last executing test programs: 1m55.596824906s ago: executing program 3 (id=6): fchmodat(0xffffffffffffffff, &(0x7f0000000b40)='./file0\x00', 0x180) (fail_nth: 2) 1m55.27999151s ago: executing program 3 (id=7): socket(0x2b, 0x80801, 0x1) bpf$MAP_CREATE(0x0, 0x0, 0x48) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000640)={'batadv_slave_1\x00'}) r0 = memfd_create(0x0, 0x1) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000c40)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000f222989ba33f3754137ac62430994c5b4ad16e52fe535b995594c98c3ead8bfd1e2a85974d5dc9914ed288ae190587a800f51923db63f19a180da375ad58021155ada24b9bed935e9a440abb27d903a8f331f9c19f27707f2bf0ac680de91aa3d6129e84072191fe7ddf10df705d22133b4bdb3df2b254577d0ec43a7f3dbc6c6fc73f18e965647515a7b40e46c2f636d5d675d36997e2c7da3c80391ec1a85f96df128990a9943919dc9d59cddc734bb80b64dc6d24f77314e35a2c24a2dc67850d4b16f3e2a7fce87cc2210cbc9ada15"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r3, r2, 0x0, 0x0, 0xfffffffffffffffe}, 0x30) fsetxattr$security_selinux(r0, &(0x7f0000000480), &(0x7f00000004c0)='system_u:object_r:hwdata_t:s0\x00', 0x1a, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x8000002, 0x0, @rand_addr, 0xf01}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x1f, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x3, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000dc0)='afs_volume\x00', r5, 0x0, 0x7}, 0x18) r6 = io_uring_setup(0x5781, &(0x7f0000000640)={0x0, 0xddae, 0x1, 0x503fc, 0x8100014e}) r7 = socket$rds(0x15, 0x5, 0x0) bind$rds(r7, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x2b) sendmsg$rds(r7, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) close_range(r6, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x19, 0x0, 0x0, &(0x7f0000000500)='syzkaller\x00'}, 0x94) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000d40)='kmem_cache_free\x00', r10}, 0x18) r11 = dup(0xffffffffffffffff) syz_read_part_table(0x593, &(0x7f00000005c0)="$eJzs0r1LK2kUB+A3A5c0e4lcLli4hWCwigqx0CIpRGJIY0RcsbAWLLQQLCwkEq39+AcUv0BsxD6lGEEUYiUpxXpBsUmVZdfZxmplUdnleZrhPefMHF5+E/hPi8Lv7XY7EUJoJ9//9m+nhbFS98TI5FQIiTAbQij8+stfnUQ88fdXz+NzOT6XktnG/vXo82nHTc9dPX0Yxf1aFMJaCGHh4Sj1b+/G/99Z/jK1vrFU3FzJz98XVx8H5/oKXVuFxZ2hg1xlujM3E/9Ytehz9qcbw8e37fLT7vf+b/VGK3sVz2USH7Ofr/U2/72f1Wa1Nd57sjyQ+dG8qGzHub/IHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GBn+cvU+sZScXMlP39fXH0cnOsrdG0VFneGDnKV6c7cTPQ6V4s+Z3+6MXx82y4/7X7v/1ZvtLJX8Vwm8TH7+Vpv89/7WW1WW+O9J8sDmR/Ni8p2nPuL/AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf6gwVuqeGJmcCiERZkMIo1HH0Z/1dvK1n4jnzuNnOa6XktnG/vXo82nHTc9dPX04EddrUQhrIYSFh6PUp1+Gd/sjAAD///tch0s=") clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) ppoll(&(0x7f0000000240)=[{r11, 0x220}, {r8, 0xe059}], 0x2, &(0x7f0000000300)={r12, r13+60000000}, &(0x7f0000000340), 0x8) utimes(&(0x7f0000000380)='./file0\x00', 0x0) 1m54.828514479s ago: executing program 3 (id=12): prctl$PR_MCE_KILL(0x21, 0x0, 0x1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f0000000280)={'syztnl1\x00', 0x0, 0x4, 0xb, 0x3, 0x5, 0x10, @private2, @private2={0xfc, 0x2, '\x00', 0x21}, 0x700, 0x8191, 0x10ffff, 0x11}}) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000002100)=ANY=[@ANYBLOB="18000700000000010000000000000000181100003a40f65e1872b1c49735ee00af39f7d1f44887bd39acc6198f9e9b8dde38f7c72d18b97075748f0402e6eac08797aa0533a3979b1f10f1a380a38ee25900dce21a095448c005bc0e53cdb97e13df78ebe5658e25926d6ff4f34d07d2b69f9591f01f68ddf8693d39652ff99b2bccfab8d184a77c9e846debed92ca90c4bc0bf421a12183005a81b1954e57d20b4a517e547c25eb0c0143c05b421d23f5543b3832030b22fadb9b1a0846f237a718c5d271d6ca3378564743ec479b1c51cda6061010f0395f0b1447a2b194eb961ad2b1a239af20b0ce611b6595b52c8e957070bdd5ba0be5c5831c00c3ffe45e5ad1eee7a974b83797252406fdcf4ca25bb77dfb85b97f5da61bfe777a2561085e6c9b52384cff5f6b5e39dfc04bd161", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000002000008500000083000000bf090000000000005509010000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_int(r1, 0x1, 0x24, 0x0, &(0x7f00000002c0)) socket$nl_generic(0x10, 0x3, 0x10) mlockall(0x7) 1m54.690371805s ago: executing program 3 (id=14): setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000040)={0x2b, @dev={0xac, 0x14, 0x14, 0x3d}, 0x4e22, 0x4, 'none\x00', 0x25, 0x9, 0x3f}, 0x2c) r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000900)={0x41, 0x4}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x4, 0x2}, 0x10) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND(r4, &(0x7f0000000440)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x30, 0x0, @in={0x2, 0x4e21, @private=0xa010100}}}, 0x90) sendmsg$tipc(r3, &(0x7f0000000240)={&(0x7f0000000080), 0x10, 0x0}, 0x20008000) r5 = socket$tipc(0x1e, 0x2, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f00000002c0)=0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000100)={0x41, 0x0, 0x2}, 0x1be) sendmsg$tipc(r5, &(0x7f0000000180)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10, 0x0}, 0x4000000) sendmsg$tipc(r3, &(0x7f0000000240)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x44010}, 0x0) 1m54.646495968s ago: executing program 3 (id=15): bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[], 0x48) socket$nl_rdma(0x10, 0x3, 0x14) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000400121001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000083850000007100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r3, 0x6, &(0x7f0000002000)={0x1}) fcntl$lock(r3, 0x26, &(0x7f0000000080)) close_range(r2, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffe000/0x2000)=nil) syz_emit_ethernet(0x66, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0x7, &(0x7f0000000380)=ANY=[@ANYRESHEX, @ANYRES32=0x0, @ANYBLOB="0000000000000000b7020000010000008500000086000000953dba3281abc11b55c5562ccf08d7d53de1e19558e521c31b60386c0903d74bac010371f8f27a10186f7237896c6a0311f11c517aa302ed243835"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1m53.395341392s ago: executing program 3 (id=34): mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6001, 0x1) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = dup2(r0, r0) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x9d}, 0x18) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000240)={'\x00', 0x40, 0xa, 0x1, 0x40000000, 0x10}) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) 1m53.335599564s ago: executing program 32 (id=34): mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6001, 0x1) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = dup2(r0, r0) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x9d}, 0x18) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000240)={'\x00', 0x40, 0xa, 0x1, 0x40000000, 0x10}) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) 1.806803481s ago: executing program 5 (id=2229): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc3c0000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a3100000000100003800c000080080003400000000214000000110001"], 0xa0}, 0x1, 0x0, 0x0, 0x24000850}, 0x40) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2, 0x0, 0x8}, 0x18) sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="40000000210a010900000000000000000a0000010900020073797a31000000000900010073797a31"], 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x4c0c0) 1.681034437s ago: executing program 5 (id=2234): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x204000, &(0x7f0000001600)={[{@debug}, {@min_batch_time={'min_batch_time', 0x3d, 0x4ab}}, {@data_err_ignore}, {@bh}, {@inlinecrypt}, {@orlov}, {@nogrpid}, {@discard}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f0000000c40)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1f, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x1018}, './file0\x00'}) (fail_nth: 5) 1.470841396s ago: executing program 4 (id=2237): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001980), 0x200) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000010000)={0x60, r2, 0xb496be12fe179219, 0x70bd2e, 0x25dfdbf9, {}, [{{0x8, 0x1, r3}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x400c4) r5 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040), 0x200720, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1e00000000000000030000005000000000820000", @ANYRES32=0x1, @ANYBLOB="1400"/20, @ANYRES32=r3, @ANYRES32=r5, @ANYBLOB="0300000002000000000000000400000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r7}, 0x10) fcntl$setstatus(r0, 0x4, 0x2800) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b40500000000fd8f711075000000000072050200000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r8}, 0x4) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r9, 0x0, 0x4}, 0x18) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, 0x0, 0x0) r11 = dup3(r10, r10, 0x80000) sendmsg$NFT_BATCH(r10, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000020000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a808682b7fc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c00008008000340000000023f0000000e0a010200000000000000000a0000000900010073797a31000000000900020073797a31"], 0xdc}, 0x1, 0x0, 0x0, 0x4000850}, 0x50) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r12}, 0x38) r13 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r13, 0x0, 0x3}, 0x18) r14 = socket$nl_generic(0x10, 0x3, 0x10) r15 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r14, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x20, r15, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @val={0xc, 0x99, {0x4, 0x32}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r11, 0x5452, &(0x7f0000000a00)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}}) 1.407433509s ago: executing program 5 (id=2238): bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x50) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000e40)={[{@inlinecrypt}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109becb1b9bafcb2b47e940000000000e540d8b0db3774effb7469a21f96e2594b2973ebf7a1bd9ace2ed4d6eb1735f85885be5be74dc2ea5d7d499bd28271b98f187f5879b16b409a04d78175cc8d0f707c822805d7011ed4b22419186dd2b22aadf15828db2ca19d79e1bf2f7989237ee5cb2e1eb7b2bfc92d3aa95a26f060935c4fee8b2d7d0bf3c6d82d04329164bd4ee0b8060183f36762b0440d9082d7c8b06e4c2024f77e1018758d28e7ee290f32a48bfc2aa10b3dba9bff00d2410f3477a8e0df689c880dc9a677cfaa16603527c06625a3363744cea5f2d350224cc0fea76c72ca08507235c67346722f20690fde0790f040f5fd3eff75f9b291cc5e9c686ebaadbe756c6fa039ff441e427ed12578d5cb041ebf729cfaa575cc852fbdb54e60435e6d62b9d270433b220ed9ff1ff042b8d3d866231c460765"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x1f) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0xc018}, 0x10) r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0) ioctl$IMADDTIMER(r2, 0x80044940, &(0x7f0000000600)=0x14) ioctl$IMADDTIMER(r2, 0x80044940, &(0x7f0000000080)=0x14) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000e00)=ANY=[@ANYRES8=r3], &(0x7f0000001b80)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='kfree\x00', r4}, 0x18) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000001300)=@mangle={'mangle\x00', 0x10, 0x6, 0x540, 0x0, 0x410, 0x0, 0x2f8, 0x2f8, 0x640, 0x640, 0x640, 0x640, 0x640, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0xfff7, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@mcast1}}}, {{@ipv6={@private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1\x00', 'ip6gretap0\x00', {}, {}, 0x0, 0x2}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@local, @ipv4=@multicast1}}}, {{@ipv6={@mcast1, @mcast2, [], [], 'wg1\x00', 'vxcan1\x00', {0xff}, {}, 0x2c}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@mcast2, @ipv6=@local}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5a0) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r6}, 0x4) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000001940)='kmem_cache_free\x00', r7}, 0x18) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r8 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$l2tp(0x0, r8) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="9608b64d0556eff8cd4173cac794111808745f7bc8d7a1d4f219f6b73f489a5b4b1b3e9ee4648eb6f9d1c895f6392f6dd64acce953e7519d2417568103d6ea1d3a92bb6a71da588c6f7592229f4edf48ec871a6d0386471145b11bb96b8a62b46eaa478753d3cfba95d8d2c5c45da3c5ae3a7e35e4169f89e6b66ade0a1dae01b2b35bd686adb57f3d31681188e2f7138ac80d07a464b1a81519bc9875c45a749dba783d1a6782df79f543543c66853b613783bcbc9016f0427015834fead4e9eed286da908f36b46310424cbbe7d23d85d9190f6f87fabcd2edb52545cb2a401717942a2ae1aa5d077485bbe3d7c9a1e2"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x2000000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1, 0x0, 0x80000000}, 0x18) r10 = socket$kcm(0x21, 0x2, 0x2) recvmsg$kcm(r10, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) getsockname$packet(r8, 0x0, 0x0) 1.175134999s ago: executing program 4 (id=2241): r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) 1.174586308s ago: executing program 4 (id=2242): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="44000000090605000000000000000000010000050900020073797a30000006000500010007000000080009400000000114000880100007800a001100b4"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000030605000000000000000000000000000500010007"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010) 1.14225989s ago: executing program 4 (id=2245): r0 = syz_io_uring_setup(0x4e0, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x400252}, &(0x7f0000000640)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_MKDIRAT={0x25, 0x17, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1f, 0x0, 0xf9b7a26b18f77d51}) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0) 1.087465453s ago: executing program 5 (id=2246): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc3c0000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a3100000000100003800c000080080003400000000214000000110001"], 0xa0}, 0x1, 0x0, 0x0, 0x24000850}, 0x40) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18) sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="40000000210a010900000000000000000a0000010900020073797a31000000000900010073797a31"], 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x4c0c0) 1.062501763s ago: executing program 4 (id=2247): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x18) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000, 0x0, 0x0, 0x0, 0x4}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50) syz_io_uring_setup(0x561a, &(0x7f0000000400)={0x0, 0xc890, 0x4000}, 0x0, 0x0) 997.484276ms ago: executing program 5 (id=2249): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) socket$packet(0x11, 0xa, 0x300) listen(0xffffffffffffffff, 0xfffffffc) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000000080), 0x2) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) socket$kcm(0x2, 0xa, 0x73) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000088500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000580)=@base={0xf, 0x4, 0x4, 0x20002, 0x0, 0x1, 0xfffffffd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffe}, 0x18) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00'}, 0x10) getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) 975.519447ms ago: executing program 4 (id=2250): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=@gettaction={0x68, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x34, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x14, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x4004001) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000440)={'vxcan1\x00', 0x0}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0], 0x0, 0x71, 0x0, 0x0, 0x10, &(0x7f0000000740), &(0x7f0000000780), 0x8, 0xa0, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000010000000000700000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x34, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000540)={r0, r2, 0x25, 0x1, @val=@tracing={r3, 0x3}}, 0x20) syz_emit_ethernet(0xbe, &(0x7f00000005c0)=ANY=[], 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r1, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0}, {&(0x7f00000017c0)=""/130, 0x94}], 0x2}, 0xa1}], 0x2, 0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0) getpid() sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x1, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0xf, 0x3}, {0x8, 0xffe0}, {0x0, 0x10}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0xd}, @TCA_FQ_PIE_LIMIT={0x8, 0x1, 0x9}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2000c080}, 0x2400c855) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x5, 0x20005, 0xb, 0x0, 0x0, 0x0, 0xcd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2eb2b00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002400000000308000140000000120800034000000000080003400000000a"], 0x122}}, 0x8010) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r6 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0) 720.785748ms ago: executing program 2 (id=2261): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000, 0x0, 0x0, 0x0, 0x4}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50) syz_io_uring_setup(0x561a, &(0x7f0000000400)={0x0, 0xc890, 0x4000}, 0x0, 0x0) 690.58503ms ago: executing program 2 (id=2262): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000, 0x0, 0x0, 0x0, 0x4}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50) syz_io_uring_setup(0x561a, 0x0, 0x0, 0x0) 605.220323ms ago: executing program 2 (id=2264): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 572.687015ms ago: executing program 2 (id=2266): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001980), 0x200) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000010000)={0x60, r2, 0xb496be12fe179219, 0x70bd2e, 0x25dfdbf9, {}, [{{0x8, 0x1, r3}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x400c4) r5 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040), 0x200720, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1e00000000000000030000005000000000820000", @ANYRES32=0x1, @ANYBLOB="1400"/20, @ANYRES32=r3, @ANYRES32=r5, @ANYBLOB="0300000002000000000000000400000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r7}, 0x10) fcntl$setstatus(r0, 0x4, 0x2800) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b40500000000fd8f711075000000000072050200000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r8}, 0x4) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r9, 0x0, 0x4}, 0x18) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, 0x0, 0x0) r11 = dup3(r10, r10, 0x80000) sendmsg$NFT_BATCH(r10, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000020000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a808682b7fc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c00008008000340000000023f0000000e0a010200000000000000000a0000000900010073797a31000000000900020073797a31"], 0xdc}, 0x1, 0x0, 0x0, 0x4000850}, 0x50) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r12}, 0x38) r13 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r13, 0x0, 0x3}, 0x18) r14 = socket$nl_generic(0x10, 0x3, 0x10) r15 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r14, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x20, r15, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @val={0xc, 0x99, {0x4, 0x32}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r11, 