz_tun: left allmulticast mode [ 176.685706][T10430] pimreg: entered allmulticast mode [ 176.694143][T10431] loop2: detected capacity change from 0 to 512 [ 176.703056][ T29] kauditd_printk_skb: 493 callbacks suppressed [ 176.703073][ T29] audit: type=1400 audit(1753221035.568:6570): avc: denied { remount } for pid=10429 comm="syz.2.2535" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 176.729955][ T29] audit: type=1400 audit(1753221035.568:6571): avc: denied { setopt } for pid=10429 comm="syz.2.2535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1