0x5452, &(0x7f0000000a00)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}}) 526.253087ms ago: executing program 1 (id=2269): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={&(0x7f0000000000), 0xc, 0x0}, 0x0) 492.160418ms ago: executing program 2 (id=2270): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000002480)=[{0x0}], 0x1, &(0x7f0000000040)}, 0x8010) (async) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x1c) (async) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01') (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x10) 444.14462ms ago: executing program 1 (id=2271): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x41009432, &(0x7f0000000080)={@desc={0x4100, 0x0, @desc1}}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES8=0x0, @ANYRES64=r0], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) 443.72522ms ago: executing program 2 (id=2272): mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1, 0x10, 0xffffffffffffffff, 0x80000000) r0 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3af, 0x4}, 0x100000, 0x0, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x8000000008, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x4, &(0x7f00000005c0)=ANY=[@ANYRESHEX=r0], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r1}, 0x18) move_pages(0x0, 0x0, &(0x7f0000000040), &(0x7f0000001180), 0x0, 0x0) socket(0x80000000000000a, 0x2, 0x0) mmap(&(0x7f00007a5000/0x1000)=nil, 0x1000, 0x1000003, 0x31, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_open_dev$loop(0x0, 0x3, 0x80c0) ioctl$LOOP_SET_FD(r3, 0x4c00, r2) ioctl$BLKSECTGET(r3, 0x1267, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0}, 0x18) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x124a, 0x80, 0x0, 0x52}, &(0x7f00000008c0)=0x0, &(0x7f0000000900)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x49, 0x0, @fd_index=0x2, 0x7, &(0x7f00000005c0)=[{&(0x7f0000000240)="5db5bd", 0x3}], 0x1, 0x8, 0x1, {0x2}}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000bc0)=@bpf_tracing={0x1a, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1c99a}, 0x94) io_uring_enter(r4, 0x47f8, 0x0, 0x0, 0x0, 0x0) r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x92180, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r7, 0xc018937a, &(0x7f0000000140)={{0x1, 0x1, 0x18, r2, {0x2242}}, './file0\x00'}) 435.091491ms ago: executing program 0 (id=2273): r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = memfd_secret(0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYRESHEX], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r2, r1, 0x2e, 0x4608, @void}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000000100)={'sit0\x00', r6, 0x80, 0x10, 0x2, 0x0, {{0x12, 0x4, 0x2, 0x1f, 0x48, 0x67, 0x0, 0x4, 0x4, 0x0, @private=0xa010101, @broadcast, {[@end, @generic={0x7, 0xf, "11d2df491e8d24cc469c37451b"}, @timestamp_addr={0x44, 0xc, 0x3f, 0x1, 0x1, [{@multicast2, 0xa5}]}, @lsrr={0x83, 0x17, 0xa1, [@local, @multicast1, @rand_addr=0x64010102, @private=0xa010102, @empty]}, @noop]}}}}}) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@bridge_newvlan={0x18, 0x70, 0x402, 0x70bd2a, 0x25dfdbfc, {0x7, 0x0, 0x0, r6}}, 0x18}}, 0x0) bpf$LINK_DETACH(0x22, &(0x7f0000000080)=r3, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 430.056721ms ago: executing program 1 (id=2274): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = fsopen(&(0x7f0000001140)='hugetlbfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fchdir(r2) r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r3, 0xfffffffffffffffe, 0x29) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000007000000140001800500020001010000080006001a"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8) 312.073776ms ago: executing program 0 (id=2275): syz_emit_ethernet(0x17a, &(0x7f00000003c0)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x144, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x18, 0x8, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5"}, {}, {0x18, 0x5, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b108474347567"}, {0x21, 0x6, "f5000000000000000000000200000000000000000000000000008879e66485201a0015ca837400"/52}, {0x0, 0x7, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef0"}]}}}}}}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, @perf_bp={0x0, 0x8}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x22, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xfffffffffffffffe, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x4e0, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x400252}, &(0x7f0000000640)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2400000039000900f036d6760000000004000000040000000c000180060006008847"], 0x24}}, 0x10) syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_MKDIRAT={0x25, 0x17, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1f, 0x0, 0xf9b7a26b18f77d51}) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0) 311.772157ms ago: executing program 1 (id=2276): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000, 0x0, 0x0, 0x0, 0x4}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50) syz_io_uring_setup(0x561a, 0x0, 0x0, 0x0) 294.127397ms ago: executing program 1 (id=2277): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 242.884979ms ago: executing program 1 (id=2278): r0 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syncfs(r0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80080a, &(0x7f0000001c80)={[{@barrier_val}, {@bsdgroups}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0xffff}}, {@usrjquota}]}, 0x1, 0x79b, &(0x7f0000000180)="$eJzs3c1rHGUYAPBnNp9Nq40g2HppTloo3bQ1tgqCEQ8iWCjo2TZstiFmky3ZTWlCDhYRBBG0eBD04tmPevMqevZv8CIiLVXTYsWDrMx+JNtsvptN2ub3g0neZ/adfeeZ2Zl5d+dlN4A9ayD9k4k4HBEfJxEH6/OTiOiqljojhmv17i7M59IpiUrlzT+Tap07C/O5aFomtb8eHIqIH9+POJZpbbc0OzcxUijkp+vxYHny0mBpdu74+OTIWH4sP3X65NDQqTPPnzm9fbn+/fPcgZufvPbst8P/vvfU9Y9+SmI4DtQfa85juwzEQH2bdKWb8B6vbndjuyzZ7RVgS9JDs6N2lMfhOBgd1RIA8ChLr/8VAGCPSVz/AWCPaXwOcGdhPteYdvcTiZ1165WI6K3l37i/WXuks37Prrd6H7TvThKd9TuisY33uwYi4ovv3/46naJN9yEBVvLu1Yi40D/Qev5PWsYsbNaJDdQZWBY7/8HO+SHt/7ywUv8vs9j/icX+z5KeFY7drRiI6G6OW4//zI0VF3x5Gxqv9/9eqo1tSxNt6v8tDlrr76hHj6XBkYgYL+TTc9vjEXE0unoujhfyJ9do4+jt/26v9lhz/++va+98lbaf/l+qkbnR2XPvMqMj5ZH7ybnZrasRT3cuje2723L+7632dZfv/3TeubWe+MhS8fUXP/h8tWpp/mm+jak1//aqfBnxTKycf0Oy5vjEwXT3n6j9XbmN7379rG+19pv3fzql7TfeC6yie+vZtkr3f9/a+fcnzeM1S9vZ+kbyX/n13528VS03NsaVkXJ5+mREd/JG6/xTS8s24kb9NP9apsvzz6z5+k/fCV7YYI6dN//4Zuv5L2rLEMs0/9FN7f/NF67fnejYev7p/h+qlo7W52zk/LfRFbyfbQcAAAAAAAAAAAAAAAAAAAAAAAAAG5WJiAORZLKL5Uwmm639hveT0ZcpFEvlYxeLM1OjUf2t7P7oyjS+6vJgLU4a33/a3xSfWhY/FxFPRMSnPfuqcTZXLIzudvIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAULd/ld//T/3es9trBwC0Te+6NW7n7wkrlUqljesDALTf+td/AOBRs8b1f99OrgcAsHO8/weAvcf1HwD2Htd/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2uzc2bPpVPlnYT6XxqOXZ2cmipePj+ZLE9nJmVw2V5y+lB0rFscK+WyuOLne8xWKxUtDMTVzZbCcL5UHS7Nz5yeLM1Pl8+OTI2P58/muHckKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADanNDs3MVIo5KcficKHEfEArEY7Ckk8EKuxK4Xfjv9yaK0619Z5GQ8/EFk8ZIXdPjMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBz+DwAA//8CzCWs") syz_emit_ethernet(0x2a, &(0x7f0000000000)={@multicast, @random="3f7759dcd4bf", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x4, 0x1c, 0x66, 0x0, 0x7, 0x2, 0x0, @private=0xa010102, @local}, {0x11, 0xff, 0x0, @empty}}}}}, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) (fail_nth: 7) 199.533351ms ago: executing program 0 (id=2279): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = add_key$keyring(&(0x7f0000000400), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r1}, &(0x7f0000000740), &(0x7f0000000780)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r2, 0x0, 0x2}, 0x18) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, 0x0, 0x0) 170.561093ms ago: executing program 0 (id=2280): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) 142.810154ms ago: executing program 5 (id=2281): syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100), 0x8c, 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x86022, &(0x7f0000000080)={[{@nr_inodes={'nr_inodes', 0x3d, [0x74]}}, {@nr_blocks={'nr_blocks', 0x3d, [0x32]}}]}) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = semget$private(0x0, 0x7, 0x195) semtimedop(r2, &(0x7f0000000200)=[{0x0, 0xffbf, 0x2000}], 0x1, 0x0) semctl$IPC_RMID(r2, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = fsmount(r0, 0x0, 0x80) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) fsetxattr(r4, 0x0, 0x0, 0x0, 0x0) process_mrelease(0xffffffffffffffff, 0x1000000) sendmsg$NL80211_CMD_STOP_AP(r4, &(0x7f0000000040)={&(0x7f0000001200)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8008004}, 0x20000000) symlink(0x0, &(0x7f00000017c0)='./file0\x00') r5 = syz_io_uring_setup(0x2478, &(0x7f0000000140)={0x0, 0xfe0d, 0x10, 0x2, 0x1a9, 0x0, r3}, &(0x7f0000000000)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) semctl$GETPID(r2, 0x3, 0xb, &(0x7f0000001800)=""/4096) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r3, 0x0, &(0x7f0000000440)='./file0\x00', 0x13d, 0x9c380}) sendmsg$AUDIT_TTY_SET(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x40040) ioctl$HIDIOCGRDESC(r3, 0x90044802, 0x0) io_uring_enter(r5, 0x3518, 0xaddf, 0x2, 0x0, 0x0) 130.878624ms ago: executing program 0 (id=2282): perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x4, @perf_bp={0x0, 0x8}, 0xe81d, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x2000c16, &(0x7f0000000280)={[{@usrquota}, {@nodelalloc}]}, 0xff, 0x25e, &(0x7f0000000e80)="$eJzs3U1IHGcYB/BnZndr1aXY9lIo/YBSSiuIvRV6sZcWhCJSSqEtWErppUULVulNe8olh+QYkuApFwm5xeQYvEguCYGcTOLBXAKJ5BDJIQnZsDsr+JVo3HUnZH4/WOfDd97nHWb+74g4GEBh9UXEUESUIqI/IioRkWxu8HH26WtuznUvjUXUaj/cTxrtsu3MxnG9ETEbEV9FxGKaxF/liOmFX1YfLn/32dGpyqdnFn7u7uhJNq2trny/fnrkyPnhL6evXr87ksRQVLecV/slu+wrJxHvHEaxV0RSznsE7Mfof+du1HP/bkR80sh/JdLILt6xyTcWK/HFqecde/zetfc7OVag/Wq1Sv0ZOFsDCieNiGok6UBEZOtpOjCQ/Qx/s9ST/j0x+W//nxNT43/kPVMB7VKNWPn2YteF3m35v1PK8g+8prJfSq38ODp/q76yXsp7QEBHfJAt6s///t9mPg/5h8KRfygu+Yfikn8oLvmH4pJ/KC75h4J42vxjv0275B+KS/6huA6c/xNPDm9QQEdszj8AUCy1rgO9Ndzel5CBXOQ9/wAAAAAAAAAAAAAAAAAAADvNdS+NbXza02N5zxaXT0asfZM13Vm/1Ph/xBFvNr72PEi29Jjsq8KL/fpRix206GzOb1+/dTvf+lc+zLf+zHjE7P8RMVgu77z/kub9d3Bv7/H9yu8tFnhJybbtr3/qbP3tHs/nW394OeJSff4Z3G3+SeO9xnL3+adav34t1v/nUYsdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0DHPAgAA///B2nXP") r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x45) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000240)=0x800000) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_route(0x10, 0x3, 0x0) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x28, 0x5, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100003020702500000000002020207b1af8ff00000000bfa1000000000000070100003affffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffd}, 0x94) (async) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100003020702500000000002020207b1af8ff00000000bfa1000000000000070100003affffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000400)='kfree\x00', r5}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002600)=@newtaction={0x898, 0x30, 0x12f, 0x0, 0x0, {}, [{0x884, 0x1, [@m_police={0x880, 0x1, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x2, 0x275, 0x0, 0x0, 0x3}}}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x247ecded, 0x0, 0x80000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x3, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x2, 0x0, 0x803, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0xd2e, 0x0, 0x0, 0x0, 0x10, 0x29064778, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, 0x37, 0x5, 0x1, 0x0, 0xfffffff5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0xffffff35, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x80000000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x5, 0x20000, 0x0, 0xb, 0x0, 0x0, 0x9, 0xfffffffd, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x101, 0x563, 0x0, 0x0, 0x0, 0x4271, 0x40000000, 0x400, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xa, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xf566, 0x100000, 0x0, 0xfffffff1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x8, 0x5, 0x0, 0xfffffffe, 0xffffffff, 0x9, 0x5, 0x0, 0x0, 0x3, 0x10000, 0x1, 0x1]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x10000004a56}, @TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x0, 0x5, 0x0, 0x2, 0xb, 0xfffffffc, 0x0, 0x7, 0xfea7, 0x1, 0xffff7ffd, 0x90, 0x9fd, 0x2, 0xb8, 0xca2, 0x6, 0x3c, 0x7, 0x1, 0xa89c, 0x400, 0xc, 0x492217a0, 0x103, 0x5, 0x3, 0x1ff, 0xe5, 0x2d, 0xe, 0x3, 0xa, 0x3, 0x1, 0x9, 0x11, 0x188, 0x6, 0x3ff, 0x7, 0xd, 0x3, 0xc0001, 0x8, 0x8, 0xffffff40, 0x100, 0x3, 0x5, 0x7, 0xe0b2, 0x1, 0x8fe, 0xbf0, 0x9, 0x3, 0x9, 0x7ffffffd, 0x6, 0x0, 0x8, 0x800, 0x9, 0x4, 0x100, 0x401, 0x8, 0x3, 0xb5, 0x10001, 0x401, 0x1, 0x7f, 0x0, 0x8, 0x3, 0x7f, 0x0, 0x2, 0x4, 0x0, 0x1000004, 0x7ffd, 0x0, 0x9, 0x80, 0x7, 0x5, 0x1, 0x0, 0x2000007, 0x1, 0xd, 0x8000, 0xfffffff7, 0x0, 0x4, 0x3ff, 0x400000, 0x10, 0x5, 0x3, 0x10000, 0x3, 0x1, 0x0, 0x5, 0x6, 0x5, 0x6, 0xe5a, 0x4, 0x2, 0x81, 0xd44, 0x9, 0x6, 0x7fff, 0x1000800, 0xfffffff4, 0x10000, 0x5, 0x8, 0xba, 0x2, 0x89, 0x2, 0x6, 0x6, 0x9, 0xffffa3e0, 0x86b9, 0x40ff, 0x1, 0x2, 0x12, 0x24b9, 0x8, 0xe01, 0x1, 0x6430, 0xd, 0x8, 0x0, 0x3, 0x7eb6, 0x3, 0x0, 0x200, 0xfffffeff, 0x9, 0xff, 0xa, 0x100, 0x7, 0x100, 0x1, 0x8001, 0x100, 0xffff9c71, 0x8, 0x2, 0x6, 0x2, 0xfffffc00, 0x81, 0x81, 0x200, 0x80000001, 0x1, 0xfffffffd, 0x9, 0x7, 0x4, 0xb, 0x80, 0x0, 0xfffffffe, 0x0, 0x5, 0x2, 0x65, 0x40, 0xfffffa0a, 0x3, 0x0, 0x2, 0x4, 0x35bc0, 0x9, 0xfffffffa, 0x7, 0x5, 0x3, 0x0, 0x6, 0x8, 0x2b, 0x2, 0x5, 0x10001, 0xffffffff, 0xf, 0xffffffff, 0x1, 0x723, 0x0, 0x9, 0x9, 0x4, 0x6, 0x7, 0x200, 0xfffffbff, 0x7, 0x3, 0x8, 0x5, 0xfffffffb, 0x2, 0x7f, 0x2, 0x80000002, 0x0, 0x9, 0x1ff, 0xfffffffb, 0x928, 0x4, 0xffffffff, 0x5, 0x6042, 0xb85, 0x6, 0x8d8d, 0x55, 0x101, 0x3, 0x64e8, 0x8, 0x82f, 0x77a, 0x80a, 0xffe, 0x3ff, 0x3f7, 0x4, 0x8, 0x8, 0x1, 0x5d, 0x9, 0x9, 0x80]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x3}}}}]}]}, 0x898}, 0x1, 0x0, 0x0, 0x50}, 0x0) (async) sendmsg$nl_route_sched(r6, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002600)=@newtaction={0x898, 0x30, 0x12f, 0x0, 0x0, {}, [{0x884, 0x1, [@m_police={0x880, 0x1, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x2, 0x275, 0x0, 0x0, 0x3}}}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x247ecded, 0x0, 0x80000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x3, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x2, 0x0, 0x803, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0xd2e, 0x0, 0x0, 0x0, 0x10, 0x29064778, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, 0x37, 0x5, 0x1, 0x0, 0xfffffff5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0xffffff35, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x80000000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x5, 0x20000, 0x0, 0xb, 0x0, 0x0, 0x9, 0xfffffffd, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x101, 0x563, 0x0, 0x0, 0x0, 0x4271, 0x40000000, 0x400, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xa, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xf566, 0x100000, 0x0, 0xfffffff1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x8, 0x5, 0x0, 0xfffffffe, 0xffffffff, 0x9, 0x5, 0x0, 0x0, 0x3, 0x10000, 0x1, 0x1]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x10000004a56}, @TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x0, 0x5, 0x0, 0x2, 0xb, 0xfffffffc, 0x0, 0x7, 0xfea7, 0x1, 0xffff7ffd, 0x90, 0x9fd, 0x2, 0xb8, 0xca2, 0x6, 0x3c, 0x7, 0x1, 0xa89c, 0x400, 0xc, 0x492217a0, 0x103, 0x5, 0x3, 0x1ff, 0xe5, 0x2d, 0xe, 0x3, 0xa, 0x3, 0x1, 0x9, 0x11, 0x188, 0x6, 0x3ff, 0x7, 0xd, 0x3, 0xc0001, 0x8, 0x8, 0xffffff40, 0x100, 0x3, 0x5, 0x7, 0xe0b2, 0x1, 0x8fe, 0xbf0, 0x9, 0x3, 0x9, 0x7ffffffd, 0x6, 0x0, 0x8, 0x800, 0x9, 0x4, 0x100, 0x401, 0x8, 0x3, 0xb5, 0x10001, 0x401, 0x1, 0x7f, 0x0, 0x8, 0x3, 0x7f, 0x0, 0x2, 0x4, 0x0, 0x1000004, 0x7ffd, 0x0, 0x9, 0x80, 0x7, 0x5, 0x1, 0x0, 0x2000007, 0x1, 0xd, 0x8000, 0xfffffff7, 0x0, 0x4, 0x3ff, 0x400000, 0x10, 0x5, 0x3, 0x10000, 0x3, 0x1, 0x0, 0x5, 0x6, 0x5, 0x6, 0xe5a, 0x4, 0x2, 0x81, 0xd44, 0x9, 0x6, 0x7fff, 0x1000800, 0xfffffff4, 0x10000, 0x5, 0x8, 0xba, 0x2, 0x89, 0x2, 0x6, 0x6, 0x9, 0xffffa3e0, 0x86b9, 0x40ff, 0x1, 0x2, 0x12, 0x24b9, 0x8, 0xe01, 0x1, 0x6430, 0xd, 0x8, 0x0, 0x3, 0x7eb6, 0x3, 0x0, 0x200, 0xfffffeff, 0x9, 0xff, 0xa, 0x100, 0x7, 0x100, 0x1, 0x8001, 0x100, 0xffff9c71, 0x8, 0x2, 0x6, 0x2, 0xfffffc00, 0x81, 0x81, 0x200, 0x80000001, 0x1, 0xfffffffd, 0x9, 0x7, 0x4, 0xb, 0x80, 0x0, 0xfffffffe, 0x0, 0x5, 0x2, 0x65, 0x40, 0xfffffa0a, 0x3, 0x0, 0x2, 0x4, 0x35bc0, 0x9, 0xfffffffa, 0x7, 0x5, 0x3, 0x0, 0x6, 0x8, 0x2b, 0x2, 0x5, 0x10001, 0xffffffff, 0xf, 0xffffffff, 0x1, 0x723, 0x0, 0x9, 0x9, 0x4, 0x6, 0x7, 0x200, 0xfffffbff, 0x7, 0x3, 0x8, 0x5, 0xfffffffb, 0x2, 0x7f, 0x2, 0x80000002, 0x0, 0x9, 0x1ff, 0xfffffffb, 0x928, 0x4, 0xffffffff, 0x5, 0x6042, 0xb85, 0x6, 0x8d8d, 0x55, 0x101, 0x3, 0x64e8, 0x8, 0x82f, 0x77a, 0x80a, 0xffe, 0x3ff, 0x3f7, 0x4, 0x8, 0x8, 0x1, 0x5d, 0x9, 0x9, 0x80]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x3}}}}]}]}, 0x898}, 0x1, 0x0, 0x0, 0x50}, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) (async) r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCXONC(r7, 0x540a, 0x0) ioctl$TCXONC(r7, 0x540a, 0x1) (async) ioctl$TCXONC(r7, 0x540a, 0x1) r8 = socket(0xa, 0x801, 0x0) getsockopt(r8, 0x29, 0x43, &(0x7f0000b3ffac)=""/69, &(0x7f0000001ffc)=0x45) connect$vsock_stream(r4, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10) connect$vsock_stream(r4, &(0x7f0000000400)={0x28, 0x0, 0x2710, @host}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000100000000000000", @ANYRES32=0x1], 0x50) r9 = socket$kcm(0xa, 0x5, 0x0) socket$kcm(0x2, 0x5, 0x84) (async) r10 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r10, &(0x7f00000002c0)={&(0x7f0000000180)={0x2, 0xfffe, @remote}, 0x10, &(0x7f0000001400)=[{&(0x7f0000000080)='_', 0x1}], 0x1}, 0x865) setsockopt$sock_attach_bpf(r10, 0x84, 0x1e, &(0x7f0000000240), 0x4) socket$kcm(0xa, 0x2, 0x0) (async) r11 = socket$kcm(0xa, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x8916, &(0x7f0000000000)={r11}) ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x8936, &(0x7f0000000000)={r11}) (async) ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x8936, &(0x7f0000000000)={r11}) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0xffffffffffffffff, 0x70bd26, 0x35dfdbf8, {0x0, 0x0, 0x0, 0x0, 0x35a38, 0x5922b}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x48}}]}, 0x40}}, 0x20040044) (async) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0xffffffffffffffff, 0x70bd26, 0x35dfdbf8, {0x0, 0x0, 0x0, 0x0, 0x35a38, 0x5922b}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x48}}]}, 0x40}}, 0x20040044) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) 0s ago: executing program 0 (id=2283): syz_emit_ethernet(0x179, &(0x7f00000003c0)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x143, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af18"}, {0x18, 0x8, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5"}, {}, {0x18, 0x5, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b108474347567"}, {0x21, 0x6, "f5000000000000000000000200000000000000000000000000008879e66485201a0015ca837400"/52}, {0x0, 0x7, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef0"}]}}}}}}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'dvmrp0\x00', 0x2}) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, @perf_bp={0x0, 0x8}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x22, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xfffffffffffffffe, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x4e0, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x400252}, &(0x7f0000000640)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2400000039000900f036d6760000000004000000040000000c000180060006008847"], 0x24}}, 0x10) syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_MKDIRAT={0x25, 0x17, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1f, 0x0, 0xf9b7a26b18f77d51}) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0) kernel console output (not intermixed with test programs): syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1450d8f749 code=0x7ffc0000 [ 109.015057][ T29] audit: type=1326 audit(1765347117.996:4920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6983 comm="syz.0.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1450d8f749 code=0x7ffc0000 [ 109.136358][ T6998] netlink: 'syz.0.1150': attribute type 13 has an invalid length. [ 109.260868][ T7012] loop2: detected capacity change from 0 to 128 [ 109.352203][ T7017] loop2: detected capacity change from 0 to 2048 [ 109.625739][ T7042] loop2: detected capacity change from 0 to 2048 [ 109.679253][ T7046] netlink: 'syz.4.1170': attribute type 13 has an invalid length. [ 109.720575][ T7052] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 109.826564][ T7064] atomic_op ffff88811407d528 conn xmit_atomic 0000000000000000 [ 110.103709][ T7090] atomic_op ffff88811407d528 conn xmit_atomic 0000000000000000 [ 110.475091][ T7130] netlink: 'syz.5.1208': attribute type 13 has an invalid length. [ 110.490761][ T7129] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 110.624873][ T7133] lo speed is unknown, defaulting to 1000 [ 111.070432][ T7160] __nla_validate_parse: 18 callbacks suppressed [ 111.070448][ T7160] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1214'. [ 111.107365][ T7163] netlink: 'syz.1.1219': attribute type 1 has an invalid length. [ 111.122115][ T7163] 8021q: adding VLAN 0 to HW filter on device bond1 [ 111.130223][ T7163] FAULT_INJECTION: forcing a failure. [ 111.130223][ T7163] name failslab, interval 1, probability 0, space 0, times 0 [ 111.142925][ T7163] CPU: 1 UID: 0 PID: 7163 Comm: syz.1.1219 Not tainted syzkaller #0 PREEMPT(voluntary) [ 111.142960][ T7163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 111.143055][ T7163] Call Trace: [ 111.143065][ T7163] [ 111.143074][ T7163] __dump_stack+0x1d/0x30 [ 111.143149][ T7163] dump_stack_lvl+0xe8/0x140 [ 111.143179][ T7163] dump_stack+0x15/0x1b [ 111.143262][ T7163] should_fail_ex+0x265/0x280 [ 111.143291][ T7163] should_failslab+0x8c/0xb0 [ 111.143321][ T7163] __kmalloc_cache_noprof+0x65/0x4c0 [ 111.143353][ T7163] ? alloc_netdev_mqs+0x80d/0xa40 [ 111.143392][ T7163] alloc_netdev_mqs+0x80d/0xa40 [ 111.143453][ T7163] rtnl_create_link+0x239/0x6e0 [ 111.143513][ T7163] rtnl_newlink_create+0x14c/0x620 [ 111.143595][ T7163] ? security_capable+0x83/0x90 [ 111.143637][ T7163] ? netlink_ns_capable+0x86/0xa0 [ 111.143680][ T7163] rtnl_newlink+0xf5b/0x1360 [ 111.143779][ T7163] ? xas_load+0x413/0x430 [ 111.143828][ T7163] ? xas_load+0x413/0x430 [ 111.143857][ T7163] ? __rcu_read_unlock+0x4f/0x70 [ 111.143877][ T7163] ? __rcu_read_unlock+0x4f/0x70 [ 111.143962][ T7163] ? avc_has_perm_noaudit+0xab/0x130 [ 111.144002][ T7163] ? cred_has_capability+0x210/0x280 [ 111.144051][ T7163] ? selinux_capable+0x31/0x40 [ 111.144080][ T7163] ? security_capable+0x83/0x90 [ 111.144180][ T7163] ? ns_capable+0x7d/0xb0 [ 111.144223][ T7163] ? __pfx_rtnl_newlink+0x10/0x10 [ 111.144455][ T7163] rtnetlink_rcv_msg+0x5fe/0x6d0 [ 111.144562][ T7163] ? avc_has_perm_noaudit+0xab/0x130 [ 111.144605][ T7163] netlink_rcv_skb+0x123/0x220 [ 111.144653][ T7163] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 111.144694][ T7163] rtnetlink_rcv+0x1c/0x30 [ 111.144804][ T7163] netlink_unicast+0x5c0/0x690 [ 111.144847][ T7163] netlink_sendmsg+0x58b/0x6b0 [ 111.144887][ T7163] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.144921][ T7163] __sock_sendmsg+0x145/0x180 [ 111.145006][ T7163] ____sys_sendmsg+0x31e/0x4a0 [ 111.145036][ T7163] ___sys_sendmsg+0x17b/0x1d0 [ 111.145182][ T7163] __x64_sys_sendmsg+0xd4/0x160 [ 111.145217][ T7163] x64_sys_call+0x17ba/0x3000 [ 111.145243][ T7163] do_syscall_64+0xd8/0x2a0 [ 111.145296][ T7163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.145433][ T7163] RIP: 0033:0x7f2b9dc4f749 [ 111.145453][ T7163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.145476][ T7163] RSP: 002b:00007f2b9c6af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.145503][ T7163] RAX: ffffffffffffffda RBX: 00007f2b9dea5fa0 RCX: 00007f2b9dc4f749 [ 111.145519][ T7163] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000007 [ 111.145536][ T7163] RBP: 00007f2b9c6af090 R08: 0000000000000000 R09: 0000000000000000 [ 111.145594][ T7163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 111.145609][ T7163] R13: 00007f2b9dea6038 R14: 00007f2b9dea5fa0 R15: 00007ffc4ea701e8 [ 111.145630][ T7163] [ 111.525688][ T7171] syzkaller0: tun_chr_ioctl cmd 2147767517 [ 111.568284][ T7171] lo speed is unknown, defaulting to 1000 [ 111.659259][ T7185] atomic_op ffff88810af50528 conn xmit_atomic 0000000000000000 [ 111.667695][ T7183] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 111.713891][ T7189] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1230'. [ 111.777421][ T7193] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1230'. [ 111.907955][ T7198] netlink: 19 bytes leftover after parsing attributes in process `syz.1.1233'. [ 111.978462][ T7210] atomic_op ffff88810af51128 conn xmit_atomic 0000000000000000 [ 112.059471][ T7218] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 112.126714][ T7225] FAULT_INJECTION: forcing a failure. [ 112.126714][ T7225] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 112.139925][ T7225] CPU: 0 UID: 0 PID: 7225 Comm: syz.5.1246 Not tainted syzkaller #0 PREEMPT(voluntary) [ 112.139957][ T7225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 112.139971][ T7225] Call Trace: [ 112.140034][ T7225] [ 112.140042][ T7225] __dump_stack+0x1d/0x30 [ 112.140074][ T7225] dump_stack_lvl+0xe8/0x140 [ 112.140128][ T7225] dump_stack+0x15/0x1b [ 112.140153][ T7225] should_fail_ex+0x265/0x280 [ 112.140181][ T7225] should_fail+0xb/0x20 [ 112.140227][ T7225] should_fail_usercopy+0x1a/0x20 [ 112.140256][ T7225] _copy_from_iter+0xcf/0xe70 [ 112.140338][ T7225] ? lockref_put_return+0xf7/0x130 [ 112.140376][ T7225] ? __rcu_read_unlock+0x4f/0x70 [ 112.140441][ T7225] tun_get_user+0x3d0/0x2670 [ 112.140468][ T7225] ? _parse_integer_limit+0x170/0x190 [ 112.140490][ T7225] ? ref_tracker_alloc+0x1f2/0x2f0 [ 112.140514][ T7225] ? selinux_file_permission+0x1e2/0x320 [ 112.140578][ T7225] tun_chr_write_iter+0x15e/0x210 [ 112.140607][ T7225] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 112.140632][ T7225] vfs_write+0x52a/0x960 [ 112.140657][ T7225] ksys_write+0xda/0x1a0 [ 112.140694][ T7225] __x64_sys_write+0x40/0x50 [ 112.140718][ T7225] x64_sys_call+0x2847/0x3000 [ 112.140748][ T7225] do_syscall_64+0xd8/0x2a0 [ 112.140788][ T7225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.140815][ T7225] RIP: 0033:0x7fbbe1cff749 [ 112.140907][ T7225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.140931][ T7225] RSP: 002b:00007fbbe0767038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 112.140953][ T7225] RAX: ffffffffffffffda RBX: 00007fbbe1f55fa0 RCX: 00007fbbe1cff749 [ 112.140981][ T7225] RDX: 000000000000340a RSI: 0000200000000000 RDI: 0000000000000007 [ 112.140993][ T7225] RBP: 00007fbbe0767090 R08: 0000000000000000 R09: 0000000000000000 [ 112.141005][ T7225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.141016][ T7225] R13: 00007fbbe1f56038 R14: 00007fbbe1f55fa0 R15: 00007ffd33912128 [ 112.141036][ T7225] [ 112.415337][ T7229] netlink: 19 bytes leftover after parsing attributes in process `syz.1.1247'. [ 112.462584][ T7230] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1244'. [ 112.608145][ T7244] loop5: detected capacity change from 0 to 1024 [ 112.620216][ T7244] EXT4-fs: Ignoring removed orlov option [ 112.646731][ T7244] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.713947][ T7254] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 113.014921][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.275398][ T7283] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1268'. [ 113.284598][ T7283] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1268'. [ 113.294288][ T7283] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1268'. [ 113.307502][ T7286] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1269'. [ 113.381817][ T7295] atomic_op ffff88810af5c128 conn xmit_atomic 0000000000000000 [ 113.424542][ T7299] atomic_op ffff88810af52528 conn xmit_atomic 0000000000000000 [ 113.698506][ T7316] loop1: detected capacity change from 0 to 2048 [ 113.859764][ T29] kauditd_printk_skb: 334 callbacks suppressed [ 113.859813][ T29] audit: type=1400 audit(1765347123.056:5255): avc: denied { create } for pid=7323 comm="syz.4.1285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 113.885822][ T29] audit: type=1400 audit(1765347123.056:5256): avc: denied { connect } for pid=7323 comm="syz.4.1285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 113.907314][ T7324] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 113.916830][ T7324] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 113.926743][ T7324] bond0 (unregistering): (slave netdevsim1): Releasing backup interface [ 113.936419][ T7324] bond0 (unregistering): Released all slaves [ 114.121432][ T7338] netlink: 'syz.4.1290': attribute type 13 has an invalid length. [ 114.158471][ T7342] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 114.192238][ T7343] loop1: detected capacity change from 0 to 512 [ 114.199241][ T7343] EXT4-fs: dax option not supported [ 114.208899][ T29] audit: type=1326 audit(1765347123.406:5257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7339 comm="syz.1.1291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 114.232417][ T29] audit: type=1326 audit(1765347123.406:5258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7339 comm="syz.1.1291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 114.255833][ T29] audit: type=1326 audit(1765347123.406:5259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7339 comm="syz.1.1291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 114.279306][ T29] audit: type=1326 audit(1765347123.406:5260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7339 comm="syz.1.1291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 114.292158][ T7347] netlink: 'syz.1.1291': attribute type 21 has an invalid length. [ 114.302752][ T29] audit: type=1326 audit(1765347123.406:5261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7339 comm="syz.1.1291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 114.333986][ T29] audit: type=1326 audit(1765347123.406:5262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7339 comm="syz.1.1291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 114.357490][ T29] audit: type=1326 audit(1765347123.406:5263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7339 comm="syz.1.1291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 114.381008][ T29] audit: type=1326 audit(1765347123.406:5264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7339 comm="syz.1.1291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f2b9dc4de97 code=0x7ffc0000 [ 114.479542][ T7355] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 114.752093][ T7386] FAULT_INJECTION: forcing a failure. [ 114.752093][ T7386] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 114.765369][ T7386] CPU: 0 UID: 0 PID: 7386 Comm: syz.5.1308 Not tainted syzkaller #0 PREEMPT(voluntary) [ 114.765456][ T7386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 114.765542][ T7386] Call Trace: [ 114.765550][ T7386] [ 114.765559][ T7386] __dump_stack+0x1d/0x30 [ 114.765590][ T7386] dump_stack_lvl+0xe8/0x140 [ 114.765620][ T7386] dump_stack+0x15/0x1b [ 114.765645][ T7386] should_fail_ex+0x265/0x280 [ 114.765745][ T7386] should_fail_alloc_page+0xf2/0x100 [ 114.765778][ T7386] __alloc_frozen_pages_noprof+0x109/0x360 [ 114.765825][ T7386] alloc_pages_mpol+0xb3/0x260 [ 114.765884][ T7386] vma_alloc_folio_noprof+0x1aa/0x300 [ 114.765975][ T7386] handle_mm_fault+0xef5/0x2c60 [ 114.766056][ T7386] do_user_addr_fault+0x630/0x1080 [ 114.766098][ T7386] exc_page_fault+0x62/0xa0 [ 114.766133][ T7386] asm_exc_page_fault+0x26/0x30 [ 114.766202][ T7386] RIP: 0033:0x7fbbe1bca65b [ 114.766220][ T7386] Code: 00 00 00 48 8d 3d dd 5a 19 00 48 89 c1 31 c0 e8 2b 39 ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 11 5b 19 00 48 89 34 24 48 8b 14 24 48 8b [ 114.766243][ T7386] RSP: 002b:00007fbbe0765fb0 EFLAGS: 00010202 [ 114.766264][ T7386] RAX: 0000000000000000 RBX: 00007fbbe1f55fa0 RCX: 0000000000000000 [ 114.766366][ T7386] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000200000000200 [ 114.766380][ T7386] RBP: 00007fbbe0767090 R08: 0000000000000000 R09: 0000000000000000 [ 114.766435][ T7386] R10: 0000200000000200 R11: 0000000000000000 R12: 0000000000000001 [ 114.766450][ T7386] R13: 00007fbbe1f56038 R14: 00007fbbe1f55fa0 R15: 00007ffd33912128 [ 114.766475][ T7386] [ 114.766488][ T7386] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 115.482933][ T7416] loop5: detected capacity change from 0 to 1024 [ 115.500646][ T7416] EXT4-fs: Ignoring removed orlov option [ 115.516800][ T7418] atomic_op ffff88811b76ed28 conn xmit_atomic 0000000000000000 [ 115.540555][ T7416] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.657375][ T7432] loop2: detected capacity change from 0 to 2048 [ 115.902249][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.056638][ T7464] lo speed is unknown, defaulting to 1000 [ 116.162128][ T7466] FAULT_INJECTION: forcing a failure. [ 116.162128][ T7466] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 116.175478][ T7466] CPU: 0 UID: 0 PID: 7466 Comm: syz.5.1338 Not tainted syzkaller #0 PREEMPT(voluntary) [ 116.175515][ T7466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 116.175593][ T7466] Call Trace: [ 116.175601][ T7466] [ 116.175611][ T7466] __dump_stack+0x1d/0x30 [ 116.175675][ T7466] dump_stack_lvl+0xe8/0x140 [ 116.175698][ T7466] dump_stack+0x15/0x1b [ 116.175721][ T7466] should_fail_ex+0x265/0x280 [ 116.175750][ T7466] should_fail_alloc_page+0xf2/0x100 [ 116.175781][ T7466] __alloc_frozen_pages_noprof+0x109/0x360 [ 116.175895][ T7466] alloc_pages_mpol+0xb3/0x260 [ 116.175933][ T7466] vma_alloc_folio_noprof+0x1aa/0x300 [ 116.175974][ T7466] handle_mm_fault+0xef5/0x2c60 [ 116.176090][ T7466] do_user_addr_fault+0x630/0x1080 [ 116.176132][ T7466] exc_page_fault+0x62/0xa0 [ 116.176162][ T7466] asm_exc_page_fault+0x26/0x30 [ 116.176199][ T7466] RIP: 0033:0x7fbbe1bca65b [ 116.176215][ T7466] Code: 00 00 00 48 8d 3d dd 5a 19 00 48 89 c1 31 c0 e8 2b 39 ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 11 5b 19 00 48 89 34 24 48 8b 14 24 48 8b [ 116.176232][ T7466] RSP: 002b:00007fbbe0765fb0 EFLAGS: 00010202 [ 116.176319][ T7466] RAX: 0000000000000000 RBX: 00007fbbe1f55fa0 RCX: 0000000000000000 [ 116.176331][ T7466] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000000200 [ 116.176343][ T7466] RBP: 00007fbbe0767090 R08: 0000000000000000 R09: 0000000000000000 [ 116.176354][ T7466] R10: 0000200000000200 R11: 0000000000000000 R12: 0000000000000001 [ 116.176366][ T7466] R13: 00007fbbe1f56038 R14: 00007fbbe1f55fa0 R15: 00007ffd33912128 [ 116.176404][ T7466] [ 116.176416][ T7466] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 116.412613][ T7470] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 116.521811][ T7476] __nla_validate_parse: 41 callbacks suppressed [ 116.521827][ T7476] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1342'. [ 116.539227][ T7476] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1342'. [ 116.563550][ T7476] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1342'. [ 116.601810][ T7480] loop5: detected capacity change from 0 to 512 [ 116.608781][ T7480] EXT4-fs: dax option not supported [ 116.644501][ T7484] atomic_op ffff88810384ed28 conn xmit_atomic 0000000000000000 [ 116.701637][ T7490] netlink: 'syz.0.1348': attribute type 13 has an invalid length. [ 116.743429][ T7493] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1349'. [ 116.752443][ T7493] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1349'. [ 116.774724][ T7493] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1349'. [ 116.792025][ T7501] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1353'. [ 116.816227][ T7504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1354'. [ 116.827608][ T7501] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1353'. [ 116.847849][ T7493] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1349'. [ 116.942503][ T7517] atomic_op ffff88810af5cd28 conn xmit_atomic 0000000000000000 [ 117.004212][ T7521] netlink: 'syz.0.1361': attribute type 13 has an invalid length. [ 117.209956][ T7533] lo speed is unknown, defaulting to 1000 [ 117.550977][ T7540] loop1: detected capacity change from 0 to 1024 [ 117.569999][ T7540] EXT4-fs: Ignoring removed orlov option [ 117.604428][ T7540] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.934003][ T7554] atomic_op ffff88810a1c5128 conn xmit_atomic 0000000000000000 [ 118.041791][ T7559] ref_ctr increment failed for inode: 0x4e3 offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff88810cd66c00 [ 118.086306][ T7566] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 118.199226][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.545836][ T7614] atomic_op ffff88810af50928 conn xmit_atomic 0000000000000000 [ 118.592456][ T7617] atomic_op ffff88810af50928 conn xmit_atomic 0000000000000000 [ 118.745554][ T7631] netlink: 'syz.0.1397': attribute type 13 has an invalid length. [ 118.835736][ T7641] atomic_op ffff88810a1c5d28 conn xmit_atomic 0000000000000000 [ 118.877790][ T29] kauditd_printk_skb: 454 callbacks suppressed [ 118.877806][ T29] audit: type=1326 audit(1765347128.096:5719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7645 comm="syz.0.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1450d8f749 code=0x7ffc0000 [ 118.910490][ T29] audit: type=1326 audit(1765347128.126:5720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7645 comm="syz.0.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1450d8f749 code=0x7ffc0000 [ 118.934081][ T29] audit: type=1326 audit(1765347128.126:5721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7645 comm="syz.0.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1450d8f749 code=0x7ffc0000 [ 118.957564][ T29] audit: type=1326 audit(1765347128.126:5722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7645 comm="syz.0.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1450d8f749 code=0x7ffc0000 [ 118.981036][ T29] audit: type=1326 audit(1765347128.126:5723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7645 comm="syz.0.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1450d8f749 code=0x7ffc0000 [ 119.004462][ T29] audit: type=1326 audit(1765347128.126:5724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7645 comm="syz.0.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1450d8f749 code=0x7ffc0000 [ 119.027978][ T29] audit: type=1326 audit(1765347128.126:5725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7645 comm="syz.0.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1450d8f749 code=0x7ffc0000 [ 119.051593][ T29] audit: type=1326 audit(1765347128.136:5726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7645 comm="syz.0.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1450d8f749 code=0x7ffc0000 [ 119.075130][ T29] audit: type=1326 audit(1765347128.136:5727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7645 comm="syz.0.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1450d8f749 code=0x7ffc0000 [ 119.098789][ T29] audit: type=1326 audit(1765347128.136:5728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7645 comm="syz.0.1404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1450d8f749 code=0x7ffc0000 [ 119.213950][ T7664] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 119.266276][ T7669] netlink: 'syz.1.1411': attribute type 13 has an invalid length. [ 119.308027][ T7678] atomic_op ffff88810a1c4128 conn xmit_atomic 0000000000000000 [ 119.382114][ T7684] atomic_op ffff88810a1c4128 conn xmit_atomic 0000000000000000 [ 119.498303][ T7702] netlink: 'syz.0.1424': attribute type 13 has an invalid length. [ 119.558330][ T7707] atomic_op ffff88810a1c6128 conn xmit_atomic 0000000000000000 [ 119.686727][ T7714] FAULT_INJECTION: forcing a failure. [ 119.686727][ T7714] name failslab, interval 1, probability 0, space 0, times 0 [ 119.699431][ T7714] CPU: 0 UID: 0 PID: 7714 Comm: syz.2.1429 Not tainted syzkaller #0 PREEMPT(voluntary) [ 119.699464][ T7714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 119.699480][ T7714] Call Trace: [ 119.699487][ T7714] [ 119.699496][ T7714] __dump_stack+0x1d/0x30 [ 119.699522][ T7714] dump_stack_lvl+0xe8/0x140 [ 119.699626][ T7714] dump_stack+0x15/0x1b [ 119.699664][ T7714] should_fail_ex+0x265/0x280 [ 119.699696][ T7714] should_failslab+0x8c/0xb0 [ 119.699774][ T7714] __kmalloc_noprof+0xb9/0x5a0 [ 119.699798][ T7714] ? bpf_test_init+0x86/0x140 [ 119.699831][ T7714] ? _parse_integer_limit+0x170/0x190 [ 119.699857][ T7714] bpf_test_init+0x86/0x140 [ 119.699915][ T7714] bpf_prog_test_run_xdp+0x305/0x970 [ 119.699954][ T7714] ? kstrtouint+0x21/0xc0 [ 119.699976][ T7714] ? __rcu_read_unlock+0x4f/0x70 [ 119.700006][ T7714] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 119.700126][ T7714] bpf_prog_test_run+0x22a/0x390 [ 119.700229][ T7714] __sys_bpf+0x4c0/0x7c0 [ 119.700397][ T7714] __x64_sys_bpf+0x41/0x50 [ 119.700416][ T7714] x64_sys_call+0x28e1/0x3000 [ 119.700485][ T7714] do_syscall_64+0xd8/0x2a0 [ 119.700529][ T7714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.700576][ T7714] RIP: 0033:0x7f1eaa36f749 [ 119.700594][ T7714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.700617][ T7714] RSP: 002b:00007f1ea8dd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 119.700640][ T7714] RAX: ffffffffffffffda RBX: 00007f1eaa5c5fa0 RCX: 00007f1eaa36f749 [ 119.700652][ T7714] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 119.700664][ T7714] RBP: 00007f1ea8dd7090 R08: 0000000000000000 R09: 0000000000000000 [ 119.700827][ T7714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 119.700842][ T7714] R13: 00007f1eaa5c6038 R14: 00007f1eaa5c5fa0 R15: 00007ffccd064c18 [ 119.700865][ T7714] [ 120.011541][ T7733] netlink: 'syz.0.1436': attribute type 13 has an invalid length. [ 120.066607][ T7738] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 120.117618][ T7744] ALSA: seq fatal error: cannot create timer (-19) [ 120.151334][ T7752] FAULT_INJECTION: forcing a failure. [ 120.151334][ T7752] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 120.164570][ T7752] CPU: 1 UID: 0 PID: 7752 Comm: syz.2.1443 Not tainted syzkaller #0 PREEMPT(voluntary) [ 120.164673][ T7752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 120.164691][ T7752] Call Trace: [ 120.164702][ T7752] [ 120.164709][ T7752] __dump_stack+0x1d/0x30 [ 120.164750][ T7752] dump_stack_lvl+0xe8/0x140 [ 120.164773][ T7752] dump_stack+0x15/0x1b [ 120.164792][ T7752] should_fail_ex+0x265/0x280 [ 120.164886][ T7752] should_fail+0xb/0x20 [ 120.164905][ T7752] should_fail_usercopy+0x1a/0x20 [ 120.164990][ T7752] _copy_from_user+0x1c/0xb0 [ 120.165016][ T7752] __sys_bpf+0x183/0x7c0 [ 120.165043][ T7752] __x64_sys_bpf+0x41/0x50 [ 120.165129][ T7752] x64_sys_call+0x28e1/0x3000 [ 120.165159][ T7752] do_syscall_64+0xd8/0x2a0 [ 120.165196][ T7752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.165221][ T7752] RIP: 0033:0x7f1eaa36f749 [ 120.165278][ T7752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.165299][ T7752] RSP: 002b:00007f1ea8dd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 120.165320][ T7752] RAX: ffffffffffffffda RBX: 00007f1eaa5c5fa0 RCX: 00007f1eaa36f749 [ 120.165335][ T7752] RDX: 000000000000000c RSI: 0000200000000000 RDI: 0000000000000023 [ 120.165350][ T7752] RBP: 00007f1ea8dd7090 R08: 0000000000000000 R09: 0000000000000000 [ 120.165428][ T7752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.165442][ T7752] R13: 00007f1eaa5c6038 R14: 00007f1eaa5c5fa0 R15: 00007ffccd064c18 [ 120.165464][ T7752] [ 120.385460][ T7762] netlink: 'syz.1.1447': attribute type 13 has an invalid length. [ 120.619752][ T7796] netlink: 'syz.4.1458': attribute type 1 has an invalid length. [ 120.736346][ T7807] netlink: 'syz.4.1462': attribute type 13 has an invalid length. [ 120.946454][ T7825] atomic_op ffff88810a1c4928 conn xmit_atomic 0000000000000000 [ 120.988766][ T7830] atomic_op ffff88810a1c4928 conn xmit_atomic 0000000000000000 [ 121.119799][ T7836] netlink: 'syz.4.1475': attribute type 13 has an invalid length. [ 121.435157][ T7857] loop5: detected capacity change from 0 to 512 [ 121.446275][ T7857] EXT4-fs: dax option not supported [ 121.566559][ T7865] __nla_validate_parse: 70 callbacks suppressed [ 121.566641][ T7865] netlink: 19 bytes leftover after parsing attributes in process `syz.5.1487'. [ 121.660872][ T7866] lo speed is unknown, defaulting to 1000 [ 122.082802][ T7877] atomic_op ffff88810af5d528 conn xmit_atomic 0000000000000000 [ 122.155371][ T7883] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1493'. [ 122.182210][ T7883] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1493'. [ 122.327248][ T7897] loop1: detected capacity change from 0 to 1024 [ 122.338118][ T7897] EXT4-fs: Ignoring removed orlov option [ 122.374277][ T7897] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.411252][ T7910] ------------[ cut here ]------------ [ 122.416758][ T7910] verifier bug: REG INVARIANTS VIOLATION (true_reg2): range bounds violation u64=[0x17, 0x10] s64=[0x17, 0x10] u32=[0x17, 0x10] s32=[0x17, 0x10] var_off=(0x10, 0x0) [ 122.433284][ T7910] WARNING: kernel/bpf/verifier.c:2748 at 0x0, CPU#1: syz.0.1503/7910 [ 122.441553][ T7910] Modules linked in: [ 122.445685][ T7910] CPU: 1 UID: 0 PID: 7910 Comm: syz.0.1503 Not tainted syzkaller #0 PREEMPT(voluntary) [ 122.455596][ T7910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 122.465755][ T7910] RIP: 0010:reg_bounds_sanity_check+0x27d/0x660 [ 122.472299][ T7910] Code: 24 78 4c 8b 44 24 70 4c 8b 4c 24 60 41 ff 74 24 20 41 55 53 ff 74 24 68 ff 74 24 78 ff b4 24 90 00 00 00 ff b4 24 b0 00 00 00 <67> 48 0f b9 3a 48 83 c4 38 4c 8b ac 24 98 00 00 00 49 8d 85 80 08 [ 122.481204][ T7914] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1503'. [ 122.492092][ T7910] RSP: 0018:ffffc9000bdc33a0 EFLAGS: 00010246 [ 122.507214][ T7910] RAX: ffff88811a193c10 RBX: 0000000000000010 RCX: 0000000000000017 [ 122.515334][ T7910] RDX: ffffffff865fb489 RSI: ffffffff8660f6dc RDI: ffffffff86db69d0 [ 122.523446][ T7910] RBP: ffff88811a0cc0b0 R08: 0000000000000010 R09: 0000000000000017 [ 122.531480][ T7910] R10: 00000000000000d0 R11: 0000000000000002 R12: ffff88811a0cc070 [ 122.539500][ T7910] R13: 0000000000000010 R14: ffff88811a0cc0bc R15: ffff88811a0cc0a8 [ 122.547516][ T7910] FS: 00007f144f7f76c0(0000) GS:ffff8882aeec3000(0000) knlGS:0000000000000000 [ 122.556499][ T7910] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.563183][ T7910] CR2: 0000001b33d1bff8 CR3: 0000000125f24000 CR4: 00000000003506f0 [ 122.571232][ T7910] DR0: fffffffffffffffe DR1: 0000000000000000 DR2: 0000000000000000 [ 122.579358][ T7910] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 122.587480][ T7910] Call Trace: [ 122.590843][ T7910] [ 122.593823][ T7910] reg_set_min_max+0x1f2/0x260 [ 122.598631][ T7910] check_cond_jmp_op+0x13bd/0x1a80 [ 122.603878][ T7910] do_check+0x3347/0x81f0 [ 122.608302][ T7910] do_check_common+0xccf/0x1300 [ 122.613327][ T7910] bpf_check+0x2f98/0xc860 [ 122.617785][ T7910] ? __alloc_frozen_pages_noprof+0x18f/0x360 [ 122.623995][ T7910] ? alloc_pages_bulk_noprof+0x4b9/0x540 [ 122.629765][ T7910] ? __vmap_pages_range_noflush+0xbc4/0xcf0 [ 122.635717][ T7910] ? try_charge_memcg+0x215/0xa10 [ 122.640872][ T7910] ? _find_next_zero_bit+0x64/0xa0 [ 122.646132][ T7910] ? pcpu_block_update_hint_alloc+0x63d/0x660 [ 122.652272][ T7910] ? pcpu_block_update_hint_alloc+0x63d/0x660 [ 122.658447][ T7910] ? css_rstat_updated+0xb7/0x240 [ 122.663535][ T7910] ? mod_memcg_state+0x182/0x270 [ 122.668526][ T7910] ? __rcu_read_unlock+0x4f/0x70 [ 122.673602][ T7910] ? pcpu_memcg_post_alloc_hook+0xec/0x170 [ 122.679448][ T7910] ? bpf_prog_alloc+0x5b/0x150 [ 122.684339][ T7910] ? pcpu_alloc_noprof+0xd0d/0x1240 [ 122.689748][ T7910] ? should_fail_ex+0x30/0x280 [ 122.694565][ T7910] ? __kmalloc_noprof+0x2b4/0x5a0 [ 122.699609][ T7910] ? security_bpf_prog_load+0x60/0x140 [ 122.705160][ T7910] ? selinux_bpf_prog_load+0xad/0xd0 [ 122.710587][ T7910] ? security_bpf_prog_load+0x9e/0x140 [ 122.716157][ T7910] bpf_prog_load+0xf6e/0x1140 [ 122.720916][ T7910] ? security_bpf+0x2b/0x90 [ 122.725451][ T7910] __sys_bpf+0x469/0x7c0 [ 122.729852][ T7910] __x64_sys_bpf+0x41/0x50 [ 122.734332][ T7910] x64_sys_call+0x28e1/0x3000 [ 122.739068][ T7910] do_syscall_64+0xd8/0x2a0 [ 122.743639][ T7910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.750054][ T7910] RIP: 0033:0x7f1450d8f749 [ 122.754519][ T7910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.774176][ T7910] RSP: 002b:00007f144f7f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 122.782731][ T7910] RAX: ffffffffffffffda RBX: 00007f1450fe5fa0 RCX: 00007f1450d8f749 [ 122.790761][ T7910] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005 [ 122.798832][ T7910] RBP: 00007f1450e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 122.806904][ T7910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.814943][ T7910] R13: 00007f1450fe6038 R14: 00007f1450fe5fa0 R15: 00007fff3426d7c8 [ 122.823093][ T7910] [ 122.826139][ T7910] ---[ end trace 0000000000000000 ]--- [ 122.885651][ T7921] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1506'. [ 122.901806][ T7920] loop5: detected capacity change from 0 to 1024 [ 122.923289][ T7920] EXT4-fs: Ignoring removed orlov option [ 122.972139][ T7920] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.004609][ T7931] netlink: 19 bytes leftover after parsing attributes in process `syz.2.1510'. [ 123.014120][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.023380][ T7921] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1506'. [ 123.285492][ T7948] lo speed is unknown, defaulting to 1000 [ 123.789389][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.011112][ T7963] FAULT_INJECTION: forcing a failure. [ 124.011112][ T7963] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 124.024263][ T7963] CPU: 1 UID: 0 PID: 7963 Comm: syz.1.1519 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 124.024354][ T7963] Tainted: [W]=WARN [ 124.024362][ T7963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 124.024377][ T7963] Call Trace: [ 124.024384][ T7963] [ 124.024393][ T7963] __dump_stack+0x1d/0x30 [ 124.024462][ T7963] dump_stack_lvl+0xe8/0x140 [ 124.024537][ T7963] dump_stack+0x15/0x1b [ 124.024556][ T7963] should_fail_ex+0x265/0x280 [ 124.024584][ T7963] should_fail+0xb/0x20 [ 124.024643][ T7963] should_fail_usercopy+0x1a/0x20 [ 124.024668][ T7963] _copy_from_user+0x1c/0xb0 [ 124.024701][ T7963] __copy_msghdr+0x244/0x300 [ 124.024754][ T7963] ___sys_sendmsg+0x109/0x1d0 [ 124.024814][ T7963] __sys_sendmmsg+0x178/0x300 [ 124.024849][ T7963] __x64_sys_sendmmsg+0x57/0x70 [ 124.024881][ T7963] x64_sys_call+0x1e28/0x3000 [ 124.024911][ T7963] do_syscall_64+0xd8/0x2a0 [ 124.025030][ T7963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.025056][ T7963] RIP: 0033:0x7f2b9dc4f749 [ 124.025071][ T7963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.025101][ T7963] RSP: 002b:00007f2b9c68e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 124.025167][ T7963] RAX: ffffffffffffffda RBX: 00007f2b9dea6090 RCX: 00007f2b9dc4f749 [ 124.025182][ T7963] RDX: 0000000000000002 RSI: 0000200000000000 RDI: 0000000000000009 [ 124.025195][ T7963] RBP: 00007f2b9c68e090 R08: 0000000000000000 R09: 0000000000000000 [ 124.025209][ T7963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.025225][ T7963] R13: 00007f2b9dea6128 R14: 00007f2b9dea6090 R15: 00007ffc4ea701e8 [ 124.025247][ T7963] [ 124.237386][ T29] kauditd_printk_skb: 389 callbacks suppressed [ 124.237401][ T29] audit: type=1400 audit(1765347133.426:6118): avc: denied { connect } for pid=7964 comm="syz.5.1520" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 124.370490][ T7972] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 124.565181][ T7982] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1527'. [ 124.613086][ T7982] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1527'. [ 124.731863][ T7991] netlink: 19 bytes leftover after parsing attributes in process `syz.1.1531'. [ 124.789033][ T29] audit: type=1400 audit(1765347134.006:6119): avc: denied { ioctl } for pid=7994 comm="syz.2.1532" path="socket:[21743]" dev="sockfs" ino=21743 ioctlcmd=0x8903 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 125.185139][ T8018] atomic_op ffff88810a1c4928 conn xmit_atomic 0000000000000000 [ 125.324453][ T29] audit: type=1326 audit(1765347134.546:6120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8034 comm="syz.2.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eaa36f749 code=0x7ffc0000 [ 125.372480][ T29] audit: type=1326 audit(1765347134.546:6121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8034 comm="syz.2.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eaa36f749 code=0x7ffc0000 [ 125.379144][ T8039] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64 [ 125.396095][ T29] audit: type=1326 audit(1765347134.546:6122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8034 comm="syz.2.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1eaa36f749 code=0x7ffc0000 [ 125.403829][ T8039] audit: out of memory in audit_log_start [ 125.427249][ T29] audit: type=1326 audit(1765347134.546:6123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8034 comm="syz.2.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eaa36f749 code=0x7ffc0000 [ 125.456486][ T29] audit: type=1326 audit(1765347134.546:6124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8034 comm="syz.2.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eaa36f749 code=0x7ffc0000 [ 125.480041][ T29] audit: type=1326 audit(1765347134.546:6125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8034 comm="syz.2.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1eaa36f749 code=0x7ffc0000 [ 125.536647][ T8043] atomic_op ffff88810a1c7528 conn xmit_atomic 0000000000000000 [ 125.593174][ T8047] ALSA: seq fatal error: cannot create timer (-19) [ 125.638282][ T8050] loop5: detected capacity change from 0 to 512 [ 125.645163][ T8050] EXT4-fs: dax option not supported [ 125.789076][ T8068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.814985][ T8068] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.845683][ T8073] FAULT_INJECTION: forcing a failure. [ 125.845683][ T8073] name failslab, interval 1, probability 0, space 0, times 0 [ 125.858474][ T8073] CPU: 0 UID: 0 PID: 8073 Comm: syz.1.1563 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 125.858510][ T8073] Tainted: [W]=WARN [ 125.858532][ T8073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 125.858547][ T8073] Call Trace: [ 125.858554][ T8073] [ 125.858562][ T8073] __dump_stack+0x1d/0x30 [ 125.858597][ T8073] dump_stack_lvl+0xe8/0x140 [ 125.858623][ T8073] dump_stack+0x15/0x1b [ 125.858707][ T8073] should_fail_ex+0x265/0x280 [ 125.858808][ T8073] should_failslab+0x8c/0xb0 [ 125.858834][ T8073] __kmalloc_cache_noprof+0x65/0x4c0 [ 125.858861][ T8073] ? do_fcntl+0xda6/0xf60 [ 125.858902][ T8073] do_fcntl+0xda6/0xf60 [ 125.859005][ T8073] __se_sys_fcntl+0xb1/0x120 [ 125.859034][ T8073] __x64_sys_fcntl+0x43/0x50 [ 125.859062][ T8073] x64_sys_call+0x2d6f/0x3000 [ 125.859119][ T8073] do_syscall_64+0xd8/0x2a0 [ 125.859188][ T8073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.859206][ T8073] RIP: 0033:0x7f2b9dc4f749 [ 125.859219][ T8073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.859235][ T8073] RSP: 002b:00007f2b9c6af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 125.859335][ T8073] RAX: ffffffffffffffda RBX: 00007f2b9dea5fa0 RCX: 00007f2b9dc4f749 [ 125.859349][ T8073] RDX: 0000200000000000 RSI: 000000000000000f RDI: 0000000000000005 [ 125.859363][ T8073] RBP: 00007f2b9c6af090 R08: 0000000000000000 R09: 0000000000000000 [ 125.859377][ T8073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 125.859390][ T8073] R13: 00007f2b9dea6038 R14: 00007f2b9dea5fa0 R15: 00007ffc4ea701e8 [ 125.859412][ T8073] [ 126.198881][ T8078] atomic_op ffff88810a1c4928 conn xmit_atomic 0000000000000000 [ 126.363209][ T8083] loop1: detected capacity change from 0 to 8192 [ 126.422726][ T3304] loop1: p1 < > p3 < p5 > p4 [ 126.431459][ T3304] loop1: p4 size 3081 extends beyond EOD, truncated [ 126.460991][ T3304] loop1: p5 size 3081 extends beyond EOD, truncated [ 126.473607][ T8083] loop1: p1 < > p3 < p5 > p4 [ 126.479635][ T8083] loop1: p4 size 3081 extends beyond EOD, truncated [ 126.493199][ T8083] loop1: p5 size 3081 extends beyond EOD, truncated [ 126.604354][ T8098] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 126.693547][ T3302] udevd[3302]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 126.696232][ T3507] udevd[3507]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 126.707518][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 126.714973][ T3528] udevd[3528]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory [ 126.806685][ T8113] __nla_validate_parse: 6 callbacks suppressed [ 126.806699][ T8113] netlink: 19 bytes leftover after parsing attributes in process `syz.5.1581'. [ 126.931061][ T8115] atomic_op ffff88810af50928 conn xmit_atomic 0000000000000000 [ 127.107095][ T8124] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 127.132051][ T8124] netlink: 12 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 127.193355][ T8127] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1586'. [ 127.300256][ T8127] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1586'. [ 127.337638][ T8137] lo speed is unknown, defaulting to 1000 [ 127.468012][ T8140] loop5: detected capacity change from 0 to 512 [ 127.486200][ T8140] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 127.546263][ T8143] FAULT_INJECTION: forcing a failure. [ 127.546263][ T8143] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 127.559625][ T8143] CPU: 1 UID: 0 PID: 8143 Comm: syz.1.1590 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 127.559651][ T8143] Tainted: [W]=WARN [ 127.559659][ T8143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 127.559676][ T8143] Call Trace: [ 127.559683][ T8143] [ 127.559690][ T8143] __dump_stack+0x1d/0x30 [ 127.559813][ T8143] dump_stack_lvl+0xe8/0x140 [ 127.559839][ T8143] dump_stack+0x15/0x1b [ 127.559857][ T8143] should_fail_ex+0x265/0x280 [ 127.559876][ T8143] should_fail_alloc_page+0xf2/0x100 [ 127.559956][ T8143] __alloc_frozen_pages_noprof+0x109/0x360 [ 127.559983][ T8143] alloc_pages_mpol+0xb3/0x260 [ 127.560014][ T8143] vma_alloc_folio_noprof+0x1aa/0x300 [ 127.560103][ T8143] handle_mm_fault+0xef5/0x2c60 [ 127.560194][ T8143] do_user_addr_fault+0x630/0x1080 [ 127.560307][ T8143] exc_page_fault+0x62/0xa0 [ 127.560332][ T8143] asm_exc_page_fault+0x26/0x30 [ 127.560348][ T8143] RIP: 0033:0x7f2b9db109f0 [ 127.560361][ T8143] Code: 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 47 0f b6 0c 08 45 84 c9 74 08 <45> 88 0c 00 49 8b 47 10 48 83 c0 01 49 89 47 10 83 e9 01 73 d3 41 [ 127.560443][ T8143] RSP: 002b:00007f2b9c66c4a0 EFLAGS: 00010286 [ 127.560520][ T8143] RAX: 0000000000005000 RBX: 00007f2b9c66c540 RCX: 0000000000000003 [ 127.560534][ T8143] RDX: 00000000000003ff RSI: 0000000000000400 RDI: 00007f2b9c66c5e0 [ 127.560548][ T8143] RBP: 0000000000000004 R08: 00007f2b9424d000 R09: 00000000000000ed [ 127.560562][ T8143] R10: 0000200000000182 R11: 00000000000005ab R12: 0000000000000301 [ 127.560576][ T8143] R13: 00007f2b9dcefc40 R14: 0000000000000013 R15: 00007f2b9c66c5e0 [ 127.560597][ T8143] [ 127.723149][ T8143] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 127.740556][ T8143] loop1: detected capacity change from 0 to 1024 [ 127.767699][ T8143] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 127.778652][ T8143] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 127.789618][ T8143] JBD2: no valid journal superblock found [ 127.795445][ T8143] EXT4-fs (loop1): Could not load journal inode [ 127.842523][ T8140] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.1591: bg 0: block 104: invalid block bitmap [ 127.939253][ T8140] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 128.004771][ T8140] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.1591: invalid indirect mapped block 1 (level 1) [ 128.081777][ T8140] EXT4-fs (loop5): 1 truncate cleaned up [ 128.151055][ T8140] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.289256][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.325120][ T8152] loop2: detected capacity change from 0 to 1024 [ 128.352839][ T8152] EXT4-fs: Ignoring removed nomblk_io_submit option [ 128.363776][ T8141] loop1: detected capacity change from 0 to 1024 [ 128.371007][ T8141] EXT4-fs (loop1): VFS: Can't find ext4 filesystem [ 128.379524][ T8141] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 128.405445][ T8156] atomic_op ffff88810af5c528 conn xmit_atomic 0000000000000000 [ 128.416095][ T8152] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=6042c018, mo2=0102] [ 128.438378][ T8152] System zones: 0-1, 3-12 [ 128.457074][ T8152] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.479561][ T8152] EXT4-fs: Remounting fs w/o journal so ignoring data_err option [ 128.544569][ T8152] EXT4-fs (loop2): can't enable nombcache during remount [ 128.680164][ T8161] loop5: detected capacity change from 0 to 1024 [ 128.692339][ T8169] netlink: 19 bytes leftover after parsing attributes in process `syz.4.1597'. [ 128.710380][ T8161] EXT4-fs: Ignoring removed nomblk_io_submit option [ 128.761736][ T8161] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=6042c018, mo2=0102] [ 128.770124][ T8161] System zones: 0-1, 3-12 [ 128.775044][ T8161] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.794437][ T8161] EXT4-fs: Remounting fs w/o journal so ignoring data_err option [ 128.802605][ T8161] EXT4-fs (loop5): can't enable nombcache during remount [ 128.968061][ T8181] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1602'. [ 128.992650][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.993976][ T8181] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1602'. [ 129.030389][ T8181] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1602'. [ 129.071363][ T8187] atomic_op ffff88810af50928 conn xmit_atomic 0000000000000000 [ 129.299065][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.350074][ T8216] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1614'. [ 129.363783][ T8216] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1614'. [ 129.399522][ T29] kauditd_printk_skb: 119 callbacks suppressed [ 129.399537][ T29] audit: type=1326 audit(1765347138.616:6245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8222 comm="syz.1.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 129.416588][ T8226] atomic_op ffff88810af5dd28 conn xmit_atomic 0000000000000000 [ 129.439882][ T29] audit: type=1326 audit(1765347138.666:6246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8222 comm="syz.1.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 129.465131][ T8223] FAULT_INJECTION: forcing a failure. [ 129.465131][ T8223] name failslab, interval 1, probability 0, space 0, times 0 [ 129.477810][ T8223] CPU: 0 UID: 0 PID: 8223 Comm: wÞ£ÿ Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 129.477869][ T8223] Tainted: [W]=WARN [ 129.477875][ T8223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 129.477920][ T8223] Call Trace: [ 129.477927][ T8223] [ 129.477935][ T8223] __dump_stack+0x1d/0x30 [ 129.477956][ T8223] dump_stack_lvl+0xe8/0x140 [ 129.478017][ T8223] dump_stack+0x15/0x1b [ 129.478114][ T8223] should_fail_ex+0x265/0x280 [ 129.478134][ T8223] should_failslab+0x8c/0xb0 [ 129.478189][ T8223] __kmalloc_node_track_caller_noprof+0xb9/0x5b0 [ 129.478220][ T8223] ? sidtab_sid2str_get+0xa0/0x130 [ 129.478290][ T8223] kmemdup_noprof+0x2b/0x70 [ 129.478313][ T8223] sidtab_sid2str_get+0xa0/0x130 [ 129.478355][ T8223] security_sid_to_context_core+0x1eb/0x2e0 [ 129.478388][ T8223] security_sid_to_context+0x27/0x40 [ 129.478418][ T8223] selinux_lsmprop_to_secctx+0x67/0xf0 [ 129.478515][ T8223] security_lsmprop_to_secctx+0x1a3/0x1c0 [ 129.478541][ T8223] audit_log_subj_ctx+0xa4/0x3e0 [ 129.478566][ T8223] ? skb_put+0xa9/0xf0 [ 129.478593][ T8223] audit_log_task_context+0x48/0x70 [ 129.478620][ T8223] audit_log_task+0xf4/0x250 [ 129.478725][ T8223] ? kstrtouint+0x76/0xc0 [ 129.478746][ T8223] audit_seccomp+0x61/0x100 [ 129.478832][ T8223] ? __seccomp_filter+0x832/0x1260 [ 129.478864][ T8223] __seccomp_filter+0x843/0x1260 [ 129.478889][ T8223] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 129.478940][ T8223] ? vfs_write+0x7e8/0x960 [ 129.478960][ T8223] ? __rcu_read_unlock+0x4f/0x70 [ 129.479051][ T8223] ? __fget_files+0x184/0x1c0 [ 129.479076][ T8223] __secure_computing+0x82/0x150 [ 129.479129][ T8223] syscall_trace_enter+0xcf/0x1e0 [ 129.479162][ T8223] do_syscall_64+0xb2/0x2a0 [ 129.479204][ T8223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.479224][ T8223] RIP: 0033:0x7f2b9dc4f749 [ 129.479237][ T8223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.479255][ T8223] RSP: 002b:00007f2b9c6af038 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 129.479272][ T8223] RAX: ffffffffffffffda RBX: 00007f2b9dea5fa0 RCX: 00007f2b9dc4f749 [ 129.479349][ T8223] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 129.479365][ T8223] RBP: 00007f2b9c6af090 R08: 0000000000000000 R09: 0000000000000000 [ 129.479450][ T8223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 129.479462][ T8223] R13: 00007f2b9dea6038 R14: 00007f2b9dea5fa0 R15: 00007ffc4ea701e8 [ 129.479479][ T8223] [ 129.479487][ T8223] audit: error in audit_log_subj_ctx [ 129.492637][ T29] audit: type=1326 audit(1765347138.666:6247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8222 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 129.744628][ T8242] FAULT_INJECTION: forcing a failure. [ 129.744628][ T8242] name failslab, interval 1, probability 0, space 0, times 0 [ 129.760104][ T29] audit: type=1326 audit(1765347138.666:6248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8222 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 129.772717][ T8242] CPU: 0 UID: 0 PID: 8242 Comm: syz.2.1622 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 129.772822][ T8242] Tainted: [W]=WARN [ 129.772832][ T8242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 129.772852][ T8242] Call Trace: [ 129.772861][ T8242] [ 129.772872][ T8242] __dump_stack+0x1d/0x30 [ 129.772907][ T8242] dump_stack_lvl+0xe8/0x140 [ 129.772940][ T8242] dump_stack+0x15/0x1b [ 129.772969][ T8242] should_fail_ex+0x265/0x280 [ 129.773014][ T8242] should_failslab+0x8c/0xb0 [ 129.773047][ T8242] __kmalloc_cache_noprof+0x65/0x4c0 [ 129.773108][ T8242] ? tcf_action_init_1+0x11e/0x4a0 [ 129.773138][ T8242] tcf_action_init_1+0x11e/0x4a0 [ 129.773201][ T8242] tcf_action_init+0x267/0x6d0 [ 129.773264][ T8242] tc_ctl_action+0x291/0x830 [ 129.773319][ T8242] ? __pfx_tc_ctl_action+0x10/0x10 [ 129.773418][ T8242] rtnetlink_rcv_msg+0x65a/0x6d0 [ 129.773466][ T8242] ? avc_has_perm_noaudit+0xab/0x130 [ 129.773556][ T8242] netlink_rcv_skb+0x123/0x220 [ 129.773596][ T8242] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 129.773728][ T8242] rtnetlink_rcv+0x1c/0x30 [ 129.773770][ T8242] netlink_unicast+0x5c0/0x690 [ 129.773821][ T8242] netlink_sendmsg+0x58b/0x6b0 [ 129.773927][ T8242] ? __pfx_netlink_sendmsg+0x10/0x10 [ 129.773965][ T8242] __sock_sendmsg+0x145/0x180 [ 129.774009][ T8242] ____sys_sendmsg+0x31e/0x4a0 [ 129.774137][ T8242] ___sys_sendmsg+0x17b/0x1d0 [ 129.774190][ T8242] __x64_sys_sendmsg+0xd4/0x160 [ 129.774273][ T8242] x64_sys_call+0x17ba/0x3000 [ 129.774305][ T8242] do_syscall_64+0xd8/0x2a0 [ 129.774349][ T8242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.774415][ T8242] RIP: 0033:0x7f1eaa36f749 [ 129.774434][ T8242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.774457][ T8242] RSP: 002b:00007f1ea8dd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 129.774503][ T8242] RAX: ffffffffffffffda RBX: 00007f1eaa5c5fa0 RCX: 00007f1eaa36f749 [ 129.774525][ T8242] RDX: 0000000000000000 RSI: 00002000000037c0 RDI: 0000000000000007 [ 129.774541][ T8242] RBP: 00007f1ea8dd7090 R08: 0000000000000000 R09: 0000000000000000 [ 129.774557][ T8242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 129.774572][ T8242] R13: 00007f1eaa5c6038 R14: 00007f1eaa5c5fa0 R15: 00007ffccd064c18 [ 129.774597][ T8242] [ 130.029439][ T29] audit: type=1326 audit(1765347138.686:6249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8222 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 130.052929][ T29] audit: type=1326 audit(1765347138.686:6250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8222 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 130.076350][ T29] audit: type=1326 audit(1765347138.686:6251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8222 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2b9dc4df90 code=0x7ffc0000 [ 130.099914][ T29] audit: type=1326 audit(1765347138.686:6252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8222 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f2b9dc4e1ff code=0x7ffc0000 [ 130.126393][ T29] audit: type=1326 audit(1765347138.686:6253): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=8222 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 130.352914][ T8250] lo speed is unknown, defaulting to 1000 [ 130.410348][ T8250] loop1: detected capacity change from 0 to 128 [ 130.720689][ T8286] atomic_op ffff88811b91fd28 conn xmit_atomic 0000000000000000 [ 130.760027][ T8288] FAULT_INJECTION: forcing a failure. [ 130.760027][ T8288] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 130.773139][ T8288] CPU: 0 UID: 0 PID: 8288 Comm: syz.2.1630 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 130.773208][ T8288] Tainted: [W]=WARN [ 130.773218][ T8288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 130.773258][ T8288] Call Trace: [ 130.773266][ T8288] [ 130.773275][ T8288] __dump_stack+0x1d/0x30 [ 130.773313][ T8288] dump_stack_lvl+0xe8/0x140 [ 130.773343][ T8288] dump_stack+0x15/0x1b [ 130.773368][ T8288] should_fail_ex+0x265/0x280 [ 130.773397][ T8288] should_fail+0xb/0x20 [ 130.773422][ T8288] should_fail_usercopy+0x1a/0x20 [ 130.773519][ T8288] _copy_from_user+0x1c/0xb0 [ 130.773547][ T8288] ____sys_sendmsg+0x1c5/0x4a0 [ 130.773582][ T8288] ___sys_sendmsg+0x17b/0x1d0 [ 130.773670][ T8288] __x64_sys_sendmsg+0xd4/0x160 [ 130.773794][ T8288] x64_sys_call+0x17ba/0x3000 [ 130.773841][ T8288] do_syscall_64+0xd8/0x2a0 [ 130.773889][ T8288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.774016][ T8288] RIP: 0033:0x7f1eaa36f749 [ 130.774028][ T8288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.774101][ T8288] RSP: 002b:00007f1ea8dd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 130.774116][ T8288] RAX: ffffffffffffffda RBX: 00007f1eaa5c5fa0 RCX: 00007f1eaa36f749 [ 130.774127][ T8288] RDX: 0000000000000000 RSI: 0000200000001600 RDI: 0000000000000006 [ 130.774137][ T8288] RBP: 00007f1ea8dd7090 R08: 0000000000000000 R09: 0000000000000000 [ 130.774146][ T8288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.774213][ T8288] R13: 00007f1eaa5c6038 R14: 00007f1eaa5c5fa0 R15: 00007ffccd064c18 [ 130.774229][ T8288] [ 131.018468][ T8303] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 [ 131.075624][ T8306] loop1: detected capacity change from 0 to 512 [ 131.112104][ T8306] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 131.120216][ T8306] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 131.128913][ T8306] System zones: 0-1, 15-15, 18-18, 34-34 [ 131.135173][ T8306] EXT4-fs (loop1): orphan cleanup on readonly fs [ 131.149758][ T8306] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.1636: Failed to acquire dquot type 1 [ 131.178931][ T8306] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1636: bg 0: block 40: padding at end of block bitmap is not set [ 131.194320][ T8306] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 131.270753][ T8306] EXT4-fs (loop1): 1 truncate cleaned up [ 131.276964][ T8306] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 131.377480][ T8333] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 131.578185][ T8344] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8344 comm=syz.4.1648 [ 131.659852][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.741123][ T8354] siw: device registration error -23 [ 131.823720][ T8361] atomic_op ffff88810af52928 conn xmit_atomic 0000000000000000 [ 131.949292][ T8379] 9p: Bad value for 'rfdno' [ 132.016587][ T8385] __nla_validate_parse: 7 callbacks suppressed [ 132.016684][ T8385] netlink: 19 bytes leftover after parsing attributes in process `syz.4.1661'. [ 132.080931][ T8374] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 132.195442][ T8395] loop2: detected capacity change from 0 to 128 [ 132.270978][ T8395] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 132.284052][ T8395] ext4 filesystem being mounted at /320/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 132.340160][ T8395] FAULT_INJECTION: forcing a failure. [ 132.340160][ T8395] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 132.353486][ T8395] CPU: 1 UID: 0 PID: 8395 Comm: syz.2.1666 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 132.353516][ T8395] Tainted: [W]=WARN [ 132.353523][ T8395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 132.353539][ T8395] Call Trace: [ 132.353547][ T8395] [ 132.353556][ T8395] __dump_stack+0x1d/0x30 [ 132.353648][ T8395] dump_stack_lvl+0xe8/0x140 [ 132.353678][ T8395] dump_stack+0x15/0x1b [ 132.353730][ T8395] should_fail_ex+0x265/0x280 [ 132.353756][ T8395] should_fail_alloc_page+0xf2/0x100 [ 132.353786][ T8395] alloc_pages_bulk_noprof+0x102/0x540 [ 132.353859][ T8395] copy_splice_read+0xf3/0x660 [ 132.353883][ T8395] ? __pfx_ext4_file_splice_read+0x10/0x10 [ 132.353949][ T8395] splice_direct_to_actor+0x290/0x680 [ 132.353976][ T8395] ? __pfx_direct_splice_actor+0x10/0x10 [ 132.354004][ T8395] do_splice_direct+0xda/0x150 [ 132.354026][ T8395] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 132.354124][ T8395] do_sendfile+0x380/0x650 [ 132.354156][ T8395] __x64_sys_sendfile64+0x105/0x150 [ 132.354186][ T8395] x64_sys_call+0x2db1/0x3000 [ 132.354234][ T8395] do_syscall_64+0xd8/0x2a0 [ 132.354273][ T8395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.354326][ T8395] RIP: 0033:0x7f1eaa36f749 [ 132.354341][ T8395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.354362][ T8395] RSP: 002b:00007f1ea8dd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 132.354383][ T8395] RAX: ffffffffffffffda RBX: 00007f1eaa5c5fa0 RCX: 00007f1eaa36f749 [ 132.354398][ T8395] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000009 [ 132.354456][ T8395] RBP: 00007f1ea8dd7090 R08: 0000000000000000 R09: 0000000000000000 [ 132.354467][ T8395] R10: 0000000800000007 R11: 0000000000000246 R12: 0000000000000001 [ 132.354480][ T8395] R13: 00007f1eaa5c6038 R14: 00007f1eaa5c5fa0 R15: 00007ffccd064c18 [ 132.354546][ T8395] [ 132.586653][ T8415] netlink: 'syz.4.1671': attribute type 13 has an invalid length. [ 132.601818][ T3318] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 132.624760][ T8417] netlink: 19 bytes leftover after parsing attributes in process `syz.0.1672'. [ 132.680702][ T8427] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1673'. [ 132.694199][ T8426] loop2: detected capacity change from 0 to 512 [ 132.720910][ T8412] loop1: detected capacity change from 0 to 1024 [ 132.727772][ T8412] EXT4-fs: Ignoring removed nomblk_io_submit option [ 132.765501][ T8440] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1674'. [ 132.777019][ T8445] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 132.790972][ T8412] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=6042c018, mo2=0102] [ 132.800616][ T8412] System zones: 0-1, 3-12 [ 132.805410][ T8440] Driver unsupported XDP return value 0 on prog (id 981) dev N/A, expect packet loss! [ 132.810613][ T8412] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.827536][ T8445] hub 9-0:1.0: USB hub found [ 132.832423][ T8445] hub 9-0:1.0: 8 ports detected [ 132.845726][ T8412] ext4: Unknown parameter '€ ' [ 132.941149][ T8467] netlink: 19 bytes leftover after parsing attributes in process `syz.0.1685'. [ 132.952763][ T8469] program syz.2.1681 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 133.137299][ T8486] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1693'. [ 133.149919][ T8489] netlink: 'syz.4.1692': attribute type 3 has an invalid length. [ 133.175857][ T8490] loop5: detected capacity change from 0 to 512 [ 133.187557][ T8490] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 133.213777][ T8490] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.228218][ T8490] EXT4-fs error (device loop5): ext4_map_blocks:783: inode #2: block 18: comm syz.5.1691: lblock 23 mapped to illegal pblock 18 (length 1) [ 133.228730][ T8497] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1695'. [ 133.267727][ T8497] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1695'. [ 133.306806][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.383607][ T8511] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1698'. [ 133.828100][ T8518] loop2: detected capacity change from 0 to 512 [ 133.835054][ T8518] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 133.844799][ T8518] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.1700: bg 0: block 104: invalid block bitmap [ 133.857607][ T8518] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 133.866644][ T8518] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.1700: invalid indirect mapped block 1 (level 1) [ 133.880134][ T8518] EXT4-fs (loop2): 1 truncate cleaned up [ 133.886375][ T8518] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 133.908666][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.965504][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.992443][ T8534] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 134.149807][ T8549] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1707'. [ 134.285108][ T8566] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 134.390292][ T8572] syzkaller0: entered promiscuous mode [ 134.395815][ T8572] syzkaller0: entered allmulticast mode [ 134.413845][ T29] kauditd_printk_skb: 52 callbacks suppressed [ 134.413858][ T29] audit: type=1326 audit(1765347143.636:6304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8570 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 134.445249][ T29] audit: type=1326 audit(1765347143.666:6305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8570 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 134.468644][ T29] audit: type=1326 audit(1765347143.666:6306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8570 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 134.492094][ T29] audit: type=1326 audit(1765347143.666:6307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8570 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 134.515526][ T29] audit: type=1326 audit(1765347143.666:6308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8570 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 134.538973][ T29] audit: type=1326 audit(1765347143.666:6309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8570 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 134.562386][ T29] audit: type=1326 audit(1765347143.666:6310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8570 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 134.585922][ T29] audit: type=1326 audit(1765347143.666:6311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8570 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 134.609246][ T29] audit: type=1326 audit(1765347143.666:6312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8570 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 134.633165][ T29] audit: type=1326 audit(1765347143.666:6313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8570 comm="syz.1.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 134.875984][ T8611] loop2: detected capacity change from 0 to 512 [ 134.940523][ T8615] loop1: detected capacity change from 0 to 4096 [ 134.958620][ T8615] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.026789][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.046331][ T8632] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 135.066301][ T8634] loop5: detected capacity change from 0 to 128 [ 135.186786][ T8654] SELinux: Context @ is not valid (left unmapped). [ 135.465622][ T8670] loop1: detected capacity change from 0 to 1024 [ 135.480629][ T8670] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 135.571458][ T8670] atomic_op ffff88810a1c6528 conn xmit_atomic 0000000000000000 [ 135.611446][ T8691] netlink: 'syz.0.1745': attribute type 13 has an invalid length. [ 135.619311][ T8691] netlink: 'syz.0.1745': attribute type 27 has an invalid length. [ 136.255016][ T8751] hub 9-0:1.0: USB hub found [ 136.264543][ T8751] hub 9-0:1.0: 8 ports detected [ 136.672594][ T8799] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 136.905710][ T8831] loop5: detected capacity change from 0 to 512 [ 136.912995][ T8831] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 136.922524][ T8831] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.1783: bg 0: block 104: invalid block bitmap [ 136.935326][ T8831] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 136.944500][ T8831] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.1783: invalid indirect mapped block 1 (level 1) [ 136.958148][ T8831] EXT4-fs (loop5): 1 truncate cleaned up [ 136.964356][ T8831] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 136.986709][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.033091][ T8839] __nla_validate_parse: 12 callbacks suppressed [ 137.033110][ T8839] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1784'. [ 137.085226][ T8848] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 137.213032][ T8862] netlink: 'syz.0.1793': attribute type 13 has an invalid length. [ 137.397668][ T8872] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1797'. [ 137.426909][ T8872] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1797'. [ 137.533904][ T8884] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 137.575662][ T8887] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 137.620180][ T8895] netlink: 'syz.0.1805': attribute type 3 has an invalid length. [ 137.674369][ T8900] netlink: 'syz.2.1804': attribute type 13 has an invalid length. [ 137.751672][ T8908] netlink: 19 bytes leftover after parsing attributes in process `syz.2.1809'. [ 137.805755][ T8915] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 137.845984][ T8918] loop2: detected capacity change from 0 to 1024 [ 137.858405][ T8918] EXT4-fs: Ignoring removed orlov option [ 137.907851][ T8927] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 137.916894][ T8918] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.037952][ T8939] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1817'. [ 138.059600][ T8941] ip6gre2: entered allmulticast mode [ 138.152049][ T8953] netlink: 19 bytes leftover after parsing attributes in process `syz.4.1823'. [ 138.165424][ T8952] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1822'. [ 138.180133][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.213313][ T8952] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1822'. [ 138.224771][ T8960] loop2: detected capacity change from 0 to 128 [ 138.239860][ T8960] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 138.249520][ T8960] EXT4-fs (loop2): group descriptors corrupted! [ 138.264335][ T8967] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 138.280316][ T8972] loop5: detected capacity change from 0 to 512 [ 138.297604][ T8972] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 138.324844][ T8972] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.1827: bg 0: block 104: invalid block bitmap [ 138.337689][ T8972] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 138.347872][ T8972] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.1827: invalid indirect mapped block 1 (level 1) [ 138.361344][ T8972] EXT4-fs (loop5): 1 truncate cleaned up [ 138.367305][ T8972] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.386031][ T8982] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 138.396265][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.464012][ T8989] loop5: detected capacity change from 0 to 4096 [ 138.486162][ T8989] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 138.525624][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.564986][ T9003] loop2: detected capacity change from 0 to 128 [ 138.592447][ T9003] netlink: 'syz.2.1833': attribute type 10 has an invalid length. [ 138.600404][ T9003] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1833'. [ 138.613415][ T9007] netlink: 19 bytes leftover after parsing attributes in process `syz.5.1835'. [ 138.615816][ T9003] ipvlan2: entered promiscuous mode [ 138.655992][ T9003] bridge0: port 3(ipvlan2) entered blocking state [ 138.662550][ T9003] bridge0: port 3(ipvlan2) entered disabled state [ 138.669145][ T9003] ipvlan2: entered allmulticast mode [ 138.674488][ T9003] bridge0: entered allmulticast mode [ 138.680411][ T9003] ipvlan2: left allmulticast mode [ 138.685502][ T9003] bridge0: left allmulticast mode [ 138.693810][ T9017] tipc: Enabling of bearer rejected, failed to enable media [ 138.744092][ T9023] loop1: detected capacity change from 0 to 512 [ 138.761264][ T9023] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 138.773714][ T9027] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 138.791993][ T9023] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.1838: bg 0: block 104: invalid block bitmap [ 138.799984][ T9027] hub 9-0:1.0: USB hub found [ 138.806544][ T9023] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 138.814979][ T9027] hub 9-0:1.0: 8 ports detected [ 138.836812][ T9023] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.1838: invalid indirect mapped block 1 (level 1) [ 138.853409][ T9023] EXT4-fs (loop1): 1 truncate cleaned up [ 138.860662][ T9023] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.948261][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.968218][ T9044] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 139.001157][ T9047] loop2: detected capacity change from 0 to 4096 [ 139.012688][ T9047] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.089837][ T9068] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 139.097110][ T9068] IPv6: NLM_F_CREATE should be set when creating new route [ 139.104360][ T9068] IPv6: NLM_F_CREATE should be set when creating new route [ 139.136603][ T9068] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 139.151410][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.241511][ T9087] loop5: detected capacity change from 0 to 512 [ 139.256841][ T9087] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 139.276050][ T9087] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.1858: bg 0: block 104: invalid block bitmap [ 139.289973][ T9087] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 139.329937][ T9087] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.1858: invalid indirect mapped block 1 (level 1) [ 139.405680][ T9087] EXT4-fs (loop5): 1 truncate cleaned up [ 139.436072][ T9087] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.535904][ T9119] loop1: detected capacity change from 0 to 1024 [ 139.543224][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.550488][ T9119] EXT4-fs: Ignoring removed orlov option [ 139.600154][ T9119] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.639315][ T29] kauditd_printk_skb: 310 callbacks suppressed [ 139.639327][ T29] audit: type=1326 audit(1765347148.856:6624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9118 comm="syz.1.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 139.668988][ T29] audit: type=1326 audit(1765347148.856:6625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9118 comm="syz.1.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 139.692520][ T29] audit: type=1326 audit(1765347148.866:6626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9118 comm="syz.1.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 139.716114][ T29] audit: type=1326 audit(1765347148.866:6627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9118 comm="syz.1.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 139.739531][ T29] audit: type=1326 audit(1765347148.866:6628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9118 comm="syz.1.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 139.762941][ T29] audit: type=1326 audit(1765347148.866:6629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9118 comm="syz.1.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 139.786456][ T29] audit: type=1326 audit(1765347148.866:6630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9118 comm="syz.1.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 139.809870][ T29] audit: type=1326 audit(1765347148.866:6631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9118 comm="syz.1.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 139.833288][ T29] audit: type=1326 audit(1765347148.866:6632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9118 comm="syz.1.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 139.856930][ T29] audit: type=1326 audit(1765347148.866:6633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9118 comm="syz.1.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 140.063405][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.348810][ T9186] loop2: detected capacity change from 0 to 1024 [ 140.356101][ T9186] EXT4-fs: Ignoring removed orlov option [ 140.379351][ T9192] FAULT_INJECTION: forcing a failure. [ 140.379351][ T9192] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 140.392470][ T9192] CPU: 1 UID: 0 PID: 9192 Comm: syz.1.1885 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 140.392575][ T9192] Tainted: [W]=WARN [ 140.392581][ T9192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 140.392621][ T9192] Call Trace: [ 140.392627][ T9192] [ 140.392634][ T9192] __dump_stack+0x1d/0x30 [ 140.392656][ T9192] dump_stack_lvl+0xe8/0x140 [ 140.392702][ T9192] dump_stack+0x15/0x1b [ 140.392720][ T9192] should_fail_ex+0x265/0x280 [ 140.392741][ T9192] should_fail+0xb/0x20 [ 140.392758][ T9192] should_fail_usercopy+0x1a/0x20 [ 140.392858][ T9192] _copy_from_user+0x1c/0xb0 [ 140.392896][ T9192] __sys_connect+0xd0/0x2b0 [ 140.392936][ T9192] __x64_sys_connect+0x3f/0x50 [ 140.392980][ T9192] x64_sys_call+0x2e09/0x3000 [ 140.393002][ T9192] do_syscall_64+0xd8/0x2a0 [ 140.393033][ T9192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.393128][ T9192] RIP: 0033:0x7f2b9dc4f749 [ 140.393141][ T9192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.393157][ T9192] RSP: 002b:00007f2b9c6af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 140.393191][ T9192] RAX: ffffffffffffffda RBX: 00007f2b9dea5fa0 RCX: 00007f2b9dc4f749 [ 140.393202][ T9192] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000006 [ 140.393213][ T9192] RBP: 00007f2b9c6af090 R08: 0000000000000000 R09: 0000000000000000 [ 140.393224][ T9192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.393234][ T9192] R13: 00007f2b9dea6038 R14: 00007f2b9dea5fa0 R15: 00007ffc4ea701e8 [ 140.393252][ T9192] [ 140.394948][ T9186] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.802496][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.836457][ T9225] hub 9-0:1.0: USB hub found [ 140.845868][ T9225] hub 9-0:1.0: 8 ports detected [ 141.005102][ T9242] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 141.015355][ T9242] FAT-fs (loop2): Filesystem has been set read-only [ 141.040050][ T9242] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 141.069906][ T9242] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 141.315080][ T9246] random: crng reseeded on system resumption [ 141.639451][ T9308] FAULT_INJECTION: forcing a failure. [ 141.639451][ T9308] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 141.652760][ T9308] CPU: 0 UID: 0 PID: 9308 Comm: syz.1.1920 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 141.652868][ T9308] Tainted: [W]=WARN [ 141.652875][ T9308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 141.652889][ T9308] Call Trace: [ 141.652895][ T9308] [ 141.652902][ T9308] __dump_stack+0x1d/0x30 [ 141.652992][ T9308] dump_stack_lvl+0xe8/0x140 [ 141.653015][ T9308] dump_stack+0x15/0x1b [ 141.653036][ T9308] should_fail_ex+0x265/0x280 [ 141.653097][ T9308] should_fail+0xb/0x20 [ 141.653117][ T9308] should_fail_usercopy+0x1a/0x20 [ 141.653142][ T9308] _copy_from_iter+0xcf/0xe70 [ 141.653168][ T9308] ? __alloc_skb+0x3bb/0x4d0 [ 141.653250][ T9308] ? __alloc_skb+0x24d/0x4d0 [ 141.653277][ T9308] netlink_sendmsg+0x471/0x6b0 [ 141.653313][ T9308] ? __pfx_netlink_sendmsg+0x10/0x10 [ 141.653346][ T9308] __sock_sendmsg+0x145/0x180 [ 141.653486][ T9308] ____sys_sendmsg+0x31e/0x4a0 [ 141.653523][ T9308] ___sys_sendmsg+0x17b/0x1d0 [ 141.653566][ T9308] __x64_sys_sendmsg+0xd4/0x160 [ 141.653645][ T9308] x64_sys_call+0x17ba/0x3000 [ 141.653673][ T9308] do_syscall_64+0xd8/0x2a0 [ 141.653708][ T9308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.653730][ T9308] RIP: 0033:0x7f2b9dc4f749 [ 141.653745][ T9308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.653764][ T9308] RSP: 002b:00007f2b9c6af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 141.653840][ T9308] RAX: ffffffffffffffda RBX: 00007f2b9dea5fa0 RCX: 00007f2b9dc4f749 [ 141.653863][ T9308] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003 [ 141.653875][ T9308] RBP: 00007f2b9c6af090 R08: 0000000000000000 R09: 0000000000000000 [ 141.653886][ T9308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.653960][ T9308] R13: 00007f2b9dea6038 R14: 00007f2b9dea5fa0 R15: 00007ffc4ea701e8 [ 141.653978][ T9308] [ 142.212345][ T9359] __nla_validate_parse: 10 callbacks suppressed [ 142.212362][ T9359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1931'. [ 142.371174][ T9379] bridge_slave_0: left promiscuous mode [ 142.377176][ T9379] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.380400][ T9377] EXT4-fs: Ignoring removed orlov option [ 142.409561][ T9379] bridge_slave_1: left allmulticast mode [ 142.415385][ T9379] bridge_slave_1: left promiscuous mode [ 142.421203][ T9379] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.433220][ T9377] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.445839][ T9379] team0: Port device team_slave_0 removed [ 142.452768][ T9379] team0: Port device team_slave_1 removed [ 142.460124][ T9379] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 142.482365][ T9379] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 142.491214][ T9379] net_ratelimit: 4 callbacks suppressed [ 142.491228][ T9379] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 142.571032][ T9388] EXT4-fs: Ignoring removed nomblk_io_submit option [ 142.593501][ T9388] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=6042c018, mo2=0102] [ 142.601845][ T9388] System zones: 0-1, 3-12 [ 142.609310][ T9388] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.650892][ T9388] EXT4-fs: Remounting fs w/o journal so ignoring data_err option [ 142.658994][ T9388] EXT4-fs (loop2): can't enable nombcache during remount [ 142.723491][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.987557][ T9438] IPv6: NLM_F_CREATE should be specified when creating new route [ 143.067658][ T9445] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1956'. [ 143.078073][ T9447] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 143.119744][ T9445] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 143.230673][ T9462] netlink: 19 bytes leftover after parsing attributes in process `syz.1.1961'. [ 143.305363][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.317354][ T9470] hub 9-0:1.0: USB hub found [ 143.335049][ T9470] hub 9-0:1.0: 8 ports detected [ 143.416266][ T9478] set_capacity_and_notify: 3 callbacks suppressed [ 143.416282][ T9478] loop2: detected capacity change from 0 to 4096 [ 143.432353][ T9483] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1967'. [ 143.456814][ T9478] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.532745][ T9503] loop5: detected capacity change from 0 to 512 [ 143.540003][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.549221][ T9503] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 143.575887][ T9503] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.1971: bg 0: block 104: invalid block bitmap [ 143.589381][ T9503] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 143.604999][ T9503] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.1971: invalid indirect mapped block 1 (level 1) [ 143.619139][ T9503] EXT4-fs (loop5): 1 truncate cleaned up [ 143.625295][ T9503] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.625614][ T9516] loop2: detected capacity change from 0 to 512 [ 143.651408][ T9510] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 143.659259][ T9516] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 143.668554][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.693619][ T9516] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.1972: bg 0: block 104: invalid block bitmap [ 143.706536][ T9516] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 143.715654][ T9516] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.1972: invalid indirect mapped block 1 (level 1) [ 143.729020][ T9516] EXT4-fs (loop2): 1 truncate cleaned up [ 143.735308][ T9516] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.779569][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.841447][ T9540] hub 9-0:1.0: USB hub found [ 143.846118][ T9540] hub 9-0:1.0: 8 ports detected [ 143.883661][ T9533] bridge_slave_0: left promiscuous mode [ 143.889475][ T9533] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.904031][ T9548] loop1: detected capacity change from 0 to 512 [ 143.910965][ T9548] ext4: Unknown parameter 'nouser_xattr' [ 143.924091][ T9533] bridge_slave_1: left allmulticast mode [ 143.929885][ T9533] bridge_slave_1: left promiscuous mode [ 143.935563][ T9533] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.955983][ T9533] bond0: (slave bond_slave_0): Releasing backup interface [ 143.967748][ T9533] bond0: (slave bond_slave_1): Releasing backup interface [ 143.976191][ T9533] team0: Port device team_slave_0 removed [ 143.983106][ T9533] team0: Port device team_slave_1 removed [ 143.989033][ T9533] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 144.092506][ T9574] loop5: detected capacity change from 0 to 1024 [ 144.101655][ T9574] EXT4-fs: Ignoring removed nomblk_io_submit option [ 144.124617][ T9574] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=6042c018, mo2=0102] [ 144.132997][ T9574] System zones: 0-1, 3-12 [ 144.139427][ T9574] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.156434][ T9574] EXT4-fs: Remounting fs w/o journal so ignoring data_err option [ 144.164293][ T9578] loop1: detected capacity change from 0 to 1024 [ 144.175046][ T9574] EXT4-fs (loop5): can't enable nombcache during remount [ 144.180236][ T9578] EXT4-fs: Ignoring removed nomblk_io_submit option [ 144.228434][ T9578] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=6042c018, mo2=0102] [ 144.242587][ T9578] System zones: 0-1, 3-12 [ 144.256279][ T9578] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.285550][ T9578] EXT4-fs: Remounting fs w/o journal so ignoring data_err option [ 144.293602][ T9578] EXT4-fs (loop1): can't enable nombcache during remount [ 144.776973][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.821313][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.886857][ T9607] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 144.936881][ T29] kauditd_printk_skb: 289 callbacks suppressed [ 144.936894][ T29] audit: type=1400 audit(1765347154.156:6923): avc: denied { create } for pid=9610 comm="syz.0.1993" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 144.982934][ T29] audit: type=1400 audit(1765347154.166:6924): avc: denied { name_bind } for pid=9610 comm="syz.0.1993" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 144.983025][ T9614] FAULT_INJECTION: forcing a failure. [ 144.983025][ T9614] name failslab, interval 1, probability 0, space 0, times 0 [ 145.004650][ T29] audit: type=1400 audit(1765347154.166:6925): avc: denied { node_bind } for pid=9610 comm="syz.0.1993" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 145.017224][ T9614] CPU: 1 UID: 0 PID: 9614 Comm: syz.5.1994 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 145.017321][ T9614] Tainted: [W]=WARN [ 145.017330][ T9614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 145.017347][ T9614] Call Trace: [ 145.017356][ T9614] [ 145.017365][ T9614] __dump_stack+0x1d/0x30 [ 145.017474][ T9614] dump_stack_lvl+0xe8/0x140 [ 145.017570][ T9614] dump_stack+0x15/0x1b [ 145.017595][ T9614] should_fail_ex+0x265/0x280 [ 145.017626][ T9614] should_failslab+0x8c/0xb0 [ 145.017711][ T9614] __kmalloc_node_track_caller_noprof+0xb9/0x5b0 [ 145.017809][ T9614] ? sidtab_sid2str_get+0xa0/0x130 [ 145.017899][ T9614] kmemdup_noprof+0x2b/0x70 [ 145.017924][ T9614] sidtab_sid2str_get+0xa0/0x130 [ 145.017962][ T9614] security_sid_to_context_core+0x1eb/0x2e0 [ 145.018062][ T9614] security_sid_to_context+0x27/0x40 [ 145.018148][ T9614] avc_audit_post_callback+0x10f/0x520 [ 145.018271][ T9614] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 145.018315][ T9614] common_lsm_audit+0x1bb/0x230 [ 145.018378][ T9614] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 145.018424][ T9614] slow_avc_audit+0x104/0x140 [ 145.018578][ T9614] avc_has_perm+0x13a/0x180 [ 145.018605][ T9614] selinux_socket_sendmsg+0x175/0x1b0 [ 145.018641][ T9614] security_socket_sendmsg+0x48/0x80 [ 145.018672][ T9614] __sock_sendmsg+0x30/0x180 [ 145.018800][ T9614] ____sys_sendmsg+0x345/0x4a0 [ 145.018898][ T9614] ___sys_sendmsg+0x17b/0x1d0 [ 145.019016][ T9614] __sys_sendmmsg+0x178/0x300 [ 145.019137][ T9614] __x64_sys_sendmmsg+0x57/0x70 [ 145.019174][ T9614] x64_sys_call+0x1e28/0x3000 [ 145.019205][ T9614] do_syscall_64+0xd8/0x2a0 [ 145.019248][ T9614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.019336][ T9614] RIP: 0033:0x7fbbe1cff749 [ 145.019356][ T9614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.019377][ T9614] RSP: 002b:00007fbbe0767038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 145.019401][ T9614] RAX: ffffffffffffffda RBX: 00007fbbe1f55fa0 RCX: 00007fbbe1cff749 [ 145.019418][ T9614] RDX: 00000000000002c8 RSI: 00002000000000c0 RDI: 0000000000000006 [ 145.019501][ T9614] RBP: 00007fbbe0767090 R08: 0000000000000000 R09: 0000000000000000 [ 145.019517][ T9614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 145.019542][ T9614] R13: 00007fbbe1f56038 R14: 00007fbbe1f55fa0 R15: 00007ffd33912128 [ 145.019566][ T9614] [ 145.280547][ T29] audit: type=1400 audit(1765347154.206:6926): avc: denied { write } for pid=9613 comm="syz.5.1994" scontext=root:sysadm_r:sysadm_t tsid=137 tclass=key_socket permissive=1 [ 145.329405][ T29] audit: type=1326 audit(1765347154.546:6927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9621 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7c860f749 code=0x7ffc0000 [ 145.352864][ T29] audit: type=1326 audit(1765347154.546:6928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9621 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7c860f749 code=0x7ffc0000 [ 145.382574][ T9625] netlink: 'syz.5.1995': attribute type 13 has an invalid length. [ 145.474687][ T9625] lo speed is unknown, defaulting to 1000 [ 145.481159][ T29] audit: type=1326 audit(1765347154.596:6929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9621 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa7c860f749 code=0x7ffc0000 [ 145.504776][ T29] audit: type=1326 audit(1765347154.596:6930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9621 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7c860f749 code=0x7ffc0000 [ 145.528204][ T29] audit: type=1326 audit(1765347154.596:6931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9621 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa7c860f749 code=0x7ffc0000 [ 145.551504][ T29] audit: type=1326 audit(1765347154.596:6932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9621 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7c860f749 code=0x7ffc0000 [ 145.585648][ T9641] tunl0: entered allmulticast mode [ 145.759568][ T9675] loop1: detected capacity change from 0 to 512 [ 145.770526][ T9675] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 145.778559][ T9675] EXT4-fs (loop1): orphan cleanup on readonly fs [ 145.787486][ T9675] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.2002: corrupted inode contents [ 145.800014][ T9675] EXT4-fs (loop1): Remounting filesystem read-only [ 145.806723][ T9675] EXT4-fs (loop1): 1 truncate cleaned up [ 145.812493][ T309] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 145.823172][ T309] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 145.837466][ T309] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started [ 145.848252][ T9675] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 145.884529][ T9683] SET target dimension over the limit! [ 145.892744][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.920779][ T9683] loop5: detected capacity change from 0 to 128 [ 145.999420][ T9710] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 146.040648][ T9712] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2011'. [ 146.081917][ T9712] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2011'. [ 146.115767][ T9717] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2012'. [ 146.168429][ T9717] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2012'. [ 146.207095][ T9728] netlink: 19 bytes leftover after parsing attributes in process `syz.5.2015'. [ 146.211918][ T9729] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2014'. [ 146.282771][ T9740] loop1: detected capacity change from 0 to 1024 [ 146.299096][ T9740] EXT4-fs: Ignoring removed orlov option [ 146.317222][ T9747] lo speed is unknown, defaulting to 1000 [ 146.323939][ T9740] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 146.408157][ T9780] 9p: Bad value for 'rfdno' [ 146.463136][ T9785] FAULT_INJECTION: forcing a failure. [ 146.463136][ T9785] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.476296][ T9785] CPU: 0 UID: 0 PID: 9785 Comm: syz.5.2023 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 146.476332][ T9785] Tainted: [W]=WARN [ 146.476420][ T9785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 146.476431][ T9785] Call Trace: [ 146.476437][ T9785] [ 146.476444][ T9785] __dump_stack+0x1d/0x30 [ 146.476550][ T9785] dump_stack_lvl+0xe8/0x140 [ 146.476573][ T9785] dump_stack+0x15/0x1b [ 146.476594][ T9785] should_fail_ex+0x265/0x280 [ 146.476666][ T9785] should_fail+0xb/0x20 [ 146.476685][ T9785] should_fail_usercopy+0x1a/0x20 [ 146.476709][ T9785] fpu__restore_sig+0x12d/0xaa0 [ 146.476795][ T9785] ? x86_task_fpu+0x36/0x60 [ 146.476815][ T9785] ? should_fail_ex+0xdb/0x280 [ 146.476850][ T9785] __ia32_sys_rt_sigreturn+0x29f/0x350 [ 146.476894][ T9785] x64_sys_call+0x274a/0x3000 [ 146.476920][ T9785] do_syscall_64+0xd8/0x2a0 [ 146.477033][ T9785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.477055][ T9785] RIP: 0033:0x7fbbe1cff747 [ 146.477108][ T9785] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 146.477216][ T9785] RSP: 002b:00007fbbe0767038 EFLAGS: 00000246 [ 146.477237][ T9785] RAX: 0000000000000113 RBX: 00007fbbe1f55fa0 RCX: 00007fbbe1cff749 [ 146.477253][ T9785] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000008 [ 146.477268][ T9785] RBP: 00007fbbe0767090 R08: 0000100000000001 R09: 0000000000000000 [ 146.477280][ T9785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 146.477294][ T9785] R13: 00007fbbe1f56038 R14: 00007fbbe1f55fa0 R15: 00007ffd33912128 [ 146.477339][ T9785] [ 146.480568][ T9787] loop2: detected capacity change from 0 to 8192 [ 146.646556][ T9792] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 146.724330][ T9799] hub 9-0:1.0: USB hub found [ 146.729039][ T9799] hub 9-0:1.0: 8 ports detected [ 146.787120][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.904549][ T9823] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.921674][ T9823] ext4 filesystem being mounted at /391/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.947055][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.078366][ T9850] hub 9-0:1.0: USB hub found [ 147.084573][ T9850] hub 9-0:1.0: 8 ports detected [ 147.180424][ T9857] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 147.352172][ T9873] hub 9-0:1.0: USB hub found [ 147.360568][ T9873] hub 9-0:1.0: 8 ports detected [ 147.484007][ T9888] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.501380][ T9890] __nla_validate_parse: 7 callbacks suppressed [ 147.501397][ T9890] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2052'. [ 147.510010][ T9888] ext4 filesystem being mounted at /394/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.587243][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.600798][ T9890] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2052'. [ 147.633493][ T3525] hid (null): global environment stack underflow [ 147.639931][ T3525] hid (null): global environment stack underflow [ 147.658166][ T9909] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2054'. [ 147.667178][ T9909] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2054'. [ 147.686978][ T3525] hid-generic 0008:0002:0006.0001: unknown main item tag 0x0 [ 147.694587][ T3525] hid-generic 0008:0002:0006.0001: unexpected long global item [ 147.708582][ T9899] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2052'. [ 147.722169][ T3525] hid-generic 0008:0002:0006.0001: probe with driver hid-generic failed with error -22 [ 147.899361][ T9943] veth2: entered promiscuous mode [ 147.904458][ T9943] veth2: entered allmulticast mode [ 147.948082][ T9969] netlink: 19 bytes leftover after parsing attributes in process `syz.4.2071'. [ 148.003337][ T9974] hub 9-0:1.0: USB hub found [ 148.016707][ T9974] hub 9-0:1.0: 8 ports detected [ 148.029944][ T9977] netlink: 'syz.4.2073': attribute type 3 has an invalid length. [ 148.037849][ T9977] netlink: 'syz.4.2073': attribute type 3 has an invalid length. [ 148.046001][ T9977] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2073'. [ 148.070240][ T9943] infiniband !yz!: set down [ 148.074804][ T9943] infiniband !yz!: added team_slave_0 [ 148.132472][ T9984] EXT4-fs: Ignoring removed orlov option [ 148.135345][ T9943] RDS/IB: !yz!: added [ 148.164914][ T9984] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.166854][ T9943] smc: adding ib device !yz! with port count 1 [ 148.198571][ T9943] smc: ib device !yz! port 1 has no pnetid [ 148.216134][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.365272][T10004] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 ! [ 148.468511][T10016] hub 9-0:1.0: USB hub found [ 148.481247][T10016] hub 9-0:1.0: 8 ports detected [ 148.539126][T10021] bridge0: port 1(macsec0) entered blocking state [ 148.546025][T10021] bridge0: port 1(macsec0) entered disabled state [ 148.559957][T10021] macsec0: entered allmulticast mode [ 148.565491][T10021] bridge0: entered allmulticast mode [ 148.600997][T10021] macsec0: left allmulticast mode [ 148.606136][T10021] bridge0: left allmulticast mode [ 148.762269][T10052] netlink: 19 bytes leftover after parsing attributes in process `syz.2.2091'. [ 148.871464][T10055] netlink: 19 bytes leftover after parsing attributes in process `syz.0.2093'. [ 148.930876][T10059] lo speed is unknown, defaulting to 1000 [ 148.972251][T10063] set_capacity_and_notify: 3 callbacks suppressed [ 148.972265][T10063] loop2: detected capacity change from 0 to 512 [ 149.000959][T10063] EXT4-fs: inline encryption not supported [ 149.017507][T10063] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 149.050088][T10063] EXT4-fs (loop2): 1 truncate cleaned up [ 149.056386][T10063] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 149.483072][T10112] loop5: detected capacity change from 0 to 1024 [ 149.491973][T10112] EXT4-fs: Ignoring removed orlov option [ 149.523740][T10112] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 149.712733][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.731972][T10123] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2105'. [ 149.755093][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.910476][T10148] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 149.984083][ T29] kauditd_printk_skb: 473 callbacks suppressed [ 149.984098][ T29] audit: type=1400 audit(1765347159.206:7400): avc: denied { setopt } for pid=10144 comm="syz.5.2112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 150.115667][ T3488] IPVS: starting estimator thread 0... [ 150.116778][ T29] audit: type=1326 audit(1765347159.326:7401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10102 comm="syz.1.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9dc4f749 code=0x7ffc0000 [ 150.180641][ T29] audit: type=1400 audit(1765347159.406:7402): avc: denied { create } for pid=10181 comm="syz.5.2121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 150.205247][T10182] bridge0: entered allmulticast mode [ 150.205244][ T29] audit: type=1400 audit(1765347159.426:7403): avc: denied { setopt } for pid=10181 comm="syz.5.2121" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 150.253885][ T29] audit: type=1326 audit(1765347159.476:7404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10171 comm="syz.0.2118" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1450d8f749 code=0x0 [ 150.258473][T10182] bridge_slave_1: left allmulticast mode [ 150.277835][T10175] IPVS: using max 1968 ests per chain, 98400 per kthread [ 150.282724][T10182] bridge_slave_1: left promiscuous mode [ 150.282877][T10182] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.318083][T10182] bridge_slave_0: left allmulticast mode [ 150.323976][T10182] bridge_slave_0: left promiscuous mode [ 150.329687][T10182] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.338906][T10182] bridge0 (unregistering): left allmulticast mode [ 150.396317][ T29] audit: type=1400 audit(1765347159.616:7405): avc: denied { create } for pid=10202 comm="syz.4.2125" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 150.425101][ T29] audit: type=1400 audit(1765347159.616:7406): avc: denied { connect } for pid=10202 comm="syz.4.2125" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 150.475475][T10208] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 150.605454][ T29] audit: type=1400 audit(1765347159.826:7407): avc: denied { bind } for pid=10219 comm="syz.1.2129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 150.624993][ T29] audit: type=1400 audit(1765347159.826:7408): avc: denied { mount } for pid=10219 comm="syz.1.2129" name="/" dev="ramfs" ino=25290 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 150.668405][ T29] audit: type=1400 audit(1765347159.886:7409): avc: denied { create } for pid=10222 comm="syz.4.2130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 150.744734][T10241] loop5: detected capacity change from 0 to 512 [ 150.762243][T10241] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.762488][T10248] FAULT_INJECTION: forcing a failure. [ 150.762488][T10248] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 150.778524][T10241] ext4 filesystem being mounted at /372/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.788052][T10248] CPU: 0 UID: 0 PID: 10248 Comm: syz.1.2134 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 150.788096][T10248] Tainted: [W]=WARN [ 150.788104][T10248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 150.788120][T10248] Call Trace: [ 150.788128][T10248] [ 150.788137][T10248] __dump_stack+0x1d/0x30 [ 150.788184][T10248] dump_stack_lvl+0xe8/0x140 [ 150.788215][T10248] dump_stack+0x15/0x1b [ 150.788283][T10248] should_fail_ex+0x265/0x280 [ 150.788315][T10248] should_fail+0xb/0x20 [ 150.788339][T10248] should_fail_usercopy+0x1a/0x20 [ 150.788369][T10248] _copy_from_user+0x1c/0xb0 [ 150.788458][T10248] __se_sys_mount+0x10d/0x2e0 [ 150.788476][T10248] ? fput+0x8f/0xc0 [ 150.788570][T10248] ? ksys_write+0x192/0x1a0 [ 150.788617][T10248] __x64_sys_mount+0x67/0x80 [ 150.788644][T10248] x64_sys_call+0x2cca/0x3000 [ 150.788723][T10248] do_syscall_64+0xd8/0x2a0 [ 150.788765][T10248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.788792][T10248] RIP: 0033:0x7f2b9dc4f749 [ 150.788810][T10248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.788881][T10248] RSP: 002b:00007f2b9c6af038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 150.788903][T10248] RAX: ffffffffffffffda RBX: 00007f2b9dea5fa0 RCX: 00007f2b9dc4f749 [ 150.788918][T10248] RDX: 00002000000002c0 RSI: 0000200000000300 RDI: 0000000000000000 [ 150.788933][T10248] RBP: 00007f2b9c6af090 R08: 00002000000005c0 R09: 0000000000000000 [ 150.788949][T10248] R10: 0000000000200480 R11: 0000000000000246 R12: 0000000000000001 [ 150.788984][T10248] R13: 00007f2b9dea6038 R14: 00007f2b9dea5fa0 R15: 00007ffc4ea701e8 [ 150.789008][T10248] [ 150.792283][T10248] 9p: Bad value for 'wfdno' [ 150.975486][T10241] bond0: (slave bond_slave_0): Releasing backup interface [ 150.993390][T10241] bond0: (slave bond_slave_1): Releasing backup interface [ 151.009485][T10241] team0: Failed to send options change via netlink (err -105) [ 151.017362][T10241] team0: Failed to send port change of device team_slave_0 via netlink (err -105) [ 151.030244][T10241] team0: Port device team_slave_0 removed [ 151.047754][T10241] team0: Failed to send options change via netlink (err -105) [ 151.064723][T10241] team0: Failed to send port change of device team_slave_1 via netlink (err -105) [ 151.079437][T10241] team0: Port device team_slave_1 removed [ 151.086475][T10241] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 151.094243][T10241] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 151.103153][T10241] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 151.127572][T10268] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 151.137012][T10271] bridge0: entered allmulticast mode [ 151.143056][T10271] bridge_slave_1: left allmulticast mode [ 151.148730][T10271] bridge_slave_1: left promiscuous mode [ 151.154492][T10271] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.163947][T10271] bridge_slave_0: left allmulticast mode [ 151.169636][T10271] bridge_slave_0: left promiscuous mode [ 151.175543][T10271] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.202310][T10271] bridge0 (unregistering): left allmulticast mode [ 151.350423][T10302] lo speed is unknown, defaulting to 1000 [ 151.512235][T10332] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 151.563069][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.628071][T10368] FAULT_INJECTION: forcing a failure. [ 151.628071][T10368] name failslab, interval 1, probability 0, space 0, times 0 [ 151.640884][T10368] CPU: 0 UID: 0 PID: 10368 Comm: syz.5.2161 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 151.640934][T10368] Tainted: [W]=WARN [ 151.641015][T10368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 151.641032][T10368] Call Trace: [ 151.641040][T10368] [ 151.641049][T10368] __dump_stack+0x1d/0x30 [ 151.641080][T10368] dump_stack_lvl+0xe8/0x140 [ 151.641109][T10368] dump_stack+0x15/0x1b [ 151.641130][T10368] should_fail_ex+0x265/0x280 [ 151.641207][T10368] should_failslab+0x8c/0xb0 [ 151.641230][T10368] kmem_cache_alloc_node_noprof+0x6b/0x4c0 [ 151.641253][T10368] ? __alloc_skb+0x324/0x4d0 [ 151.641282][T10368] __alloc_skb+0x324/0x4d0 [ 151.641380][T10368] ? __alloc_skb+0x24d/0x4d0 [ 151.641458][T10368] netlink_alloc_large_skb+0xbf/0xf0 [ 151.641543][T10368] netlink_sendmsg+0x3cf/0x6b0 [ 151.641586][T10368] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.641620][T10368] __sock_sendmsg+0x145/0x180 [ 151.641674][T10368] ____sys_sendmsg+0x31e/0x4a0 [ 151.641713][T10368] ___sys_sendmsg+0x17b/0x1d0 [ 151.641758][T10368] ? __bpf_get_stackid+0x6f6/0x7d0 [ 151.641830][T10368] __x64_sys_sendmsg+0xd4/0x160 [ 151.641861][T10368] x64_sys_call+0x17ba/0x3000 [ 151.641942][T10368] do_syscall_64+0xd8/0x2a0 [ 151.642018][T10368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.642043][T10368] RIP: 0033:0x7fbbe1cff749 [ 151.642057][T10368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.642073][T10368] RSP: 002b:00007fbbe0767038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.642092][T10368] RAX: ffffffffffffffda RBX: 00007fbbe1f55fa0 RCX: 00007fbbe1cff749 [ 151.642183][T10368] RDX: 0000000000040094 RSI: 0000200000006040 RDI: 0000000000000006 [ 151.642199][T10368] RBP: 00007fbbe0767090 R08: 0000000000000000 R09: 0000000000000000 [ 151.642213][T10368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.642228][T10368] R13: 00007fbbe1f56038 R14: 00007fbbe1f55fa0 R15: 00007ffd33912128 [ 151.642249][T10368] [ 151.964816][T10387] loop5: detected capacity change from 0 to 512 [ 151.978715][T10387] EXT4-fs error (device loop5): ext4_xattr_inode_iget:446: comm syz.5.2167: error while reading EA inode 32 err=-116 [ 152.004525][T10387] EXT4-fs (loop5): Remounting filesystem read-only [ 152.013877][T10387] EXT4-fs (loop5): 1 orphan inode deleted [ 152.023510][T10387] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.036647][T10387] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.201844][T10412] loop5: detected capacity change from 0 to 512 [ 152.255324][T10412] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.282497][T10412] ext4 filesystem being mounted at /376/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.304374][T10412] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 152.394840][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.546744][T10457] __nla_validate_parse: 15 callbacks suppressed [ 152.546760][T10457] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2182'. [ 152.587245][T10466] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2185'. [ 152.598626][T10466] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2185'. [ 152.626181][T10470] team0: Caught tx_queue_len zero misconfig [ 152.659123][T10466] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2185'. [ 152.706239][T10482] loop5: detected capacity change from 0 to 512 [ 152.740217][T10482] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.753408][T10479] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2189'. [ 152.764131][T10482] ext4 filesystem being mounted at /383/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.784777][T10482] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 152.801221][T10479] sg_write: data in/out 49276/2 bytes for SCSI command 0x6-- guessing data in; [ 152.801221][T10479] program syz.2.2189 not setting count and/or reply_len properly [ 152.855290][T10496] loop2: detected capacity change from 0 to 512 [ 152.862059][T10496] EXT4-fs: inline encryption not supported [ 152.871339][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.882758][T10496] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.895749][T10496] ext4 filesystem being mounted at /409/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.978243][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.995519][T10508] netlink: 19 bytes leftover after parsing attributes in process `syz.5.2197'. [ 153.050799][T10516] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2198'. [ 153.060813][T10514] netlink: 'syz.4.2199': attribute type 6 has an invalid length. [ 153.305322][T10538] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 153.364638][T10542] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2208'. [ 153.433186][T10555] loop5: detected capacity change from 0 to 1024 [ 153.442335][T10560] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2215'. [ 153.452466][T10559] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2214'. [ 153.466204][T10555] EXT4-fs: Ignoring removed orlov option [ 153.467928][T10564] hub 9-0:1.0: USB hub found [ 153.493740][T10552] lo speed is unknown, defaulting to 1000 [ 153.505571][T10564] hub 9-0:1.0: 8 ports detected [ 153.541360][T10555] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 153.721948][T10614] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 153.738007][T10615] loop1: detected capacity change from 0 to 1024 [ 153.799337][T10615] EXT4-fs: Ignoring removed nomblk_io_submit option [ 153.850567][T10615] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=6042c018, mo2=0102] [ 153.872833][T10615] System zones: 0-1, 3-12 [ 153.877637][T10615] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 153.903821][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.907354][T10615] EXT4-fs: Remounting fs w/o journal so ignoring data_err option [ 153.929270][T10615] EXT4-fs (loop1): can't enable nombcache during remount [ 154.044176][T10661] loop5: detected capacity change from 0 to 1024 [ 154.057021][T10664] loop2: detected capacity change from 0 to 512 [ 154.059294][T10661] EXT4-fs: Ignoring removed bh option [ 154.068797][T10661] EXT4-fs: inline encryption not supported [ 154.074730][T10661] EXT4-fs: Ignoring removed orlov option [ 154.099213][T10664] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.110460][T10661] EXT4-fs (loop5): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 154.113122][T10664] ext4 filesystem being mounted at /420/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.152416][T10664] bridge_slave_0: left allmulticast mode [ 154.158118][T10664] bridge_slave_0: left promiscuous mode [ 154.163855][T10664] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.199036][T10661] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e842c018, mo2=0002] [ 154.207402][T10661] System zones: 0-1, 3-12 [ 154.219113][T10661] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 154.244875][T10664] bridge_slave_1: left allmulticast mode [ 154.250565][T10664] bridge_slave_1: left promiscuous mode [ 154.256264][T10664] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.283117][T10664] bond0: (slave bond_slave_0): Releasing backup interface [ 154.291820][T10664] bond0: (slave bond_slave_1): Releasing backup interface [ 154.303500][T10664] team0: Failed to send options change via netlink (err -105) [ 154.303926][ T3602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.311326][T10664] team0: Failed to send port change of device team_slave_0 via netlink (err -105) [ 154.330028][T10664] team0: Port device team_slave_0 removed [ 154.336246][T10664] team0: Failed to send options change via netlink (err -105) [ 154.344067][T10664] team0: Failed to send port change of device team_slave_1 via netlink (err -105) [ 154.354232][T10664] team0: Port device team_slave_1 removed [ 154.360567][T10664] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 154.389025][T10686] loop5: detected capacity change from 0 to 512 [ 154.411374][T10686] EXT4-fs: inline encryption not supported [ 154.454591][T10686] ext4 filesystem being mounted at /392/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.488194][T10702] loop1: detected capacity change from 0 to 1024 [ 154.497471][T10702] EXT4-fs: Ignoring removed orlov option [ 154.978123][T10762] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 155.055552][ T29] kauditd_printk_skb: 486 callbacks suppressed [ 155.055568][ T29] audit: type=1400 audit(1765347164.276:7894): avc: denied { setopt } for pid=10763 comm="syz.0.2260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 155.081574][ T29] audit: type=1400 audit(1765347164.276:7895): avc: denied { write } for pid=10763 comm="syz.0.2260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 155.243604][ T29] audit: type=1400 audit(1765347164.466:7896): avc: denied { create } for pid=10800 comm="syz.1.2271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 155.293001][ T29] audit: type=1400 audit(1765347164.486:7897): avc: denied { bind } for pid=10800 comm="syz.1.2271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 155.312512][ T29] audit: type=1400 audit(1765347164.506:7898): avc: denied { ioctl } for pid=10806 comm="syz.0.2273" path="socket:[26913]" dev="sockfs" ino=26913 ioctlcmd=0x89f3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 155.341410][ T29] audit: type=1400 audit(1765347164.566:7899): avc: denied { mount } for pid=10810 comm="syz.1.2274" name="/" dev="hugetlbfs" ino=26915 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 155.375455][T10814] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 155.493520][T10825] loop1: detected capacity change from 0 to 2048 [ 155.591118][ T29] audit: type=1400 audit(1765347164.796:7900): avc: denied { mount } for pid=10834 comm="syz.5.2281" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 155.613189][ T29] audit: type=1400 audit(1765347164.796:7901): avc: denied { remount } for pid=10834 comm="syz.5.2281" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 155.633127][ T29] audit: type=1400 audit(1765347164.806:7902): avc: denied { create } for pid=10837 comm="syz.0.2282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 155.671611][ T29] audit: type=1400 audit(1765347164.876:7903): avc: denied { mount } for pid=10834 comm="syz.5.2281" name="/" dev="ramfs" ino=26943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 155.729755][T10845] ================================================================== [ 155.737946][T10845] BUG: KCSAN: data-race in __dentry_kill / fast_dput [ 155.744661][T10845] [ 155.746988][T10845] write to 0xffff88811b25ee50 of 8 bytes by task 10843 on cpu 0: [ 155.754712][T10845] __dentry_kill+0x142/0x4b0 [ 155.759321][T10845] finish_dput+0x2b/0x200 [ 155.763667][T10845] dput+0x52/0x60 [ 155.767318][T10845] step_into_slowpath+0x36b/0x480 [ 155.772348][T10845] path_openat+0x18db/0x23b0 [ 155.776962][T10845] do_filp_open+0x109/0x230 [ 155.781490][T10845] io_openat2+0x272/0x390 [ 155.785830][T10845] io_openat+0x1b/0x30 [ 155.789927][T10845] __io_issue_sqe+0xfe/0x2e0 [ 155.794534][T10845] io_issue_sqe+0x56/0xa80 [ 155.798956][T10845] io_wq_submit_work+0x3f7/0x5f0 [ 155.803923][T10845] io_worker_handle_work+0x44e/0x9b0 [ 155.809217][T10845] io_wq_worker+0x22e/0x860 [ 155.813737][T10845] ret_from_fork+0x149/0x290 [ 155.818359][T10845] ret_from_fork_asm+0x1a/0x30 [ 155.823138][T10845] [ 155.825470][T10845] read to 0xffff88811b25ee50 of 8 bytes by task 10845 on cpu 1: [ 155.833109][T10845] fast_dput+0x5f/0x2c0 [ 155.837284][T10845] dput+0x24/0x60 [ 155.840934][T10845] step_into_slowpath+0x36b/0x480 [ 155.845969][T10845] path_openat+0x18db/0x23b0 [ 155.850594][T10845] do_filp_open+0x109/0x230 [ 155.855124][T10845] io_openat2+0x272/0x390 [ 155.859486][T10845] io_openat+0x1b/0x30 [ 155.863572][T10845] __io_issue_sqe+0xfe/0x2e0 [ 155.868196][T10845] io_issue_sqe+0x56/0xa80 [ 155.872631][T10845] io_wq_submit_work+0x3f7/0x5f0 [ 155.877578][T10845] io_worker_handle_work+0x44e/0x9b0 [ 155.882863][T10845] io_wq_worker+0x22e/0x860 [ 155.887385][T10845] ret_from_fork+0x149/0x290 [ 155.891976][T10845] ret_from_fork_asm+0x1a/0x30 [ 155.896746][T10845] [ 155.899086][T10845] value changed: 0xffff8882374b2848 -> 0x0000000000000000 [ 155.906182][T10845] [ 155.908498][T10845] Reported by Kernel Concurrency Sanitizer on: [ 155.914642][T10845] CPU: 1 UID: 0 PID: 10845 Comm: iou-wrk-10835 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 155.926273][T10845] Tainted: [W]=WARN [ 155.930075][T10845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 155.940142][T10845] ================================================================== [ 155.953194][T10846] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 155.988361][T10825] FAULT_INJECTION: forcing a failure. [ 155.988361][T10825] name failslab, interval 1, probability 0, space 0, times 0 [ 156.001103][T10825] CPU: 0 UID: 0 PID: 10825 Comm: syz.1.2278 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 156.001131][T10825] Tainted: [W]=WARN [ 156.001137][T10825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 156.001199][T10825] Call Trace: [ 156.001205][T10825] [ 156.001211][T10825] __dump_stack+0x1d/0x30 [ 156.001283][T10825] dump_stack_lvl+0xe8/0x140 [ 156.001336][T10825] dump_stack+0x15/0x1b [ 156.001354][T10825] should_fail_ex+0x265/0x280 [ 156.001381][T10825] should_failslab+0x8c/0xb0 [ 156.001408][T10825] __kvmalloc_node_noprof+0x149/0x6b0 [ 156.001504][T10825] ? page_pool_create_percpu+0x223/0x640 [ 156.001533][T10825] page_pool_create_percpu+0x223/0x640 [ 156.001556][T10825] page_pool_create+0x1a/0x30 [ 156.001576][T10825] bpf_test_run_xdp_live+0x133/0x11d0 [ 156.001668][T10825] ? __pfx_autoremove_wake_function+0x10/0x10 [ 156.001722][T10825] ? 0xffffffffa02054c0 [ 156.001772][T10825] ? mutex_unlock+0x4f/0x90 [ 156.001798][T10825] ? 0xffffffffa02054c0 [ 156.001814][T10825] ? bpf_dispatcher_change_prog+0x6ec/0x7f0 [ 156.001850][T10825] ? 0xffffffffa02054c0 [ 156.001865][T10825] ? 0xffffffffa02019c8 [ 156.001893][T10825] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 156.001937][T10825] bpf_prog_test_run_xdp+0x525/0x970 [ 156.001987][T10825] ? kstrtouint+0x21/0xc0 [ 156.002033][T10825] ? __rcu_read_unlock+0x4f/0x70 [ 156.002077][T10825] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 156.002115][T10825] bpf_prog_test_run+0x22a/0x390 [ 156.002173][T10825] __sys_bpf+0x4c0/0x7c0 [ 156.002200][T10825] __x64_sys_bpf+0x41/0x50 [ 156.002217][T10825] x64_sys_call+0x28e1/0x3000 [ 156.002241][T10825] do_syscall_64+0xd8/0x2a0 [ 156.002338][T10825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.002359][T10825] RIP: 0033:0x7f2b9dc4f749 [ 156.002413][T10825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.002433][T10825] RSP: 002b:00007f2b9c6af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 156.002452][T10825] RAX: ffffffffffffffda RBX: 00007f2b9dea5fa0 RCX: 00007f2b9dc4f749 [ 156.002465][T10825] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 156.002477][T10825] RBP: 00007f2b9c6af090 R08: 0000000000000000 R09: 0000000000000000 [ 156.002490][T10825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 156.002507][T10825] R13: 00007f2b9dea6038 R14: 00007f2b9dea5fa0 R15: 00007ffc4ea701e8 [ 156.002526][T10825] [ 156.002533][T10825] page_pool_create_percpu() gave up with errno -12